NPM Audit reveals high vulnerability in static expiry

[SamBroner]

NPM audit reveals high vulnerability issues in dependency. This is fixable by revving fresh to 0.5.2

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 0.5.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ static-expiry │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ static-expiry > fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/526 │
└───────────────┴──────────────────────────────────────────────────────────────┘

[ethanresnick]

Thanks @SamBroner. I've pushed a commit to fix this. I don't think I have npm publishing permissions, though, so @paulwalker's gonna have to take care of that.

[Mihailoff]

@paulwalker

[plavski]

@paulwalker getting this update published would be very useful, thanks

[apolunin]

Thank you @ethanresnick for fixing this problem!
@paulwalker it would be awesome if you could find time to publish a new version to npm registry with vulnerability issue fixed.

Thank you in advance

[jorgecolonconsulting]

You could still install the static-expiry version with the security fix by installing it directly from github using the commit version: npm install paulwalker/connect-static-expiry#2bac82d. Not as flexible as relying on semver, but it's a decent workaround while the commit gets tagged and published to npm.