search

appwrite / playground-for-web

Simple examples that help you get started with Appwrite + Web (=❤️)
https://appwrite.io
100 stars 72 forks source link

[Snyk] Upgrade express from 4.17.2 to 4.17.3 #52

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 372/1000
Why? Proof of Concept exploit, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express
  • 4.17.3 - 2022-02-17
    • deps: accepts@~1.3.8
      • deps: mime-types@~2.1.34
      • deps: negotiator@0.6.3
    • deps: body-parser@1.19.2
      • deps: bytes@3.1.2
      • deps: qs@6.9.7
      • deps: raw-body@2.4.3
    • deps: cookie@0.4.2
    • deps: qs@6.9.7
      • Fix handling of __proto__ keys
    • pref: remove unnecessary regexp for trust proxy
  • 4.17.2 - 2021-12-17
    • Fix handling of undefined in res.jsonp
    • Fix handling of undefined when "json escape" is enabled
    • Fix incorrect middleware execution with unanchored RegExps
    • Fix res.jsonp(obj, status) deprecation message
    • Fix typo in res.is JSDoc
    • deps: body-parser@1.19.1
      • deps: bytes@3.1.1
      • deps: http-errors@1.8.1
      • deps: qs@6.9.6
      • deps: raw-body@2.4.2
      • deps: safe-buffer@5.2.1
      • deps: type-is@~1.6.18
    • deps: content-disposition@0.5.4
      • deps: safe-buffer@5.2.1
    • deps: cookie@0.4.1
      • Fix maxAge option to reject invalid values
    • deps: proxy-addr@~2.0.7
      • Use req.socket over deprecated req.connection
      • deps: forwarded@0.2.0
      • deps: ipaddr.js@1.9.1
    • deps: qs@6.9.6
    • deps: safe-buffer@5.2.1
    • deps: send@0.17.2
      • deps: http-errors@1.8.1
      • deps: ms@2.1.3
      • pref: ignore empty http tokens
    • deps: serve-static@1.14.2
      • deps: send@0.17.2
    • deps: setprototypeof@1.2.0
from express GitHub release notes
Commit messages
Package name: express
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • 7511d08 build: use minimatch@3.0.4 for Node.js < 4
  • 2585f20 tests: fix test missing assertion
  • 9d09762 build: supertest@6.2.2
  • 43cc56e build: clean up gitignore
  • 1c7bbcc build: Node.js@14.19
  • 9cbbc8a deps: cookie@0.4.2
  • 6fbc269 pref: remove unnecessary regexp for trust proxy
  • 2bc734a deps: accepts@~1.3.8
  • 89bb531 docs: fix typo in res.download jsdoc
  • 744564f tests: add test for multiple ips in "trust proxy"
  • da6cb0e tests: add range tests to res.download
  • 00ad5be tests: add more tests for app.request & app.response
  • 141914e tests: fix tests that did not bubble errors
  • bd4fdfe tests: remove global dependency on should
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs