search

sultanabubaker / SAST-npm-project

0 stars 0 forks source link

Update dependency express to v4.16.0 #21

Open dev-mend-for-github-com[bot] opened 2 years ago

dev-mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor 4.13.4 -> 4.16.0

By merging this PR, the issue #5 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2016-10539
High High 7.5 CVE-2017-1000048
High High 7.5 CVE-2017-16119
High High 7.5 CVE-2017-16138

Release Notes

expressjs/express ### [`v4.16.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4160--2017-09-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.5...4.16.0) \=================== - Add `"json escape"` setting for `res.json` and `res.jsonp` - Add `express.json` and `express.urlencoded` to parse bodies - Add `options` argument to `res.download` - Improve error message when autoloading invalid view engine - Improve error messages when non-function provided as middleware - Skip `Buffer` encoding when not generating ETag for small response - Use `safe-buffer` for improved Buffer API - deps: accepts@~1.3.4 - deps: mime-types@~2.1.16 - deps: content-type@~1.0.4 - perf: remove argument reassignment - perf: skip parameter parsing when no parameters - deps: etag@~1.8.1 - perf: replace regular expression with substring - deps: finalhandler@1.1.0 - Use `res.headersSent` when available - deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` - deps: proxy-addr@~2.0.2 - Fix trimming leading / trailing OWS in `X-Forwarded-For` - deps: forwarded@~0.1.2 - deps: ipaddr.js@1.5.2 - perf: reduce overhead when no `X-Forwarded-For` header - deps: qs@6.5.1 - Fix parsing & compacting very deep objects - deps: send@0.16.0 - Add 70 new types for file extensions - Add `immutable` option - Fix missing `` in default error & redirects - Set charset as "UTF-8" for .js and .json - Use instance methods on steam to check for listeners - deps: mime@1.4.1 - perf: improve path validation speed - deps: serve-static@1.13.0 - Add 70 new types for file extensions - Add `immutable` option - Set charset as "UTF-8" for .js and .json - deps: send@0.16.0 - deps: setprototypeof@1.1.0 - deps: utils-merge@1.0.1 - deps: vary@~1.1.2 - perf: improve header token parsing speed - perf: re-use options object when generating ETags - perf: remove dead `.charset` set in `res.jsonp` ### [`v4.15.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4155--2017-09-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.4...4.15.5) \=================== - deps: debug@2.6.9 - deps: finalhandler@~1.0.6 - deps: debug@2.6.9 - deps: parseurl@~1.3.2 - deps: fresh@0.5.2 - Fix handling of modified headers with invalid dates - perf: improve ETag match loop - perf: improve `If-None-Match` token parsing - deps: send@0.15.6 - Fix handling of modified headers with invalid dates - deps: debug@2.6.9 - deps: etag@~1.8.1 - deps: fresh@0.5.2 - perf: improve `If-Match` token parsing - deps: serve-static@1.12.6 - deps: parseurl@~1.3.2 - deps: send@0.15.6 - perf: improve slash collapsing ### [`v4.15.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4154--2017-08-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.3...4.15.4) \=================== - deps: debug@2.6.8 - deps: depd@~1.1.1 - Remove unnecessary `Buffer` loading - deps: finalhandler@~1.0.4 - deps: debug@2.6.8 - deps: proxy-addr@~1.1.5 - Fix array argument being altered - deps: ipaddr.js@1.4.0 - deps: qs@6.5.0 - deps: send@0.15.4 - deps: debug@2.6.8 - deps: depd@~1.1.1 - deps: http-errors@~1.6.2 - deps: serve-static@1.12.4 - deps: send@0.15.4 ### [`v4.15.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4153--2017-05-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.2...4.15.3) \=================== - Fix error when `res.set` cannot add charset to `Content-Type` - deps: debug@2.6.7 - Fix `DEBUG_MAX_ARRAY_LENGTH` - deps: ms@2.0.0 - deps: finalhandler@~1.0.3 - Fix missing `` in HTML document - deps: debug@2.6.7 - deps: proxy-addr@~1.1.4 - deps: ipaddr.js@1.3.0 - deps: send@0.15.3 - deps: debug@2.6.7 - deps: ms@2.0.0 - deps: serve-static@1.12.3 - deps: send@0.15.3 - deps: type-is@~1.6.15 - deps: mime-types@~2.1.15 - deps: vary@~1.1.1 - perf: hoist regular expression ### [`v4.15.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4152--2017-03-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.1...4.15.2) \=================== - deps: qs@6.4.0 - Fix regression parsing keys starting with `[` ### [`v4.15.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4151--2017-03-05) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.0...4.15.1) \=================== - deps: send@0.15.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - Fix strict violation in broken environments - deps: serve-static@1.12.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - deps: send@0.15.1 ### [`v4.15.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4150--2017-03-01) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.1...4.15.0) \=================== - Add debug message when loading view engine - Add `next("router")` to exit from router - Fix case where `router.use` skipped requests routes did not - Remove usage of `res._headers` private field - Improves compatibility with Node.js 8 nightly - Skip routing when `req.url` is not set - Use `%o` in path debug to tell types apart - Use `Object.create` to setup request & response prototypes - Use `setprototypeof` module to replace `__proto__` setting - Use `statuses` instead of `http` module for status messages - deps: debug@2.6.1 - Allow colors in workers - Deprecated `DEBUG_FD` environment variable set to `3` or higher - Fix error when running under React Native - Use same color for same namespace - deps: ms@0.7.2 - deps: etag@~1.8.0 - Use SHA1 instead of MD5 for ETag hashing - Works with FIPS 140-2 OpenSSL configuration - deps: finalhandler@~1.0.0 - Fix exception when `err` cannot be converted to a string - Fully URL-encode the pathname in the 404 - Only include the pathname in the 404 message - Send complete HTML document - Set `Content-Security-Policy: default-src 'self'` header - deps: debug@2.6.1 - deps: fresh@0.5.