[Snyk] Security upgrade koa-router from 7.4.0 to 11.0.2

[medeiser]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-URIJS-1055003	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-1078286	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-1319803	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-URIJS-1319806	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2401466	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URIJS-2415026	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-2419067	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Misinterpretation of Input SNYK-JS-URIJS-2440699	Yes	Proof of Concept
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: koa-router

The new version differs by 91 commits.

• 8fe1d54 11.0.1
• d2ad849 feat: allow set router host match (#156)
• 54a3198 11.0.0
• fdf7117 chore: drop node 12 from tests
• d0c6d8b feat: require node >= 12, modernize, bump deps
• 68253f6 fix(lib/test/doc): fix jsdoc and typo (#146)
• c6a8fc8 feat: add `exclusive` option (#129)
• 3454a7d doc: add comma for better understanding (#145)
• 13a634d Support symbols as route names (#143)
• 6ba3efa feat(deps): update minimal version from 8 -> 12 (#152)
• 6db0e68 feat(default-params): replace || cond with default params (#153)
• 6aca720 Improve path checking before route registration (#155)
• 4fb50ac improve doc for prefix method. (#151)
• 65414f4 * update deps (#150)
• 1aead99 doc: add header to refer to api reference. (#112)
• 05fe8dd Include type installation instructions in README (#134)
• 5cec6fb Replace user with ctx.user in param docs (#136)
• 90dd73c 10.1.1
• 904db98 Correct @ hapi/boom usage example (#128)
• fa48560 10.1.0
• e9fa04b Fix additional entry inejcted to params (#124)
• 344ba0b 10.0.0
• 89b7c02 Allow router.redirect() to accept external destinations (#110)
• 56735f0 v9.4.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn