[Snyk] Upgrade express from 4.13.1 to 4.17.3 #11

snyk-bot · 2022-03-10T18:02:27Z

Snyk has created this PR to upgrade express from 4.13.1 to 4.17.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 20 versions ahead of your current version.
The recommended version was released 22 days ago, on 2022-02-17.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:mime:20170907	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: [email protected]
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
- deps: [email protected]
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: type-is@~1.6.18
- deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - pref: ignore empty http tokens
- deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
4.17.1 - 2019-05-26
- Revert "Improve error message for null/undefined to res.status"
4.17.0 - 2019-05-17
- Add express.raw to parse bodies into Buffer
- Add express.text to parse bodies into string
- Improve error message for non-strings to res.sendFile
- Improve error message for null/undefined to res.status
- Support multiple hosts in X-Forwarded-Host
- deps: accepts@~1.3.7
- deps: [email protected]
  - Add encoding MIK
  - Add petabyte (pb) support
  - Fix parsing array brackets after index
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: type-is@~1.6.17
- deps: [email protected]
- deps: [email protected]
  - Add SameSite=None support
- deps: finalhandler@~1.1.2
  - Set stricter Content-Security-Policy header
  - deps: parseurl@~1.3.3
  - deps: statuses@~1.5.0
- deps: parseurl@~1.3.3
- deps: proxy-addr@~2.0.5
  - deps: [email protected]
- deps: [email protected]
  - Fix parsing array brackets after index
- deps: range-parser@~1.2.1
- deps: [email protected]
  - Set stricter CSP header in redirect & error responses
  - deps: http-errors@~1.7.2
  - deps: [email protected]
  - deps: [email protected]
  - deps: range-parser@~1.2.1
  - deps: statuses@~1.5.0
  - perf: remove redundant path.normalize call
- deps: [email protected]
  - Set stricter CSP header in redirect response
  - deps: parseurl@~1.3.3
  - deps: [email protected]
- deps: [email protected]
- deps: statuses@~1.5.0
  - Add 103 Early Hints
- deps: type-is@~1.6.18
  - deps: mime-types@~2.1.24
  - perf: prevent internal throw on invalid type
4.16.4 - 2018-10-11
- Fix issue where "Request aborted" may be logged in res.sendfile
- Fix JSDoc for Router constructor
- deps: [email protected]
  - Fix deprecation warnings on Node.js 10+
  - Fix stack trace for strict json parse error
  - deps: depd@~1.1.2
  - deps: http-errors@~1.6.3
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: type-is@~1.6.16
- deps: proxy-addr@~2.0.4
  - deps: [email protected]
- deps: [email protected]
- deps: [email protected]
4.16.3 - 2018-03-12
- deps: accepts@~1.3.5
  - deps: mime-types@~2.1.18
- deps: depd@~1.1.2
  - perf: remove argument reassignment
- deps: encodeurl@~1.0.2
  - Fix encoding % as last character
- deps: [email protected]
  - Fix 404 output for bad / missing pathnames
  - deps: encodeurl@~1.0.2
  - deps: statuses@~1.4.0
- deps: proxy-addr@~2.0.3
  - deps: [email protected]
- deps: [email protected]
  - Fix incorrect end tag in default error & redirects
  - deps: depd@~1.1.2
  - deps: encodeurl@~1.0.2
  - deps: statuses@~1.4.0
- deps: [email protected]
  - Fix incorrect end tag in redirects
  - deps: encodeurl@~1.0.2
  - deps: [email protected]
- deps: statuses@~1.4.0
- deps: type-is@~1.6.16
  - deps: mime-types@~2.1.18
4.16.2 - 2017-10-10
- Fix TypeError in res.send when given Buffer and ETag header set
- perf: skip parsing of entire X-Forwarded-Proto header
4.16.1 - 2017-09-29
4.16.0 - 2017-09-28
4.15.5 - 2017-09-25
4.15.4 - 2017-08-07
4.15.3 - 2017-05-17
4.15.2 - 2017-03-06
4.15.1 - 2017-03-06
4.15.0 - 2017-03-01
4.14.1 - 2017-01-28
4.14.0 - 2016-06-16
4.13.4 - 2016-01-22
4.13.3 - 2015-08-03
4.13.2 - 2015-07-31
4.13.1 - 2015-07-06

from express GitHub release notes

Commit messages

Package name: express

3d7fce5 4.17.3
f906371 build: update example dependencies
6381bc6 deps: [email protected]
a007863 deps: [email protected]
e98f584 Revert "build: use [email protected] for Node.js < 4"
a659137 tests: use strict mode
a39e409 tests: prevent leaking changes to NODE_ENV
82de4de examples: fix path traversal in downloads example
12310c5 build: use nyc for test coverage
884657d examples: remove bitwise syntax for includes check
7511d08 build: use [email protected] for Node.js < 4
2585f20 tests: fix test missing assertion
9d09762 build: [email protected]
43cc56e build: clean up gitignore
1c7bbcc build: [email protected]
9cbbc8a deps: [email protected]
6fbc269 pref: remove unnecessary regexp for trust proxy
2bc734a deps: accepts@~1.3.8
89bb531 docs: fix typo in res.download jsdoc
744564f tests: add test for multiple ips in "trust proxy"
da6cb0e tests: add range tests to res.download
00ad5be tests: add more tests for app.request & app.response
141914e tests: fix tests that did not bubble errors
bd4fdfe tests: remove global dependency on should

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade express from 4.13.1 to 4.17.3. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/phearzero/project/71ede181-7630-48f5-b88e-2c108ca6eded?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade express from 4.13.1 to 4.17.3 #11

[Snyk] Upgrade express from 4.13.1 to 4.17.3 #11

Uh oh!

snyk-bot commented Mar 10, 2022

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

[Snyk] Upgrade express from 4.13.1 to 4.17.3 #11

Are you sure you want to change the base?

[Snyk] Upgrade express from 4.13.1 to 4.17.3 #11

Uh oh!

Conversation

snyk-bot commented Mar 10, 2022

Snyk has created this PR to upgrade express from 4.13.1 to 4.17.3.

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant