Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this PR
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
package.json
package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity
Priority Score (*)
Issue
Breaking Change
Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: serve
The new version differs by 19 commits.- c630db7 13.0.1
- 07cc160 Switch to npm (#681)
- 389e9a4 security(deps): boxen@5.1.2 to fix CVE-2021-3807 (#676)
- 247b383 13.0.0
- 168d4b2 Change default port from `5000` to `3000` (#680)
- 30b0673 12.0.1
- 79ca17c Fix network not being shown anymore (#661)
- e3f1e84 HTTPS: Adding Ability to Send Passphrase to createServer (#655)
- d941baa 12.0.0
- 6341041 Breaking: Update `clipboardy` to v2.3.0 (drops support for Node 8, end of life) (#612)
- 3281c57 Bump lodash from 4.17.19 to 4.17.21 (#654)
- a85bd9d Add flag for disabling port switching (#579)
- b71af1a Fix undefined local network address (#572)
- e3fe70a Fix spacing for CORS documentation (#610)
- 818b5e9 Add `-p` port flag to the help command output. (#607)
- 61731b1 Update repo location in package.json to be vercel/serve (#641)
- fbf6376 fix: Bump ajv to 6.12.6 (#635)
- cd7dcf2 Bump ini from 1.3.5 to 1.3.7 (#638)
- 850cc0b Bump lodash from 4.17.15 to 4.17.19 (#619)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic