feathers icon indicating copy to clipboard operation
feathers copied to clipboard

Published 20 hours ago verified publisher icon feathersjs

update express to version 4.20.0 to update fix npm audit error

Open spearmootz opened this issue 1 year ago • 0 comments

Summary

fixes the following


body-parser  <1.20.3

Severity: high

body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7

fix available via `npm audit fix`

node_modules/body-parser

  express  <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3

  Depends on vulnerable versions of body-parser

  Depends on vulnerable versions of path-to-regexp

  Depends on vulnerable versions of send

  Depends on vulnerable versions of serve-static

  node_modules/express

path-to-regexp  <0.1.10

Severity: high

path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j

fix available via `npm audit fix`

node_modules/path-to-regexp

send  <0.19.0

Severity: moderate

send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg

fix available via `npm audit fix`

node_modules/send

  serve-static  <=1.16.0

  Depends on vulnerable versions of send

  node_modules/serve-static

5 vulnerabilities (2 moderate, 3 high)```

(If you have not already please refer to the contributing guideline as [described
here](https://github.com/feathersjs/feathers/blob/dove/.github/contributing.md#pull-requests))

- [x ] Tell us about the problem your pull request is solving.
- [ ] Are there any open issues that are related to this?
- [ ] Is this PR dependent on PRs in other repos?

If so, please mention them to keep the conversations linked together.

### Other Information

If there's anything else that's important and relevant to your pull
request, mention that information here. This could include
benchmarks, or other information.

Your PR will be reviewed by a core team member and they will work with you to get your changes merged in a timely manner. If merged your PR will automatically be added to the changelog in the next release.

If this is a new feature, please remember to add the appropriate documentation in their respective pages in the `docs` folder.

Thanks for contributing to Feathers! :heart:

spearmootz avatar Sep 11 '24 19:09 spearmootz