Skip to content
This repository has been archived by the owner on Sep 4, 2022. It is now read-only.

[Snyk] Upgrade express from 4.17.1 to 4.18.1 #148

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Jun 1, 2022

Snyk has created this PR to upgrade express from 4.17.1 to 4.18.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-04-29.
Release notes
Package name: express
  • 4.18.1 - 2022-04-29
    • Fix hanging on large stack of sync routes
  • 4.18.0 - 2022-04-25
    • Add "root" option to res.download
    • Allow options without filename in res.download
    • Deprecate string and non-integer arguments to res.status
    • Fix behavior of null/undefined as maxAge in res.cookie
    • Fix handling very large stacks of sync middleware
    • Ignore Object.prototype values in settings through app.set/app.get
    • Invoke default with same arguments as types in res.format
    • Support proper 205 responses using res.send
    • Use http-errors for res.format error
    • deps: body-parser@1.20.0
      • Fix error message for json parse whitespace in strict
      • Fix internal error when inflated body exceeds limit
      • Prevent loss of async hooks context
      • Prevent hanging when request already read
      • deps: depd@2.0.0
      • deps: http-errors@2.0.0
      • deps: on-finished@2.4.1
      • deps: qs@6.10.3
      • deps: raw-body@2.5.1
    • deps: cookie@0.5.0
      • Add priority option
      • Fix expires option to reject invalid dates
    • deps: depd@2.0.0
      • Replace internal eval usage with Function constructor
      • Use instance methods on process to check for listeners
    • deps: finalhandler@1.2.0
      • Remove set content headers that break response
      • deps: on-finished@2.4.1
      • deps: statuses@2.0.1
    • deps: on-finished@2.4.1
      • Prevent loss of async hooks context
    • deps: qs@6.10.3
    • deps: send@0.18.0
      • Fix emitted 416 error missing headers property
      • Limit the headers removed for 304 response
      • deps: depd@2.0.0
      • deps: destroy@1.2.0
      • deps: http-errors@2.0.0
      • deps: on-finished@2.4.1
      • deps: statuses@2.0.1
    • deps: serve-static@1.15.0
      • deps: send@0.18.0
    • deps: statuses@2.0.1
      • Remove code 306
      • Rename 425 Unordered Collection to standard 425 Too Early
  • 4.17.3 - 2022-02-17
    • deps: accepts@~1.3.8
      • deps: mime-types@~2.1.34
      • deps: negotiator@0.6.3
    • deps: body-parser@1.19.2
      • deps: bytes@3.1.2
      • deps: qs@6.9.7
      • deps: raw-body@2.4.3
    • deps: cookie@0.4.2
    • deps: qs@6.9.7
      • Fix handling of __proto__ keys
    • pref: remove unnecessary regexp for trust proxy
  • 4.17.2 - 2021-12-17
    • Fix handling of undefined in res.jsonp
    • Fix handling of undefined when "json escape" is enabled
    • Fix incorrect middleware execution with unanchored RegExps
    • Fix res.jsonp(obj, status) deprecation message
    • Fix typo in res.is JSDoc
    • deps: body-parser@1.19.1
      • deps: bytes@3.1.1
      • deps: http-errors@1.8.1
      • deps: qs@6.9.6
      • deps: raw-body@2.4.2
      • deps: safe-buffer@5.2.1
      • deps: type-is@~1.6.18
    • deps: content-disposition@0.5.4
      • deps: safe-buffer@5.2.1
    • deps: cookie@0.4.1
      • Fix maxAge option to reject invalid values
    • deps: proxy-addr@~2.0.7
      • Use req.socket over deprecated req.connection
      • deps: forwarded@0.2.0
      • deps: ipaddr.js@1.9.1
    • deps: qs@6.9.6
    • deps: safe-buffer@5.2.1
    • deps: send@0.17.2
      • deps: http-errors@1.8.1
      • deps: ms@2.1.3
      • pref: ignore empty http tokens
    • deps: serve-static@1.14.2
      • deps: send@0.17.2
    • deps: setprototypeof@1.2.0
  • 4.17.1 - 2019-05-26
    • Revert "Improve error message for null/undefined to res.status"
from express GitHub release notes
Commit messages
Package name: express
  • d854c43 4.18.1
  • b02a95c build: Node.js@16.15
  • 631ada0 Fix hanging on large stack of sync routes
  • 75e0c7a bench: remove unused parameter
  • e2482b7 build: ejs@3.1.7
  • 2df96e3 build: supertest@6.2.3
  • a38fae1 build: mocha@9.2.2
  • 547fdd4 4.18.0
  • 0b330ef bench: print latency and vary connections
  • 158a170 build: support Node.js 18.x
  • 29ea1b2 build: use 64-bit Node.js in AppVeyor
  • 11a209e build: support Node.js 17.x
  • fd8e45c tests: mark stack overflow as long running
  • 708ac4c Fix handling very large stacks of sync middleware
  • 92c5ce5 deps: cookie@0.5.0
  • 8880dda examples: add missing html label associations
  • b91c7ff examples: use http-errors to create errors
  • ecaf67c docs: remove Node Security Project from security policy
  • 99175c3 docs: fix typo in casing of HTTP
  • 1b2e097 tests: fix typo in description
  • 04da4aa build: use supertest@3.4.2 for Node.js 6.x
  • 2e2d78c deps: on-finished@2.4.1
  • 980d881 deps: statuses@2.0.1
  • 1df7576 deps: qs@6.10.3

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant