Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency send to v0.16.0 #7

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency send to v0.16.0 #7

wants to merge 1 commit into from

Conversation

dev-mend-for-github-com[bot]
Copy link
Contributor

@dev-mend-for-github-com dev-mend-for-github-com bot commented May 8, 2022
edited

This PR contains the following updates:

Package Type Update Change
send dependencies minor 0.11.1 -> 0.16.0

By merging this PR, the issue #2 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2015-8315
High High 7.5 CVE-2017-16119
High High 7.5 CVE-2017-16138
Medium Medium 5.3 CVE-2017-16137
Low Low 3.4 WS-2017-0247

Release Notes

pillarjs/send

v0.16.0

Compare Source

===================

  • Add immutable option
  • Fix missing </html> in default error & redirects
  • Use instance methods on steam to check for listeners
  • deps: mime@1.4.1
    • Add 70 new types for file extensions
    • Set charset as "UTF-8" for .js and .json
  • perf: improve path validation speed

v0.15.6

Compare Source

===================

  • deps: debug@2.6.9
  • perf: improve If-Match token parsing

v0.15.5

Compare Source

===================

  • deps: etag@~1.8.1
    • perf: replace regular expression with substring
  • deps: fresh@0.5.2
    • Fix handling of modified headers with invalid dates
    • perf: improve ETag match loop
    • perf: improve If-None-Match token parsing

v0.15.4

Compare Source

===================

  • deps: debug@2.6.8
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading
  • deps: http-errors@~1.6.2
    • deps: depd@1.1.1

v0.15.3

Compare Source

===================

  • deps: debug@2.6.7
    • deps: ms@2.0.0
  • deps: ms@2.0.0

v0.15.2

Compare Source

===================

  • deps: debug@2.6.4
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@0.7.3
  • deps: ms@1.0.0

v0.15.1

Compare Source

===================

  • Fix issue when Date.parse does not return NaN on invalid date
  • Fix strict violation in broken environments

v0.15.0

Compare Source

===================

  • Support If-Match and If-Unmodified-Since headers
  • Add res and path arguments to directory event
  • Remove usage of res._headers private field
    • Improves compatibility with Node.js 8 nightly
  • Send complete HTML document in redirect & error responses
  • Set default CSP header in redirect & error responses
  • Use res.getHeaderNames() when available
  • Use res.headersSent when available
  • deps: debug@2.6.1
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable set to 3 or higher
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • deps: etag@~1.8.0
  • deps: fresh@0.5.0
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • perf: delay reading header values until needed
    • perf: enable strict mode
    • perf: hoist regular expressions
    • perf: remove duplicate conditional
    • perf: remove unnecessary boolean coercions
    • perf: skip checking modified time if ETag check failed
    • perf: skip parsing If-None-Match when no ETag header
    • perf: use Date.parse instead of new Date
  • deps: http-errors@~1.6.1
    • Make message property enumerable for HttpErrors
    • deps: setprototypeof@1.0.3

v0.14.2

Compare Source

===================

  • deps: http-errors@~1.5.1
    • deps: inherits@2.0.3
    • deps: setprototypeof@1.0.2
    • deps: statuses@'>= 1.3.1 < 2'
  • deps: ms@0.7.2
  • deps: statuses@~1.3.1

v0.14.1

Compare Source

===================

  • Fix redirect error when path contains raw non-URL characters
  • Fix redirect when path starts with multiple forward slashes

v0.14.0

Compare Source

===================

  • Add acceptRanges option
  • Add cacheControl option
  • Attempt to combine multiple ranges into single range
  • Correctly inherit from Stream class
  • Fix Content-Range header in 416 responses when using start/end options
  • Fix Content-Range header missing from default 416 responses
  • Ignore non-byte Range headers
  • deps: http-errors@~1.5.0
    • Add HttpError export, for err instanceof createError.HttpError
    • Support new code 421 Misdirected Request
    • Use setprototypeof module to replace __proto__ setting
    • deps: inherits@2.0.1
    • deps: statuses@'>= 1.3.0 < 2'
    • perf: enable strict mode
  • deps: range-parser@~1.2.0
    • Fix incorrectly returning -1 when there is at least one valid range
    • perf: remove internal function
  • deps: statuses@~1.3.0
    • Add 421 Misdirected Request
    • perf: enable strict mode
  • perf: remove argument reassignment

v0.13.2

Compare Source

===================

  • Fix invalid Content-Type header when send.mime.default_type unset

v0.13.1

Compare Source

===================

  • deps: depd@~1.1.0
    • Support web browser loading
    • perf: enable strict mode
  • deps: destroy@~1.0.4
    • perf: enable strict mode
  • deps: escape-html@~1.0.3
    • perf: enable strict mode
    • perf: optimize string replacement
    • perf: use faster string coercion
  • deps: range-parser@~1.0.3
    • perf: enable strict mode

v0.13.0

Compare Source

===================

  • Allow Node.js HTTP server to set Date response header
  • Fix incorrectly removing Content-Location on 304 response
  • Improve the default redirect response headers
  • Send appropriate headers on default error response
  • Use http-errors for standard emitted errors
  • Use statuses instead of http module for status messages
  • deps: escape-html@1.0.2
  • deps: etag@~1.7.0
    • Improve stat performance by removing hashing
  • deps: fresh@0.3.0
    • Add weak ETag matching support
  • deps: on-finished@~2.3.0
    • Add defined behavior for HTTP CONNECT requests
    • Add defined behavior for HTTP Upgrade requests
    • deps: ee-first@1.1.1
  • perf: enable strict mode
  • perf: remove unnecessary array allocations

v0.12.3

Compare Source

===================

  • deps: debug@~2.2.0
    • deps: ms@0.7.1
  • deps: depd@~1.0.1
  • deps: etag@~1.6.0
  • Improve support for JXcore
  • Support "fake" stats objects in environments without fs
  • deps: ms@0.7.1
    • Prevent extraordinarily long inputs
  • deps: on-finished@~2.2.1

v0.12.2

Compare Source

===================

  • Throw errors early for invalid extensions or index options
  • deps: debug@~2.1.3
    • Fix high intensity foreground color for bold
    • deps: ms@0.7.0

v0.12.1

Compare Source

===================

  • Fix regression sending zero-length files

v0.12.0

Compare Source

===================

  • Always read the stat size from the file
  • Fix mutating passed-in options
  • deps: mime@1.3.4
  • If you want to rebase/retry this PR, click this checkbox.

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by WhiteSource label May 8, 2022
@dev-mend-for-github-com dev-mend-for-github-com bot changed the title Update dependency send to v0.15.6 Update dependency send to v0.16.0 May 10, 2022
@dev-mend-for-github-com
Copy link
Contributor Author

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants