foundation-v1-server
foundation-v1-server copied to clipboard
Published
20 hours ago •
blinkhash
blinkhash
[Snyk] Upgrade express from 4.17.3 to 4.19.2
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade express from 4.17.3 to 4.19.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 7 versions ahead of your current version.
- The recommended version was released 23 days ago, on 2024-03-25.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Open Redirect SNYK-JS-EXPRESS-6474509 |
519/1000 Why? Has a fix available, CVSS 6.1 |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: express
- 4.19.2 - 2024-03-25
-
4.19.1 - 2024-03-20
What's Changed
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
Full Changelog: 4.19.0...4.19.1
-
4.19.0 - 2024-03-20
What's Changed
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
New Contributors
- @ crandmck made their first contribution in #5541
Full Changelog: 4.18.3...4.19.0
-
4.18.3 - 2024-02-29
Main Changes
- Fix routing requests without method
- deps: [email protected]
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: [email protected]
Other Changes
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: [email protected] and [email protected] by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add [email protected] by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
New Contributors
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
Full Changelog: 4.18.2...4.18.3
-
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: [email protected]
- deps: [email protected]
- perf: remove unnecessary object clone
- deps: [email protected]
-
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
- 4.18.0 - 2022-04-25 Read more
-
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- Fix handling of
__proto__keys
- Fix handling of
- pref: remove unnecessary regexp for trust proxy
- deps: accepts@~1.3.8
Commit messages
Package name: express
- b28db2c 4.19.2
- 0b74695 Improved fix for open redirect allow list bypass
- 4f0f6cc 4.19.1
- a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
- a1fa90f fixed un-edited version in history.md for 4.19.0
- 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
- 084e365 4.19.0
- 0867302 Prevent open redirect allow list bypass due to encodeurl
- 567c9c6 Add note on how to update docs for new release (#5541)
- 69a4cf2 deps: [email protected]
- 4ee853e docs: loosen TC activity rules
- 414854b docs: nominating @ wesleytodd to be project captian
- 06c6b88 docs: update release date
- 1b51eda 4.18.3
- b625132 build: pin Node 21.x to minor
- e3eca80 build: pin Node 21.x to minor
- 23b44b3 build: support Node.js 21.6.2
- b9fea12 build: support Node.js 21.x in appveyor
- c259c34 build: support Node.js 21.x
- fdeb1d3 build: support Node.js 20.x in appveyor
- 734b281 build: support Node.js 20.x
- 0e3ab6e examples: improve view count in cookie-sessions
- 59af63a build: [email protected]
- e720c5a docs: add documentation for benchmarks
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
