Gatsby: Upgrade `serve` dependency to version 7

Created on 18 Jul 2018  路  2Comments  路  Source: gatsbyjs/gatsby

Description

There's a security vulnerability in serve that GitHub just started flagging. The fix is to upgrade serve to serve@^7.0.0. Currently we're still on version 6.

https://github.com/gatsbyjs/gatsby/blob/d8aaa2f346ea30fac760b0fb4359bb251779525a/packages/gatsby/package.json#L117

Steps to Solve

  • [ ] Run yarn install serve@latest in the gatsby package
  • [ ] Ensure gatsby serve continues to work as expected
  • [ ] Spread the word that everyone should upgrade to remove the vulnerability

We should apply this upgrade to both v1 and v2, assuming there are no breaking changes for v1.

help wanted bug
Source
picture jlengstorf
👍3

Most helpful comment

The latest version is 9.2.0, so it's probably worth updating all the way up to that.

picture m-allanson on 18 Jul 2018
👍3

All 2 comments

The latest version is 9.2.0, so it's probably worth updating all the way up to that.

m-allanson picture m-allanson on 18 Jul 2018
👍3

This was handled in the above mentioned PRs, thanks folks!

m-allanson picture m-allanson on 27 Jul 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hobochild picture hobochild  路  3Comments
dustinhorton picture dustinhorton  路  3Comments
andykais picture andykais  路  3Comments
jimfilippou picture jimfilippou  路  3Comments
rossPatton picture rossPatton  路  3Comments