Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade local-web-server from 4.2.1 to 5.3.1 #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Jircs1
Copy link
Owner

@Jircs1 Jircs1 commented Mar 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade local-web-server from 4.2.1 to 5.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2024-01-08.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Origin Validation Error
SNYK-JS-KOACORS-6117545
644/1000
Why? Has a fix available, CVSS 8.6
No Known Exploit
Prototype Poisoning
SNYK-JS-QS-3153490
644/1000
Why? Has a fix available, CVSS 8.6
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
644/1000
Why? Has a fix available, CVSS 8.6
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: local-web-server
  • 5.3.1 - 2024-01-08

    5.3.1

  • 5.3.0 - 2023-02-07

    New features since v5.2.1

  • 5.2.1 - 2022-05-28

    5.2.1

  • 5.2.0 - 2022-03-13

    5.2.0

  • 5.1.1 - 2021-08-25

    5.1.1

  • 5.1.0 - 2021-08-06

    New features since v5.0.0

    • Support extended back to Node.js v12.20
      • This is because support for exports, conditional exports and exports patterns have been retro-fitted back to v12 (see the Package module history)

    Upgrade notes

    Users of Node.js v12.20 and above may now use local-web-server (previously, you needed a minimum of node v14). There are no further changes.

  • 5.0.0 - 2021-07-06

    This is a refresher release - there are no functional or behavioural changes to the web server itself.

    Breaking changes since v4.2.1

    • Dropped support for Node.js < v14
    • Dropped support for CommonJS in general
    • Dropped support for plugin prefixes
      • Previously, you could omit the lws- in plugin names, (i.e. you could use --stack static instead of --stack lws-static). This was ambigious and introduced the risk of incorrectly loading a module named static, if it existed.
    • Several of the API methods have changed from sync to async, most importantly the Lws.create method. You now need to await the result.
      const lws = await Lws.create()
      

    New feature

    • The default config file lws.config.js may now also be named lws.config.mjs or lws.config.cjs if preferred.

    Other improvements

    • All source code converted from CommonJS to ECMAScript modules.
    • All dependencies upgraded.

    Upgrade notes

    • If you previously used shortened plugin names (e.g. --stack static) please use the full name (e.g. --stack lws-static)
    • If you launch a server using Lws.create you must now await the result.
    • Lws can now only be used programmatically from ECMAScript modules - you must use import to load the library.
  • 5.0.0-0 - 2021-06-09

    5.0.0-0

  • 4.2.1 - 2020-06-11

    4.2.1

from local-web-server GitHub release notes
Commit messages
Package name: local-web-server

