Incorporates various other PRs and refactoring/improvements as per #224
Although this adds some noise in my scope change and reversion, I think it may nevertheless be useful to preserve rather than doing as one huge merge, so doing in this manner.
User-facing
Breaking change (npm): Set engines to 10.11.0+
Security: Fix dependency vulnerabilities by switching from optimist to
neodoc (@fidian)
Security Update/fix: Protect fs.stat calls from bad path arguments; fixes
Denial of Service issue https://www.npmjs.com/advisories/1208
(@brpvieira)
Security fix?: The Unauthorized File Access issue
https://www.npmjs.com/advisories/1206 does not appear to be an issue
per testing (if it ever was); if you can provide a test case where it
fails, please report
Fix: Support bytes=0-0 Range header (@prajwalkman)
Fix: Avoid octal (@bgao / @Ilrilan)
Fix: For spa, allow dots after path (@gjuchault)
Enhancement: Allow access with local ip (@flyingsky)
Enhancement: Allow serverInfo to be null (@martindale)
Enhancement: Time display logging with leading 0 (@mauris)
Incorporates various other PRs and refactoring/improvements as per #224
Although this adds some noise in my scope change and reversion, I think it may nevertheless be useful to preserve rather than doing as one huge merge, so doing in this manner.
User-facing
enginesto 10.11.0+optimisttoneodoc(@fidian)mimeandcolors(@fidian)URLconstructor over deprecatedurl.parse; should fix Open Redirect issue https://www.npmjs.com/advisories/1207fs.statcalls from bad path arguments; fixes Denial of Service issue https://www.npmjs.com/advisories/1208 (@brpvieira)bytes=0-0Range header (@prajwalkman)spa, allow dots after path (@gjuchault)serverInfoto benull(@martindale)--cache 0(@matthew-andrews)defaultExtension(@fmalk)staticreserved wordCHANGES.mdDev-facing
startsWithandincludescolors.editorconfignode-staticvulnerabilitiesnulland non-nullserverInfonycfor coverage