sonarcloud[bot]
commented
2 months ago 
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade express from 4.17.1 to 4.19.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **8 versions** ahead of your current version. - The recommended version was released **25 days ago**, on 2024-03-20. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: express
-
4.19.1 - 2024-03-20
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
-
4.19.0 - 2024-03-20
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
- @ crandmck made their first contribution in #5541
-
4.18.3 - 2024-02-29
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @ abenhamdine in #5034
- ci: update actions/checkout to v3 by @ armujahid in #5027
- test: remove unused function arguments in params by @ raksbisht in #5124
- Remove unused originalIndex from acceptParams by @ raksbisht in #5119
- Fixed typos by @ raksbisht in #5117
- examples: remove unused params by @ raksbisht in #5113
- fix: parameter str is not described in JSDoc by @ raksbisht in #5130
- fix: typos in History.md by @ raksbisht in #5131
- build : add Node.js@19.7 by @ abenhamdine in #5028
- test: remove unused function arguments in params by @ raksbisht in #5137
- use random port in test so it won't fail on already listening by @ rluvaton in #5162
- tests: use cb() instead of done() by @ kristof-low in #5233
- examples: remove multipart example by @ riddlew in #5195
- Update support Node.js@18 in the CI by @ UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
- Release 4.18.3 by @ UlisesGascon in #5505
- @ vcsjones made their first contribution in #5032
- @ abenhamdine made their first contribution in #5034
- @ armujahid made their first contribution in #5027
- @ raksbisht made their first contribution in #5124
- @ rluvaton made their first contribution in #5162
- @ kristof-low made their first contribution in #5233
- @ riddlew made their first contribution in #5195
- @ DmytroKondrashov made their first contribution in #5414
-
4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
-
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
-
4.18.0 - 2022-04-25 Read more
-
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
- deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
- Fix handling of
- pref: remove unnecessary regexp for trust proxy
-
4.17.2 - 2021-12-17
-
4.17.1 - 2019-05-26
from express GitHub release notesWhat's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Main Changes
Other Changes
New Contributors
Full Changelog: 4.18.2...4.18.3
__proto__keysCommit messages
Package name: express
- 4f0f6cc 4.19.1
- a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
- a1fa90f fixed un-edited version in history.md for 4.19.0
- 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
- 084e365 4.19.0
- 0867302 Prevent open redirect allow list bypass due to encodeurl
- 567c9c6 Add note on how to update docs for new release (#5541)
- 69a4cf2 deps: cookie@0.6.0
- 4ee853e docs: loosen TC activity rules
- 414854b docs: nominating @ wesleytodd to be project captian
- 06c6b88 docs: update release date
- 1b51eda 4.18.3
- b625132 build: pin Node 21.x to minor
- e3eca80 build: pin Node 21.x to minor
- 23b44b3 build: support Node.js 21.6.2
- b9fea12 build: support Node.js 21.x in appveyor
- c259c34 build: support Node.js 21.x
- fdeb1d3 build: support Node.js 20.x in appveyor
- 734b281 build: support Node.js 20.x
- 0e3ab6e examples: improve view count in cookie-sessions
- 59af63a build: Node.js@18.19
- e720c5a docs: add documentation for benchmarks
- 3abea7f examples: remove multipart example
- 2a89eb5 tests: fix handling multiple callbacks
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: