mysociety / popit-api

DEPRECATED - Development on PopIt has stopped and it is no longer being maintained
https://goo.gl/Vvej4Q
Other
17 stars 3 forks source link

Upgrade express to 3.19.2 #123

Closed chrismytton closed 9 years ago

chrismytton commented 9 years ago

This fixes the security issue with serve-static because this version of express depends on a newer version of connect, which in turn depends on a version of serve-static which isn't vulnerable to the open redirect issue.

Fixes https://github.com/mysociety/popit/issues/742

struan commented 9 years ago

Looks fine