[Snyk] Security upgrade express from 4.17.1 to 4.22.0#14
[Snyk] Security upgrade express from 4.17.1 to 4.22.0#14lcrowther-snyk wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-15789761
|
This minor version upgrade for Express consists primarily of security patches, bug fixes, and minor feature additions. No major breaking API changes are documented between versions 4.17.1 and 4.22.0. However, the target version 4.22.0 contains an unintentional behavioral change. It introduced an "erroneous breaking change related to the extended query parser". While the associated security advisory (CVE-2024-51999) was rejected, this change could potentially affect how your application handles complex query parameters. This issue was immediately corrected and reverted in version 4.22.1. Recommendation: Due to the unintentional change in the query parser, it is recommended to either verify that your application's query parameter handling is unaffected or, preferably, skip this version and upgrade directly to Source: GitHub Releases
|
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-PATHTOREGEXP-15789761
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)