[deleted] #5539

FDrag0n · 2024-03-15T07:58:38Z

No description provided.

fix-redirect-security

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.3` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.3/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.3/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.3/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Nextjs).

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.2` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.2/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) ### [`v4.18.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26) [Compare Source](https://github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.3` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.3/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.3/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.3/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Unleash/unleash).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.2` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.2/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) ### [`v4.18.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26) [Compare Source](https://github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/apollographql/apollo-server).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.2` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.2/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) ### [`v4.18.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26) [Compare Source](https://github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/GoogleCloudPlatform/document-ai-samples).

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://github.com/expressjs/express)) | [`4.18.2` -> `4.19.2`](https://renovatebot.com/diffs/npm/express/4.18.2/4.19.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.18.2/4.19.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-29041](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc) ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches expressjs/express@0867302 expressjs/express@0b74695 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### References [https://github.com/expressjs/express/pull/5539](https://github.com/expressjs/express/pull/5539) [https://github.com/koajs/koa/issues/1800](https://github.com/koajs/koa/issues/1800) https://expressjs.com/en/4x/api.html#res.location --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) ### [`v4.18.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26) [Compare Source](https://github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/nordic-game-lab/ngl-api-sdk).

FDrag0n added 2 commits March 15, 2024 15:49

Update response.js fix-redirect-security

154921f

fix-redirect-security

Update res.location.js fix-redirect-security

1f3832b

fix-redirect-security

wesleytodd changed the title ~~fix-redirect-security in issue 5538~~ [deleted] Mar 15, 2024

wesleytodd closed this Mar 15, 2024

debricked bot mentioned this pull request Mar 27, 2024

Fix CVE–2024–29041 cemmenn/demo-app#1

Open

PavelMor25 mentioned this pull request Mar 30, 2024

Express.js Open Redirect in malformed URLs PavelMor25/testcafe-private#74

Closed

1 task

github-actions bot mentioned this pull request Apr 2, 2024

chore(deps): update dependency n8n to v1.34.2 uniget-org/tools#3953

Merged

1 task

hmdevelopermind mentioned this pull request Apr 3, 2024

Vulnerabilities in express scottie1984/swagger-ui-express#369

Closed

github-actions bot mentioned this pull request Apr 4, 2024

essais de fix horizontal pod scaller Khagou/khagu-devops#23

Merged

hanspagel mentioned this pull request Apr 24, 2024

chore: update express scalar/scalar#1516

Merged

github-actions bot mentioned this pull request Aug 15, 2024

Fix missing node modules for theme 2pisoftware/cmfive-boilerplate#156

Merged

This was referenced Sep 12, 2024

[Snyk] Security upgrade express from 4.17.1 to 4.21.0 m-mizutani/boilerplate-cdk-react-app#8

Open

[Snyk] Security upgrade express from 4.17.1 to 4.20.0 m-mizutani/boilerplate-cdk-react-app#9

Open

github-actions bot mentioned this pull request Nov 14, 2024

express4.17.3 tadashi0713/docker-scout-demo#8

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[deleted] #5539

[deleted] #5539

FDrag0n commented Mar 15, 2024 •

edited by wesleytodd

Loading

[deleted] #5539

[deleted] #5539

Conversation

FDrag0n commented Mar 15, 2024 • edited by wesleytodd Loading

FDrag0n commented Mar 15, 2024 •

edited by wesleytodd

Loading