Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 #18

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 #18

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade express from 4.12.4 to 4.17.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 29 versions ahead of your current version.
  • The recommended version was released 6 months ago, on 2019-05-26.

The recommended version fixes:

Severity Title Issue ID
Regular Expression Denial of Service (ReDoS) npm:fresh:20170908
Release notes
  • Package name: express
    • 4.17.1 - 2019-05-26
      • Revert "Improve error message for null/undefined to res.status"
    • 4.17.0 - 2019-05-17
      • Add express.raw to parse bodies into Buffer
      • Add express.text to parse bodies into string
      • Improve error message for non-strings to res.sendFile
      • Improve error message for null/undefined to res.status
      • Support multiple hosts in X-Forwarded-Host
      • deps: accepts@~1.3.7
      • deps: body-parser@1.19.0
        • Add encoding MIK
        • Add petabyte (pb) support
        • Fix parsing array brackets after index
        • deps: bytes@3.1.0
        • deps: http-errors@1.7.2
        • deps: iconv-lite@0.4.24
        • deps: qs@6.7.0
        • deps: raw-body@2.4.0
        • deps: type-is@~1.6.17
      • deps: content-disposition@0.5.3
      • deps: cookie@0.4.0
        • Add SameSite=None support
      • deps: finalhandler@~1.1.2
        • Set stricter Content-Security-Policy header
        • deps: parseurl@~1.3.3
        • deps: statuses@~1.5.0
      • deps: parseurl@~1.3.3
      • deps: proxy-addr@~2.0.5
        • deps: ipaddr.js@1.9.0
      • deps: qs@6.7.0
        • Fix parsing array brackets after index
      • deps: range-parser@~1.2.1
      • deps: send@0.17.1
        • Set stricter CSP header in redirect & error responses
        • deps: http-errors@~1.7.2
        • deps: mime@1.6.0
        • deps: ms@2.1.1
        • deps: range-parser@~1.2.1
        • deps: statuses@~1.5.0
        • perf: remove redundant path.normalize call
      • deps: serve-static@1.14.1
        • Set stricter CSP header in redirect response
        • deps: parseurl@~1.3.3
        • deps: send@0.17.1
      • deps: setprototypeof@1.1.1
      • deps: statuses@~1.5.0
        • Add 103 Early Hints
      • deps: type-is@~1.6.18
        • deps: mime-types@~2.1.24
        • perf: prevent internal throw on invalid type
    • 4.16.4 - 2018-10-11
      • Fix issue where "Request aborted" may be logged in res.sendfile
      • Fix JSDoc for Router constructor
      • deps: body-parser@1.18.3
        • Fix deprecation warnings on Node.js 10+
        • Fix stack trace for strict json parse error
        • deps: depd@~1.1.2
        • deps: http-errors@~1.6.3
        • deps: iconv-lite@0.4.23
        • deps: qs@6.5.2
        • deps: raw-body@2.3.3
        • deps: type-is@~1.6.16
      • deps: proxy-addr@~2.0.4
        • deps: ipaddr.js@1.8.0
      • deps: qs@6.5.2
      • deps: safe-buffer@5.1.2
    • 4.16.3 - 2018-03-12
      • deps: accepts@~1.3.5
        • deps: mime-types@~2.1.18
      • deps: depd@~1.1.2
        • perf: remove argument reassignment
      • deps: encodeurl@~1.0.2
        • Fix encoding % as last character
      • deps: finalhandler@1.1.1
        • Fix 404 output for bad / missing pathnames
        • deps: encodeurl@~1.0.2
        • deps: statuses@~1.4.0
      • deps: proxy-addr@~2.0.3
        • deps: ipaddr.js@1.6.0
      • deps: send@0.16.2
        • Fix incorrect end tag in default error & redirects
        • deps: depd@~1.1.2
        • deps: encodeurl@~1.0.2
        • deps: statuses@~1.4.0
      • deps: serve-static@1.13.2
        • Fix incorrect end tag in redirects
        • deps: encodeurl@~1.0.2
