Skip to content

[Snyk] Security upgrade fastify-static from 3.3.0 to 4.2.4

m03geek requested to merge snyk-fix-e7d87e6f83a18704d6a8008f37172087 into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Open Redirect
SNYK-JS-FASTIFYSTATIC-1728398 		Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: fastify-static The new version differs by 67 commits.
  • d97b2cf Bumped v4.2.4
  • 861e0e9 Merge pull request from GHSA-p6vg-p826-qp3v
  • 521b641 docs(readme): fix the 'download' method examples (#237)
  • 905468d build(deps): bump actions/setup-node from 2.4.0 to 2.4.1 (#236)
  • 2e97bdd fix(docs): list example and index option (#235)
  • a1a02cd Bump fastify/github-action-merge-dependabot from 2.4.0 to 2.5.0 (#233)
  • da1c3f0 Bump fastify/github-action-merge-dependabot from 2.3.0 to 2.4.0 (#229)
  • 587ef15 Bump fastify/github-action-merge-dependabot from 2.2.0 to 2.3.0 (#228)
  • 27e7035 Bump actions/setup-node from 2.3.2 to 2.4.0 (#227)
  • 652252b Bump actions/setup-node from 2.3.1 to 2.3.2 (#226)
  • 526d154 Bumped v4.2.3
  • fa907a0 fix: call 404 handler if requested path is a dotfile (#225)
  • 5656185 Bump actions/setup-node from 2.3.0 to 2.3.1 (#224)
  • 05be32e Bump actions/setup-node from 2.2.0 to 2.3.0 (#223)
  • ac7dd13 Merge pull request #217 from olmesm/patch-1
  • d1a1bc2 Update README.md
  • a170820 Bump fastify/github-action-merge-dependabot from 2.1.1 to 2.2.0 (#216)
  • 03e36a5 Bump @ types/node from 15.14.1 to 16.0.0 (#215)
  • 3b295fe Bump actions/setup-node from 2.1.5 to 2.2.0 (#213)
  • fd28156 Bump tsd from 0.16.0 to 0.17.0 (#211)
  • ab59c02 Bump fastify/github-action-merge-dependabot from 2.1.0 to 2.1.1 (#210)
  • 5f10868 Bump tsd from 0.15.1 to 0.16.0 (#209)
  • a8fb02d Bump fastify/github-action-merge-dependabot from 2.0.0 to 2.1.0 (#207)
  • 2a1ebd8 Bumped v4.2.2

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports