TheNewSource / docs

learn you some npm for great good
https://docs.npmjs.com
0 stars 0 forks source link

[Snyk] Security upgrade harp from 0.25.0 to 0.40.2 #56

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 600/1000
Why? Has a fix available, CVSS 7.5
Unauthorised File Access
SNYK-JS-HARP-544928
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: harp The new version differs by 58 commits.
  • 1ec790b Resolves serving private file via encoded underscore. #646
  • d3f7ba2 Merge branch 'master' of github.com:sintaxi/harp
  • 6547336 adds failing test to ensure files and directories that start with underscore are not served.
  • e206a47 Merge pull request #666 from Prinzhorn/patch-1
  • 71af1c1 Removed outdated harp.io link
  • fd49cbc upgrades dependencies
  • dccfa6d removes unused deps
  • d97cae1 removes unused meta files
  • d50f7b3 new CLI and bumps terraform.
  • f25cf86 updates README.md
  • 2893a06 removes tests for deprecated processors
  • 456754f updates deps
  • 055c254 version bump v0.40.0
  • cd58cf5 new CLI design
  • c84759b removes unused deps
  • 7240a1d adds cascading 200 file support
  • 20d7db1 rename default files
  • 135d10a got compiling working with esbuild
  • d6725cc initial implementation of jsx
  • e30881e version bump v0.33.0. updates terraform v1.11.0
  • 9036b56 version bump v0.32.0. terraform v1.10.0
  • 56924b7 Merge pull request #653 from hisyam/patch-1
  • eb60a31 version bump & upgrades terraform.
  • e6e03a0 fixed EJS url
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic