[Snyk] Upgrade serve-static from 1.10.3 to 1.15.0

[Haramb3]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade serve-static from 1.10.3 to 1.15.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 17 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2022-03-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: serve-static

• 1.15.0 - 2022-03-25
  
  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
• 1.14.2 - 2021-12-16
  
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
• 1.14.1 - 2019-05-11
  
  • Set stricter CSP header in redirect response
  • deps: send@0.17.1
    • deps: range-parser@~1.2.1
• 1.14.0 - 2019-05-08
  
  • deps: parseurl@~1.3.3
  • deps: send@0.17.0
    • deps: http-errors@~1.7.2
    • deps: mime@1.6.0
    • deps: ms@2.1.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
• 1.13.2 - 2018-02-07
  
  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: send@0.16.2
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
• 1.13.1 - 2017-09-29
  
  • Fix regression when root is incorrectly set to a file
  • deps: send@0.16.1
• 1.13.0 - 2017-09-28
  
  • deps: send@0.16.0
    • Add 70 new types for file extensions
    • Add immutable option
    • Fix missing </html> in default error & redirects
    • Set charset as "UTF-8" for .js and .json
    • Use instance methods on steam to check for listeners
    • deps: mime@1.4.1
    • perf: improve path validation speed
• 1.12.6 - 2017-09-23
  
  • deps: send@0.15.6
    • deps: debug@2.6.9
    • perf: improve If-Match token parsing
  • perf: improve slash collapsing
• 1.12.5 - 2017-09-21
  
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: send@0.15.5
    • Fix handling of modified headers with invalid dates
    • deps: etag@~1.8.1
    • deps: fresh@0.5.2
• 1.12.4 - 2017-08-06
• 1.12.3 - 2017-05-17
• 1.12.2 - 2017-04-27
• 1.12.1 - 2017-03-05
• 1.12.0 - 2017-02-26
• 1.11.2 - 2017-01-23
• 1.11.1 - 2016-06-11
• 1.11.0 - 2016-06-08
• 1.10.3 - 2016-05-31

from serve-static GitHub release notes

Commit messages

Package name: serve-static

• 9b5a12a 1.15.0
• a39a0df docs: update CI link
• d702ea2 build: Node.js@17.8
• ff1510a deps: send@0.18.0
• 813c7e4 build: mocha@9.2.2
• 2e029f9 build: Node.js@17.7
• 3269f31 build: supertest@6.2.2
• 71cd4f8 build: mocha@9.2.1
• a5cdf62 build: Node.js@17.5
• 9d11e38 build: Node.js@16.14
• 989e3fc build: Node.js@14.19
• 8a9ca07 build: mocha@9.2.0
• f831757 build: supertest@6.2.1
• 8050371 build: Node.js@17.3
• 543cb19 build: eslint-plugin-import@2.25.4
• 038d3a4 build: remove package-lock
• 8dbf162 1.14.2
• 281e115 tests: add tests for non-existent root path
• d38eb5b docs: fix a typo in the readme
• e2981fc deps: send@0.17.2
• 5e32e5c build: eslint-plugin-promise@5.2.0
• 2def61d build: use nyc for coverage testing
• fdffa27 build: support Node.js 17.x
• 733570a build: mocha@9.1.3

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[openzeppelin-code]

[Snyk] Upgrade serve-static from 1.10.3 to 1.15.0

Generated at commit: 7e27b121dd713e8325138485190ea775042075e0

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector