Changelog
All notable changes to hurlx are documented here. View all releases on GitHub β
Parser blank-line handling overhaul, comment parsing fix, entry state restoration, and runner redirect isolation fix.
πBug Fixes
- βparser:
skipEmptyAndCommentsnow correctly loops over blank lines and comments instead of returning after the first one β fixes parsing of files with multiple consecutive blank lines or comments - βparser: comment text now uses the raw line with
#prefix stripped β preserves whitespace in comments like# Step 1 - βparser:
parseEntryusesunreadLine()instead of manualsavedLine/savedPosrestore β fixes state corruption when scanning ahead for response lines - βparser:
parseRequestandparseKeyValueSectionnowcontinueon blank lines instead of returning β allows headers and key-value sections to span blank lines correctly - βparser:
Parse()returns an error for unexpected trailing content instead of silently ignoring it - βparser: removed unused
colfield fromParserstruct - βrunner:
applyRequestOptionsnow saves and restoresclient.CheckRedirectβ prevents redirect policy from leaking between entries - βrunner:
optsToEntryreturnsndirectly instead ofn + 1β fixes--to-entryoff-by-one that included one extra entry beyond the specified index
β Tests Added
- β
TestParseResponseWithBlankLinesβ response headers followed by blank line then[Asserts]section - β
TestParseMultipleBlankLinesBetweenEntriesβ multiple consecutive blank lines between entries - β
TestParseOptionsAllFieldsβ full options section with location, retry, and other fields - β
TestParseRequestWithMultipleHeadersAndBlankLinesβ headers with blank lines in between
Download v1.0.14
Variable scoping fix for chained entries, fractional duration support, and base64url padding fix.
πBug Fixes
- βrunner: pass entry-scoped
varstoevaluateQueryandcheckAssertβ captured variables are now correctly visible in subsequent asserts within the same entry - βrunner:
applyRequestOptionsnow writes option-defined variables to entry-scoped vars β fixes variable isolation across chained entries - βrunner:
ParseDurationusesParseFloatinstead ofParseIntβ fractional durations like1.5s,0.5m,50.5msnow work correctly - βfilter:
decodeBase64URLSafestrips trailing=padding before NoPadding decode β fixes decoding of padded URL-safe base64 strings
β Tests Added
- β
TestBase64UrlSafeDecodePaddedβ verify padded URL-safe base64 input is accepted - β
TestParseDurationfloat cases β1.5s,0.5m,0.25h,50.5ms - β
TestCheckIncludesβ collection includes assertion coverage - β
TestRunWithVariablesβ end-to-end variable template substitution in URL - β
TestRunSSRFBlockedβfile://URL scheme is rejected at runner level
Bug fixes for base64 decoding, runner state isolation, and assert value handling.
πBug Fixes
- βfilter: base64 decode now strips trailing
=padding before NoPadding decode β fixes decoding of any standard padded base64 string (e.g.SGVsbG8=,AA==) - βrunner: reset redirect recorder per-entry β prevents redirect history leaking into subsequent chain steps
- βrunner: on template render error, write to entry-scoped vars instead of shared runner vars β prevents cross-entry state pollution
- βrunner: save/restore
Verboseandclient.TimeoutinapplyRequestOptionsβ per-entry option overrides no longer bleed into later entries - βrunner:
contains,startsWith,endsWith,matchesasserts now useformatAssertValueβ numeric and boolean assert values now work correctly - βrunner:
optsToEntryoff-by-one fix β--to Nnow correctly includes entry N (was N-1)
β Tests Added
- β
TestBase64RoundTripβ encodeβdecode round-trip for various byte lengths - β
TestBase64DecodePaddedβ verify padded base64 input is accepted - β
TestBase64UrlSafeRoundTripβ URL-safe variant round-trip
Repository housekeeping β no functional changes.
π§ΉHousekeeping
- βUntrack
.claude/,.workbuddy/memory/,.github/workflows/CLAUDE.md, andhurlx_test_binfrom version control - βAdd above paths to
.gitignoreβ they are now kept local-only - β
.github/workflows/build.ymlcontinues to be tracked (CI requires it)
Template engine error propagation, runner state isolation, and security hardening.
β¨Improvements
- βtmpl:
Render()now returns(string, error)β errors propagate cleanly instead of panicking - βtmpl:
generateUUIDandgenerateRandomHexreturn errors instead of panic on crypto failures - βtmpl: merged
getEnv/getenvbranches; addeduuidas alias fornewUuid - βrunner: per-entry variable cloning prevents shared-state mutation across chain steps
- βrunner: template render errors are now propagated for URL, headers, query, form, cookies, basicAuth, and multipart fields
πSecurity
- βrunner: path-traversal guard added for body-file and multipart-file paths
- βimporter: circular-import detection via an in-progress
resolvingset - βimporter: path-traversal guard for body file paths
π§Code Quality
- βcli:
filepath.WalkDirreplaces deprecatedfilepath.Walk - βcli: errors from
os.WriteFileandjson.MarshalIndentare now handled and reported
New template functions, runner improvements, and stdlib base64.
πNew Features
- βtmpl: new
uuidalias fornewUuid - βtmpl:
date "format"supports Java-style and strftime format patterns - βtmpl:
randomHex Ngenerates N random hex bytes - βtmpl:
getenvas case-insensitive alias forgetEnv - βrunner:
ConnectTimeoutandProxyoptions support
πBug Fixes
- βfilter: replaced hand-rolled base64 implementation with Go stdlib
encoding/base64 - βrunner: fix multipart file close order
- βrunner: fix gzip/deflate reader scope
- βrunner: remove
brfrom Accept-Encoding (brotli not supported)
β¨Improvements
- βImprove test pass rate from 89% to 96%
- βFix 6 major issues across parser, runner, and filter packages
- βFix integration tests: use jsonpath for headers
- βReplace xpath
string()with//title/text()
hurlx follows Semantic Versioning. All releases are available on GitHub Releases.