broadcast-sample-app icon indicating copy to clipboard operation
broadcast-sample-app copied to clipboard
verified publisher icon opentok

chore(deps): update dependency express to v4.20.0 (main)

Open mend-for-github-com[bot] opened this issue 1 year ago • 0 comments

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor 4.18.2 -> 4.20.0

By merging this PR, the issue #69 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 6.1 CVE-2024-29041
Medium Medium 5.0 CVE-2024-43796

Release Notes

expressjs/express (express)

v4.20.0

Compare Source

==========

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

  • Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

  • Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

v4.18.3

Compare Source

==========

  • [ ] If you want to rebase/retry this PR, check this box

mend-for-github-com[bot] avatar Apr 30 '24 04:04 mend-for-github-com[bot]