Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency http-server to v0.13.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency http-server to v0.13.0 #7

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
http-server devDependencies minor 0.8.5 -> 0.13.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 7.5 CVE-2016-10703
High High 7.5 WS-2015-0002
High High 7.5 CVE-2017-1000048
High High 7.5 CVE-2019-10775
High High 7.5 CVE-2015-9242
Medium Medium 6.1 WS-2019-0066
Medium Medium 5.6 CVE-2020-7598

Release Notes

http-party/http-server

v0.13.0

Compare Source

A long time coming, the next major release for http-server! This will be the final release before a switch to actual semantic versioning. This release's major achievement is the internalization of the functionality of the now-abandoned ecstatic library, thus removing it as a dependency. Huge thanks to @​zbynek for help on that front, as well as several other included changes.

Breaking changes:
  • No longer sends the header server: http-server-${version} with every response
New features:
  • All responses include Accept-Ranges: bytes to advertise support for partial requests
Fixes
  • Removes dependency on the abandoned ecstatic library
  • Dependency upgrades to fix several security alerts
  • http-server -a 0.0.0.0 will now do what you told it to do, rather than overriding the address to 127.0.0.1
  • Will no longer serve binary files with a charset in the Content-Type, fixing serving WebAssembly files, among other issues
  • Support .mjs MimeType correctly
Internal
  • Switched from Travis to GH Actions for CI

v0.12.3

Compare Source

Patch release to package man page

v0.12.2

Compare Source

In this release we:

  • Move from optimist to minimist
  • Add a man page
  • Update README screenshots
  • Fix a couple miscellaneous bugs

v0.12.1

Compare Source

v0.12.0

Compare Source

v0.11.2

Compare Source

Upgrades several dependencies to avoid security vulnerabilities, especially as mentioned in #​707.

v0.11.1

Compare Source

v0.11.0

Compare Source

v0.10.0

Compare Source

  • add -g (or --gzip) parameter to serve .gz files when available b456b77
  • update ecstatic to 2.0.0 5da2392
  • use safe colors in console test output a3ace13 0da0e1b
  • update portfinder to 1.0.13 989fa1c

v0.9.0

Compare Source

  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants