[Snyk] Upgrade express from 4.17.1 to 4.18.3

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.17.1 to 4.18.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-02-29. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------

| Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

4.18.3 - 2024-02-29
Main Changes
- Fix routing requests without method
- deps: body-parser@1.20.2
  - Fix strict json error message on Node.js 19+
  - deps: content-type@~1.0.5
  - deps: raw-body@2.5.2
Other Changes
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
New Contributors
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
Full Changelog: 4.18.2...4.18.3
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
  - deps: qs@6.11.0
  - perf: remove unnecessary object clone
- deps: qs@6.11.0
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 - 2022-04-25
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: body-parser@1.20.0
  - Fix error message for json parse whitespace in strict
  - Fix internal error when inflated body exceeds limit
  - Prevent loss of async hooks context
  - Prevent hanging when request already read
  - deps: depd@2.0.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: qs@6.10.3
  - deps: raw-body@2.5.1
- deps: cookie@0.5.0
  - Add priority option
  - Fix expires option to reject invalid dates
- deps: depd@2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
- deps: finalhandler@1.2.0
  - Remove set content headers that break response
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: on-finished@2.4.1
  - Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
  - Fix emitted 416 error missing headers property
  - Limit the headers removed for 304 response
  - deps: depd@2.0.0
  - deps: destroy@1.2.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: serve-static@1.15.0
  - deps: send@0.18.0
- deps: statuses@2.0.1
  - Remove code 306
  - Rename 425 Unordered Collection to standard 425 Too Early
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: negotiator@0.6.3
- deps: body-parser@1.19.2
  - deps: bytes@3.1.2
  - deps: qs@6.9.7
  - deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: body-parser@1.19.1
  - deps: bytes@3.1.1
  - deps: http-errors@1.8.1
  - deps: qs@6.9.6
  - deps: raw-body@2.4.2
  - deps: safe-buffer@5.2.1
  - deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
  - deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: forwarded@0.2.0
  - deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
  - deps: http-errors@1.8.1
  - deps: ms@2.1.3
  - pref: ignore empty http tokens
- deps: serve-static@1.14.2
  - deps: send@0.17.2
- deps: setprototypeof@1.2.0
4.17.1 - 2019-05-26

from express GitHub release notes

Commit messages

Package name: express

1b51eda 4.18.3
b625132 build: pin Node 21.x to minor
e3eca80 build: pin Node 21.x to minor
23b44b3 build: support Node.js 21.6.2
b9fea12 build: support Node.js 21.x in appveyor
c259c34 build: support Node.js 21.x
fdeb1d3 build: support Node.js 20.x in appveyor
734b281 build: support Node.js 20.x
0e3ab6e examples: improve view count in cookie-sessions
59af63a build: Node.js@18.19
e720c5a docs: add documentation for benchmarks
3abea7f examples: remove multipart example
2a89eb5 tests: fix handling multiple callbacks
59aae76 docs: add project captains to contribution
c4fe7de docs: update TC governance rules
a229207 build: actions/checkout@v4
02d1c39 build: Node.js@19.9
8d8bfaa build: Node.js@18.17
13df1de build: eslint@8.47.0
2a00da2 tests: use random port in listen test
24e4a25 build: Node.js@16.20
91b6fb8 build: use nyc@14.1.1 for Node.js < 10
3531987 lint: remove unused function arguments in Route tests
f540c3b build: Node.js@18.15

Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/firecow/project/efedfdbd-1c03-42b4-b39b-676ae71b0867?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/firecow/project/efedfdbd-1c03-42b4-b39b-676ae71b0867/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/firecow/project/efedfdbd-1c03-42b4-b39b-676ae71b0867/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)

firecow / gitlab-ci-local

[Snyk] Upgrade express from 4.17.1 to 4.18.3 #1157

Snyk has created this PR to upgrade express from 4.17.1 to 4.18.3.

Main Changes

Other Changes

New Contributors

Quality Gate passed