Letters icon indicating copy to clipboard operation
Letters copied to clipboard
verified publisher icon HowProgrammingWorks

[Snyk] Upgrade express from 4.13.4 to 4.17.1

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade express from 4.13.4 to 4.17.1.

:sparkles: Snyk has automatically assigned this pull request, [set who gets assigned](https://app.snyk.io/org/tshemsedinov/project/501e1ec0-a667-4b07-ad64-59ffd30163fb/settings/integration?utm_source=github&utm_medium=upgrade-pr/settings/integration).

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 15 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-05-26.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Override Protection Bypass
npm:qs:20170213		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express
  • 4.17.1 - 2019-05-26
    • Revert "Improve error message for null/undefined to res.status"
  • 4.17.0 - 2019-05-17
  • 4.16.4 - 2018-10-11
  • 4.16.3 - 2018-03-12
    • deps: accepts@~1.3.5
      • deps: mime-types@~2.1.18
    • deps: depd@~1.1.2
      • perf: remove argument reassignment
    • deps: encodeurl@~1.0.2
      • Fix encoding % as last character
    • deps: [email protected]
      • Fix 404 output for bad / missing pathnames
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: proxy-addr@~2.0.3
    • deps: [email protected]
      • Fix incorrect end tag in default error & redirects
      • deps: depd@~1.1.2
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: [email protected]
    • deps: statuses@~1.4.0
    • deps: type-is@~1.6.16
      • deps: mime-types@~2.1.18
  • 4.16.2 - 2017-10-10
    • Fix TypeError in res.send when given Buffer and ETag header set
    • perf: skip parsing of entire X-Forwarded-Proto header
  • 4.16.1 - 2017-09-29
  • 4.16.0 - 2017-09-28
    • Add "json escape" setting for res.json and res.jsonp
    • Add express.json and express.urlencoded to parse bodies
    • Add options argument to res.download
    • Improve error message when autoloading invalid view engine
    • Improve error messages when non-function provided as middleware
    • Skip Buffer encoding when not generating ETag for small response
    • Use safe-buffer for improved Buffer API
    • deps: accepts@~1.3.4
      • deps: mime-types@~2.1.16
    • deps: content-type@~1.0.4
      • perf: remove argument reassignment
      • perf: skip parameter parsing when no parameters
    • deps: etag@~1.8.1
      • perf: replace regular expression with substring
    • deps: [email protected]
      • Use res.headersSent when available
    • deps: parseurl@~1.3.2
      • perf: reduce overhead for full URLs
      • perf: unroll the "fast-path" RegExp
    • deps: proxy-addr@~2.0.2
      • Fix trimming leading / trailing OWS in X-Forwarded-For
      • deps: forwarded@~0.1.2
      • deps: [email protected]
      • perf: reduce overhead when no X-Forwarded-For header
    • deps: [email protected]
      • Fix parsing & compacting very deep objects
    • deps: [email protected]
      • Add 70 new types for file extensions
      • Add immutable option
      • Fix missing </html> in default error & redirects
      • Set charset as "UTF-8" for .js and .json
      • Use instance methods on steam to check for listeners
      • deps: [email protected]
      • perf: improve path validation speed
    • deps: [email protected]
      • Add 70 new types for file extensions
      • Add immutable option
      • Set charset as "UTF-8" for .js and .json
      • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: vary@~1.1.2
      • perf: improve header token parsing speed
    • perf: re-use options object when generating ETags
    • perf: remove dead .charset set in res.jsonp
  • 4.15.5 - 2017-09-25
  • 4.15.4 - 2017-08-07
  • 4.15.3 - 2017-05-17
  • 4.15.2 - 2017-03-06
  • 4.15.1 - 2017-03-06
  • 4.15.0 - 2017-03-01
  • 4.14.1 - 2017-01-28
  • 4.14.0 - 2016-06-16
  • 4.13.4 - 2016-01-22
from express GitHub release notes
Commit messages
Package name: express

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar Jan 02 '21 07:01 snyk-bot