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@75lb/deep-merge@1.1.1 None +2 63.1 kB 75lb
npm/@koa/cors@5.0.0 None +1 21.9 kB fengmk2
npm/accepts@1.3.8 None +3 268 kB dougwilson
npm/bytes@3.1.2 None 0 12.3 kB dougwilson
npm/command-line-args@5.2.1 None +4 182 kB 75lb
npm/command-line-usage@6.1.3 None +6 106 kB 75lb
npm/content-disposition@0.5.4 None +1 51.2 kB dougwilson
npm/content-type@1.0.5 None 0 10.5 kB dougwilson
npm/cookies@0.9.1 network Transitive: environment, eval +3 65.3 kB dougwilson
npm/current-module-paths@1.1.1 None 0 3.66 kB 75lb
npm/define-lazy-prop@2.0.0 None 0 4.45 kB sindresorhus
npm/destroy@1.2.0 filesystem 0 9.02 kB dougwilson
npm/http-assert@1.5.0 network Transitive: environment, eval +6 87.4 kB dougwilson
npm/http-errors@1.8.1 Transitive: environment, eval +4 68.5 kB dougwilson
npm/inflation@2.1.0 None 0 4.34 kB fengmk2
npm/koa-bodyparser@4.4.1 Transitive: environment, eval, network, unsafe +18 1.02 MB fengmk2
npm/koa-compress@5.1.1 network Transitive: environment, eval +9 309 kB jongleberry
npm/koa-convert@2.0.0 None +1 13.4 kB niftylettuce
npm/koa@2.15.1 environment, network, unsafe Transitive: eval, filesystem +34 712 kB fengmk2
npm/load-module@4.2.1 unsafe +1 21.2 kB 75lb
npm/local-web-server@5.3.1 Transitive: environment, eval, filesystem, network, shell, unsafe +143 3.17 MB 75lb
npm/lws-body-parser@3.0.0 Transitive: environment, eval, network, unsafe +19 1.03 MB 75lb
npm/lws-compress@3.1.0 Transitive: environment, eval, network +10 313 kB 75lb
npm/lws-cors@4.2.1 None +2 28.1 kB 75lb
npm/lws-index@3.1.1 Transitive: filesystem, network +10 400 kB 75lb
npm/lws-range@4.0.1 None +2 18.9 kB 75lb
npm/lws-spa@4.1.0 filesystem Transitive: environment, eval, network +10 119 kB 75lb
npm/lws-static@3.1.0 Transitive: environment, eval, filesystem, network +13 187 kB 75lb
npm/lws@4.1.2 filesystem, network Transitive: environment, eval, shell, unsafe +62 1.38 MB 75lb
npm/mime-db@1.52.0 None 0 206 kB dougwilson
npm/mime-types@2.1.35 None +1 224 kB dougwilson
npm/negotiator@0.6.3 None 0 27.4 kB dougwilson
npm/open@8.4.2 environment, filesystem, shell +3 57.5 kB sindresorhus
npm/qs@6.12.0 None 0 245 kB ljharb
npm/raw-body@2.5.2 network, unsafe Transitive: environment, eval +9 487 kB dougwilson
npm/toidentifier@1.0.1 None 0 4.68 kB dougwilson
npm/typical@7.1.1 None 0 20.5 kB 75lb
npm/walk-back@5.1.0 filesystem 0 6.41 kB 75lb
npm/ylru@1.3.2 None 0 10.1 kB fengmk2

🚮 Removed packages: npm/@koa/cors@3.1.0, npm/accepts@1.3.7, npm/bytes@3.1.0, npm/call-bind@1.0.2, npm/combined-stream@1.0.7, npm/command-line-args@5.1.1, npm/command-line-usage@6.1.1, npm/commander@2.11.0, npm/component-emitter@1.2.1, npm/content-disposition@0.5.3, npm/content-type@1.0.4, npm/cookies@0.8.0, npm/destroy@1.0.4, npm/function-bind@1.1.1, npm/get-intrinsic@1.1.1, npm/has-symbols@1.0.2, npm/has@1.0.3, npm/http-assert@1.4.1, npm/http-errors@1.8.0, npm/inflation@2.0.0, npm/is-generator-function@1.0.9, npm/koa-bodyparser@4.3.0, npm/koa-compress@3.1.0, npm/koa-convert@1.2.0, npm/koa@2.13.1, npm/load-module@3.0.0, npm/local-web-server@4.2.1, npm/lws-body-parser@2.0.0, npm/lws-compress@2.0.0, npm/lws-cors@3.0.0, npm/lws-index@2.0.0, npm/lws-range@3.0.0, npm/lws-spa@3.0.0, npm/lws-static@2.0.0, npm/lws@3.1.0, npm/mime-db@1.48.0, npm/mime-types@2.1.31, npm/negotiator@0.6.2, npm/node-version-matches@2.0.1, npm/object-inspect@1.10.3, npm/open@7.4.2, npm/qs@6.10.1, npm/raw-body@2.4.1, npm/reduce-flatten@3.0.1, npm/semver@6.3.0, npm/setprototypeof@1.1.1, npm/side-channel@1.0.4, npm/toidentifier@1.0.0, npm/typical@6.0.1, npm/walk-back@4.0.0, npm/ylru@1.2.1

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants