Closed uriel-mend-app[bot] closed 1 year ago
This PR contains the following updates:
4.12.4
4.16.0
Mend ensures you have the greatest risk reduction (highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
By merging this PR, the number of vulnerabilities in issue #32 will be resolved in part or in full.
--- ### Release Notes expressjs/express ### [`v4.16.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4160--2017-09-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.5...4.16.0) \=================== - Add `"json escape"` setting for `res.json` and `res.jsonp` - Add `express.json` and `express.urlencoded` to parse bodies - Add `options` argument to `res.download` - Improve error message when autoloading invalid view engine - Improve error messages when non-function provided as middleware - Skip `Buffer` encoding when not generating ETag for small response - Use `safe-buffer` for improved Buffer API - deps: accepts@~1.3.4 - deps: mime-types@~2.1.16 - deps: content-type@~1.0.4 - perf: remove argument reassignment - perf: skip parameter parsing when no parameters - deps: etag@~1.8.1 - perf: replace regular expression with substring - deps: finalhandler@1.1.0 - Use `res.headersSent` when available - deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` - deps: proxy-addr@~2.0.2 - Fix trimming leading / trailing OWS in `X-Forwarded-For` - deps: forwarded@~0.1.2 - deps: ipaddr.js@1.5.2 - perf: reduce overhead when no `X-Forwarded-For` header - deps: qs@6.5.1 - Fix parsing & compacting very deep objects - deps: send@0.16.0 - Add 70 new types for file extensions - Add `immutable` option - Fix missing `
This PR contains the following updates:
4.12.4
->4.16.0
Version 4.16.0
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -100% | 0 (--) | 0 (-2 ) | 0 (--) | 0 (-1 ) |Version 4.12.4
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | N/A | 0 | 2 | 0 | 1 |Version 4.18.1
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -100% | 0 (--) | 0 (-2 ) | 0 (--) | 0 (-1 ) |By merging this PR, the number of vulnerabilities in issue #32 will be resolved in part or in full.
--- ### Release Notes
expressjs/express
### [`v4.16.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4160--2017-09-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.5...4.16.0) \=================== - Add `"json escape"` setting for `res.json` and `res.jsonp` - Add `express.json` and `express.urlencoded` to parse bodies - Add `options` argument to `res.download` - Improve error message when autoloading invalid view engine - Improve error messages when non-function provided as middleware - Skip `Buffer` encoding when not generating ETag for small response - Use `safe-buffer` for improved Buffer API - deps: accepts@~1.3.4 - deps: mime-types@~2.1.16 - deps: content-type@~1.0.4 - perf: remove argument reassignment - perf: skip parameter parsing when no parameters - deps: etag@~1.8.1 - perf: replace regular expression with substring - deps: finalhandler@1.1.0 - Use `res.headersSent` when available - deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` - deps: proxy-addr@~2.0.2 - Fix trimming leading / trailing OWS in `X-Forwarded-For` - deps: forwarded@~0.1.2 - deps: ipaddr.js@1.5.2 - perf: reduce overhead when no `X-Forwarded-For` header - deps: qs@6.5.1 - Fix parsing & compacting very deep objects - deps: send@0.16.0 - Add 70 new types for file extensions - Add `immutable` option - Fix missing `