Express dependency has a known vulnerability. An updated version of express is available

FoalTS / foal

Full-featured Node.js framework, with no complexity. 🚀 Simple and easy to use, TypeScript-based and well-documented.

https://foalts.org/

MIT License

1.88k stars 137 forks source link

Express dependency has a known vulnerability. An updated version of express is available #1257

Closed warren-gallagher closed 2 months ago

warren-gallagher commented 2 months ago

Version of FoalTS: 4.3.0

Please see vulnerability report: https://github.com/advisories/GHSA-rv95-896h-c2vc

lcnvdl commented 2 months ago

Hello Warren. As I understand, this issue will be fixed in FoalTS 4.4.0. The version is about to be published.

LoicPoullain commented 2 months ago

Hi @warren-gallagher 👋

Yes, v4.4 just has been released to fix this issue. Thank you for reporting this!

For security vulnerabilities, if you could send a message directly to security@foalts.org the next time, this would be awesome 😄. This way, I'll receive the information directly in my mailbox and the vulnerability won't be disclosed publicly until the fix has been deployed in production. 🙂