You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* feat: adding hash function to ensure indexes are all lowercase and we can handle upper case collection names fix: fix tests that broke as a result of fix
* update changelog
* fix: applying PR feedback
* tests: PR feedback, adding test that validates two collections with same names but diffeent cases can both be added
* fix: add more robust checking of the bbox for valid coordinate bounds tests: add new tests for more robust tests on bbox check
* docs: update changelog
* fix: adding function to remove 'id' and 'collection' from exclude
* tests: adding tests and fixing issues highlighted by tests
* fix: adding comments for context, docs: updating changelog
Copy file name to clipboardExpand all lines: .nsprc
+14-9Lines changed: 14 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -14,24 +14,29 @@
14
14
"notes": "fast-xml-parser is a transitive dependency of @aws-sdk/xml-builder and is not directly used by application code. XML parsing from untrusted sources is not part of our usage context.",
15
15
"expiry": "2026-04-23"
16
16
},
17
-
"1113371": {
17
+
"1113407": {
18
18
"active": true,
19
-
"notes": "minimatch is a transitive dependency of @redocly/cli and redoc, used only for API documentation rendering. The vulnerable wildcard pattern matching is not exposed to user input in our usage context, making ReDoS exploitation not feasible.",
19
+
"notes": "fast-xml-parser is a transitive dependency of @aws-sdk/xml-builder and is not directly used by application code. Entity encoding bypass via regex injection in DOCTYPE is not exploitable as we do not parse untrusted XML input.",
20
20
"expiry": "2026-04-23"
21
21
},
22
-
"1113398": {
22
+
"1113428": {
23
23
"active": true,
24
24
"notes": "ajv is a transitive dependency used by webpack build tooling and schema-utils. The $data option ReDoS vulnerability is not exploitable as we do not use ajv directly or pass untrusted data through it.",
25
-
"expiry": "2026-04-23"
25
+
"expiry": "2026-04-24"
26
26
},
27
-
"1113399": {
27
+
"1113429": {
28
28
"active": true,
29
29
"notes": "ajv is a transitive dependency used by webpack build tooling and schema-utils. The $data option ReDoS vulnerability is not exploitable as we do not use ajv directly or pass untrusted data through it.",
30
-
"expiry": "2026-04-23"
30
+
"expiry": "2026-04-24"
31
31
},
32
-
"1113407": {
32
+
"1113461": {
33
33
"active": true,
34
-
"notes": "fast-xml-parser is a transitive dependency of @aws-sdk/xml-builder and is not directly used by application code. Entity encoding bypass via regex injection in DOCTYPE is not exploitable as we do not parse untrusted XML input.",
35
-
"expiry": "2026-04-23"
34
+
"notes": "minimatch is a transitive dependency of @redocly/cli and redoc, used only for API documentation rendering. The vulnerable wildcard pattern matching is not exposed to user input in our usage context, making ReDoS exploitation not feasible.",
35
+
"expiry": "2026-04-25"
36
+
},
37
+
"1113466": {
38
+
"active": true,
39
+
"notes": "minimatch is a transitive dependency of @redocly/cli and redoc, used only for API documentation rendering. The vulnerable wildcard pattern matching is not exposed to user input in our usage context, making ReDoS exploitation not feasible.",
Copy file name to clipboardExpand all lines: CHANGELOG.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
10
10
### Fixed
11
11
12
12
- Added more robust checks on valid/invalid latitude and longitudes for bounding box inputs ([1041](https://github.com/stac-utils/stac-server/pull/1041))
13
+
- Fixed issue where using `fields` extension to `exclude` either `id` or `collection` fields resulted in malformed links with 'undefined' in them due to those fields being required to generate item links. Those fields, if excluded are now removed after backend opensearch query ([1045](https://github.com/stac-utils/stac-server/pull/1045))
0 commit comments