[Snyk] Security upgrade fastify-static from 3.3.0 to 4.2.4
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
471/1000 Why? Recently disclosed, Has a fix available, CVSS 3.7 |
Open Redirect SNYK-JS-FASTIFYSTATIC-1728398 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: fastify-static
The new version differs by 67 commits.- d97b2cf Bumped v4.2.4
- 861e0e9 Merge pull request from GHSA-p6vg-p826-qp3v
- 521b641 docs(readme): fix the 'download' method examples (#237)
- 905468d build(deps): bump actions/setup-node from 2.4.0 to 2.4.1 (#236)
- 2e97bdd fix(docs): list example and index option (#235)
- a1a02cd Bump fastify/github-action-merge-dependabot from 2.4.0 to 2.5.0 (#233)
- da1c3f0 Bump fastify/github-action-merge-dependabot from 2.3.0 to 2.4.0 (#229)
- 587ef15 Bump fastify/github-action-merge-dependabot from 2.2.0 to 2.3.0 (#228)
- 27e7035 Bump actions/setup-node from 2.3.2 to 2.4.0 (#227)
- 652252b Bump actions/setup-node from 2.3.1 to 2.3.2 (#226)
- 526d154 Bumped v4.2.3
- fa907a0 fix: call 404 handler if requested path is a dotfile (#225)
- 5656185 Bump actions/setup-node from 2.3.0 to 2.3.1 (#224)
- 05be32e Bump actions/setup-node from 2.2.0 to 2.3.0 (#223)
- ac7dd13 Merge pull request #217 from olmesm/patch-1
- d1a1bc2 Update README.md
- a170820 Bump fastify/github-action-merge-dependabot from 2.1.1 to 2.2.0 (#216)
- 03e36a5 Bump @ types/node from 15.14.1 to 16.0.0 (#215)
- 3b295fe Bump actions/setup-node from 2.1.5 to 2.2.0 (#213)
- fd28156 Bump tsd from 0.16.0 to 0.17.0 (#211)
- ab59c02 Bump fastify/github-action-merge-dependabot from 2.1.0 to 2.1.1 (#210)
- 5f10868 Bump tsd from 0.15.1 to 0.16.0 (#209)
- a8fb02d Bump fastify/github-action-merge-dependabot from 2.0.0 to 2.1.0 (#207)
- 2a1ebd8 Bumped v4.2.2
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report