Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~4.10.1
->~4.15.5
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
expressjs/express
v4.15.5
Compare Source
===================
If-None-Match
token parsingIf-Match
token parsingv4.15.4
Compare Source
===================
Buffer
loadingv4.15.3
Compare Source
===================
res.set
cannot add charset toContent-Type
DEBUG_MAX_ARRAY_LENGTH
</html>
in HTML documentv4.15.2
Compare Source
===================
[
v4.15.1
Compare Source
===================
Date.parse
does not returnNaN
on invalid dateDate.parse
does not returnNaN
on invalid datev4.15.0
Compare Source
===================
next("router")
to exit from routerrouter.use
skipped requests routes did notres._headers
private fieldreq.url
is not set%o
in path debug to tell types apartObject.create
to setup request & response prototypessetprototypeof
module to replace__proto__
settingstatuses
instead ofhttp
module for status messagesDEBUG_FD
environment variable set to3
or highererr
cannot be converted to a stringContent-Security-Policy: default-src 'self'
headerno-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specIf-None-Match
when noETag
headerDate.parse
instead ofnew Date
no-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specres._headers
private fieldIf-Match
andIf-Unmodified-Since
headersres.getHeaderNames()
when availableres.headersSent
when availableno-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specres._headers
private fieldIf-Match
andIf-Unmodified-Since
headersres.getHeaderNames()
when availableres.headersSent
when available*
routereq.ips
performancev4.14.1
Compare Source
===================
err.headers
is not an objectv4.14.0
Compare Source
===================
acceptRanges
option tores.sendFile
/res.sendfile
cacheControl
option tores.sendFile
/res.sendfile
options
argument toreq.range
combine
optionres.location
/res.redirect
if not already encodedres.sendFile
/res.sendfile
req.get()
res.json
/res.jsonp
in most casesRange
header handling inres.sendFile
/res.sendfile
Accept
parsingAccept
parameters with quoted equalsAccept
parameters with quoted semicolonssameSite
optionMax-Age
to never be a floating point numberencode
is not a functionexpires
is not aDate
serialize
err.statusCode
iferr.status
is invaliderr.headers
objectstatuses
instead ofhttp
module for status messagesdecoder
option inparse
functioncombine
option to combine overlapping rangesacceptRanges
optioncacheControl
optionStream
classContent-Range
header in 416 responses when usingstart
/end
optionsContent-Range
header missing from default 416 responsespath
contains raw non-URL characterspath
starts with multiple forward slashesRange
headersacceptRanges
optioncacheControl
optionreq.url
contains raw non-URL charactersRange
headersfield
argumentv4.13.4
Compare Source
===================
serialize
v4.13.3
Compare Source
===================
mergeParams: true
req.params
v4.13.2
Compare Source
===================
v4.13.1
Compare Source
===================
hasOwnProperty
v4.13.0
Compare Source
===================
res.format
error when onlydefault
providednext('route')
inapp.param
would incorrectly skip valuesdecodeURIComponent
URIError
s are a 400*
before params in routesres.cookie
to callres.append
array-flatten
module for flattening arraysstatusCode
property onError
objectsunpipe
module for unpiping requestsETag
matching supportCONNECT
requestsUpgrade
requestsDate
response headerContent-Location
on 304 responsehttp-errors
for standard emitted errorsstatuses
instead ofhttp
module for status messagesfallthrough
optionnext()
instead of 400app.render
try blockView
http.STATUS_CODES
v4.12.4
Compare Source
===================
fs
isFinished(req)
when data bufferedconstructor
v4.12.3
Compare Source
===================
hasOwnProperty
is presentextensions
orindex
optionsv4.12.2
Compare Source
===================
"Request aborted"
is logged usingres.sendFile
v4.12.1
Compare Source
===================
ECONNRESET
errors fromres.sendFile
usagereq.host
when using "trust proxy" hops countreq.protocol
/req.secure
when using "trust proxy" hops countcode
on aborted connections fromres.sendFile
v4.12.0
Compare Source
===================
"trust proxy"
setting to inherit when app is mountedETag
s for all request responsesGET
andHEAD
requestscontent-type
to parseContent-Type
headersoptions
hasBody
Transfer-Encoding
check*/*
)v4.11.2
Compare Source
===================
res.redirect
double-callingres.end
forHEAD
requestsv4.11.1
Compare Source
===================
v4.11.0
Compare Source
===================
res.append(field, val)
to append headers:
inname
forapp.param(name, fn)
req.param()
-- usereq.params
,req.body
, orreq.query
insteadapp.param(fn)
OPTIONS
responses to include theHEAD
method properlyres.sendFile
not always detecting aborted connectionv4.10.8
Compare Source
===================
OPTIONS
response handlerv4.10.7
Compare Source
===================
Allow
header forOPTIONS
to not contain duplicate methodsres.sendFile
whenHEAD
or 304v4.10.6
Compare Source
===================
req.fresh
/req.stale
without response headersv4.10.5
Compare Source
===================
res.send
double-callingres.end
forHEAD
requestsv4.10.4
Compare Source
===================
res.sendfile
logging standard write errorsv4.10.3
Compare Source
===================
res.sendFile
logging standard write errorsarrayLimit
behaviorv4.10.2
Compare Source
===================