[Snyk] Upgrade hexo-server from 0.2.2 to 2.0.0

[snyk-bot]

Snyk has created this PR to upgrade hexo-server from 0.2.2 to 2.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2020-08-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: hexo-server

• 2.0.0 - 2020-08-09
  

  Breaking change

  • Drop Node 8 [#138] [#130]

  Feature

  • feat: support page with trailing '.html' @ curbengh [#111]
    • When a page is available on http://yoursite.com/about.html, browsing http://yoursite.com/about will be served with "about.html" page.
    • When pretty_urls is used,

    pretty_urls: 
      trailing_index: false # defaults to true

    • Browsing http://yoursite.com/about.html will 301-redirect to http://yoursite.com/about.

    pretty_urls: 
      trailing_html: false # defaults to true

    • Browsing http://yoursite.com/2020/01/02/foo/index.html will 301-redirect to http://yoursite.com/2020/01/02/foo/.
    • This ensure a page only has one canonical permalink.

  Changes

  • Add GitHub Actions @ curbengh (#138)
  • ci: add Node 14 @ curbengh (#137)
  • ci: drop Node.js 8 @ SukkaW (#130)
  • chore: add release-drafter @ yoshinorin (#123)
  • docs(README): add description about cache @ SukkaW (#107)

  Dependencies

  • chore(deps-dev): bump hexo from 3.9.0 to 5.0.0 [#104] [#139]
  • chore(deps-dev): bump mocha from 6.2.2 to 8.0.1 [#126] [#135]
  • chore(deps-dev): bump eslint from 6.8.0 to 7.0.0 (#133)
  • chore(deps-dev): bump hexo-fs from 2.0.0 to 3.0.1 (#129)
  • chore(deps-dev): bump sinon from 7.5.0 to 9.0.2 (#128)
  • chore(deps): bump chalk from 2.4.2 to 4.0.0 [#105] [#127]
  • chore(deps-dev): bump mocha from 6.2.2 to 7.1.1 (#126)
  • chore(deps-dev): bump uuid from 3.4.0 to 8.0.0 @ SukkaW [#122] [#132]
  • chore(deps-dev): bump nyc from 14.1.1 to 15.0.0 (#108)
  • Bump eslint-config-hexo from 3.0.0 to 4.0.0 (#106)
  • Bump open from 6.4.0 to 7.0.0 (#103)
• 1.0.0 - 2019-09-02
  

  Breaking change

  • Drop node 6 (#87)

  Refactor

  • Refactor: es2016nify (#68)
  • refactor: Test refactor es2016 (#67)

  Housekeeping

  • Move jscs to eslint (#65)
• 0.3.3 - 2018-08-26
  

  0.3.3

• 0.3.2 - 2018-05-05
  

  0.3.2

• 0.3.1 - 2018-01-02
  

  Fixes

  • Fix default server config to listen on both IPv4 and IPv6. (#41)
• 0.3.0 - 2017-12-18
  

  Features

  • serveStatic option pass-through #36
  • Serve on all interfaces by default #39
• 0.2.2 - 2017-07-27
  

  Fixes

  • Fix the fs.SyncWriteStream is deprecated warning.

from hexo-server GitHub release notes

Commit messages

Package name: hexo-server

• 5693469 Merge pull request Docs - Client API - Update description about io(url) socketio/socket.io-website#140 from curbengh/v2.0.0
• 294da08 release: 2.0.0
• a146d2d Merge pull request Bug: client API - io() returns 400 BAD REQUEST when passing window.location socketio/socket.io-website#139 from hexojs/dependabot/npm_and_yarn/hexo-5.0.0
• 4af84ab chore(deps-dev): bump hexo from 4.2.1 to 5.0.0
• 634b41f merge(abc order socketio/socket.io-website#138): from curbengh/node-10
• f742e58 ci: add GitHub Actions
• b0a5ab6 chore: drop Node 8
• be420d1 Merge pull request plural socketio/socket.io-website#111 from curbengh/trailing-html
• 96f02dd test(pretty_urls): default options should not redirect
• 74b9d54 test: config is reset before each test
• 186b6dc feat: redirect based on pretty_urls option
• ee2805b Merge pull request [Feature request]: Visual difference between server-api and client-api docs socketio/socket.io-website#137 from curbengh/node-14
• f6036d3 feat: support page with trailing '.html'
• 6ff5c87 ci(appveyor): prioritize newer Node
• 6f59ce2 ci: add Node 14
• d13af17 chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 (Remove --save option in npm commands socketio/socket.io-website#135)
• f0fb484 chore(deps-dev): bump eslint from 6.8.0 to 7.0.0 (Fixed Documentation Definition of Socket.join socketio/socket.io-website#133)
• b1aa459 chore(deps): bump uuid from 7.0.3 to 8.0.0 (Fix Socket Client JS not accessible. socketio/socket.io-website#132)
• e8fa6c4 chore(deps-dev): bump hexo-fs from 2.0.0 to 3.0.1 (Wrong tweet link socketio/socket.io-website#129)
• 6158246 chore(deps-dev): bump sinon from 7.5.0 to 9.0.2 (Update 20150413-socket-io-cpp.md socketio/socket.io-website#128)
• 40660f4 chore(deps): bump chalk from 3.0.0 to 4.0.0 (Update 20150309-ios.md socketio/socket.io-website#127)
• d8550d1 ci: drop Node.js 8 (Change user name by user id socketio/socket.io-website#130)
• 36e562d chore: add release-drafter (Video missing in get-started chat example under 'Emitting events' heading socketio/socket.io-website#123)
• d0aba7e chore(deps-dev): bump mocha from 6.2.2 to 7.1.1 (Improve Documentation around Using Socket.IO with multiple nodes socketio/socket.io-website#126)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs