🚨 [security] Update express 4.15.2 → 4.21.1 (minor) #471
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ express (4.15.2 → 4.21.1) · Repo · Changelog
Security Advisories 🚨
🚨 express vulnerable to XSS via response.redirect()
🚨 Express.js Open Redirect in malformed URLs
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
0.5.4
0.5.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 73 commits:
0.5.4
build: [email protected]
build: [email protected]
tests: fix deep equal checking
build: support Node.js 17.x
deps: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: support Node.js 16.x
build: support Node.js 15.x
build: [email protected]
build: [email protected]
build: support Node.js 14.x
build: support Node.js 13.x
build: [email protected]
build: [email protected]
lint: apply standard 13
build: use GitHub Actions instead of Travis CI
docs: fix typo in comment
build: [email protected]
build: [email protected]
build: [email protected]
build: support Node.js 12.x
build: support Node.js 11.x
0.5.3
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: restructure Travis CI build steps
lint: apply standard 12 style
tests: replace deprecated assert.deepEqual with deep-equal
build: [email protected]
build: [email protected]
tests: use strict equality
build: support Node.js 10.x
build: support Node.js 9.x
build: [email protected]
deps: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: use yaml eslint configuration
docs: expand jsdoc on constructor
lint: apply standard 11 style
Use safe-buffer for improved Buffer API
build: [email protected]
build: [email protected]
build: support Node.js 8.x
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: use precise dist on Travis CI
lint: use standard style in readme
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
build: set package author
docs: update copyright year
docs: use default shields badge style
docs: update jsdoc comments
build: [email protected]
build: [email protected]
lint: remove unreachable branch
Release Notes
1.2.1 (from changelog)
1.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories 🚨
🚨 Regular Expression Denial of Service in fresh
Release Notes
0.5.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 23 commits:
0.5.2
build: [email protected]
build: [email protected]
perf: improve If-None-Match token parsing
Fix regression matching multiple ETags in If-None-Match
0.5.1
perf: improve ETag match loop
Fix handling of modified headers with invalid dates
bench: add simple benchmarks
build: [email protected]
build: [email protected]
build: [email protected]
build: support Node.js 8.x
build: [email protected]
lint: apply standard 10 style
build: [email protected]
build: [email protected]
build: use precise dist on Travis CI
lint: use standard style in readme
build: [email protected]
build: [email protected]
build: [email protected]
build: [email protected]
Commits
See the full diff on Github. The new version differs by 38 commits:
Update version to 1.9.1
Include LICENSE file in published package
Update TypeScript definitions.
Bump version.
Update compiled files.
Add IPv6.toRFC5952String.
Deprecate non-compliant functions
Add IPv6.toFixedLengthString.
Return RFC 5952 compliant string
Bump version.
Update Typescript range definitions in include 'unicast'.
Bump version.
CIDR array response reversed to properly deliminated string
correct typescript definition for subnetMatch
Fix validation of IPv4 four-part decimals containing individual zeroes
Bump version.
Add support for IPv4 trailing and leading zeros
Reduced npm package size by excluding tests, bower and CI files
Bump version.
add typescript definition file
Bump version.
Clarify Cakefile task names (again).
Clarify Cakefile task names.
Merge branch 'fix_for_84' of https://github.com/jamesmgreene/ipaddr.js
Bump version.
Fix main to resolve to existing file
Simplified the `IPv6.prototype.toString` method
Bump version.
Fix parsing when zone index contains uppercase letters
Bump version.
Fix zoneIndex parsing for IPv4-mapped IPv6 addresses
Bump version.
Allow `ipaddr.IPv4.subnetMaskFromPrefixLength(32)`
Add `IPv4.prototype.toNormalizedString` for symmetry with the IPv6 method
Fix a minor bug in `subnetMatch` logic
Add IPv6 zone index support
add IPv6 prefixLengthFromSubnetMask
Accept mixed IPv4/IPv6 range lists in ipaddr.subnetMatch.
Security Advisories 🚨
🚨 path-to-regexp outputs backtracking regular expressions
Release Notes
0.1.10
0.1.9
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 7 commits:
0.1.10
Add backtrack protection to parameters
Update repo url (#314)
0.1.9
Allow a non-lookahead regex (#312)
0.1.8
Add support for named matching groups (#301)
Release Notes
2.0.7
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories 🚨
🚨 send vulnerable to template injection that can lead to XSS
Release Notes
0.19.0
0.18.0 (from changelog)
0.17.2 (from changelog)
0.17.1 (from changelog)
0.17.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Security Advisories 🚨
🚨 serve-static vulnerable to template injection that can lead to XSS
Release Notes
1.16.0
1.15.0
1.14.2
1.14.1 (from changelog)
1.14.0
1.13.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 13 commits:
1.0.1
Add contributing guidelines.
Update README.
Fix make test command.
Update support files.
Merge pull request #4 from nooks/patch-1
Merge pull request #3 from pdehaan/patch-1
Add node.js versions for Travis-ci
Update license attribute
Update Travis CI configuration.
Add status badges to README.
Update Makefile.
Update support files.
🆕 call-bind (added, 1.0.7)
🆕 define-data-property (added, 1.1.4)
🆕 es-define-property (added, 1.0.0)
🆕 es-errors (added, 1.3.0)
🆕 get-intrinsic (added, 1.2.4)
🆕 gopd (added, 1.0.1)
🆕 has-property-descriptors (added, 1.0.2)
🆕 has-proto (added, 1.0.3)
🆕 hasown (added, 2.0.2)
🆕 set-function-length (added, 1.2.2)
🆕 side-channel (added, 1.0.6)
🆕 toidentifier (added, 1.0.1)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands