[Snyk] Upgrade express from 4.17.3 to 4.18.2 #27

nitatemic · 2022-10-30T20:08:44Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.17.3 to 4.18.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 22 days ago, on 2022-10-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Open Redirect SNYK-JS-GOT-2932019	484/1000 Why? Has a fix available, CVSS 5.4	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

4.18.2 - 2022-10-08
- Fix regression routing a large stack in a single route
- deps: [email protected]
  - deps: [email protected]
  - perf: remove unnecessary object clone
- deps: [email protected]
4.18.1 - 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 - 2022-04-25
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: [email protected]
  - Fix error message for json parse whitespace in strict
  - Fix internal error when inflated body exceeds limit
  - Prevent loss of async hooks context
  - Prevent hanging when request already read
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
  - Add priority option
  - Fix expires option to reject invalid dates
- deps: [email protected]
  - Replace internal eval usage with Function constructor
  - Use instance methods on process to check for listeners
- deps: [email protected]
  - Remove set content headers that break response
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
  - Prevent loss of async hooks context
- deps: [email protected]
- deps: [email protected]
  - Fix emitted 416 error missing headers property
  - Limit the headers removed for 304 response
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
  - Remove code 306
  - Rename 425 Unordered Collection to standard 425 Too Early
4.17.3 - 2022-02-17
- deps: accepts@~1.3.8
  - deps: mime-types@~2.1.34
  - deps: [email protected]
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: [email protected]
- deps: [email protected]
  - Fix handling of __proto__ keys
- pref: remove unnecessary regexp for trust proxy