[Snyk] Upgrade serve-static from 1.5.4 to 1.14.1

[snyk-bot]

Snyk has created this PR to upgrade serve-static from 1.5.4 to 1.14.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 34 versions ahead of your current version.
• The recommended version was released a year ago, on 2019-05-11.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No Known Exploit
	Root Path Disclosure npm:send:20151103	No Known Exploit
	Open Redirect npm:serve-static:20150113	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit

Release notes

Package name: serve-static

• 1.14.1 - 2019-05-11

  1.14.1

• 1.14.0 - 2019-05-08
  • deps: parseurl@~1.3.3
  • deps: [email protected]
    • deps: http-errors@~1.7.2
    • deps: [email protected]
    • deps: [email protected]
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
• 1.13.2 - 2018-02-07
  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: [email protected]
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
• 1.13.1 - 2017-09-29
  • Fix regression when root is incorrectly set to a file
  • deps: [email protected]
• 1.13.0 - 2017-09-28
  • deps: [email protected]
    • Add 70 new types for file extensions
    • Add immutable option
    • Fix missing </html> in default error & redirects
    • Set charset as "UTF-8" for .js and .json
    • Use instance methods on steam to check for listeners
    • deps: [email protected]
    • perf: improve path validation speed
• 1.12.6 - 2017-09-23
  • deps: [email protected]
    • deps: [email protected]
    • perf: improve If-Match token parsing
  • perf: improve slash collapsing
• 1.12.5 - 2017-09-21
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: [email protected]
    • Fix handling of modified headers with invalid dates
    • deps: etag@~1.8.1
    • deps: [email protected]
• 1.12.4 - 2017-08-06
  • deps: [email protected]
    • deps: [email protected]
    • deps: depd@~1.1.1
    • deps: http-errors@~1.6.2
• 1.12.3 - 2017-05-17
  • deps: [email protected]
    • deps: [email protected]
• 1.12.2 - 2017-04-27
  • deps: [email protected]
    • deps: [email protected]
• 1.12.1 - 2017-03-05
• 1.12.0 - 2017-02-26
• 1.11.2 - 2017-01-23
• 1.11.1 - 2016-06-11
• 1.11.0 - 2016-06-08
• 1.10.3 - 2016-05-31
• 1.10.2 - 2016-01-20
• 1.10.1 - 2016-01-17
• 1.10.0 - 2015-06-18
• 1.9.3 - 2015-05-15
• 1.9.2 - 2015-03-15
• 1.9.1 - 2015-02-17
• 1.9.0 - 2015-02-17
• 1.8.1 - 2015-01-21
• 1.8.0 - 2015-01-06
• 1.7.2 - 2015-01-03
• 1.7.1 - 2014-10-23
• 1.7.0 - 2014-10-16
• 1.6.5 - 2015-02-04
• 1.6.4 - 2014-10-08
• 1.6.3 - 2014-09-24
• 1.6.2 - 2014-09-16
• 1.6.1 - 2014-09-08
• 1.6.0 - 2014-09-08
• 1.5.4 - 2014-09-05

from serve-static GitHub release notes

Commit messages

Package name: serve-static

• 94feedb 1.14.1
• 87f3b37 build: [email protected]
• ab7cc3c Set stricter CSP header in redirect response
• 8abdc49 deps: [email protected]
• a891840 1.14.0
• 3a754db build: add version script for npm version releases
• 1f91f04 build: support Node.js 12.x
• 0856563 build: support Node.js 11.x
• 7eca6c8 deps: [email protected]
• 9691501 build: [email protected]
• b6541d7 build: [email protected]
• cde1788 build: [email protected]
• 38008cf build: [email protected]
• 7542425 deps: parseurl@~1.3.3
• 0836806 build: [email protected]
• 411d312 build: [email protected]
• 415c0dc build: support Node.js 10.x
• dcd2aaf build: [email protected]
• 14c6491 build: [email protected]
• 9b31d06 build: [email protected]
• 70f87d0 build: [email protected]
• 175b0cd build: [email protected]
• 70a4f89 tests: add extension to nums file
• 411586d build: [email protected]

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs