Skip to content

Update dependency http-server to ^0.13.0#83

Open
mend-for-git.832008.xyz[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/http-server-0.x
Open

Update dependency http-server to ^0.13.0#83
mend-for-git.832008.xyz[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/http-server-0.x

Conversation

@mend-for-git.832008.xyz
Copy link
Copy Markdown

@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot commented Mar 7, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
http-server dependencies minor ^0.10.0 -> ^0.13.0

By merging this PR, the issue #60 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2017-1000048
High High 7.5 CVE-2019-10775

Release Notes

http-party/http-server (http-server)

v0.13.0

Compare Source

A long time coming, the next major release for http-server! This will be the final release before a switch to actual semantic versioning. This release's major achievement is the internalization of the functionality of the now-abandoned ecstatic library, thus removing it as a dependency. Huge thanks to @​zbynek for help on that front, as well as several other included changes.

Breaking changes:
  • No longer sends the header server: http-server-${version} with every response
New features:
  • All responses include Accept-Ranges: bytes to advertise support for partial requests
Fixes
  • Removes dependency on the abandoned ecstatic library
  • Dependency upgrades to fix several security alerts
  • http-server -a 0.0.0.0 will now do what you told it to do, rather than overriding the address to 127.0.0.1
  • Will no longer serve binary files with a charset in the Content-Type, fixing serving WebAssembly files, among other issues
  • Support .mjs MimeType correctly
Internal
  • Switched from Travis to GH Actions for CI

v0.12.3

Compare Source

Patch release to package man page

v0.12.2

Compare Source

In this release we:

  • Move from optimist to minimist
  • Add a man page
  • Update README screenshots
  • Fix a couple miscellaneous bugs

v0.12.1

Compare Source

v0.12.0

Compare Source

v0.11.2: : Security update

Compare Source

Upgrades several dependencies to avoid security vulnerabilities, especially as mentioned in #​707.

v0.11.1

Compare Source

v0.11.0

Compare Source

  • If you want to rebase/retry this PR, check this box

@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot added the security fix Security fix generated by Mend label Mar 7, 2024
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot changed the title Update dependency http-server to ^0.13.0 Update dependency http-server to ^0.13.0 - autoclosed Mar 7, 2024
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot deleted the whitesource-remediate/http-server-0.x branch March 7, 2024 09:15
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot changed the title Update dependency http-server to ^0.13.0 - autoclosed Update dependency http-server to ^0.13.0 Mar 7, 2024
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot restored the whitesource-remediate/http-server-0.x branch March 7, 2024 09:23
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot force-pushed the whitesource-remediate/http-server-0.x branch from 16a7c03 to 64e6076 Compare March 7, 2024 09:26
@mend-for-git.832008.xyz mend-for-git.832008.xyz Bot mentioned this pull request Mar 7, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants