[Snyk] Upgrade express from 4.16.4 to 4.17.2 #39

snyk-bot · 2022-02-02T04:06:46Z

Snyk has created this PR to upgrade express from 4.16.4 to 4.17.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-12-17.

Release notes

Package name: express

4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: body-parser@1.19.1
  - deps: bytes@3.1.1
  - deps: http-errors@1.8.1
  - deps: qs@6.9.6
  - deps: raw-body@2.4.2
  - deps: safe-buffer@5.2.1
  - deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
  - deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: forwarded@0.2.0
  - deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
  - deps: http-errors@1.8.1
  - deps: ms@2.1.3
  - pref: ignore empty http tokens
- deps: serve-static@1.14.2
  - deps: send@0.17.2
- deps: setprototypeof@1.2.0
4.17.1 - 2019-05-26
- Revert "Improve error message for null/undefined to res.status"
4.17.0 - 2019-05-17
- Add express.raw to parse bodies into Buffer
- Add express.text to parse bodies into string
- Improve error message for non-strings to res.sendFile
- Improve error message for null/undefined to res.status
- Support multiple hosts in X-Forwarded-Host
- deps: accepts@~1.3.7
- deps: body-parser@1.19.0
  - Add encoding MIK
  - Add petabyte (pb) support
  - Fix parsing array brackets after index
  - deps: bytes@3.1.0
  - deps: http-errors@1.7.2
  - deps: iconv-lite@0.4.24
  - deps: qs@6.7.0
  - deps: raw-body@2.4.0
  - deps: type-is@~1.6.17
- deps: content-disposition@0.5.3
- deps: cookie@0.4.0
  - Add SameSite=None support
- deps: finalhandler@~1.1.2
  - Set stricter Content-Security-Policy header
  - deps: parseurl@~1.3.3
  - deps: statuses@~1.5.0
- deps: parseurl@~1.3.3
- deps: proxy-addr@~2.0.5
  - deps: ipaddr.js@1.9.0
- deps: qs@6.7.0
  - Fix parsing array brackets after index
- deps: range-parser@~1.2.1
- deps: send@0.17.1
  - Set stricter CSP header in redirect & error responses
  - deps: http-errors@~1.7.2
  - deps: mime@1.6.0
  - deps: ms@2.1.1
  - deps: range-parser@~1.2.1
  - deps: statuses@~1.5.0
  - perf: remove redundant path.normalize call
- deps: serve-static@1.14.1
  - Set stricter CSP header in redirect response
  - deps: parseurl@~1.3.3
  - deps: send@0.17.1
- deps: setprototypeof@1.1.1
- deps: statuses@~1.5.0
  - Add 103 Early Hints
- deps: type-is@~1.6.18
  - deps: mime-types@~2.1.24
  - perf: prevent internal throw on invalid type
4.16.4 - 2018-10-11
- Fix issue where "Request aborted" may be logged in res.sendfile
- Fix JSDoc for Router constructor
- deps: body-parser@1.18.3
  - Fix deprecation warnings on Node.js 10+
  - Fix stack trace for strict json parse error
  - deps: depd@~1.1.2
  - deps: http-errors@~1.6.3
  - deps: iconv-lite@0.4.23
  - deps: qs@6.5.2
  - deps: raw-body@2.3.3
  - deps: type-is@~1.6.16
- deps: proxy-addr@~2.0.4
  - deps: ipaddr.js@1.8.0
- deps: qs@6.5.2
- deps: safe-buffer@5.1.2

from express GitHub release notes

Commit messages

Package name: express

ea537d9 4.17.2
eee93a2 build: update example dependencies
b35773c build: eslint@7.32.0
c8a4200 build: mocha@9.1.3
21cf522 examples: improve 404 message wording
a24f27a deps: serve-static@1.14.2
a33266a build: support Node.js 14.x
6fe271e build: support Node.js 13.x
cbe25d6 deps: setprototypeof@1.2.0
3bb6d96 examples: demonstrate sub directory download
6660649 deps: qs@6.9.6
a75e470 docs: add note about security report location
db05a74 deps: send@0.17.2
c2e23ec deps: body-parser@1.19.1
96850e8 deps: content-disposition@0.5.4
b8d59d5 deps: safe-buffer@5.2.1
59d695c build: update example dependencies
e242796 tests: fix test in app.head
aaa9690 deps: proxy-addr@~2.0.7
f275e87 Fix handling of undefined when "json escape" is enabled
9dd0e7a Fix handling of undefined in res.jsonp
1b2f3a0 tests: fix up primitive tests for res.jsonp
519126d deps: cookie@0.4.1
99a369f Fix incorrect middleware execution with unanchored RegExps

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade express from 4.16.4 to 4.17.2. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/jswheeler/project/32c6b2de-4dbc-410e-951d-12b9877c0d20?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade express from 4.16.4 to 4.17.2 #39

[Snyk] Upgrade express from 4.16.4 to 4.17.2 #39

Uh oh!

snyk-bot commented Feb 2, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

[Snyk] Upgrade express from 4.16.4 to 4.17.2 #39

Are you sure you want to change the base?

[Snyk] Upgrade express from 4.16.4 to 4.17.2 #39

Uh oh!

Conversation

snyk-bot commented Feb 2, 2022

Snyk has created this PR to upgrade express from 4.16.4 to 4.17.2.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant