[Snyk] Upgrade http-server from 0.9.0 to 0.12.3

[RockRunner007]

Snyk has created this PR to upgrade http-server from 0.9.0 to 0.12.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2020-04-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) npm:ecstatic:20160809	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-ECSTATIC-174543	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: http-server

• 0.12.3 - 2020-04-27
  

  Patch release to package man page

• 0.12.2 - 2020-04-27
  

  In this release we:

  • Move from optimist to minimist
  • Add a man page
  • Update README screenshots
  • Fix a couple miscellaneous bugs
• 0.12.1 - 2020-01-08
  

  0.12.1

• 0.12.0 - 2019-11-26
  

  0.12.0

• 0.11.1 - 2018-01-10
  

  Bumping version to deal with npm line ending
  issues.

• 0.11.0 - 2018-01-09
  

  [dist] Version bump. 0.11.0

• 0.10.0 - 2017-05-01
  
  • add -g (or --gzip) parameter to serve .gz files when available b456b77
  • update ecstatic to 2.0.0 5da2392
  • use safe colors in console test output a3ace13 0da0e1b
  • update portfinder to 1.0.13 989fa1c
• 0.9.0 - 2016-02-19
  

  Version 0.9.0

from http-server GitHub release notes

Commit messages

Package name: http-server

• d7bce39 0.12.3
• c0b67a9 Include doc/ in npm package
• 46cfd10 0.12.2
• 5867a26 add testing on node 14
• a8f1a15 Merge pull request #581 from xxjinwei/master
• 0568097 Merge pull request #517 from http-party/man_page
• 021e9f5 update license year
• 6e9fc08 update dependencies
• 95119c6 update man page
• 943c609 Merge pull request #622 from adunkman/fix-security-vulnerability
• 817e11d Upgrade sub-dependency of minimist via mkdirp.
• 454851c Fix security issue by using Minimist directly.
• ed8ff1f clarify auth types
• f5854a6 Merge pull request #584 from zjhmale/basic-auth-options-compliance
• e758f03 Merge pull request #586 from http-party/logFn-skip-array
• 924567f Merge pull request #599 from http-party/new-screenshots
• 8de3658 Merge pull request #613 from http-party/dependabot/npm_and_yarn/acorn-5.7.4
• b2dbff5 Bump acorn from 5.7.3 to 5.7.4
• 85541e5 ignore macos files
• dfcc224 better start image
• bd36f7b Fix basic auth options type issue
• 7c09c23 remove broken badge
• e5673c5 update badges
• 1572613 Update installation methods

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs