Skip to content
This repository was archived by the owner on May 17, 2023. It is now read-only.

Update dependency express to v4.17.2 #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency express to v4.17.2 #6

wants to merge 1 commit into from

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Nov 29, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change
express (source) dependencies patch 4.17.1 -> 4.17.2

By merging this PR, the issue #5 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2022-24999

Release Notes

expressjs/express

v4.17.2

Compare Source

===================

  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@1.19.1
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
    • deps: qs@6.9.6
    • deps: raw-body@2.4.2
    • deps: safe-buffer@5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@0.5.4
    • deps: safe-buffer@5.2.1
  • deps: cookie@0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@0.2.0
    • deps: ipaddr.js@1.9.1
  • deps: qs@6.9.6
  • deps: safe-buffer@5.2.1
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@1.14.2
    • deps: send@0.17.2
  • deps: setprototypeof@1.2.0
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 29, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.17.2 Update dependency express to v4.17.2 - autoclosed Mar 27, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/express-4.x-lockfile branch March 27, 2023 19:18
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.17.2 - autoclosed Update dependency express to v4.17.2 Mar 31, 2023
@mend-for-github-com mend-for-github-com bot reopened this Mar 31, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/express-4.x-lockfile branch March 31, 2023 04:47
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant