mattybrad / drumkid

Other
98 stars 20 forks source link

Bump express-fileupload from 1.1.7-alpha.3 to 1.1.9 in /webtools #5

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps express-fileupload from 1.1.7-alpha.3 to 1.1.9.

Release notes

Sourced from express-fileupload's releases.

1.1.9

Updates:

Second prototype pollution security vulnerability fix when using processNested (#236)

1.1.8

Updates:

Fixed prototype pollution security vulnerability when using processNested (#236)

1.1.7-alpha.4

Updates:

  • Updated README.md thanks to @tycrek , @eartharoid, @Code42Cate
  • Some code refactoring to make it lighter and more readable.
  • Updated dependencies.

Fixes:

  • Fix empty file issue(#226)
  • Fix temp file write timing issue(#184). Thanks to @somewind
  • Add empty file name check for parseFileName, issue(#187).
  • Write Timing Crash #192
  • when file.on('data') event timeouts, the case isn't handled properly #202
  • Do not create empty temporary files for empty file fields #191
Commits
  • fd40389 version bump
  • 94c9cf9 prototype pollution fix #2
  • 829f395 version bump
  • db49535 Merge pull request #237 from richardgirges/fix-236-proto-pollution
  • d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype po...
  • e9848fc Update package-lock.json
  • d536cfb Update package.json
  • c7a6b9c Merge pull request #233 from RomanBurunkov/master
  • a53b93f Update tests to support empty files
  • d8c00c5 Add empty files support for tempFileHandler
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by richardgirges, a new releaser for express-fileupload since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mattybrad/drumkid/network/alerts).