Snyk has created this PR to upgrade express from 4.12.4 to 4.19.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **29 versions** ahead of your current version.
- The recommended version was released on **3 months ago**.
#### Issues fixed by the recommended upgrade:
| | Issue | Score | Exploit Maturity |
:-------------------------:|:-------------------------|:-------------------------|:-------------------------
![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Regular Expression Denial of Service (ReDoS) [npm:fresh:20170908](https://snyk.io/vuln/npm:fresh:20170908) | **519** | No Known Exploit
![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Open Redirect [SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **519** | No Known Exploit
Release notes Package name: express
Fix handling of undefined when "json escape" is enabled
Fix incorrect middleware execution with unanchored RegExps
Fix res.jsonp(obj, status) deprecation message
Fix typo in res.is JSDoc
deps: body-parser@1.19.1
deps: bytes@3.1.1
deps: http-errors@1.8.1
deps: qs@6.9.6
deps: raw-body@2.4.2
deps: safe-buffer@5.2.1
deps: type-is@~1.6.18
deps: content-disposition@0.5.4
deps: safe-buffer@5.2.1
deps: cookie@0.4.1
Fix maxAge option to reject invalid values
deps: proxy-addr@~2.0.7
Use req.socket over deprecated req.connection
deps: forwarded@0.2.0
deps: ipaddr.js@1.9.1
deps: qs@6.9.6
deps: safe-buffer@5.2.1
deps: send@0.17.2
deps: http-errors@1.8.1
deps: ms@2.1.3
pref: ignore empty http tokens
deps: serve-static@1.14.2
deps: send@0.17.2
deps: setprototypeof@1.2.0
4.17.1 - 2019-05-26
4.17.0 - 2019-05-17
4.16.4 - 2018-10-11
4.16.3 - 2018-03-12
4.16.2 - 2017-10-10
4.16.1 - 2017-09-29
4.16.0 - 2017-09-28
4.15.5 - 2017-09-25
4.15.4 - 2017-08-07
4.15.3 - 2017-05-17
4.15.2 - 2017-03-06
4.15.1 - 2017-03-06
4.15.0 - 2017-03-01
4.14.1 - 2017-01-28
4.14.0 - 2016-06-16
4.13.4 - 2016-01-22
4.13.3 - 2015-08-03
4.13.2 - 2015-07-31
4.13.1 - 2015-07-06
4.13.0 - 2015-06-21
4.12.4 - 2015-05-18
from express GitHub release notes
---
> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._
**For more information:**
> - 🧐 [View latest project report](https://app.snyk.io/org/dromalc/project/473b8f69-03c1-4679-a8b6-adde1f8cb926?utm_source=github&utm_medium=referral&page=upgrade-pr)
> - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
> - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/dromalc/project/473b8f69-03c1-4679-a8b6-adde1f8cb926/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/dromalc/project/473b8f69-03c1-4679-a8b6-adde1f8cb926/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade express from 4.12.4 to 4.19.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **29 versions** ahead of your current version. - The recommended version was released on **3 months ago**. #### Issues fixed by the recommended upgrade: | | Issue | Score | Exploit Maturity | :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Regular Expression Denial of Service (ReDoS)
[npm:fresh:20170908](https://snyk.io/vuln/npm:fresh:20170908) | **519** | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **519** | No Known Exploit
Release notes
Package name: express
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
res.download
options
withoutfilename
inres.download
res.status
null
/undefined
asmaxAge
inres.cookie
Object.prototype
values in settings throughapp.set
/app.get
default
with same arguments as types inres.format
res.send
http-errors
forres.format
errorstrict
priority
optionexpires
option to reject invalid dateseval
usage withFunction
constructorprocess
to check for listeners425 Unordered Collection
to standard425 Too Early
__proto__
keysundefined
inres.jsonp
undefined
when"json escape"
is enabledRegExp
sres.jsonp(obj, status)
deprecation messageres.is
JSDocmaxAge
option to reject invalid valuesreq.socket
over deprecatedreq.connection