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - perf: delay reading header values until needed - perf: enable strict mode - perf: hoist regular expressions - perf: remove duplicate conditional - perf: remove unnecessary boolean coercions - perf: skip checking modified time if ETag check failed - perf: skip parsing `If-None-Match` when no `ETag` header - perf: use `Date.parse` instead of `new Date` - deps: qs@6.3.1 - Fix array parsing from skipping empty values - Fix compacting nested arrays - deps: send@0.15.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: debug@2.6.1 - deps: etag@~1.8.0 - deps: fresh@0.5.0 - deps: http-errors@~1.6.1 - deps: serve-static@1.12.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Send complete HTML document in redirect response - Set default CSP header in redirect response - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: send@0.15.0 - perf: add fast match path for `*` route - perf: improve `req.ips` performance ### [`v4.14.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4141--2017-01-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.0...4.14.1) \=================== - deps: content-disposition@0.5.2 - deps: finalhandler@0.5.1 - Fix exception when `err.headers` is not an object - deps: statuses@~1.3.1 - perf: hoist regular expressions - perf: remove duplicate validation path - deps: proxy-addr@~1.1.3 - deps: ipaddr.js@1.2.0 - deps: send@0.14.2 - deps: http-errors@~1.5.1 - deps: ms@0.7.2 - deps: statuses@~1.3.1 - deps: serve-static@~1.11.2 - deps: send@0.14.2 - deps: type-is@~1.6.14 - deps: mime-types@~2.1.13 ### [`v4.14.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#​4140--2016-06-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.4...4.14.0) \=================== - Add `acceptRanges` option to `res.sendFile`/`res.sendfile` - Add `cacheControl` option to `res.sendFile`/`res.sendfile` - Add `options` argument to `req.range` - Includes the `combine` option - Encode URL in `res.location`/`res.redirect` if not already encoded - Fix some redirect handling in `res.sendFile`/`res.sendfile` - Fix Windows absolute path check using forward slashes - Improve error with invalid arguments to `req.get()` - Improve performance for `res.json`/`res.jsonp` in most cases - Improve `Range` header handling in `res.sendFile`/`res.sendfile` - deps: accepts@~1.3.3 - Fix including type extensions in parameters in `Accept` parsing - Fix parsing `Accept` parameters with quoted equals - Fix parsing `Accept` parameters with quoted semicolons - Many performance improvements - deps: mime-types@~2.1.11 - deps: negotiator@0.6.1 - deps: content-type@~1.0.2 - perf: enable strict mode - deps: cookie@0.3.1 - Add `sameSite` option - Fix cookie `Max-Age` to never be a floating point number - Improve error message when `encode` is not a function - Improve error message when `expires` is not a `Date` - Throw better error for invalid argument to parse - Throw on invalid values provided to `serialize` - perf: enable strict mode - perf: hoist regular expression - perf: use for loop in parse - perf: use string concatenation for serialization - deps: finalhandler@0.5.0 - Change invalid or non-numeric status code to 500 - Overwrite status message to match set status code - Prefer `err.statusCode` if `err.status` is invalid - Set response headers from `err.headers` object - Use `statuses` instead of `http` module for status messages - deps: proxy-addr@~1.1.2 - Fix accepting various invalid netmasks - Fix IPv6-mapped IPv4 validation edge cases - IPv4 netmasks must be contiguous - IPv6 addresses cannot be used as a netmask - deps: ipaddr.js@1.1.1 - deps: qs@6.2.0 - Add `decoder` option in `parse` function - deps: range-parser@~1.2.0 - Add `combine` option to combine overlapping ranges - Fix incorrectly returning -1 when there is at least one valid range - perf: remove internal function - deps: send@0.14.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Correctly inherit from `Stream` class - Fix `Content-Range` header in 416 responses when using `start`/`end` options - Fix `Content-Range` header missing from default 416 responses - Fix redirect error when `path` contains raw non-URL characters - Fix redirect when `path` starts with multiple forward slashes - Ignore non-byte `Range` headers - deps: http-errors@~1.5.0 - deps: range-parser@~1.2.0 - deps: statuses@~1.3.0 - perf: remove argument reassignment - deps: serve-static@~1.11.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Fix redirect error when `req.url` contains raw non-URL characters - Ignore non-byte `Range` headers - Use status code 301 for redirects - deps: send@0.14.1 - deps: type-is@~1.6.13 - Fix type error when given invalid type to match against - deps: mime-types@~2.1.11 - deps: vary@~1.1.0 - Only accept valid field names in the `field` argument - perf: use strict equality when possible
dev-mend-for-github-com[bot] commented 2 years ago

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.