Incorporates various other PRs and refactoring/improvements as per #224
Although this adds some noise in my scope change and reversion, I think it may nevertheless be useful to preserve rather than doing as one huge merge, so doing in this manner.
User-facing
Breaking change (npm): Set engines to 10.11.0+
Security: Fix dependency vulnerabilities by switching from optimist to
neodoc (@fidian)
Security Update/fix: Protect fs.stat calls from bad path arguments; fixes
Denial of Service issue https://www.npmjs.com/advisories/1208
(@brpvieira)
Security fix?: The Unauthorized File Access issue
https://www.npmjs.com/advisories/1206 does not appear to be an issue
per testing (if it ever was); if you can provide a test case where it
fails, please report
Fix: Support bytes=0-0 Range header (@prajwalkman)
Fix: Avoid octal (@bgao / @Ilrilan)
Fix: For spa, allow dots after path (@gjuchault)
Enhancement: Allow access with local ip (@flyingsky)
Enhancement: Allow serverInfo to be null (@martindale)
Enhancement: Time display logging with leading 0 (@mauris)
Incorporates various other PRs and refactoring/improvements as per #224
Although this adds some noise in my scope change and reversion, I think it may nevertheless be useful to preserve rather than doing as one huge merge, so doing in this manner.
User-facing
engines
to 10.11.0+optimist
toneodoc
(@fidian)mime
andcolors
(@fidian)URL
constructor over deprecatedurl.parse
; should fix Open Redirect issue https://www.npmjs.com/advisories/1207fs.stat
calls from bad path arguments; fixes Denial of Service issue https://www.npmjs.com/advisories/1208 (@brpvieira)bytes=0-0
Range header (@prajwalkman)spa
, allow dots after path (@gjuchault)serverInfo
to benull
(@martindale)--cache 0
(@matthew-andrews)defaultExtension
(@fmalk)static
reserved wordCHANGES.md
Dev-facing
startsWith
andincludes
colors
.editorconfig
node-static
vulnerabilitiesnull
and non-null
serverInfonyc
for coverage