search

wambugucoder / MERN-STACK-APP-FCC-CHALLENGE

A Polling App integrated with a chatbot to help people understand how the App works
1 stars 1 forks source link

[Snyk] Upgrade express from 4.17.1 to 4.18.2 #613

Open wambugucoder opened 9 months ago

wambugucoder commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express from 4.17.1 to 4.18.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **5 versions** ahead of your current version. - The recommended version was released **a year ago**, on 2022-10-08. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: express
  • 4.18.2 - 2022-10-08
    • Fix regression routing a large stack in a single route
    • deps: body-parser@1.20.1
      • deps: qs@6.11.0
      • perf: remove unnecessary object clone
    • deps: qs@6.11.0
  • 4.18.1 - 2022-04-29
    • Fix hanging on large stack of sync routes
  • 4.18.0 - 2022-04-25
    • Add "root" option to res.download
    • Allow options without filename in res.download
    • Deprecate string and non-integer arguments to res.status
    • Fix behavior of null/undefined as maxAge in res.cookie
    • Fix handling very large stacks of sync middleware
    • Ignore Object.prototype values in settings through app.set/app.get
    • Invoke default with same arguments as types in res.format
    • Support proper 205 responses using res.send
    • Use http-errors for res.format error
    • deps: body-parser@1.20.0
      • Fix error message for json parse whitespace in strict
      • Fix internal error when inflated body exceeds limit
      • Prevent loss of async hooks context
      • Prevent hanging when request already read
      • deps: depd@2.0.0
      • deps: http-errors@2.0.0
      • deps: on-finished@2.4.1
      • deps: qs@6.10.3
      • deps: raw-body@2.5.1
    • deps: cookie@0.5.0
      • Add priority option
      • Fix expires option to reject invalid dates
    • deps: depd@2.0.0
      • Replace internal eval usage with Function constructor
      • Use instance methods on process to check for listeners
    • deps: finalhandler@1.2.0
      • Remove set content headers that break response
      • deps: on-finished@2.4.1
      • deps: statuses@2.0.1
    • deps: on-finished@2.4.1
      • Prevent loss of async hooks context
    • deps: qs@6.10.3
    • deps: send@0.18.0
      • Fix emitted 416 error missing headers property
      • Limit the headers removed for 304 response
      • deps: depd@2.0.0
      • deps: destroy@1.2.0
      • deps: http-errors@2.0.0
      • deps: on-finished@2.4.1
      • deps: statuses@2.0.1
    • deps: serve-static@1.15.0
      • deps: send@0.18.0
    • deps: statuses@2.0.1
      • Remove code 306
      • Rename 425 Unordered Collection to standard 425 Too Early
  • 4.17.3 - 2022-02-17
    • deps: accepts@~1.3.8
      • deps: mime-types@~2.1.34
      • deps: negotiator@0.6.3
    • deps: body-parser@1.19.2
      • deps: bytes@3.1.2
      • deps: qs@6.9.7
      • deps: raw-body@2.4.3
    • deps: cookie@0.4.2
    • deps: qs@6.9.7
      • Fix handling of __proto__ keys
    • pref: remove unnecessary regexp for trust proxy
  • 4.17.2 - 2021-12-17
    • Fix handling of undefined in res.jsonp
    • Fix handling of undefined when "json escape" is enabled
    • Fix incorrect middleware execution with unanchored RegExps
    • Fix res.jsonp(obj, status) deprecation message
    • Fix typo in res.is JSDoc
    • deps: body-parser@1.19.1
      • deps: bytes@3.1.1
      • deps: http-errors@1.8.1
      • deps: qs@6.9.6
      • deps: raw-body@2.4.2
      • deps: safe-buffer@5.2.1
      • deps: type-is@~1.6.18
    • deps: content-disposition@0.5.4
      • deps: safe-buffer@5.2.1
    • deps: cookie@0.4.1
      • Fix maxAge option to reject invalid values
    • deps: proxy-addr@~2.0.7
      • Use req.socket over deprecated req.connection
      • deps: forwarded@0.2.0
      • deps: ipaddr.js@1.9.1
    • deps: qs@6.9.6
    • deps: safe-buffer@5.2.1
    • deps: send@0.17.2
      • deps: http-errors@1.8.1
      • deps: ms@2.1.3
      • pref: ignore empty http tokens
    • deps: serve-static@1.14.2
      • deps: send@0.17.2
    • deps: setprototypeof@1.2.0
  • 4.17.1 - 2019-05-26
    • Revert "Improve error message for null/undefined to res.status"
from express GitHub release notes
Commit messages
Package name: express Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/wambugucoder/project/eb9575c5-2ef6-4a94-8d00-df3bc9ddc1a5/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)