-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade express from 4.17.3 to 4.21.1 #118
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade express from 4.17.3 to 4.21.1. See this package in npm: express See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/baae60b0-b551-4edb-bcb1-55eb7c12e4a6?utm_source=github&utm_medium=referral&page=upgrade-pr
Run & review this pull request in StackBlitz Codeflow. |
|
Reviewer's Guide by SourceryThis PR upgrades the express package from version 4.17.3 to 4.21.1 to address several security vulnerabilities. The upgrade spans 10 versions and includes important security fixes for issues like asymmetric resource consumption, open redirect vulnerabilities, and cross-site scripting. No diagrams generated as the changes look simple and do not need a visual representation. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Snyk has created this PR to upgrade express from 4.17.3 to 4.21.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-BODYPARSER-7926860
SNYK-JS-EXPRESS-6474509
SNYK-JS-EXPRESS-7926867
SNYK-JS-PATHTOREGEXP-7925106
SNYK-JS-SEND-7926862
SNYK-JS-SERVESTATIC-7926865
Release notes
Package name: express
What's Changed
Full Changelog: 4.21.0...4.21.1
What's Changed
"back"
magic string in redirects by @ blakeembrey in #5935New Contributors
Full Changelog: 4.20.0...4.21.0
What's Changed
Important
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)res.redirect
Other Changes
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by @ jonchurch in #5587res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by @ jonchurch in #5672question
anddiscuss
by @ IamLizu in #5835merge-descriptors
dependency by @ RobinTail in #5781New Contributors
Full Changelog: 4.19.1...4.20.0
What's Changed
Full Changelog: 4.19.1...4.19.2
What's Changed
Full Changelog: 4.19.0...4.19.1
What's Changed
New Contributors
Full Changelog: 4.18.3...4.19.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Bug Fixes: