[Snyk] Upgrade express from 4.18.2 to 4.18.3

Open tonesto7 opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.18.2 to 4.18.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2024-02-29.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
Prototype Pollution SNYK-JS-AXIOS-6144788	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

4.18.3 - 2024-02-29
Main Changes
- Fix routing requests without method
- deps: [email protected]
  - Fix strict json error message on Node.js 19+
  - deps: content-type@~1.0.5
  - deps: [email protected]
Other Changes
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: [email protected] and [email protected] by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add [email protected] by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
New Contributors
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
Full Changelog: 4.18.2...4.18.3
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: [email protected]
  - deps: [email protected]
  - perf: remove unnecessary object clone
- deps: [email protected]