Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express from 4.21.1 to 5.0.0 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade express from 4.21.1 to 5.0.0 #3

wants to merge 1 commit into from

Conversation

dcarroll
Copy link
Owner

Snyk has created this PR to upgrade express from 4.21.1 to 5.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-09-10.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 386/1000
Why? Recently disclosed, CVSS 6.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express from express GitHub release notes
Commit messages
Package name: express
  • 344b022 5.0.0
  • 0c49926 fix(deps): send@^1.1.0
  • b3906cb fix(deps): serve-static@^2.1.0
  • fed8c2a fix(deps): body-parser@^2.0.1
  • bdd81f8 Delete `back` as a magic string (#5933)
  • 6c98f80 🔧 update CI, remove unsupported versions, clean up
  • f9256ef Merge branch '5.0' into 5-merge
  • e5feb9f Merge tag '4.20.0' into 5.0
  • 0264908 feat(deps)!: router@^2.0.0 (#5885)
  • 4d713d2 update to [email protected] (#5916)
  • accafc6 fix(deps): finalhandler@^2.0.0 (#5899)
  • 05f40f4 fix(deps)!: content-disposition@^1.0.0 (#5884)
  • 402e7f6 fix(deps): type-is@^2.0.0 (#5883)
  • 4e61d01 fix(deps)!: mime-types@^3.0.0 (#5882)
  • 7748475 fix(deps): accepts@^2.0.0 (#5881)
  • 91a58b5 cookie-signature@^1.2.1 (#5833)
  • 13e6894 chore: [email protected] (#5847)
  • 65b6206 fix(deps) [email protected] (#5790)
  • 0b243b1 5.x: Upgrading `merge-descriptors` with allowing minors (#5782)
  • 0983158 refactor: replace 'path-is-absolute' dep with node:path isAbsolute method (#5830)
  • 41c054c chore: upgrade `debug` dep from 3.10 to 4.3.6 (#5829)
  • ecf762f fix(deps)!: send@^1.0.0 (#5786)
  • 63992bb Merge branch 'ci/v5-node-lts' into 5-merge
  • ea49706 Merge branch 'master' into 5-merge

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcarroll @snyk-bot