Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency express to ^4.19.0 (main) #50

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency express to ^4.19.0 (main) #50

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 30, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor ^4.14.1 -> ^4.19.0

By merging this PR, the issue #57 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 6.1 CVE-2024-29041

Release Notes

expressjs/express (express)

v4.19.0

Compare Source

==========

v4.18.3

Compare Source

==========

v4.18.2

Compare Source

===================

v4.18.1

Compare Source

===================

  • Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

v4.17.3

Compare Source

===================

v4.17.2

Compare Source

===================

v4.17.1

Compare Source

===================

  • Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

v4.16.4

Compare Source

===================

v4.16.3

Compare Source

===================

  • deps: accepts@~1.3.5
    • deps: mime-types@~2.1.18
  • deps: depd@~1.1.2
    • perf: remove argument reassignment
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: [email protected]
    • Fix 404 output for bad / missing pathnames
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: proxy-addr@~2.0.3
  • deps: [email protected]
    • Fix incorrect end tag in default error & redirects
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: [email protected]
  • deps: statuses@~1.4.0
  • deps: type-is@~1.6.16
    • deps: mime-types@~2.1.18

v4.16.2

Compare Source

===================

  • Fix TypeError in res.send when given Buffer and ETag header set
  • perf: skip parsing of entire X-Forwarded-Proto header

v4.16.1

Compare Source

===================

v4.16.0

Compare Source

===================

  • Add "json escape" setting for res.json and res.jsonp
  • Add express.json and express.urlencoded to parse bodies
  • Add options argument to res.download
  • Improve error message when autoloading invalid view engine
  • Improve error messages when non-function provided as middleware
  • Skip Buffer encoding when not generating ETag for small response
  • Use safe-buffer for improved Buffer API
  • deps: accepts@~1.3.4
    • deps: mime-types@~2.1.16
  • deps: content-type@~1.0.4
    • perf: remove argument reassignment
    • perf: skip parameter parsing when no parameters
  • deps: etag@~1.8.1
    • perf: replace regular expression with substring
  • deps: [email protected]
    • Use res.headersSent when available
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: proxy-addr@~2.0.2
    • Fix trimming leading / trailing OWS in X-Forwarded-For
    • deps: forwarded@~0.1.2
    • deps: [email protected]
    • perf: reduce overhead when no X-Forwarded-For header
  • deps: [email protected]
    • Fix parsing & compacting very deep objects
  • deps: [email protected]
    • Add 70 new types for file extensions
    • Add immutable option
    • Fix missing </html> in default error & redirects
    • Set charset as "UTF-8" for .js and .json
    • Use instance methods on steam to check for listeners
    • deps: [email protected]
    • perf: improve path validation speed
  • deps: [email protected]
    • Add 70 new types for file extensions
    • Add immutable option
    • Set charset as "UTF-8" for .js and .json
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: vary@~1.1.2
    • perf: improve header token parsing speed
  • perf: re-use options object when generating ETags
  • perf: remove dead .charset set in res.jsonp

v4.15.5

Compare Source

===================

v4.15.4

Compare Source

===================

v4.15.3

Compare Source

===================

v4.15.2

Compare Source

===================

v4.15.1

Compare Source

===================

v4.15.0

Compare Source

===================

  • Add debug message when loading view engine
  • Add next("router") to exit from router
  • Fix case where router.use skipped requests routes did not
  • Remove usage of res._headers private field
    • Improves compatibility with Node.js 8 nightly
  • Skip routing when req.url is not set
  • Use %o in path debug to tell types apart
  • Use Object.create to setup request & response prototypes
  • Use setprototypeof module to replace __proto__ setting
  • Use statuses instead of http module for status messages
  • deps: [email protected]
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable set to 3 or higher
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: [email protected]
  • deps: etag@~1.8.0
    • Use SHA1 instead of MD5 for ETag hashing
    • Works with FIPS 140-2 OpenSSL configuration
  • deps: finalhandler@~1.0.0
    • Fix exception when err cannot be converted to a string
    • Fully URL-encode the pathname in the 404
    • Only include the pathname in the 404 message
    • Send complete HTML document
    • Set Content-Security-Policy: default-src 'self' header
    • deps: [email protected]
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • perf: delay reading header values until needed
    • perf: enable strict mode
    • perf: hoist regular expressions
    • perf: remove duplicate conditional
    • perf: remove unnecessary boolean coercions
    • perf: skip checking modified time if ETag check failed
    • perf: skip parsing If-None-Match when no ETag header
    • perf: use Date.parse instead of new Date
  • deps: [email protected]
    • Fix array parsing from skipping empty values
    • Fix compacting nested arrays
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: [email protected]
    • deps: etag@~1.8.0
    • deps: [email protected]
    • deps: http-errors@~1.6.1
  • deps: [email protected]
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Send complete HTML document in redirect response
    • Set default CSP header in redirect response
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: [email protected]
  • perf: add fast match path for * route
  • perf: improve req.ips performance
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants