chore(deps): update dependency compression to v1.8.1 #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

mend-for-github.amrom.workers.dev wants to merge 1 commit into master from whitesource-remediate/compression-1.x-lockfile

mend-for-github.amrom.workers.dev bot commented Sep 18, 2025

This PR contains the following updates:

Package	Type	Update	Change
compression	dependencies	minor	`1.7.4` -> `1.8.1`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
Low	3.4	CVE-2025-7339

Release Notes

expressjs/compression (compression)

`v1.8.1`

==========

deps: on-headers@~1.1.0
- Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

`v1.8.0`

==================

Use res.headersSent when available
Replace _implicitHeader with writeHead property
add brotli support for versions of node that support it
Add the enforceEncoding option for requests without Accept-Encoding header

`v1.7.5`

==================

deps: Replace accepts with negotiator@~0.6.4
- Add preference option
deps: bytes@3.1.2
- Add petabyte (pb) support
- Fix "thousandsSeparator" incorrecting formatting fractional part
- Fix return value for un-parsable strings
deps: compressible@~2.0.18
- Mark font/ttf as compressible
- Remove compressible from multipart/mixed
- deps: mime-db@'>= 1.43.0 < 2'
deps: safe-buffer@5.2.1

If you want to rebase/retry this PR, check this box


          chore(deps): update dependency compression to v1.8.1

1e0d2fd

mend-for-github.amrom.workers.dev bot added the security fix label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels