[Snyk] Upgrade server from 1.0.27 to 1.0.35

[snyk-bot]

Snyk has created this PR to upgrade server from 1.0.27 to 1.0.35.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 8 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-08-11.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-PUG-1071616	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: server

• 1.0.35 - 2021-08-11
  

  1.0.35

• 1.0.34 - 2021-06-24
  

  1.0.34

• 1.0.33 - 2021-05-06
  

  1.0.33

• 1.0.32 - 2021-02-19
  

  1.0.32

• 1.0.31 - 2020-11-02
  

  1.0.31

• 1.0.30 - 2020-08-06
  

  1.0.30

• 1.0.29 - 2020-06-12
  

  1.0.29

• 1.0.28 - 2020-06-12
  

  1.0.28

• 1.0.27 - 2020-02-26
  

  1.0.27

from server GitHub release notes

Commit messages

Package name: server

• 1f94d48 1.0.35
• 10d0bb0 Fixed persistent data in socket bug. Added socket.io example and improved code readability. Added warning for 'ping' since it can yield unwanted results
• e1b99a6 Fix some words (#138)
• 9e554e0 1.0.34
• 26cbf77 Upgraded dependencies
• 21547ae Fixed dependencies
• 02bd2c1 Improved docs for cookies
• 262ffd8 Improved docs for cookies
• 8dca568 Added example for testing with supertest
• 4ae78f6 1.0.33
• 374e1bd Fixed 132 by making sure the routers send the reply (#133)
• 2394646 Update index.js (#131)
• 13610f4 Added docs for multiple headers
• 52aa9c9 Added files docs
• 59c1399 1.0.32
• 55cd530 Avoid middleware leaking to the next middleware if it's already done. Except status() for retro-compat
• 28ceeb8 Improved example for header()
• dc6bd27 Improved example for header()
• 7db2058 Improved example for header()
• 4fa2b41 Added PDF download example
• a03e8a7 1.0.31
• 6aef548 Allowed views option to load the partials
• 106197f Fixed including also the partials for handlebars
• a6fd40e 1.0.30

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs