[Snyk] Upgrade: gulp-plumber, http-server

[NOUIY]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

gulp-plumber
from 1.2.0 to 1.2.1 | 1 version ahead of your current version | 6 years ago
on 2018-11-27
http-server
from 0.11.1 to 0.13.0 | 6 versions ahead of your current version | 3 years ago
on 2021-08-07

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Override Protection Bypass npm:qs:20170213	589	No Known Exploit
	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	589	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	589	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	589	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	589	Proof of Concept

Release notes

Package name: gulp-plumber

• 1.2.1 - 2018-11-27
  

  1.2.1

• 1.2.0 - 2018-01-06
  

  1.2.0

from gulp-plumber GitHub release notes

Package name: http-server

• 0.13.0 - 2021-08-07
  

  A long time coming, the next major release for http-server! This will be the final release before a switch to actual semantic versioning. This release's major achievement is the internalization of the functionality of the now-abandoned ecstatic library, thus removing it as a dependency. Huge thanks to @ zbynek for help on that front, as well as several other included changes.

  Breaking changes:

  • No longer sends the header server: http-server-${version} with every response

  New features:

  • All responses include Accept-Ranges: bytes to advertise support for partial requests

  Fixes

  • Removes dependency on the abandoned ecstatic library
  • Dependency upgrades to fix several security alerts
  • http-server -a 0.0.0.0 will now do what you told it to do, rather than overriding the address to 127.0.0.1
  • Will no longer serve binary files with a charset in the Content-Type, fixing serving WebAssembly files, among other issues
  • Support .mjs MimeType correctly

  Internal

  • Switched from Travis to GH Actions for CI
• 0.12.3 - 2020-04-27
  

  Patch release to package man page

• 0.12.2 - 2020-04-27
  

  In this release we:

  • Move from optimist to minimist
  • Add a man page
  • Update README screenshots
  • Fix a couple miscellaneous bugs
• 0.12.1 - 2020-01-08
  

  0.12.1

• 0.12.0 - 2019-11-26
  

  0.12.0

• 0.11.2 - 2021-08-07
  

  Upgrades several dependencies to avoid security vulnerabilities, especially as mentioned in #707.

• 0.11.1 - 2018-01-10
  

  Bumping version to deal with npm line ending
  issues.

from http-server GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs