From 723749db815a4362ff8c15ea766d515236383ef9 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 03:23:50 +0000 Subject: [PATCH] chore(release): version 1.1.25 - Cut new release tag v1.1.25. - Document BOLT's optimization (moving /health endpoint above helmet/cors). - Update dependencies to the latest patch/minor versions. - Log lifecycle status in Warden ledger and update Changelog. Co-authored-by: shenald-dev <245350826+shenald-dev@users.noreply.github.com> --- .jules/warden.md | 6 ++++++ CHANGELOG.md | 4 ++++ package-lock.json | 30 +++++++++++++++--------------- package.json | 2 +- 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/.jules/warden.md b/.jules/warden.md index 606cf29..3166d1a 100644 --- a/.jules/warden.md +++ b/.jules/warden.md @@ -132,3 +132,9 @@ Observation / Pruned: Assessed JULES/BOLT's optimization changing global `express.json` middleware into a route-specific middleware. This prevents unhandled routes (e.g. 404s) from attempting to buffer and parse large JSON payloads, saving CPU cycles and mitigating DoS vectors. The JSON error handler was effectively moved correctly to preserve functionality. Ran full tests and robustness scripts to verify correct validation edge cases pass. Zero unused files or exports were identified for pruning. Alignment / Deferred: Appended release notes for performance and security patch. Version bumped to 1.1.24. + +2026-04-27 — Assessment & Lifecycle +Observation / Pruned: +Assessed BOLT's optimization moving the `/health` endpoint above `helmet()` and `cors()` middlewares, while manually setting `Content-Type`. This effectively prevents parsing and middleware overhead for frequent health check pings without compromising the expected response headers. Also bumped minor/patch versions via `npm update`. No dead code or unused files found, as previous optimizations have pruned effectively. +Alignment / Deferred: +Appended release notes for performance patch. Version bumped to 1.1.25. diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d0bd5b..644b3cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## v1.1.25 - 2026-04-27 +### Changed +- **Performance:** Moved the `/health` endpoint above `helmet()` and `cors()` middlewares, saving significant CPU cycle overhead on load balancer pings by skipping unnecessary security header injections and CORS processing for this specific endpoint. No dead code pruned. + ## v1.1.24 - 2026-04-25 ### Changed - **Security/Performance:** Modified the `express.json()` middleware to act as a route-specific middleware on `/v1/chat/completions` rather than globally. This prevents unnecessary JSON parsing for non-existent endpoints (like 404 routes), mitigating potential CPU exhaustion DoS vectors from large arbitrary payloads. diff --git a/package-lock.json b/package-lock.json index 76c4c8e..a67e075 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "one-api", - "version": "1.1.24", + "version": "1.1.25", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "one-api", - "version": "1.1.24", + "version": "1.1.25", "license": "MIT", "dependencies": { "compression": "^1.8.1", @@ -306,9 +306,9 @@ } }, "node_modules/content-disposition": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.1.tgz", - "integrity": "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.1.0.tgz", + "integrity": "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g==", "license": "MIT", "engines": { "node": ">=18" @@ -841,9 +841,9 @@ } }, "node_modules/hasown": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", - "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", "license": "MIT", "dependencies": { "function-bind": "^1.1.2" @@ -1248,9 +1248,9 @@ "license": "MIT" }, "node_modules/qs": { - "version": "6.15.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.0.tgz", - "integrity": "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==", + "version": "6.15.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", + "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" @@ -1471,13 +1471,13 @@ } }, "node_modules/side-channel-list": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", - "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", "license": "MIT", "dependencies": { "es-errors": "^1.3.0", - "object-inspect": "^1.13.3" + "object-inspect": "^1.13.4" }, "engines": { "node": ">= 0.4" diff --git a/package.json b/package.json index aac6001..3c7d0f5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "one-api", - "version": "1.1.24", + "version": "1.1.25", "description": "One API to rule them all. Unified gateway for 20+ LLM providers. OpenAI-compatible, single binary, zero config.", "main": "src/index.js", "scripts": {