[Snyk] Upgrade express from 5.0.0-alpha.2 to 5.0.0

[dmitriz]

Snyk has created this PR to upgrade express from 5.0.0-alpha.2 to 5.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-09-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Override Protection Bypass npm:qs:20170213	375/1000 Why? CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	375/1000 Why? CVSS 7.5	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting SNYK-JS-SEND-7926862	375/1000 Why? CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

• 5.0.0 - 2024-09-10
  Read more
• 5.0.0-beta.3 - 2024-03-25
  

  Full Changelog: 5.0.0-beta.2...v5.0.0-beta.3

• 5.0.0-beta.2 - 2024-03-21
  Read more
• 5.0.0-beta.1 - 2022-02-15
• 5.0.0-alpha.8 - 2020-03-26
• 5.0.0-alpha.7 - 2018-10-27
• 5.0.0-alpha.6 - 2017-09-25
• 5.0.0-alpha.5 - 2017-03-06
• 5.0.0-alpha.4 - 2017-03-02
• 5.0.0-alpha.3 - 2017-01-29
• 5.0.0-alpha.2 - 2015-07-07

from express GitHub release notes

Commit messages

Package name: express

• 344b022 5.0.0
• 0c49926 fix(deps): send@^1.1.0
• b3906cb fix(deps): serve-static@^2.1.0
• fed8c2a fix(deps): body-parser@^2.0.1
• bdd81f8 Delete `back` as a magic string (#5933)
• 6c98f80 🔧 update CI, remove unsupported versions, clean up
• f9256ef Merge branch '5.0' into 5-merge
• e5feb9f Merge tag '4.20.0' into 5.0
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 0264908 feat(deps)!: router@^2.0.0 (#5885)
• 4d713d2 update to fresh@2.0.0 (#5916)
• 125bb74 path-to-regexp@0.1.10 (#5902)
• accafc6 fix(deps): finalhandler@^2.0.0 (#5899)
• 05f40f4 fix(deps)!: content-disposition@^1.0.0 (#5884)
• 402e7f6 fix(deps): type-is@^2.0.0 (#5883)
• 4e61d01 fix(deps)!: mime-types@^3.0.0 (#5882)
• 7748475 fix(deps): accepts@^2.0.0 (#5881)
• 91a58b5 cookie-signature@^1.2.1 (#5833)
• 13e6894 chore: qs@6.13.0 (#5847)
• 65b6206 fix(deps) serve-staic@2.0.0 (#5790)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs