[Snyk] Upgrade http-server from 0.11.1 to 0.13.0

[ali8889]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade http-server from 0.11.1 to 0.13.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2021-08-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Override Protection Bypass npm:qs:20170213	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-ECSTATIC-174543	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: http-server

• 0.13.0 - 2021-08-07
  

  A long time coming, the next major release for http-server! This will be the final release before a switch to actual semantic versioning. This release's major achievement is the internalization of the functionality of the now-abandoned ecstatic library, thus removing it as a dependency. Huge thanks to @ zbynek for help on that front, as well as several other included changes.

  Breaking changes:

  • No longer sends the header server: http-server-${version} with every response

  New features:

  • All responses include Accept-Ranges: bytes to advertise support for partial requests

  Fixes

  • Removes dependency on the abandoned ecstatic library
  • Dependency upgrades to fix several security alerts
  • http-server -a 0.0.0.0 will now do what you told it to do, rather than overriding the address to 127.0.0.1
  • Will no longer serve binary files with a charset in the Content-Type, fixing serving WebAssembly files, among other issues
  • Support .mjs MimeType correctly

  Internal

  • Switched from Travis to GH Actions for CI
• 0.12.3 - 2020-04-27
  

  Patch release to package man page

• 0.12.2 - 2020-04-27
  

  In this release we:

  • Move from optimist to minimist
  • Add a man page
  • Update README screenshots
  • Fix a couple miscellaneous bugs
• 0.12.1 - 2020-01-08
  

  0.12.1

• 0.12.0 - 2019-11-26
  

  0.12.0

• 0.11.2 - 2021-08-07
  

  Upgrades several dependencies to avoid security vulnerabilities, especially as mentioned in #707.

• 0.11.1 - 2018-01-10
  

  Bumping version to deal with npm line ending
  issues.

from http-server GitHub release notes

Commit messages

Package name: http-server

• 77243e7 0.13.0
• a845834 Update dependency tree
• f2c0dfb update milestone
• aec3911 update security for release
• 1f994c0 Merge pull request Remove unused highlight.js themes ethereum/ethereum-org#591 from http-party/no_server_headers
• c57654d Merge branch 'master' into no_server_headers
• a4ec10b Merge pull request Revert "Pr ryan" ethereum/ethereum-org#713 from http-party/codeql-bye-bye
• 6b87653 drop codeql
• a7fdf0f remove server header
• cd1afb7 Merge pull request Fix broken link to managing accounts doc ethereum/ethereum-org#706 from zbynek/no-charset-binary
• 46c0ce7 Merge pull request Fix typo in security warning. ethereum/ethereum-org#705 from zbynek/patch-1
• 9c51cb2 Merge branch 'master' into no_server_headers
• cd84a85 revert
• 7830ac2 Remove charset from header of binary files
• b4991b8 Remove line break from LICENSE
• fab3248 Merge pull request Fix frontier gitbook link ethereum/ethereum-org#704 from zbynek/patch-1
• e9716d1 Account for CRLF in a test
• 0f3e241 Merge pull request Publish latest changes ethereum/ethereum-org#642 from skyward-luke/master
• 33fe714 Merge pull request fix typo from "ccount" to "account" ethereum/ethereum-org#702 from http-party/replace-travis
• e9ad269 Replace travis badge
• f09c821 Update node.js.yml
• 2c2ad02 Update node.js.yml
• dad375d Update node.js.yml
• 133a64c Update node.js.yml

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs