Snyk has created this PR to upgrade express from 4.12.4 to 4.18.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 25 versions ahead of your current version.
The recommended version was released 6 months ago, on 2022-10-08.
Snyk has created this PR to upgrade express from 4.12.4 to 4.18.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
npm:fresh:20170908
Why? Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: express
res.download
options
withoutfilename
inres.download
res.status
null
/undefined
asmaxAge
inres.cookie
Object.prototype
values in settings throughapp.set
/app.get
default
with same arguments as types inres.format
res.send
http-errors
forres.format
errorstrict
priority
optionexpires
option to reject invalid dateseval
usage withFunction
constructorprocess
to check for listeners425 Unordered Collection
to standard425 Too Early
__proto__
keysundefined
inres.jsonp
undefined
when"json escape"
is enabledRegExp
sres.jsonp(obj, status)
deprecation messageres.is
JSDocmaxAge
option to reject invalid valuesreq.socket
over deprecatedreq.connection
null
/undefined
tores.status
"express.raw
to parse bodies intoBuffer
express.text
to parse bodies into stringres.sendFile
null
/undefined
tores.status
X-Forwarded-Host
pb
) supportSameSite=None
supportContent-Security-Policy
headerpath.normalize
call103 Early Hints
throw
on invalid typeCommit messages
Package name: express
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
π§ View latest project report
π Adjust upgrade PR settings
π Ignore this dependency or unsubscribe from future upgrade PRs