        • deps: send@0.16.2
      • deps: statuses@~1.4.0
      • deps: type-is@~1.6.16
        • deps: mime-types@~2.1.18
    • 4.16.2 - 2017-10-10
      • Fix TypeError in res.send when given Buffer and ETag header set
      • perf: skip parsing of entire X-Forwarded-Proto header
    • 4.16.1 - 2017-09-29
      • deps: send@0.16.1
      • deps: serve-static@1.13.1
        • Fix regression when root is incorrectly set to a file
        • deps: send@0.16.1
    • 4.16.0 - 2017-09-28
      • Add "json escape" setting for res.json and res.jsonp
      • Add express.json and express.urlencoded to parse bodies
      • Add options argument to res.download
      • Improve error message when autoloading invalid view engine
      • Improve error messages when non-function provided as middleware
      • Skip Buffer encoding when not generating ETag for small response
      • Use safe-buffer for improved Buffer API
      • deps: accepts@~1.3.4
        • deps: mime-types@~2.1.16
      • deps: content-type@~1.0.4
        • perf: remove argument reassignment
        • perf: skip parameter parsing when no parameters
      • deps: etag@~1.8.1
        • perf: replace regular expression with substring
      • deps: finalhandler@1.1.0
        • Use res.headersSent when available
      • deps: parseurl@~1.3.2
        • perf: reduce overhead for full URLs
        • perf: unroll the "fast-path" RegExp
      • deps: proxy-addr@~2.0.2
        • Fix trimming leading / trailing OWS in X-Forwarded-For
        • deps: forwarded@~0.1.2
        • deps: ipaddr.js@1.5.2
        • perf: reduce overhead when no X-Forwarded-For header
      • deps: qs@6.5.1
        • Fix parsing & compacting very deep objects
      • deps: send@0.16.0
        • Add 70 new types for file extensions
        • Add immutable option
        • Fix missing </html> in default error & redirects
        • Set charset as "UTF-8" for .js and .json
        • Use instance methods on steam to check for listeners
        • deps: mime@1.4.1
        • perf: improve path validation speed
      • deps: serve-static@1.13.0
        • Add 70 new types for file extensions
        • Add immutable option
        • Set charset as "UTF-8" for .js and .json
        • deps: send@0.16.0
      • deps: setprototypeof@1.1.0
      • deps: utils-merge@1.0.1
      • deps: vary@~1.1.2
        • perf: improve header token parsing speed
      • perf: re-use options object when generating ETags
      • perf: remove dead .charset set in res.jsonp
    • 4.15.5 - 2017-09-25
      • deps: debug@2.6.9
      • deps: finalhandler@~1.0.6
        • deps: debug@2.6.9
        • deps: parseurl@~1.3.2
      • deps: fresh@0.5.2
        • Fix handling of modified headers with invalid dates
        • perf: improve ETag match loop
        • perf: improve If-None-Match token parsing
      • deps: send@0.15.6
        • Fix handling of modified headers with invalid dates
        • deps: debug@2.6.9
        • deps: etag@~1.8.1
        • deps: fresh@0.5.2
        • perf: improve If-Match token parsing
      • deps: serve-static@1.12.6
        • deps: parseurl@~1.3.2
        • deps: send@0.15.6
        • perf: improve slash collapsing
    • 4.15.4 - 2017-08-07
    • 4.15.3 - 2017-05-17
    • 4.15.2 - 2017-03-06
    • 4.15.1 - 2017-03-06
    • 4.15.0 - 2017-03-01
    • 4.14.1 - 2017-01-28
    • 4.14.0 - 2016-06-16
    • 4.13.4 - 2016-01-22
    • 4.13.3 - 2015-08-03
    • 4.13.2 - 2015-07-31
    • 4.13.1 - 2015-07-06
    • 4.13.0 - 2015-06-21
    • 4.12.4 - 2015-05-18
    • from express GitHub release notes

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

This was referenced Dec 3, 2019
Open
Open
Open
Open
Open
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot