[Snyk] Upgrade express from 4.15.3 to 4.19.2 #12

beckitrue · 2024-04-25T17:20:13Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.15.3 to 4.19.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 18 versions ahead of your current version.
The recommended version was released a month ago, on 2024-03-25.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:forwarded:20170908	375/1000 Why? CVSS 7.5	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:mime:20170907	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

4.19.2 - 2024-03-25
4.19.1 - 2024-03-20
What's Changed
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
Full Changelog: 4.19.0...4.19.1
4.19.0 - 2024-03-20
What's Changed
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
New Contributors
- @ crandmck made their first contribution in #5541
Full Changelog: 4.18.3...4.19.0
4.18.3 - 2024-02-29
Main Changes
- Fix routing requests without method
- deps: body-parser@1.20.2
  - Fix strict json error message on Node.js 19+
  - deps: content-type@~1.0.5
  - deps: raw-body@2.5.2
Other Changes
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
New Contributors
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
Full Changelog: 4.18.2...4.18.3
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
  - deps: qs@6.11.0
  - perf: remove unnecessary object clone
- deps: qs@6.11.0
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 - 2022-04-25
Read more
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: negotiator@0.6.3
- deps: body-parser@1.19.2
  - deps: bytes@3.1.2
  - deps: qs@6.9.7
  - deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: body-parser@1.19.1
  - deps: bytes@3.1.1
  - deps: http-errors@1.8.1
  - deps: qs@6.9.6
  - deps: raw-body@2.4.2
  - deps: safe-buffer@5.2.1
  - deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
  - deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: forwarded@0.2.0
  - deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
  - deps: http-errors@1.8.1
  - deps: ms@2.1.3
  - pref: ignore empty http tokens
- deps: serve-static@1.14.2
  - deps: send@0.17.2
- deps: setprototypeof@1.2.0
4.17.1 - 2019-05-26
4.17.0 - 2019-05-17
4.16.4 - 2018-10-11
4.16.3 - 2018-03-12
4.16.2 - 2017-10-10
4.16.1 - 2017-09-29
4.16.0 - 2017-09-28
4.15.5 - 2017-09-25
4.15.4 - 2017-08-07
4.15.3 - 2017-05-17

from express GitHub release notes

Commit messages

Package name: express

b28db2c 4.19.2
0b74695 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
4ee853e docs: loosen TC activity rules
414854b docs: nominating @ wesleytodd to be project captian
06c6b88 docs: update release date
1b51eda 4.18.3
b625132 build: pin Node 21.x to minor
e3eca80 build: pin Node 21.x to minor
23b44b3 build: support Node.js 21.6.2
b9fea12 build: support Node.js 21.x in appveyor
c259c34 build: support Node.js 21.x
fdeb1d3 build: support Node.js 20.x in appveyor
734b281 build: support Node.js 20.x
0e3ab6e examples: improve view count in cookie-sessions
59af63a build: Node.js@18.19
e720c5a docs: add documentation for benchmarks

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade express from 4.15.3 to 4.19.2. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/iam-KPWiZJYntQ5PW7Pgqw4LGq/project/1c763761-7d40-460f-b2a3-de318052cebe?utm_source=github&utm_medium=referral&page=upgrade-pr

beckitrue requested a review from a team as a code owner April 25, 2024 17:20

beckitrue requested review from gausnes and lostinauth0 April 25, 2024 17:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade express from 4.15.3 to 4.19.2 #12

[Snyk] Upgrade express from 4.15.3 to 4.19.2 #12

beckitrue commented Apr 25, 2024

What's Changed

What's Changed

New Contributors

Main Changes

Other Changes

New Contributors

[Snyk] Upgrade express from 4.15.3 to 4.19.2 #12

Are you sure you want to change the base?

[Snyk] Upgrade express from 4.15.3 to 4.19.2 #12

Conversation

beckitrue commented Apr 25, 2024

Snyk has created this PR to upgrade express from 4.15.3 to 4.19.2.

What's Changed

What's Changed

New Contributors

Main Changes

Other Changes

New Contributors