New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade http-server from 0.11.1 to 0.13.0 #1

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-aa81627fc0e4ea02aca48cde4e4a7c81

snyk-bot commented Feb 12, 2022

Snyk has created this PR to upgrade http-server from 0.11.1 to 0.13.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 6 versions ahead of your current version.
The recommended version was released 6 months ago, on 2021-08-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-ECSTATIC-174543	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: http-server

77243e7 0.13.0
a845834 Update dependency tree
f2c0dfb update milestone
aec3911 update security for release
1f994c0 Merge pull request #591 from http-party/no_server_headers
c57654d Merge branch 'master' into no_server_headers
a4ec10b Merge pull request #713 from http-party/codeql-bye-bye
6b87653 drop codeql
a7fdf0f remove server header
cd1afb7 Merge pull request #706 from zbynek/no-charset-binary
46c0ce7 Merge pull request #705 from zbynek/patch-1
9c51cb2 Merge branch 'master' into no_server_headers
cd84a85 revert
7830ac2 Remove charset from header of binary files
b4991b8 Remove line break from LICENSE
fab3248 Merge pull request #704 from zbynek/patch-1
e9716d1 Account for CRLF in a test
0f3e241 Merge pull request #642 from skyward-luke/master
33fe714 Merge pull request #702 from http-party/replace-travis
e9ad269 Replace travis badge
f09c821 Update node.js.yml
2c2ad02 Update node.js.yml
dad375d Update node.js.yml
133a64c Update node.js.yml

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade http-server from 0.11.1 to 0.13.0

4dc1704

Snyk has created this PR to upgrade http-server from 0.11.1 to 0.13.0.

See this package in npm:
https://www.npmjs.com/package/http-server

See this project in Snyk:
https://app.snyk.io/org/ometria/project/403c6221-94ec-4499-ab7a-c9f64db49dca?utm_source=github&utm_medium=referral&page=upgrade-pr

snyk-bot requested a review from a team as a code owner

February 12, 2022 08:35

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet