chore(deps): bump sirv from 0.4.6 to 1.0.17

[dependabot]

Bumps sirv from 0.4.6 to 1.0.17.

Release notes

Sourced from sirv's releases.

v1.0.14

Chores

• (sirv): Bump @polka/url to take advantage of this fix

v1.0.13

Patches

• (sirv) Only use req.path if has req._decoded flag exists (#82):

  The req._decoded check was added & should have always been in there, since this was sirv's way of preventing duplicate decodeURIComponent calls. However, this was only true when it received a request from a polka@next app, since Polka was previously writing the decoded value to req.path – this changed with [email protected]

  Now that the latest polka@next (and Express) doesn't decode automatically anymore, req.path isn't trustworthy on its own. It needs req._decoded to be there too in order to trust it.

  This combo-check is backwards compatible for polka@next users who don't upgrade and will unblock Express users for the first time, who have always had a "raw" req.path value set.

v1.0.12

Patches

• (sirv-cli): Ensure boolean options are parsed as booleans (#97): 8ebca7c
• (sirv): Bump @polka/url dependency version: 7c5162a

Chores

• Adjust GitHub Action env setup (#109): f2ae0f5
• Update Github Action image(s) and Node versions: 9334dfc, cf2de81, c7e0a20
• Add test for filename with space (#102): ede9189 Thank you @​samccone!

v1.0.11

Patches

• (sirv) Add Vary header when gzip or brotli is in use (#95): 86e6733 Thank you @​istarkov~!

v1.0.10

Patches

• (sirv) Use Cache-Control: no-cache when both dev & etag are enabled (#90): c8fe11b By default dev-mode always used no-store – but this also means that any ETag on the response is ignored too. Changing this to no-cache allows the browser to remember the ETag and send if as the If-None-Match header on next request.

v1.0.9

Patches

• (sirv) More specific ignore regex default (#88): 5e3d7a8 Thank you @​adam-lynch~!

• (sirv) Replace VoidFunction usage in TypeScript definitions (#89): 478b487

v1.0.8

... (truncated)

Commits

• 881c4c7 v1.0.17
• a733157 fix(sirv): skip req._decode shortcuts; decode manually (#118)
• 435473f chore: improve CI reliability for sirv-cli tests (#117)
• 3f64d4a v1.0.16
• df3bb31 fix(sirv): use decoded value directly (#116)
• bb2d0e3 v1.0.15
• 65c4d12 fix(sirv): read cached pathname directly;
• 83ee458 v1.0.14
• 8636aaf chore(sirv): bump @polka/url version
• fbd3f79 v1.0.13
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #225.