Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency express to v4.19.0 #10

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency express to v4.19.0 #10

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 5, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor 4.14.0 -> 4.19.0

By merging this PR, the issue #7 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2017-1000048
High High 7.5 CVE-2017-16118
High High 7.5 CVE-2017-16119
High High 7.5 CVE-2017-16138
High High 7.5 CVE-2022-24999
Medium Medium 6.1 CVE-2024-29041
Medium Medium 4.3 CVE-2017-20162
Low Low 3.7 CVE-2017-16137
Low Low 3.5 CVE-2017-20165

Release Notes

expressjs/express (express)

v4.19.0

Compare Source

==========

v4.18.3

Compare Source

==========

v4.18.2

Compare Source

===================

v4.18.1

Compare Source

===================

  • Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

v4.17.3

Compare Source

===================

v4.17.2

Compare Source

===================

v4.17.1

Compare Source

===================

  • Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

v4.16.4

Compare Source

===================

v4.16.3

Compare Source

===================

  • deps: accepts@~1.3.5
    • deps: mime-types@~2.1.18
  • deps: depd@~1.1.2
    • perf: remove argument reassignment
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: [email protected]
    • Fix 404 output for bad / missing pathnames
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: proxy-addr@~2.0.3
  • deps: [email protected]
    • Fix incorrect end tag in default error & redirects
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: [email protected]
  • deps: statuses@~1.4.0
  • deps: type-is@~1.6.16
    • deps: mime-types@~2.1.18

v4.16.2

Compare Source

===================

  • Fix TypeError in res.send when given Buffer and ETag header set
  • perf: skip parsing of entire X-Forwarded-Proto header

v4.16.1

Compare Source

===================

v4.16.0

Compare Source

===================

  • Add "json escape" setting for res.json and res.jsonp
  • Add express.json and express.urlencoded to parse bodies
  • Add options argument to res.download
  • Improve error message when autoloading invalid view engine
  • Improve error messages when non-function provided as middleware
  • Skip Buffer encoding when not generating ETag for small response
  • Use safe-buffer for improved Buffer API
  • deps: accepts@~1.3.4
    • deps: mime-types@~2.1.16
  • deps: content-type@~1.0.4
    • perf: remove argument reassignment
    • perf: skip parameter parsing when no parameters
  • deps: etag@~1.8.1
    • perf: replace regular expression with substring
  • deps: [email protected]
    • Use res.headersSent when available
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: proxy-addr@~2.0.2
    • Fix trimming leading / trailing OWS in X-Forwarded-For
    • deps: forwarded@~0.1.2
    • deps: [email protected]
    • perf: reduce overhead when no X-Forwarded-For header
  • deps: [email protected]
    • Fix parsing & compacting very deep objects
  • deps: [email protected]
    • Add 70 new types for file extensions
    • Add immutable option
    • Fix missing </html> in default error & redirects
    • Set charset as "UTF-8" for .js and .json
    • Use instance methods on steam to check for listeners
    • deps: [email protected]
    • perf: improve path validation speed
  • deps: [email protected]
    • Add 70 new types for file extensions
    • Add immutable option
    • Set charset as "UTF-8" for .js and .json
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: vary@~1.1.2
    • perf: improve header token parsing speed
  • perf: re-use options object when generating ETags
  • perf: remove dead .charset set in res.jsonp

v4.15.5

Compare Source

===================

v4.15.4

Compare Source

===================

v4.15.3

Compare Source

===================

v4.15.2

Compare Source

===================

v4.15.1

Compare Source

===================

v4.15.0

Compare Source

===================

  • Add debug message when loading view engine
  • Add next("router") to exit from router
  • Fix case where router.use skipped requests routes did not
  • Remove usage of res._headers private field
    • Improves compatibility with Node.js 8 nightly
  • Skip routing when req.url is not set
  • Use %o in path debug to tell types apart
  • Use Object.create to setup request & response prototypes
  • Use setprototypeof module to replace __proto__ setting
  • Use statuses instead of http module for status messages
  • deps: [email protected]
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable set to 3 or higher
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: [email protected]
  • deps: etag@~1.8.0
    • Use SHA1 instead of MD5 for ETag hashing
    • Works with FIPS 140-2 OpenSSL configuration
  • deps: finalhandler@~1.0.0
    • Fix exception when err cannot be converted to a string
    • Fully URL-encode the pathname in the 404
    • Only include the pathname in the 404 message
    • Send complete HTML document
    • Set Content-Security-Policy: default-src 'self' header
    • deps: [email protected]
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • perf: delay reading header values until needed
    • perf: enable strict mode
    • perf: hoist regular expressions
    • perf: remove duplicate conditional
    • perf: remove unnecessary boolean coercions
    • perf: skip checking modified time if ETag check failed
    • perf: skip parsing If-None-Match when no ETag header
    • perf: use Date.parse instead of new Date
  • deps: [email protected]
    • Fix array parsing from skipping empty values
    • Fix compacting nested arrays
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: [email protected]
    • deps: etag@~1.8.0
    • deps: [email protected]
    • deps: http-errors@~1.6.1
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Send complete HTML document in redirect response
    • Set default CSP header in redirect response
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: [email protected]
  • perf: add fast match path for * route
  • perf: improve req.ips performance

v4.14.1

Compare Source

===================

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jul 5, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 8f42f1b to 97e9637 Compare July 11, 2022 00:03
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 97e9637 to ca95f08 Compare September 14, 2022 20:50
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from ca95f08 to 5c36650 Compare October 9, 2022 00:04
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 5c36650 to 5558e78 Compare October 18, 2022 04:09
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 5558e78 to befb9b0 Compare November 20, 2022 20:40
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 Update dependency express to v4.15.5 Nov 20, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from befb9b0 to c47f0bd Compare January 12, 2023 23:35
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from c47f0bd to 824af3b Compare January 20, 2023 07:33
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 824af3b to e13f875 Compare January 30, 2023 04:01
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.15.5 Update dependency express to v4.16.0 Mar 26, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 Update dependency express to v4.16.0 - autoclosed Mar 27, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/express-4.x-lockfile branch March 27, 2023 10:10
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 - autoclosed Update dependency express to v4.16.0 Mar 31, 2023
@mend-for-github-com mend-for-github-com bot reopened this Mar 31, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/express-4.x-lockfile branch March 31, 2023 05:50
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from e13f875 to 9a44a5b Compare April 4, 2023 19:51
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 Update dependency express to v4.16.0 - autoclosed Jun 15, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/express-4.x-lockfile branch June 15, 2023 05:20
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 - autoclosed Update dependency express to v4.16.0 Jun 18, 2023
@mend-for-github-com mend-for-github-com bot reopened this Jun 18, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/express-4.x-lockfile branch June 18, 2023 18:54
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 9a44a5b to fe77982 Compare June 18, 2023 18:54
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from fe77982 to 5cdea87 Compare July 9, 2023 02:22
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 5cdea87 to eb62a11 Compare April 18, 2024 04:57
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.16.0 Update dependency express to v4.19.0 Apr 18, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from eb62a11 to 6a218d6 Compare June 23, 2024 04:41
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 6a218d6 to 40ea67a Compare September 10, 2024 06:03
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 40ea67a to 208d81b Compare September 13, 2024 05:31
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 208d81b to d203a82 Compare October 9, 2024 04:46
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from d203a82 to 3b64a4d Compare November 9, 2024 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants