[Snyk] Upgrade express from 4.18.2 to 5.0.0 #268

EchoSkorJjj · 2024-10-15T18:38:17Z

Snyk has created this PR to upgrade express from 4.18.2 to 5.0.0.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 19 versions ahead of your current version.
The recommended version was released a month ago, on 2024-09-10.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

5.0.0 - 2024-09-10
Read more
5.0.0-beta.3 - 2024-03-25
Full Changelog: 5.0.0-beta.2...v5.0.0-beta.3
5.0.0-beta.2 - 2024-03-21
Read more
5.0.0-beta.1 - 2022-02-15
5.0.0-alpha.8 - 2020-03-26
5.0.0-alpha.7 - 2018-10-27
5.0.0-alpha.6 - 2017-09-25
5.0.0-alpha.5 - 2017-03-06
5.0.0-alpha.4 - 2017-03-02
5.0.0-alpha.3 - 2017-01-29
5.0.0-alpha.2 - 2015-07-07
5.0.0-alpha.1 - 2014-11-07
4.21.1 - 2024-10-08
What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by @ joshbuker in #6029
- Release: 4.21.1 by @ UlisesGascon in #6031
Full Changelog: 4.21.0...4.21.1
4.21.0 - 2024-09-11
What's Changed
- Deprecate "back" magic string in redirects by @ blakeembrey in #5935
- finalhandler@1.3.1 by @ wesleytodd in #5954
- fix(deps): serve-static@1.16.2 by @ wesleytodd in #5951
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by @ agadzinski93 in #5946
New Contributors
- @ agadzinski93 made their first contribution in #5946
Full Changelog: 4.20.0...4.21.0
4.20.0 - 2024-09-10
Read more
4.19.2 - 2024-03-25
What's Changed
- Improved fix for open redirect allow list bypass
Full Changelog: 4.19.1...4.19.2
4.19.1 - 2024-03-20
What's Changed
- Fix ci after location patch by @ wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556
Full Changelog: 4.19.0...4.19.1
4.19.0 - 2024-03-20
What's Changed
- fix typo in release date by @ UlisesGascon in #5527
- docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
- docs: loosen TC activity rules by @ wesleytodd in #5510
- Add note on how to update docs for new release by @ crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @ wesleytodd in #5551
New Contributors
- @ crandmck made their first contribution in #5541
Full Changelog: 4.18.3...4.19.0
4.18.3 - 2024-02-29
4.18.2 - 2022-10-08