studio icon indicating copy to clipboard operation
studio copied to clipboard

Published 20 hours ago verified publisher icon mathigon

Update dependency express to v4.21.0

Open mend-for-github-com[bot] opened this issue 1 year ago • 0 comments
trafficstars

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor 4.19.2 -> 4.21.0

By merging this PR, the issue #381 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 7.5 CVE-2024-45296
High High 7.5 CVE-2024-52798
Medium Medium 5.0 CVE-2024-43796
Medium Medium 5.0 CVE-2024-43799
Medium Medium 5.0 CVE-2024-43800

Release Notes

expressjs/express (express)

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

v4.20.0

Compare Source

==========

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
  • [ ] If you want to rebase/retry this PR, check this box

mend-for-github-com[bot] avatar Sep 11 '24 12:09 mend-for-github-com[bot]