Update dependency restify to v4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
restify (source)	^3.0.2 -> ^4.1.0

GitHub Vulnerability Alerts

CVE-2017-16018

Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL.

Proof of Concept:

Request

https://localhost:3000/no5_such3_file7.pl?%22%3E%3Cscript%3Ealert(73541);%3C/script%3E

Will be included in response:

<script>alert(73541);</script>

Recommendation

Update to version 4.1.0 or later.

---

Release Notes

restify/node-restify (restify)

v4.1.0

Compare Source

v4.0.4

Compare Source

v4.0.3: Restify 4.0.3

Compare Source

This release is a quick fix for people that are getting a different error code when on Node 4 when the Content Length is too long for the Body Parser.

You only need to upgrade if you are running iojs 3.0+ or Node 4+.

Changelog:
#​917 Fix: HTTP 413 status name, Micah Ransdell

v4.0.2: Restify 4.0.2

Compare Source

After a little bit of a hiccup with 4.0.1, we are back in the saddle with 4.0.2. This release adds proper Node 4 support by upgrading dtrace-provider to 0.6.

#​887 Bump dtrace-provider to 0.6.0 for Node 4 support, Corbin Uselton

Thanks to our newest contributor, Corbin Uselton (@​corbinu) for the help.

v4.0.0: Restify 4

Compare Source

There are lots of changes in Restify 4. See below for a list of pull requests that were merged in. There were quite a few bugs fixed, and a few new features added. Thanks to all our contributors for their hard work!

#​877 content-type can be case-insensitive. Yunong Xiao
#​856 update various dependencies. Alex Liu
#​851 fix formatters such that they always return cb. Yunong Xiao
#​847 fix body parser race condition. Yunong Xiao
#​842 add req.matchedVersion() Nathan Peck, Micah Ransdell
#​840 Fix issue with server toString Method. OiNutter, Micah Ransdell
#​836 Add JSDoc comments. Alex Liu
#​835 Update static.js to allow for serving static files that do not use the route as a path. Wavewash, Micah Ransdell
#​831 Support hash option to Formidable for multipart file uploads. blakevanian, ManRueda
#​832 Updated dtrace-provider. yads
#​812 add query parameters to auditlogger. Alex Liu
#​800 Allow 0, false, and null as json body. Alex Dobeck
#​771 q-value choice on wildcards ignores default q-value of 1. Kevin Peno
#​822 Allow optional headers to be added as properties to bunyan logs. Michael Paulson.
#​824 Don't include large coverage files in published packages. Trent Mick
#​819 Add a feature to allow the expiration of old unprocessed requests. Michael Paulson
#​803 Add redirect support to Response. Alex Liu
#​686 res.send can't send 0, false and null. Alex Dobeck

v3.0.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.