[Snyk] Upgrade express from 4.16.4 to 4.18.1

[zoonderkins]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.16.4 to 4.18.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-04-29.

Release notes

Package name: express

• 4.18.1 - 2022-04-29
  • Fix hanging on large stack of sync routes
• 4.18.0 - 2022-04-25
  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: [email protected]
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: [email protected]
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: [email protected]
    • Remove set content headers that break response
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Prevent loss of async hooks context
  • deps: [email protected]
  • deps: [email protected]
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Remove code 306
    • Rename 425 Unordered Collection to standard 425 Too Early
• 4.17.3 - 2022-02-17
  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy
• 4.17.2 - 2021-12-17
  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: type-is@~1.6.18
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • pref: ignore empty http tokens
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
• 4.17.1 - 2019-05-26
  • Revert "Improve error message for null/undefined to res.status"
• 4.17.0 - 2019-05-17
  • Add express.raw to parse bodies into Buffer
  • Add express.text to parse bodies into string
  • Improve error message for non-strings to res.sendFile
  • Improve error message for null/undefined to res.status
  • Support multiple hosts in X-Forwarded-Host
  • deps: accepts@~1.3.7
  • deps: [email protected]
    • Add encoding MIK
    • Add petabyte (pb) support
    • Fix parsing array brackets after index
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: type-is@~1.6.17
  • deps: [email protected]
  • deps: [email protected]
    • Add SameSite=None support
  • deps: finalhandler@~1.1.2
    • Set stricter Content-Security-Policy header
    • deps: parseurl@~1.3.3
    • deps: statuses@~1.5.0
  • deps: parseurl@~1.3.3
  • deps: proxy-addr@~2.0.5
    • deps: [email protected]
  • deps: [email protected]
    • Fix parsing array brackets after index
  • deps: range-parser@~1.2.1
  • deps: [email protected]
    • Set stricter CSP header in redirect & error responses
    • deps: http-errors@~1.7.2
    • deps: [email protected]
    • deps: [email protected]
    • deps: range-parser@~1.2.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
  • deps: [email protected]
    • Set stricter CSP header in redirect response
    • deps: parseurl@~1.3.3
    • deps: [email protected]
  • deps: [email protected]
  • deps: statuses@~1.5.0
    • Add 103 Early Hints
  • deps: type-is@~1.6.18
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type
• 4.16.4 - 2018-10-11
  • Fix issue where "Request aborted" may be logged in res.sendfile
  • Fix JSDoc for Router constructor
  • deps: [email protected]
    • Fix deprecation warnings on Node.js 10+
    • Fix stack trace for strict json parse error
    • deps: depd@~1.1.2
    • deps: http-errors@~1.6.3
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: type-is@~1.6.16
  • deps: proxy-addr@~2.0.4
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

from express GitHub release notes

Commit messages

Package name: express

• d854c43 4.18.1
• b02a95c build: [email protected]
• 631ada0 Fix hanging on large stack of sync routes
• 75e0c7a bench: remove unused parameter
• e2482b7 build: [email protected]
• 2df96e3 build: [email protected]
• a38fae1 build: [email protected]
• 547fdd4 4.18.0
• 0b330ef bench: print latency and vary connections
• 158a170 build: support Node.js 18.x
• 29ea1b2 build: use 64-bit Node.js in AppVeyor
• 11a209e build: support Node.js 17.x
• fd8e45c tests: mark stack overflow as long running
• 708ac4c Fix handling very large stacks of sync middleware
• 92c5ce5 deps: [email protected]
• 8880dda examples: add missing html label associations
• b91c7ff examples: use http-errors to create errors
• ecaf67c docs: remove Node Security Project from security policy
• 99175c3 docs: fix typo in casing of HTTP
• 1b2e097 tests: fix typo in description
• 04da4aa build: use [email protected] for Node.js 6.x
• 2e2d78c deps: [email protected]
• 980d881 deps: [email protected]
• 1df7576 deps: [email protected]

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs