Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Snyk] Upgrade sirv-cli from 1.0.12 to 1.0.14 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade sirv-cli from 1.0.12 to 1.0.14 #2

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 16, 2022

Snyk has created this PR to upgrade sirv-cli from 1.0.12 to 1.0.14.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2021-08-14.
Release notes
Package name: sirv-cli
  • 1.0.14 - 2021-08-14

    Chores

    • (sirv): Bump @ polka/url to take advantage of this fix
  • 1.0.13 - 2021-08-13

    Patches

    • (sirv) Only use req.path if has req._decoded flag exists (#82):

      The req._decoded check was added & should have always been in there, since this was sirv's way of preventing duplicate decodeURIComponent calls. However, this was only true when it received a request from a polka@next app, since Polka was previously writing the decoded value to req.path – this changed with [email protected]

      Now that the latest polka@next (and Express) doesn't decode automatically anymore, req.path isn't trustworthy on its own. It needs req._decoded to be there too in order to trust it.

      This combo-check is backwards compatible for polka@next users who don't upgrade and will unblock Express users for the first time, who have always had a "raw" req.path value set.

  • 1.0.12 - 2021-05-24

    Patches

    • (sirv-cli): Ensure boolean options are parsed as booleans (#97): 8ebca7c
    • (sirv): Bump @ polka/url dependency version: 7c5162a

    Chores

from sirv-cli GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@atomist atomist bot added auto-branch-delete:on-close Delete branch when pull request gets closed auto-merge-method:merge Auto-merge with merge commit auto-merge:on-bpr-success Auto-merge on passed branch protection rule labels Jan 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-branch-delete:on-close Delete branch when pull request gets closed auto-merge:on-bpr-success Auto-merge on passed branch protection rule auto-merge-method:merge Auto-merge with merge commit

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot