Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~4.12.2
->~4.20.0
^3.5.0
->^4.20.0
^3.5.0
->^4.15.5
By merging this PR, the below vulnerabilities will be automatically resolved:
By merging this PR, the below vulnerabilities will be automatically resolved:
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
expressjs/express (express)
v4.20.0
Compare Source
==========
depth
option to customize the depth level in the parserdepth
level for parsing URL-encoded data is now32
(previously wasInfinity
)res.redirect
\
,|
, and^
to align better with URL specoptions.maxAge
andoptions.expires
tores.clearCookie
v4.19.2
Compare Source
==========
v4.19.1
Compare Source
==========
v4.19.0
Compare Source
==========
v4.18.3
Compare Source
==========
partitioned
optionv4.18.2
Compare Source
===================
v4.18.1
Compare Source
===================
v4.18.0
Compare Source
===================
res.download
options
withoutfilename
inres.download
res.status
null
/undefined
asmaxAge
inres.cookie
Object.prototype
values in settings throughapp.set
/app.get
default
with same arguments as types inres.format
res.send
http-errors
forres.format
errorstrict
priority
optionexpires
option to reject invalid dateseval
usage withFunction
constructorprocess
to check for listeners425 Unordered Collection
to standard425 Too Early
v4.17.3
Compare Source
===================
__proto__
keysv4.17.2
Compare Source
===================
undefined
inres.jsonp
undefined
when"json escape"
is enabledRegExp
sres.jsonp(obj, status)
deprecation messageres.is
JSDocmaxAge
option to reject invalid valuesreq.socket
over deprecatedreq.connection
v4.17.1
Compare Source
===================
null
/undefined
tores.status
"v4.17.0
Compare Source
===================
express.raw
to parse bodies intoBuffer
express.text
to parse bodies into stringres.sendFile
null
/undefined
tores.status
X-Forwarded-Host
pb
) supportSameSite=None
supportContent-Security-Policy
headerpath.normalize
call103 Early Hints
throw
on invalid typev4.16.4
Compare Source
===================
"Request aborted"
may be logged inres.sendfile
Router
constructorv4.16.3
Compare Source
===================
%
as last characterv4.16.2
Compare Source
===================
TypeError
inres.send
when givenBuffer
andETag
header setX-Forwarded-Proto
headerv4.16.1
Compare Source
===================
root
is incorrectly set to a filev4.16.0
Compare Source
===================
"json escape"
setting forres.json
andres.jsonp
express.json
andexpress.urlencoded
to parse bodiesoptions
argument tores.download
Buffer
encoding when not generating ETag for small responsesafe-buffer
for improved Buffer APIres.headersSent
when availableRegExp
X-Forwarded-For
X-Forwarded-For
headerimmutable
option</html>
in default error & redirectsimmutable
option.charset
set inres.jsonp
v4.15.5
Compare Source
===================
If-None-Match
token parsingIf-Match
token parsingv4.15.4
Compare Source
===================
Buffer
loadingv4.15.3
Compare Source
===================
res.set
cannot add charset toContent-Type
DEBUG_MAX_ARRAY_LENGTH
</html>
in HTML documentv4.15.2
Compare Source
===================
[
v4.15.1
Compare Source
===================
Date.parse
does not returnNaN
on invalid dateDate.parse
does not returnNaN
on invalid datev4.15.0
Compare Source
===================
next("router")
to exit from routerrouter.use
skipped requests routes did notres._headers
private fieldreq.url
is not set%o
in path debug to tell types apartObject.create
to setup request & response prototypessetprototypeof
module to replace__proto__
settingstatuses
instead ofhttp
module for status messagesDEBUG_FD
environment variable set to3
or highererr
cannot be converted to a stringContent-Security-Policy: default-src 'self'
headerno-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specIf-None-Match
when noETag
headerDate.parse
instead ofnew Date
no-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specres._headers
private fieldIf-Match
andIf-Unmodified-Since
headersres.getHeaderNames()
when availableres.headersSent
when availableno-cache
request directiveIf-None-Match
has both*
and ETagsETag
matching to match specres._headers
private fieldIf-Match
andIf-Unmodified-Since
headersres.getHeaderNames()
when availableres.headersSent
when available*
routereq.ips
performancev4.14.1
Compare Source
===================
err.headers
is not an objectv4.14.0
Compare Source
===================
acceptRanges
option tores.sendFile
/res.sendfile
cacheControl
option tores.sendFile
/res.sendfile
options
argument toreq.range
combine
optionres.location
/res.redirect
if not already encodedres.sendFile
/res.sendfile
req.get()
res.json
/res.jsonp
in most casesRange
header handling inres.sendFile
/res.sendfile
Accept
parsingAccept
parameters with quoted equalsAccept
parameters with quoted semicolonssameSite
optionMax-Age
to never be a floating point numberencode
is not a functionexpires
is not aDate
serialize
err.statusCode
iferr.status
is invaliderr.headers
objectstatuses
instead ofhttp
module for status messagesdecoder
option inparse
functioncombine
option to combine overlapping rangesacceptRanges
optioncacheControl
optionStream
classContent-Range
header in 416 responses when usingstart
/end
optionsContent-Range
header missing from default 416 responsespath
contains raw non-URL characterspath
starts with multiple forward slashesRange
headersacceptRanges
optioncacheControl
optionreq.url
contains raw non-URL charactersRange
headersfield
argumentv4.13.4
Compare Source
===================
serialize
v4.13.3
Compare Source
===================
mergeParams: true
req.params
v4.13.2
Compare Source
===================
v4.13.1
Compare Source
===================
hasOwnProperty
v4.13.0
Compare Source
===================
res.format
error when onlydefault
providednext('route')
inapp.param
would incorrectly skip valuesdecodeURIComponent
URIError
s are a 400*
before params in routesres.cookie
to callres.append
array-flatten
module for flattening arraysstatusCode
property onError
objectsunpipe
module for unpiping requestsETag
matching supportCONNECT
requestsUpgrade
requestsDate
response headerContent-Location
on 304 responsehttp-errors
for standard emitted errorsstatuses
instead ofhttp
module for status messagesfallthrough
optionnext()
instead of 400app.render
try blockView
http.STATUS_CODES
v4.12.4
Compare Source
===================
fs
isFinished(req)
when data bufferedconstructor
v4.12.3
Compare Source
===================
hasOwnProperty
is presentextensions
orindex
options