-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade express from 4.0.0 to 4.21.1 #833
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade express from 4.0.0 to 4.21.1. See this package in npm: express See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/08f816b3-d1b8-4882-af70-05acb45b2855?utm_source=github&utm_medium=referral&page=upgrade-pr
Run & review this pull request in StackBlitz Codeflow. |
Reviewer's Guide by SourceryThis PR upgrades the express package from version 4.0.0 to 4.21.1 to address multiple security vulnerabilities. The upgrade spans 89 versions and includes important security fixes for issues like prototype poisoning, denial of service (DoS), cross-site scripting (XSS), and open redirects. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
Snyk has created this PR to upgrade express from 4.0.0 to 4.21.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 89 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-QS-3153490
npm:qs:20140806
npm:qs:20170213
npm:fresh:20170908
npm:fresh:20170908
npm:negotiator:20160616
SNYK-JS-COOKIE-8163060
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
npm:express:20140912
SNYK-JS-PATHTOREGEXP-7925106
npm:qs:20140806-1
npm:send:20140912
npm:send:20151103
npm:send:20140912
npm:send:20151103
npm:cookie-signature:20160804
SNYK-JS-SEND-7926862
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
npm:serve-static:20150113
npm:mime:20170907
Release notes
Package name: express
What's Changed
Full Changelog: 4.21.0...4.21.1
What's Changed
"back"
magic string in redirects by @ blakeembrey in #5935New Contributors
Full Changelog: 4.20.0...4.21.0
What's Changed
Important
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)res.redirect
Other Changes
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by @ jonchurch in #5587res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by @ jonchurch in #5672question
anddiscuss
by @ IamLizu in #5835merge-descriptors
dependency by @ RobinTail in #5781New Contributors
Full Changelog: 4.19.1...4.20.0
What's Changed
Full Changelog: 4.19.1...4.19.2
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Bug Fixes: