Skip to content

Update dependency express-fileupload to v1#13

Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-fileupload-1.x
Open

Update dependency express-fileupload to v1#13
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-fileupload-1.x

Conversation

@mend-for-github-com
Copy link
Copy Markdown
Contributor

@mend-for-github-com mend-for-github-com bot commented Nov 7, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-fileupload ^0.4.0^1.0.0 age adoption passing confidence

Release Notes

richardgirges/express-fileupload (express-fileupload)

v1.5.2

Compare Source

What's Changed

  • Fix possible conflicts for temporary files names(issue #​384).
  • Update some of the dev dependencies
  • Update CI node versions.

Full Changelog: richardgirges/express-fileupload@v1.5.1...v.1.5.2

v1.5.1

Compare Source

What's Changed

  • New option hashAlgorithm.

Full Changelog: richardgirges/express-fileupload@v1.5.0...v.1.5.1

v1.5.0

Compare Source

What's Changed

  • Ability to set custom logger for debug logging. See option logger.
  • Optimize upload timer.

Full Changelog: richardgirges/express-fileupload@v1.4.3...v.1.5.0

v1.4.3

Compare Source

What's Changed

  • TypeError - Cannot read properties of undefined (reading 'includes') in lib/isEligibleRequest.js (issue #​364).

Full Changelog: richardgirges/express-fileupload@v1.4.2...v.1.4.3

v1.4.2

Compare Source

What's Changed

  • Fix TypeError: file.destroy is not a function (issue #​259).
  • Stricter request method and headers checks (to comply with RFC 2046).
  • Do not run next after abortion on limit (issue #​238).

Full Changelog: richardgirges/express-fileupload@v1.4.1...v.1.4.2

v1.4.1

Compare Source

v1.4.0

Compare Source

What's Changed

New Contributors

Full Changelog: richardgirges/express-fileupload@v1.3.1...v1.4.0

v1.3.1: 1.3.1

Compare Source

Updates

  • Have promiseCallback make callbacks and promises behave the same (#​302)
  • Fix prototype pollution in utilities.js (#​301)
  • Switch to CircleCI (ddf5530)
  • End support for Node versions < 12 (ab3d252)

v1.3.0

Compare Source

v1.2.1: 1.2.1

Compare Source

Updates:

  • (Fix) Stopped additional responses from being sent if a limit handler exists (#​264)
  • Unhandled promise rejection warning (#​257)
  • Changed example (#​255)
  • Passing a Buffer body will pollute req.body when used along with processNested (#​291)

v1.2.0

Compare Source

Bug Fixes

#​241 Cleanup temporary files - @​nusu

v1.1.10

Compare Source

Updates:

Additional prototype-pollution security fix when using processNested (#​239)

v1.1.9

Compare Source

Updates:

Second prototype pollution security vulnerability fix when using processNested (#​236)

v1.1.8

Compare Source

Updates:

Fixed prototype pollution security vulnerability when using processNested (#​236)

v1.1.6

Compare Source

Updates

  • Add debug option and debug logging output for upload process.
  • Invoke cleanup in case of abortOnLimit=true to delete temporary file when limit reached(#​155 ).
  • if possible, module uses fs.rename instead of copying + deleting to move uploaded files(#​158).
  • Add busboy unpipe when closing connection. Thanks to @​shel.
  • uploadTimeout(default is 60000 msec) option.
  • Add timeout check for data handler, which triggers cleanup of the temp files in case of no data come during time configured in option uploadTimeout.
  • Fixing vulnerability: middleware checks filename and cut off it if length more then 255 characters.

v1.1.5

Compare Source

Updates

  • Add uri decoding for file names see uriDecodeFileNames option in docs.
  • createParentPath now creates folder recursevly, thanks to @​closingin
  • Add fileSize to Buffer.concat that should increase performance for in memory uploads.

v1.1.4

Compare Source

Updates

  • Custom limit handler function. See limitHandler option in docs.
  • Add description about empty file data when option useTempFiles used.

v1.0.0

Compare Source

Updates

  • Update docs to check for empty object #​100

Bug Fixes

  • Pass Options to File Factory #​98

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 7, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-fileupload-1.x branch from b662379 to 5434a21 Compare March 30, 2025 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants