This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **591/1000** **Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Open Redirect [SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: express
The new version differs by 250 commits.
6946697 Merge branch 'master' into dependabot/npm_and_yarn/js-yaml-3.13.1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/ismaelqueiroz/project/6e7ae4f6-186a-4ca8-ba6f-6943d46fc032?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/ismaelqueiroz/project/6e7ae4f6-186a-4ca8-ba6f-6943d46fc032?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"3337e3d0-1fc7-4522-8f95-89ec992bd212","prPublicId":"3337e3d0-1fc7-4522-8f95-89ec992bd212","dependencies":[{"name":"express","from":"4.16.4","to":"4.19.2"},{"name":"inversify-express-utils","from":"5.2.2","to":"6.4.0"}],"packageManager":"npm","projectPublicId":"6e7ae4f6-186a-4ca8-ba6f-6943d46fc032","projectUrl":"https://app.snyk.io/org/ismaelqueiroz/project/6e7ae4f6-186a-4ca8-ba6f-6943d46fc032?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-EXPRESS-6474509"],"upgrade":["SNYK-JS-EXPRESS-6474509"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[591],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **591/1000****Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express
The new version differs by 250 commits.- b28db2c 4.19.2
- 0b74695 Improved fix for open redirect allow list bypass
- 4f0f6cc 4.19.1
- a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
- a1fa90f fixed un-edited version in history.md for 4.19.0
- 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
- 084e365 4.19.0
- 0867302 Prevent open redirect allow list bypass due to encodeurl
- 567c9c6 Add note on how to update docs for new release (#5541)
- 69a4cf2 deps: cookie@0.6.0
- 4ee853e docs: loosen TC activity rules
- 414854b docs: nominating @ wesleytodd to be project captian
- 06c6b88 docs: update release date
- 1b51eda 4.18.3
- b625132 build: pin Node 21.x to minor
- e3eca80 build: pin Node 21.x to minor
- 23b44b3 build: support Node.js 21.6.2
- b9fea12 build: support Node.js 21.x in appveyor
- c259c34 build: support Node.js 21.x
- fdeb1d3 build: support Node.js 20.x in appveyor
- 734b281 build: support Node.js 20.x
- 0e3ab6e examples: improve view count in cookie-sessions
- 59af63a build: Node.js@18.19
- e720c5a docs: add documentation for benchmarks
See the full diffPackage name: inversify-express-utils
The new version differs by 219 commits.- adaa6ea 6.4.0
- b219141 update deps
- 9a9ac5f Fix controller inheritance (#339)
- ecf552f update deps
- d38f0e3 fix breaking change
- 249d33a added release drafter
- 85e30c4 Dc/jest (#351)
- d09dfbb add eslint (#350)
- 2462cd2 Update typescript compiler (#344)
- 1f8e2f0 Merge pull request #348 from inversify/dc/build-pipeline
- 4a1da6b remove gulp
- d473fd8 Adding in decorators in the README.md code (#342)
- ca0d528 Update README.md (#295)
- a8d90f4 Remove unnecessary annotation from README (#298)
- c4d80ed Fix typo in README (#294)
- e2d6b24 Merge pull request #332 from inversify/dependabot/npm_and_yarn/ini-1.3.8
- fb0035a Bump ini from 1.3.5 to 1.3.8
- e7127e4 Merge pull request #329 from inversify/dependabot/npm_and_yarn/https-proxy-agent-2.2.4
- e9434ab Bump https-proxy-agent from 2.2.2 to 2.2.4
- 0c4445b Merge pull request #341 from inversify/dependabot/npm_and_yarn/yargs-parser-5.0.1
- 683e479 Merge branch 'master' into dependabot/npm_and_yarn/yargs-parser-5.0.1
- db0df28 Merge pull request #334 from inversify/dependabot/npm_and_yarn/js-yaml-3.13.1
- 71bd0fb Bump yargs-parser from 5.0.0 to 5.0.1
- 6946697 Merge branch 'master' into dependabot/npm_and_yarn/js-yaml-3.13.1
See the full diff