refactor: upgrade express from 4.17.2 to 4.17.3 #2058

snyk-bot · 2022-03-10T02:30:12Z

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2022-02-17.

Release notes

Package name: express

4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: negotiator@0.6.3
- deps: body-parser@1.19.2
  - deps: bytes@3.1.2
  - deps: qs@6.9.7
  - deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: body-parser@1.19.1
  - deps: bytes@3.1.1
  - deps: http-errors@1.8.1
  - deps: qs@6.9.6
  - deps: raw-body@2.4.2
  - deps: safe-buffer@5.2.1
  - deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
  - deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: forwarded@0.2.0
  - deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
  - deps: http-errors@1.8.1
  - deps: ms@2.1.3
  - pref: ignore empty http tokens
- deps: serve-static@1.14.2
  - deps: send@0.17.2
- deps: setprototypeof@1.2.0

from express GitHub release notes

Commit messages

Package name: express

3d7fce5 4.17.3
f906371 build: update example dependencies
6381bc6 deps: qs@6.9.7
a007863 deps: body-parser@1.19.2
e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
a659137 tests: use strict mode
a39e409 tests: prevent leaking changes to NODE_ENV
82de4de examples: fix path traversal in downloads example
12310c5 build: use nyc for test coverage
884657d examples: remove bitwise syntax for includes check
7511d08 build: use minimatch@3.0.4 for Node.js < 4
2585f20 tests: fix test missing assertion
9d09762 build: supertest@6.2.2
43cc56e build: clean up gitignore
1c7bbcc build: Node.js@14.19
9cbbc8a deps: cookie@0.4.2
6fbc269 pref: remove unnecessary regexp for trust proxy
2bc734a deps: accepts@~1.3.8
89bb531 docs: fix typo in res.download jsdoc
744564f tests: add test for multiple ips in "trust proxy"
da6cb0e tests: add range tests to res.download
00ad5be tests: add more tests for app.request & app.response
141914e tests: fix tests that did not bubble errors
bd4fdfe tests: remove global dependency on should

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/acinader/project/3e039b91-2450-4b56-8420-baf56cab388e?utm_source=github&utm_medium=referral&page=upgrade-pr

parse-github-assistant · 2022-03-10T02:30:18Z

I will reformat the title to use the proper commit message syntax.

# [4.0.0-alpha.19](4.0.0-alpha.18...4.0.0-alpha.19) (2022-03-10) ### Bug Fixes * upgrade express from 4.17.2 to 4.17.3 ([#2058](#2058)) ([f8dc602](f8dc602))

parseplatformorg · 2022-03-10T22:04:49Z

🎉 This change has been released in version 4.0.0-alpha.19

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/acinader/project/3e039b91-2450-4b56-8420-baf56cab388e?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>

# [4.0.0-alpha.19](parse-community/parse-dashboard@4.0.0-alpha.18...4.0.0-alpha.19) (2022-03-10) ### Bug Fixes * upgrade express from 4.17.2 to 4.17.3 ([parse-community#2058](parse-community#2058)) ([f8dc602](parse-community@f8dc602))

# [4.1.0-alpha.1](4.0.1...4.1.0-alpha.1) (2022-03-23) ### Bug Fixes * adding internal class (e.g. `_User`) fails due to prefixed underscore ([#2036](#2036)) ([e004e70](e004e70)) * security upgrade prismjs from 1.26.0 to 1.27.0 ([#2047](#2047)) ([ffbca12](ffbca12)) * upgrade @babel/runtime from 7.17.0 to 7.17.2 ([#2055](#2055)) ([3e8449b](3e8449b)) * upgrade express from 4.17.2 to 4.17.3 ([#2058](#2058)) ([d1357de](d1357de)) * upgrade otpauth from 7.0.10 to 7.0.11 ([#2061](#2061)) ([05c5ac8](05c5ac8)) ### Features * change string filter description ([#2059](#2059)) ([6470c8e](6470c8e))

# [4.1.0-beta.1](4.0.1...4.1.0-beta.1) (2022-03-23) ### Bug Fixes * adding internal class (e.g. `_User`) fails due to prefixed underscore ([#2036](#2036)) ([e004e70](e004e70)) * security upgrade prismjs from 1.26.0 to 1.27.0 ([#2047](#2047)) ([ffbca12](ffbca12)) * upgrade @babel/runtime from 7.17.0 to 7.17.2 ([#2055](#2055)) ([3e8449b](3e8449b)) * upgrade express from 4.17.2 to 4.17.3 ([#2058](#2058)) ([d1357de](d1357de)) * upgrade otpauth from 7.0.10 to 7.0.11 ([#2061](#2061)) ([05c5ac8](05c5ac8)) ### Features * change string filter description ([#2059](#2059)) ([6470c8e](6470c8e))

