Update dependency express to v4.19.0 (main) #39

mend-for-github-com · 2024-04-29T13:31:12Z

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	`4.17.1` -> `4.19.0`
express (source)	dependencies	minor	`4.17.1` -> `4.21.2`

By merging this PR, the issue #26 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
High	7.5	CVE-2022-24999
Medium	6.1	CVE-2024-29041

By merging this PR, the issue #26 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.5	CVE-2024-45296
High	7.5	CVE-2024-45590
High	7.5	CVE-2024-52798
Medium	5.3	CVE-2024-47764

Release Notes

expressjs/express (express)

`v4.19.0`

Compare Source

==========

Prevent open redirect allow list bypass due to encodeurl
deps: [email protected]

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: [email protected]
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: [email protected]
deps: [email protected]
- Add partitioned option

`v4.18.2`

Compare Source

===================

Fix regression routing a large stack in a single route
deps: [email protected]
- deps: [email protected]
- perf: remove unnecessary object clone
deps: [email protected]

`v4.18.1`

Compare Source

===================

Fix hanging on large stack of sync routes

`v4.18.0`

Compare Source

===================

Add "root" option to res.download
Allow options without filename in res.download
Deprecate string and non-integer arguments to res.status
Fix behavior of null/undefined as maxAge in res.cookie
Fix handling very large stacks of sync middleware
Ignore Object.prototype values in settings through app.set/app.get
Invoke default with same arguments as types in res.format
Support proper 205 responses using res.send
Use http-errors for res.format error
deps: [email protected]
- Fix error message for json parse whitespace in strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
deps: [email protected]
- Add priority option
- Fix expires option to reject invalid dates
deps: [email protected]
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: [email protected]
- Remove set content headers that break response
- deps: [email protected]
- deps: [email protected]
deps: [email protected]
- Prevent loss of async hooks context
deps: [email protected]
deps: [email protected]
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
deps: [email protected]
- deps: [email protected]
deps: [email protected]
- Remove code 306
- Rename 425 Unordered Collection to standard 425 Too Early

`v4.17.3`

Compare Source

===================

deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: [email protected]
deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
deps: [email protected]
deps: [email protected]
- Fix handling of __proto__ keys
pref: remove unnecessary regexp for trust proxy

`v4.17.2`

Compare Source

===================

Fix handling of undefined in res.jsonp
Fix handling of undefined when "json escape" is enabled
Fix incorrect middleware execution with unanchored RegExps
Fix res.jsonp(obj, status) deprecation message
Fix typo in res.is JSDoc
deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: type-is@~1.6.18
deps: [email protected]
- deps: [email protected]
deps: [email protected]
- Fix maxAge option to reject invalid values
deps: proxy-addr@~2.0.7
- Use req.socket over deprecated req.connection
- deps: [email protected]
- deps: [email protected]
deps: [email protected]
deps: [email protected]
deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- pref: ignore empty http tokens
deps: [email protected]
- deps: [email protected]
deps: [email protected]

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 29, 2024

mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from ee6a2b8 to b0e3472 Compare December 6, 2024 20:38

mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from b0e3472 to 327a557 Compare January 27, 2025 03:41

mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch 2 times, most recently from 649d598 to 327780c Compare February 13, 2025 06:54

mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from 327780c to 76db105 Compare February 23, 2025 07:14

Update dependency express to v4.19.0

de2b281

mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from 76db105 to de2b281 Compare March 4, 2025 06:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express to v4.19.0 (main) #39

Update dependency express to v4.19.0 (main) #39

mend-for-github-com bot commented Apr 29, 2024 •

edited

Loading

Update dependency express to v4.19.0 (main) #39

Are you sure you want to change the base?

Update dependency express to v4.19.0 (main) #39

Conversation

mend-for-github-com bot commented Apr 29, 2024 • edited Loading

Release Notes

v4.19.0

v4.18.3

v4.18.2

v4.18.1

v4.18.0

v4.17.3

v4.17.2

mend-for-github-com bot commented Apr 29, 2024 •

edited

Loading

`v4.19.0`

`v4.18.3`

`v4.18.2`

`v4.18.1`

`v4.18.0`

`v4.17.3`

`v4.17.2`