updated npm modules

node_modules/send/index.js

@@ -288,7 +288,7 @@ SendStream.prototype.error = function error (status, err) {
   res.statusCode = status
   res.setHeader('Content-Type', 'text/html; charset=UTF-8')
   res.setHeader('Content-Length', Buffer.byteLength(doc))
-  res.setHeader('Content-Security-Policy', "default-src 'self'")
+  res.setHeader('Content-Security-Policy', "default-src 'none'")
   res.setHeader('X-Content-Type-Options', 'nosniff')
   res.end(doc)
 }
@@ -493,7 +493,7 @@ SendStream.prototype.redirect = function redirect (path) {
   res.statusCode = 301
   res.setHeader('Content-Type', 'text/html; charset=UTF-8')
   res.setHeader('Content-Length', Buffer.byteLength(doc))
-  res.setHeader('Content-Security-Policy', "default-src 'self'")
+  res.setHeader('Content-Security-Policy', "default-src 'none'")
   res.setHeader('X-Content-Type-Options', 'nosniff')
   res.setHeader('Location', loc)
   res.end(doc)
@@ -546,7 +546,6 @@ SendStream.prototype.pipe = function pipe (res) {
 
     // join / normalize from optional root dir
     path = normalize(join(root, path))
-    root = normalize(root + sep)
   } else {
     // ".." is malicious without "root"
     if (UP_PATH_REGEXP.test(path)) {
@@ -669,7 +668,7 @@ SendStream.prototype.send = function send (path, stat) {
 
       // 416 Requested Range Not Satisfiable
       return this.error(416, {
-        headers: {'Content-Range': res.getHeader('Content-Range')}
+        headers: { 'Content-Range': res.getHeader('Content-Range') }
       })
     }