search

ministryofjustice / cla_frontend

CLA Front End
http://ministryofjustice.github.io/cla_docs/
MIT License
3 stars 4 forks source link

[Snyk] Upgrade express from 4.16.2 to 4.17.3 #813

Closed wordshaker closed 5 months ago

wordshaker commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express from 4.16.2 to 4.17.3.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=express&from_version=4.16.2&to_version=4.17.3&pr_id=75e61760-2dbb-4baf-94a9-75936de80659&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-02-17.
Release notes
Package name: express
  • 4.17.3 - 2022-02-17
    • deps: accepts@~1.3.8
      • deps: mime-types@~2.1.34
      • deps: negotiator@0.6.3
    • deps: body-parser@1.19.2
      • deps: bytes@3.1.2
      • deps: qs@6.9.7
      • deps: raw-body@2.4.3
    • deps: cookie@0.4.2
    • deps: qs@6.9.7
      • Fix handling of __proto__ keys
    • pref: remove unnecessary regexp for trust proxy
  • 4.17.2 - 2021-12-17
    • Fix handling of undefined in res.jsonp
    • Fix handling of undefined when "json escape" is enabled
    • Fix incorrect middleware execution with unanchored RegExps
    • Fix res.jsonp(obj, status) deprecation message
    • Fix typo in res.is JSDoc
    • deps: body-parser@1.19.1
      • deps: bytes@3.1.1
      • deps: http-errors@1.8.1
      • deps: qs@6.9.6
      • deps: raw-body@2.4.2
      • deps: safe-buffer@5.2.1
      • deps: type-is@~1.6.18
    • deps: content-disposition@0.5.4
      • deps: safe-buffer@5.2.1
    • deps: cookie@0.4.1
      • Fix maxAge option to reject invalid values
    • deps: proxy-addr@~2.0.7
      • Use req.socket over deprecated req.connection
      • deps: forwarded@0.2.0
      • deps: ipaddr.js@1.9.1
    • deps: qs@6.9.6
    • deps: safe-buffer@5.2.1
    • deps: send@0.17.2
      • deps: http-errors@1.8.1
      • deps: ms@2.1.3
      • pref: ignore empty http tokens
    • deps: serve-static@1.14.2
      • deps: send@0.17.2
    • deps: setprototypeof@1.2.0
  • 4.17.1 - 2019-05-26
    • Revert "Improve error message for null/undefined to res.status"
  • 4.17.0 - 2019-05-17
    • Add express.raw to parse bodies into Buffer
    • Add express.text to parse bodies into string
    • Improve error message for non-strings to res.sendFile
    • Improve error message for null/undefined to res.status
    • Support multiple hosts in X-Forwarded-Host
    • deps: accepts@~1.3.7
    • deps: body-parser@1.19.0
      • Add encoding MIK
      • Add petabyte (pb) support
      • Fix parsing array brackets after index
      • deps: bytes@3.1.0
      • deps: http-errors@1.7.2
      • deps: iconv-lite@0.4.24
      • deps: qs@6.7.0
      • deps: raw-body@2.4.0
      • deps: type-is@~1.6.17
    • deps: content-disposition@0.5.3
    • deps: cookie@0.4.0
      • Add SameSite=None support
    • deps: finalhandler@~1.1.2
      • Set stricter Content-Security-Policy header
      • deps: parseurl@~1.3.3
      • deps: statuses@~1.5.0
    • deps: parseurl@~1.3.3
    • deps: proxy-addr@~2.0.5
      • deps: ipaddr.js@1.9.0
    • deps: qs@6.7.0
      • Fix parsing array brackets after index
    • deps: range-parser@~1.2.1
    • deps: send@0.17.1
      • Set stricter CSP header in redirect & error responses
      • deps: http-errors@~1.7.2
      • deps: mime@1.6.0
      • deps: ms@2.1.1
      • deps: range-parser@~1.2.1
      • deps: statuses@~1.5.0
      • perf: remove redundant path.normalize call
    • deps: serve-static@1.14.1
      • Set stricter CSP header in redirect response
      • deps: parseurl@~1.3.3
      • deps: send@0.17.1
    • deps: setprototypeof@1.1.1
    • deps: statuses@~1.5.0
      • Add 103 Early Hints
    • deps: type-is@~1.6.18
      • deps: mime-types@~2.1.24
      • perf: prevent internal throw on invalid type
  • 4.16.4 - 2018-10-11
    • Fix issue where "Request aborted" may be logged in res.sendfile
    • Fix JSDoc for Router constructor
    • deps: body-parser@1.18.3
      • Fix deprecation warnings on Node.js 10+
      • Fix stack trace for strict json parse error
      • deps: depd@~1.1.2
      • deps: http-errors@~1.6.3
      • deps: iconv-lite@0.4.23
      • deps: qs@6.5.2
      • deps: raw-body@2.3.3
      • deps: type-is@~1.6.16
    • deps: proxy-addr@~2.0.4
      • deps: ipaddr.js@1.8.0
    • deps: qs@6.5.2
    • deps: safe-buffer@5.1.2
  • 4.16.3 - 2018-03-12
    • deps: accepts@~1.3.5
      • deps: mime-types@~2.1.18
    • deps: depd@~1.1.2
      • perf: remove argument reassignment
    • deps: encodeurl@~1.0.2
      • Fix encoding % as last character
    • deps: finalhandler@1.1.1
      • Fix 404 output for bad / missing pathnames
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: proxy-addr@~2.0.3
      • deps: ipaddr.js@1.6.0
    • deps: send@0.16.2
      • Fix incorrect end tag in default error & redirects
      • deps: depd@~1.1.2
      • deps: encodeurl@~1.0.2
      • deps: statuses@~1.4.0
    • deps: serve-static@1.13.2
      • Fix incorrect end tag in redirects
      • deps: encodeurl@~1.0.2
      • deps: send@0.16.2
    • deps: statuses@~1.4.0
    • deps: type-is@~1.6.16
      • deps: mime-types@~2.1.18
  • 4.16.2 - 2017-10-10
    • Fix TypeError in res.send when given Buffer and ETag header set
    • perf: skip parsing of entire X-Forwarded-Proto header
from express GitHub release notes
Commit messages
Package name: express
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • 7511d08 build: use minimatch@3.0.4 for Node.js < 4
  • 2585f20 tests: fix test missing assertion
  • 9d09762 build: supertest@6.2.2
  • 43cc56e build: clean up gitignore
  • 1c7bbcc build: Node.js@14.19
  • 9cbbc8a deps: cookie@0.4.2
  • 6fbc269 pref: remove unnecessary regexp for trust proxy
  • 2bc734a deps: accepts@~1.3.8
  • 89bb531 docs: fix typo in res.download jsdoc
  • 744564f tests: add test for multiple ips in "trust proxy"
  • da6cb0e tests: add range tests to res.download
  • 00ad5be tests: add more tests for app.request & app.response
  • 141914e tests: fix tests that did not bubble errors
  • bd4fdfe tests: remove global dependency on should
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/legal-aid-agency/project/f2638df0-0ed9-4fe7-a615-0679b2261f14?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/legal-aid-agency/project/f2638df0-0ed9-4fe7-a615-0679b2261f14/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/legal-aid-agency/project/f2638df0-0ed9-4fe7-a615-0679b2261f14/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)