# [4.1.0](4.0.1...4.1.0) (2022-04-03) ### Bug Fixes * adding internal class (e.g. `_User`) fails due to prefixed underscore ([#2036](#2036)) ([e004e70](e004e70)) * security upgrade prismjs from 1.26.0 to 1.27.0 ([#2047](#2047)) ([ffbca12](ffbca12)) * upgrade @babel/runtime from 7.17.0 to 7.17.2 ([#2055](#2055)) ([3e8449b](3e8449b)) * upgrade express from 4.17.2 to 4.17.3 ([#2058](#2058)) ([d1357de](d1357de)) * upgrade otpauth from 7.0.10 to 7.0.11 ([#2061](#2061)) ([05c5ac8](05c5ac8)) ### Features * change string filter description ([#2059](#2059)) ([6470c8e](6470c8e))

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/acinader/project/3e039b91-2450-4b56-8420-baf56cab388e?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>

# [4.0.0-alpha.19](parse-community/parse-dashboard@4.0.0-alpha.18...4.0.0-alpha.19) (2022-03-10) ### Bug Fixes * upgrade express from 4.17.2 to 4.17.3 ([parse-community#2058](parse-community#2058)) ([f8dc602](parse-community@f8dc602))

Merge branch 'release' * release: (32 commits) chore(release): 4.1.0 [skip ci] ci: release commit chore(release): 4.1.0-beta.1 [skip ci] ci: release commit chore(release): 4.1.0-alpha.1 [skip ci] ci: add backmerge branches (parse-community#2067) chore(release): 4.0.0-alpha.21 [skip ci] fix: upgrade otpauth from 7.0.10 to 7.0.11 (parse-community#2061) chore(release): 4.0.0-alpha.20 [skip ci] feat: change string filter description (parse-community#2059) chore(release): 4.0.0-alpha.19 [skip ci] fix: upgrade express from 4.17.2 to 4.17.3 (parse-community#2058) refactor: upgrade body-parser from 1.19.1 to 1.19.2 (parse-community#2057) chore(release): 4.0.0-alpha.18 [skip ci] fix: upgrade @babel/runtime from 7.17.0 to 7.17.2 (parse-community#2055) chore(release): 4.0.0-alpha.17 [skip ci] chore(release): 4.0.0-alpha.16 [skip ci] ci: bump environment chore(release): 4.0.0-beta.4 [skip ci] ci: release commit ... # Conflicts: # package-lock.json

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3. See this package in npm: https://www.npmjs.com/package/express See this project in Snyk: https://app.snyk.io/org/acinader/project/3e039b91-2450-4b56-8420-baf56cab388e?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>

# [4.0.0-alpha.19](parse-community/parse-dashboard@4.0.0-alpha.18...4.0.0-alpha.19) (2022-03-10) ### Bug Fixes * upgrade express from 4.17.2 to 4.17.3 ([parse-community#2058](parse-community#2058)) ([f8dc602](parse-community@f8dc602))

parse-github-assistant bot changed the title ~~[Snyk] Upgrade express from 4.17.2 to 4.17.3~~ refactor: upgrade express from 4.17.2 to 4.17.3 Mar 10, 2022

Merge branch 'alpha' into snyk-upgrade-e9649ab01ccb6f4be6032455f0ffc926

9a43e0a

davimacedo approved these changes Mar 10, 2022

View reviewed changes

davimacedo merged commit f8dc602 into alpha Mar 10, 2022

davimacedo deleted the snyk-upgrade-e9649ab01ccb6f4be6032455f0ffc926 branch March 10, 2022 22:00

parseplatformorg pushed a commit that referenced this pull request Mar 10, 2022

chore(release): 4.0.0-alpha.19 [skip ci]

c55d3d1

# [4.0.0-alpha.19](4.0.0-alpha.18...4.0.0-alpha.19) (2022-03-10) ### Bug Fixes * upgrade express from 4.17.2 to 4.17.3 ([#2058](#2058)) ([f8dc602](f8dc602))

parseplatformorg added the state:released-alpha Released as alpha version label Mar 10, 2022

snyk-bot mentioned this pull request Jul 12, 2022

refactor: upgrade js-beautify from 1.14.2 to 1.14.4 #2216

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: upgrade express from 4.17.2 to 4.17.3 #2058

refactor: upgrade express from 4.17.2 to 4.17.3 #2058

snyk-bot commented Mar 10, 2022

parse-github-assistant bot commented Mar 10, 2022

parseplatformorg commented Mar 10, 2022

refactor: upgrade express from 4.17.2 to 4.17.3 #2058

refactor: upgrade express from 4.17.2 to 4.17.3 #2058

Conversation

snyk-bot commented Mar 10, 2022

Snyk has created this PR to upgrade express from 4.17.2 to 4.17.3.

parse-github-assistant bot commented Mar 10, 2022

parseplatformorg commented Mar 10, 2022