[Snyk] Upgrade express from 4.17.3 to 4.18.2 by Geri76 · Pull Request #4 · Geri76/creta

Geri76 · 2022-11-27T13:47:37Z

Snyk has created this PR to upgrade express from 4.17.3 to 4.18.2.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago, on 2022-10-08.

Release notes

Package name: express

4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
  - deps: qs@6.11.0
  - perf: remove unnecessary object clone
- deps: qs@6.11.0
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 - 2022-04-25
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: body-parser@1.20.0
  - Fix error message for json parse whitespace in strict
  - Fix internal error when inflated body exceeds limit
  - Prevent loss of async hooks context
  - Prevent hanging when request already read
  - deps: depd@2.0.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: qs@6.10.3
  - deps: raw-body@2.5.1
- deps: cookie@0.5.0
  - Add priority option
  - Fix expires option to reject invalid dates
- deps: depd@2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
- deps: finalhandler@1.2.0
  - Remove set content headers that break response
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: on-finished@2.4.1
  - Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
  - Fix emitted 416 error missing headers property
  - Limit the headers removed for 304 response
  - deps: depd@2.0.0
  - deps: destroy@1.2.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: serve-static@1.15.0
  - deps: send@0.18.0
- deps: statuses@2.0.1
  - Remove code 306
  - Rename 425 Unordered Collection to standard 425 Too Early
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: negotiator@0.6.3
- deps: body-parser@1.19.2
  - deps: bytes@3.1.2
  - deps: qs@6.9.7
  - deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy