Skip to content

[Snyk] Upgrade express from 4.12.4 to 4.17.2 #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 29 commits into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade express from 4.12.4 to 4.17.2 #212

snyk-bot wants to merge 29 commits into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Feb 3, 2022

Snyk has created this PR to upgrade express from 4.12.4 to 4.17.2.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2021-12-17.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		 589/1000
Why? Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express
  • 4.17.2 - 2021-12-17
  • 4.17.1 - 2019-05-26
    • Revert "Improve error message for null/undefined to res.status"
  • 4.17.0 - 2019-05-17
  • 4.16.4 - 2018-10-11
  • 4.16.3 - 2018-03-12
    • deps: accepts@~1.3.5
      • deps: mime-types@~2.1.18
    • deps: depd@~1.1.2
      • perf: remove argument reassignment
    • deps: encodeurl@~1.0.2
      • Fix encoding % as last character
    • deps: [email protected]
      • Fix 404 output for bad / missing pathnames
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: proxy-addr@~2.0.3
    • deps: [email protected]
      • Fix incorrect end tag in default error & redirects
      • deps: depd@~1.1.2
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: [email protected]
    • deps: statuses@~1.4.0
    • deps: type-is@~1.6.16
      • deps: mime-types@~2.1.18
  • 4.16.2 - 2017-10-10
    • Fix TypeError in res.send when given Buffer and ETag header set
    • perf: skip parsing of entire X-Forwarded-Proto header
  • 4.16.1 - 2017-09-29
  • 4.16.0 - 2017-09-28
    • Add "json escape" setting for res.json and res.jsonp
    • Add express.json and express.urlencoded to parse bodies
    • Add options argument to res.download
    • Improve error message when autoloading invalid view engine
    • Improve error messages when non-function provided as middleware
    • Skip Buffer encoding when not generating ETag for small response
    • Use safe-buffer for improved Buffer API
    • deps: accepts@~1.3.4
      • deps: mime-types@~2.1.16
    • deps: content-type@~1.0.4
      • perf: remove argument reassignment
      • perf: skip parameter parsing when no parameters
    • deps: etag@~1.8.1
      • perf: replace regular expression with substring
    • deps: [email protected]
      • Use res.headersSent when available
    • deps: parseurl@~1.3.2
      • perf: reduce overhead for full URLs
      • perf: unroll the "fast-path" RegExp
    • deps: proxy-addr@~2.0.2
      • Fix trimming leading / trailing OWS in X-Forwarded-For
      • deps: forwarded@~0.1.2
      • deps: [email protected]
      • perf: reduce overhead when no X-Forwarded-For header
    • deps: [email protected]
      • Fix parsing & compacting very deep objects
    • deps: [email protected]
      • Add 70 new types for file extensions
      • Add immutable option
      • Fix missing </html> in default error & redirects
      • Set charset as "UTF-8" for .js and .json
      • Use instance methods on steam to check for listeners
      • deps: [email protected]
      • perf: improve path validation speed
    • deps: [email protected]
      • Add 70 new types for file extensions
      • Add immutable option
      • Set charset as "UTF-8" for .js and .json
      • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: vary@~1.1.2
      • perf: improve header token parsing speed
    • perf: re-use options object when generating ETags
    • perf: remove dead .charset set in res.jsonp
  • 4.15.5 - 2017-09-25
  • 4.15.4 - 2017-08-07
  • 4.15.3 - 2017-05-17
  • 4.15.2 - 2017-03-06
  • 4.15.1 - 2017-03-06
  • 4.15.0 - 2017-03-01
  • 4.14.1 - 2017-01-28
  • 4.14.0 - 2016-06-16
  • 4.13.4 - 2016-01-22
  • 4.13.3 - 2015-08-03
  • 4.13.2 - 2015-07-31
  • 4.13.1 - 2015-07-06
  • 4.13.0 - 2015-06-21
  • 4.12.4 - 2015-05-18
from express GitHub release notes
Commit messages
Package name: express

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

akanchhaS and others added 29 commits February 25, 2021 11:41
@akanchhaS
Add .circleci/config.yml
a86bcb0
@akanchhaS
Updated config.yml
78a80e3
@akanchhaS
Updated config.yml
947b2e6
@akanchhaS
Updated config.yml
1e7b174
@akanchhaS
Updated config.yml
01383b4
@akanchhaS
Updated config.yml
2c54c9f
@akanchhaS
Updated Config.yml with container scan
efef4c3
@akanchhaS
Updated config.yml
43d561e
@akanchhaS
Updated config.yml
0fd541e
@akanchhaS
Updated config.yml
66fcbff
@akanchhaS
Merge pull request #25 from akanchhaS/circleci-project-setup
dccb59d 
Circleci project setup
@akanchhaS
Add .circleci/config.yml
7f66a29
@akanchhaS
Add .circleci/config.yml
f1ee77c
@akanchhaS
Updated config.yml
6042226
@akanchhaS
Updated config.yml
121a0fc
@akanchhaS
Updated config.yml
2da23a7
@akanchhaS
Updated config.yml
103d8af
@akanchhaS
Merge branch 'snyk:master' into master
3cbcab5
@akanchhaS
Made it alpine image
c2d60ae
@akanchhaS
Update Dockerfile
40915b8
@akanchhaS
Updated config.yml
55383d7
@akanchhaS
Updated config.yml
4a4df84
@akanchhaS
Updated config.yml
e9c9421
@akanchhaS
Updated config.yml
235a451
@akanchhaS
Merge pull request #140 from akanchhaS/circleci-editor/master
b26aaac 
Circleci editor/master
@akanchhaS
Add .circleci/config.yml
bd75be2
@akanchhaS
Add .circleci/config.yml
da00ff7
@akanchhaS
Merge pull request #141 from akanchhaS/circleci-editor/master
b07457a 
Circleci editor/master
@snyk-bot
fix: upgrade express from 4.12.4 to 4.17.2
28bfdcc 
Snyk has created this PR to upgrade express from 4.12.4 to 4.17.2.

See this package in npm:
https://www.npmjs.com/package/express

See this project in Snyk:
https://app.snyk.io/org/akanchhas/project/82e5f842-9bb9-4c0b-92c5-b4261de1e963?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot snyk-bot mentioned this pull request May 28, 2022
Open
This was referenced May 31, 2022
Open
Open
@akanchhaS akanchhaS mentioned this pull request Jun 11, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@snyk-bot @akanchhaS