Fixed the high severity vulnerability (https://npmjs.com/advisories/830)

[miherlosev]

Fixes #518, fixes #461, fixes #512, fixes #480

[thornjad]

The failing tests may have to do with ecstatic's major version bump, @miherlosev could you check out ecstatic's changelog and see if we need to make any big changes?

[jfhbrook]

You guys may want to find a new module, I don't plan on maintaining ecstatic going forward

I'm working on a proper announcement, but a little behind on the curve.

[thornjad]

@jfhbrook thanks for the heads up! We'll still get up to the latest ecstatic for now, but I might start looking around then. Are you thinking of looking for maintainers, or more like stepping away entirely?

[thornjad]

I've been investigating a little, and it looks like this upgrade entirely breaks http-server, it won't serve anything, except for displaying the root directory listing. This may have something to do with mime types and/or charsets, but that's as far as I've gotten.

[jfhbrook]

mimetype and charset handling got rewritten jfhbrook/node-ecstatic#240

[jonkoops]

@jfhbrook Did you remove older versions of ecstatic? As it looks like it's been removed and now npx http-server . fails with the following error:

npm ERR! code ETARGET
npm ERR! notarget No matching version found for ecstatic@^3.0.0
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of 'http-server'
npm ERR! notarget

@thornjad I believe this completely breaks http-server right now, any way I can help out?

edit I will move my discussion to the appropriate thread

[thornjad]

jfhbrook/node-ecstatic#255

[thornjad]

@jonkoops the issue with this PR is that for some reason it causes http-server to simply not serve anything, but without throwing errors. I haven't had enough time to look at it, but so far I can't find the problem.

ecstatic's changelog is a good starting point, probably. It includes an upgrade to v2 of node-mime which may be an issue.

[thornjad]

@BigBlueHat are you available? You may have a better perspective on this than me

[thornjad]

@miherlosev because this is causing weird breaking changes, and because of #521, I'm going to close this PR and move your commit into a new branch to make it easier for others to help track down the breaking changes.

[BigBlueHat]

@BigBlueHat are you available? You may have a better perspective on this than me

Catching up, and will help how I'm able.

[thornjad]

@BigBlueHat the immediate fire should be put out by jfhbrook/node-ecstatic#256, so this may at least be less important

[BigBlueHat]

@thornjad the mime module changes specifically (though not exclusively) were part of the hold-up earlier with moving to newer versions of ecstatic. There were several major point releases across several modules and many of them shifted core APIs or deprecated/removed APIs this code depends on. Modern software development tail chasing, I guess...