Skip to content

Bump express version to at least ^4.19.2. #1624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
taeold merged 8 commits into from
Oct 22, 2024
Merged

Bump express version to at least ^4.19.2. #1624

taeold merged 8 commits into from
Oct 22, 2024

Conversation

@taeold
Copy link
Contributor

@taeold taeold commented Oct 3, 2024

Previous express versions are vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2024-29041.
Flet
Flet reviewed Oct 4, 2024
View reviewed changes
@Flet
Copy link

Flet commented Oct 4, 2024

This closes #1078

This will also also resolve several other CVEs that we're seeing in our security check on transitive dependencies:

CVE-2024-45590 (body-parser-1.20.2)
CVE-2024-45296 (path-to-regexp-0.1.7)
CVE-2024-43800 (serve-static-1.15.0)
CVE-2024-43799 (send-0.18.0)
CVE-2024-43796 (express-4.19.2)

Please take a look when you can! Thanks!
@taeold taeold enabled auto-merge October 22, 2024 19:04
@taeold taeold added this pull request to the merge queue Oct 22, 2024
Merged via the queue into master with commit 555c72b Oct 22, 2024
@cabljac cabljac mentioned this pull request Dec 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants

@taeold @Flet @colerogers