-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk-dev] Upgrade express-fileupload from 0.0.5 to 0.4.0 #107
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade express-fileupload from 0.0.5 to 0.4.0. See this package in npm: express-fileupload See this project in Snyk: https://app.dev.snyk.io/org/zolamk/project/5483dab8-2f10-4b7c-8f31-19ba2bdd02e1?utm_source=github&utm_medium=referral&page=upgrade-pr
General comment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other issues:
Issue 3 on line 15 for file package.json.
Issue | Score | Exploit Maturity | |
---|---|---|---|
Directory Traversal SNYK-JS-ADMZIP-1065796 |
584 | No Known Exploit | |
Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415 |
584 | Mature |
package.json
Outdated
@@ -25,7 +25,7 @@ | |||
"ejs-locals": "1.0.2", | |||
"errorhandler": "1.2.0", | |||
"express": "4.12.4", | |||
"express-fileupload": "0.0.5", | |||
"express-fileupload": "0.4.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Issue 2
@@ -25,7 +25,7 @@ | |||
"ejs-locals": "1.0.2", | |||
"errorhandler": "1.2.0", | |||
"express": "4.12.4", | |||
"express-fileupload": "0.0.5", | |||
"express-fileupload": "0.6.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Issue 3
@@ -1,4 +1,4 @@ | |||
{ | |||
z{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Issue 4
@@ -25,7 +25,7 @@ | |||
"ejs-locals": "1.0.2", | |||
"errorhandler": "1.2.0", | |||
"express": "4.12.4", | |||
"express-fileupload": "0.0.5", | |||
"express-fileupload": "0.6.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add more information here, and fix this typo.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade express-fileupload from 0.0.5 to 0.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
The recommended version was released on 6 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-ADMZIP-1065796
npm:adm-zip:20180415
Release notes
Package name: express-fileupload
Release 0.4.0
Fix for #50
NOTE: all versions moving forward will enforce support for Node 6+
Breaking Changes
.mv()
now returns a Promise whencallback
argument is not providedNew Features
Bugfixes
Bugfixes
New Features
Bugfixes
New Features
Breaking Changes
Breaking Change 1.) No more urlencoded support
As of v0.1.0, there is NO MORE
application/x-www-form-urlencoded
SUPPORT! Moving forward, express-fileupload is considered a "multipart" solution only. If you want to parseurlencoded
requests, use body-parser.Breaking Change 2.) Support for Node v4.x.x and above now
Usage with Node <4 is no longer supported. Use at your own risk.
Bugfixes
New Features
markdown update
Bugfixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: