[Snyk] Upgrade serve-static from 1.14.1 to 2.0.0

[snyk-io]

Snyk has created this PR to upgrade serve-static from 1.14.1 to 2.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 8 versions ahead of your current version.

• The recommended version was released 5 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-SETVALUE-1540541	134	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	134	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	134	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	134	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	134	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-173692	134	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	134	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-174183	134	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	134	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	134	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	134	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	134	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	134	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	134	Proof of Concept
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	134	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	134	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	134	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	134	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	134	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	134	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	134	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	134	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	134	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	134	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	134	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	134	Proof of Concept
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	134	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	134	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	134	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	134	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	134	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	134	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	134	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	134	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	134	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	134	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	134	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	134	No Known Exploit
	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	134	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	134	No Known Exploit
	Validation Bypass SNYK-JS-KINDOF-537849	134	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	134	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	134	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	134	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	134	Proof of Concept

Release notes

Package name: serve-static

• 2.0.0 - 2024-08-23
  

  2.0.0

• 2.0.0-beta.2 - 2024-03-21
  

  v2.0.0-beta.2

• 2.0.0-beta.1 - 2022-02-05
  
  • Change dotfiles option default to 'ignore'
  • Drop support for Node.js 0.8
  • Remove hidden option; use dotfiles option instead
  • deps: send@1.0.0-beta.1
    • Use mime-types for file to content type mapping
    • deps: debug@3.1.0
• 1.16.2 - 2024-09-11
  

  What's Changed

  • encodeurl@~2.0.0 by @ wesleytodd in #180

  Full Changelog: v1.16.1...v1.16.2

• 1.16.1 - 2024-09-11
  

  What's Changed

  • bump send to 0.19 by @ tommasini in #176

  New Contributors

  • @ tommasini made their first contribution in #176

  Full Changelog: 1.16.0...v1.16.1

• 1.16.0 - 2024-09-10
  

  What's Changed

  • Remove link renderization in html while redirecting (#173)

  New Contributors

  • @ UlisesGascon made their first contribution in #173

  Full Changelog: v1.15.0...1.16.0

• 1.15.0 - 2022-03-25
  
  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
• 1.14.2 - 2021-12-16
  
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
• 1.14.1 - 2019-05-11
  
  • Set stricter CSP header in redirect response
  • deps: send@0.17.1
    • deps: range-parser@~1.2.1

from serve-static GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	37% smaller