Snyk has created this PR to upgrade express from 4.18.2 to 4.19.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **4 versions** ahead of your current version.
- The recommended version was released on **3 months ago**.
#### Issues fixed by the recommended upgrade:
| | Issue | Score | Exploit Maturity |
:-------------------------:|:-------------------------|:-------------------------|:-------------------------
 | Open Redirect [SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **275** | No Known Exploit
Release notes Package name: express
Fix regression routing a large stack in a single route
deps: body-parser@1.20.1
deps: qs@6.11.0
perf: remove unnecessary object clone
deps: qs@6.11.0
from express GitHub release notes
---
> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._
**For more information:**
> - 🧐 [View latest project report](https://app.snyk.io/org/ebay-open-source/project/8f99e2ea-5523-4e04-8fce-99705571d94a?utm_source=github&utm_medium=referral&page=upgrade-pr)
> - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
> - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/ebay-open-source/project/8f99e2ea-5523-4e04-8fce-99705571d94a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/ebay-open-source/project/8f99e2ea-5523-4e04-8fce-99705571d94a/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade express from 4.18.2 to 4.19.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **4 versions** ahead of your current version. - The recommended version was released on **3 months ago**. #### Issues fixed by the recommended upgrade: | | Issue | Score | Exploit Maturity | :-------------------------:|:-------------------------|:-------------------------|:-------------------------  | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **275** | No Known Exploit
Release notes
Package name: express
-
4.19.2 - 2024-03-25
-
4.19.1 - 2024-03-20
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
-
4.19.0 - 2024-03-20
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
- @ crandmck made their first contribution in #5541
-
4.18.3 - 2024-02-29
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
-
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
from express GitHub release notesWhat's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3