[Snyk] Upgrade serve-static from 1.14.1 to 2.2.0

[snyk-io]

Snyk has created this PR to upgrade serve-static from 1.14.1 to 2.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 10 versions ahead of your current version.

• The recommended version was released 4 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	88	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	88	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	88	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	88	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	88	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	88	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	88	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	88	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	88	Proof of Concept
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	88	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	88	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	88	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	88	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	88	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	88	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	88	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	88	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	88	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	88	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	88	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-173692	88	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-174183	88	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	88	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	88	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	88	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	88	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	88	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	88	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	88	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	88	Proof of Concept
	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	88	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	88	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	88	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495496	88	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495498	88	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	88	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	88	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	88	No Known Exploit
	Information Exposure SNYK-JS-ELLIPTIC-8720086	88	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	88	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	88	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	88	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	88	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	88	No Known Exploit
	Validation Bypass SNYK-JS-KINDOF-537849	88	Proof of Concept

Release notes

Package name: serve-static

• 2.2.0 - 2025-03-28
  

  What's Changed

  • refactor: zeroPad to use padStart for improved readability by @ Ayoub-Mabrouk in #182
  • ci: add CodeQl (SAST) by @ bjohansebas in #186
  • Refactor HISTORY.md header update to use String.prototype.repeat by @ Ayoub-Mabrouk in #184
  • docs: retroactively note 2.0.0-beta.1 api change in history file by @ dpopp07 in #194
  • conditionally set headers (if not already set) in redirect response by @ ljeda in #190
  • docs: remove security file by @ bjohansebas in #195
  • chore(deps): remove devDependency safe-buffer by @ Phillip9587 in #191
  • ci: updated ci workflow and remove appveyor by @ Phillip9587 in #192
  • deps: send@^1.2.0 by @ UlisesGascon in #198
  • Revert "feat: conditionally set headers (if not already set) in redirect response (#190)" by @ Phillip9587 in #200
  • Release 2.2.0 by @ UlisesGascon in #197

  New Contributors

  • @ Ayoub-Mabrouk made their first contribution in #182
  • @ bjohansebas made their first contribution in #186
  • @ dpopp07 made their first contribution in #194
  • @ ljeda made their first contribution in #190
  • @ Phillip9587 made their first contribution in #191

  Full Changelog: v2.1.0...v2.2.0

• 2.1.0 - 2024-09-10
  

  v2.1.0

• 2.0.0 - 2024-08-23
  

  2.0.0

• 2.0.0-beta.2 - 2024-03-21
  

  v2.0.0-beta.2

• 2.0.0-beta.1 - 2022-02-05
  
  • Change dotfiles option default to 'ignore'
  • Drop support for Node.js 0.8
  • Remove hidden option; use dotfiles option instead
  • deps: send@1.0.0-beta.1
    • Use mime-types for file to content type mapping
    • deps: debug@3.1.0
• 1.16.2 - 2024-09-11
  

  What's Changed

  • encodeurl@~2.0.0 by @ wesleytodd in #180

  Full Changelog: v1.16.1...v1.16.2

• 1.16.1 - 2024-09-11
  

  What's Changed

  • bump send to 0.19 by @ tommasini in #176

  New Contributors

  • @ tommasini made their first contribution in #176

  Full Changelog: 1.16.0...v1.16.1

• 1.16.0 - 2024-09-10
  

  What's Changed

  • Remove link renderization in html while redirecting (#173)

  New Contributors

  • @ UlisesGascon made their first contribution in #173

  Full Changelog: v1.15.0...1.16.0

• 1.15.0 - 2022-03-25
  
  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
• 1.14.2 - 2021-12-16
• 1.14.1 - 2019-05-11

from serve-static GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	37% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)