[Snyk] Upgrade express from 4.16.4 to 4.18.2 #24

jhm164 · 2022-12-05T06:19:14Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.16.4 to 4.18.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 2 months ago, on 2022-10-08.

Release notes

Package name: express

4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
  - deps: qs@6.11.0
  - perf: remove unnecessary object clone
- deps: qs@6.11.0
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 - 2022-04-25
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: body-parser@1.20.0
  - Fix error message for json parse whitespace in strict
  - Fix internal error when inflated body exceeds limit
  - Prevent loss of async hooks context
  - Prevent hanging when request already read
  - deps: depd@2.0.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: qs@6.10.3
  - deps: raw-body@2.5.1
- deps: cookie@0.5.0
  - Add priority option
  - Fix expires option to reject invalid dates
- deps: depd@2.0.0
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
- deps: finalhandler@1.2.0
  - Remove set content headers that break response
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: on-finished@2.4.1
  - Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
  - Fix emitted 416 error missing headers property
  - Limit the headers removed for 304 response
  - deps: depd@2.0.0
  - deps: destroy@1.2.0
  - deps: http-errors@2.0.0
  - deps: on-finished@2.4.1
  - deps: statuses@2.0.1
- deps: serve-static@1.15.0
  - deps: send@0.18.0
- deps: statuses@2.0.1
  - Remove code 306
  - Rename 425 Unordered Collection to standard 425 Too Early
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: negotiator@0.6.3
- deps: body-parser@1.19.2
  - deps: bytes@3.1.2
  - deps: qs@6.9.7
  - deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy
4.17.2 - 2021-12-17
- Fix handling of undefined in res.jsonp
- Fix handling of undefined when "json escape" is enabled
- Fix incorrect middleware execution with unanchored RegExps
- Fix res.jsonp(obj, status) deprecation message
- Fix typo in res.is JSDoc
- deps: body-parser@1.19.1
  - deps: bytes@3.1.1
  - deps: http-errors@1.8.1
  - deps: qs@6.9.6
  - deps: raw-body@2.4.2
  - deps: safe-buffer@5.2.1
  - deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
  - deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
  - Fix maxAge option to reject invalid values
- deps: proxy-addr@~2.0.7
  - Use req.socket over deprecated req.connection
  - deps: forwarded@0.2.0
  - deps: ipaddr.js@1.9.1
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
  - deps: http-errors@1.8.1
  - deps: ms@2.1.3
  - pref: ignore empty http tokens
- deps: serve-static@1.14.2
  - deps: send@0.17.2
- deps: setprototypeof@1.2.0
4.17.1 - 2019-05-26
- Revert "Improve error message for null/undefined to res.status"
4.17.0 - 2019-05-17
- Add express.raw to parse bodies into Buffer
- Add express.text to parse bodies into string
- Improve error message for non-strings to res.sendFile
- Improve error message for null/undefined to res.status
- Support multiple hosts in X-Forwarded-Host
- deps: accepts@~1.3.7
- deps: body-parser@1.19.0
  - Add encoding MIK
  - Add petabyte (pb) support
  - Fix parsing array brackets after index
  - deps: bytes@3.1.0
  - deps: http-errors@1.7.2
  - deps: iconv-lite@0.4.24
  - deps: qs@6.7.0
  - deps: raw-body@2.4.0
  - deps: type-is@~1.6.17
- deps: content-disposition@0.5.3
- deps: cookie@0.4.0
  - Add SameSite=None support
- deps: finalhandler@~1.1.2
  - Set stricter Content-Security-Policy header
  - deps: parseurl@~1.3.3
  - deps: statuses@~1.5.0
- deps: parseurl@~1.3.3
- deps: proxy-addr@~2.0.5
  - deps: ipaddr.js@1.9.0
- deps: qs@6.7.0
  - Fix parsing array brackets after index
- deps: range-parser@~1.2.1
- deps: send@0.17.1
  - Set stricter CSP header in redirect & error responses
  - deps: http-errors@~1.7.2
  - deps: mime@1.6.0
  - deps: ms@2.1.1
  - deps: range-parser@~1.2.1
  - deps: statuses@~1.5.0
  - perf: remove redundant path.normalize call
- deps: serve-static@1.14.1
  - Set stricter CSP header in redirect response
  - deps: parseurl@~1.3.3
  - deps: send@0.17.1
- deps: setprototypeof@1.1.1
- deps: statuses@~1.5.0
  - Add 103 Early Hints
- deps: type-is@~1.6.18
  - deps: mime-types@~2.1.24
  - perf: prevent internal throw on invalid type
4.16.4 - 2018-10-11