Update dependency serve to v10.1.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
serve	10.0.0 -> 10.1.2

GitHub Vulnerability Alerts

GHSA-xw79-hhv6-578c

Versions of serve prior to 10.0.2 are vulnerable to Cross-Site Scripting (XSS). The package does not encode output, allowing attackers to execute arbitrary JavaScript in the victim's browser if user-supplied input is rendered.

Recommendation

Upgrade to version 10.0.2 or later.

GHSA-48gc-5j93-5cfq

Versions of serve prior to 10.1.2 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through relative paths, which allows attackers to access hidden folders and files.

Recommendation

Upgrade to version 10.1.2 or later.

GHSA-cpgr-wmr9-qxv4

Versions of serve prior to 10.0.2 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code.

Recommendation

Upgrade to version 10.0.2 or later.

---

Release Notes

vercel/serve (serve)

v10.1.2

Compare Source

Patches

• Use os.networkInterfaces() to detect network address: #​492
• Bumped serve-handler to latest version: #​505

Credits

Huge thanks to @​saintwinkle for helping!

v10.1.1

Compare Source

Patches

• Properly encode redirect responses: #​491

v10.1.0

Compare Source

Minor Changes

• Added support for compression: #​487
• Added NO_UPDATE_CHECK environment flag: #​457
• Brought back support for ephemeral port switching: #​490

Patches

• Bumped serve-handler to the latest version: #​488
• Deprecate support for now.json and package.json: #​489

Credits

Huge thanks to @​leeyeh for helping!

v10.0.2

Compare Source

Patches

• Bumped serve-handler to the latest version: #​480

v10.0.1

Compare Source

Patches

• Bumped @zeit/schemas to the latest version: #​475

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit