From 93a19eaac6d8e39f875dde1cd80fedd7cc33272d Mon Sep 17 00:00:00 2001 From: Alexandre Pereira Date: Tue, 2 Apr 2024 15:08:55 +0100 Subject: [PATCH] feat: bump express to ^4.19.2 Due to CVE-2024-29041, we should bump express to version 4.19.2 or higher --- .changeset/afraid-bears-fry.md | 9 +++++++++ integration/package.json | 2 +- packages/remix-dev/package.json | 2 +- packages/remix-express/package.json | 4 ++-- packages/remix-serve/package.json | 2 +- scripts/playground/template/package.json | 2 +- templates/express/package.json | 2 +- templates/unstable-vite-express/package.json | 2 +- 8 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 .changeset/afraid-bears-fry.md diff --git a/.changeset/afraid-bears-fry.md b/.changeset/afraid-bears-fry.md new file mode 100644 index 00000000000..2f2eb5dc663 --- /dev/null +++ b/.changeset/afraid-bears-fry.md @@ -0,0 +1,9 @@ +--- +"integration-tests": patch +"remix": patch +"@remix-run/dev": patch +"@remix-run/express": patch +"@remix-run/serve": patch +--- + +feat: bump express to ^4.19.2 \ No newline at end of file diff --git a/integration/package.json b/integration/package.json index c1083a8f9ac..11fc769394c 100644 --- a/integration/package.json +++ b/integration/package.json @@ -15,7 +15,7 @@ "cross-spawn": "^7.0.3", "dedent": "^0.7.0", "execa": "^5.1.1", - "express": "^4.17.1", + "express": "^4.19.2", "fs-extra": "^10.0.0", "get-port": "^5.1.1", "glob": "8.0.3", diff --git a/packages/remix-dev/package.json b/packages/remix-dev/package.json index e8773368213..92d214dd83f 100644 --- a/packages/remix-dev/package.json +++ b/packages/remix-dev/package.json @@ -44,7 +44,7 @@ "esbuild-plugins-node-modules-polyfill": "^1.6.0", "execa": "5.1.1", "exit-hook": "2.2.1", - "express": "^4.17.1", + "express": "^4.19.2", "fs-extra": "^10.0.0", "get-port": "^5.1.1", "gunzip-maybe": "^1.4.2", diff --git a/packages/remix-express/package.json b/packages/remix-express/package.json index 485cdcbaae5..57bb52f8ebd 100644 --- a/packages/remix-express/package.json +++ b/packages/remix-express/package.json @@ -20,13 +20,13 @@ "@types/express": "^4.17.9", "@types/node": "^18.17.1", "@types/supertest": "^2.0.10", - "express": "^4.17.1", + "express": "^4.19.2", "node-mocks-http": "^1.10.1", "supertest": "^6.3.3", "typescript": "^5.1.6" }, "peerDependencies": { - "express": "^4.17.1", + "express": "^4.19.2", "typescript": "^5.1.0" }, "peerDependenciesMeta": { diff --git a/packages/remix-serve/package.json b/packages/remix-serve/package.json index b58ab3d733a..b28451c5bd1 100644 --- a/packages/remix-serve/package.json +++ b/packages/remix-serve/package.json @@ -19,7 +19,7 @@ "@remix-run/node": "2.2.0", "chokidar": "^3.5.3", "compression": "^1.7.4", - "express": "^4.17.1", + "express": "^4.19.2", "get-port": "5.1.1", "morgan": "^1.10.0", "source-map-support": "^0.5.21" diff --git a/scripts/playground/template/package.json b/scripts/playground/template/package.json index 9ed64c5ff06..2319f8206ea 100644 --- a/scripts/playground/template/package.json +++ b/scripts/playground/template/package.json @@ -24,7 +24,7 @@ "@remix-run/serve": "*", "@remix-run/server-runtime": "*", "bcryptjs": "^2.4.3", - "express": "^4.18.1", + "express": "^4.19.2", "get-port": "^6.1.2", "isbot": "^3.5.1", "morgan": "^1.10.0", diff --git a/templates/express/package.json b/templates/express/package.json index 94cda6955ae..2a3156d2aea 100644 --- a/templates/express/package.json +++ b/templates/express/package.json @@ -15,7 +15,7 @@ "@remix-run/react": "*", "compression": "^1.7.4", "cross-env": "^7.0.3", - "express": "^4.18.2", + "express": "^4.19.2", "isbot": "^3.6.8", "morgan": "^1.10.0", "react": "^18.2.0", diff --git a/templates/unstable-vite-express/package.json b/templates/unstable-vite-express/package.json index ba05308a9ce..bfbc3f5d13d 100644 --- a/templates/unstable-vite-express/package.json +++ b/templates/unstable-vite-express/package.json @@ -13,7 +13,7 @@ "@remix-run/express": "*", "@remix-run/node": "*", "@remix-run/react": "*", - "express": "^4.18.2", + "express": "^4.19.2", "isbot": "^3.6.8", "react": "^18.2.0", "react-dom": "^18.2.0"