[Snyk] Fix for 119 vulnerabilities

[renujankar]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DICER-2311764	Yes	Mature
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-DUSTJSLINKEDIN-1089257	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	/1000 Why?	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	/1000 Why?	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	/1000 Why?	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	/1000 Why?	Prototype Pollution SNYK-JS-MONGOOSE-5777721	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	No	Proof of Concept
	/1000 Why?	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	/1000 Why?	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	No	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	No	Proof of Concept
	/1000 Why?	Information Exposure SNYK-JS-PARSEURL-2935947	No	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	No	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	No	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	No	Proof of Concept
	/1000 Why?	Improper Input Validation SNYK-JS-PARSEURL-3024398	No	Proof of Concept
	/1000 Why?	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYK-3037342	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYK-3038622	No	Proof of Concept
	/1000 Why?	Code Injection SNYK-JS-SNYK-3111871	No	No Known Exploit
	/1000 Why?	Command Injection SNYK-JS-SNYKDOCKERPLUGIN-3039679	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKGRADLEPLUGIN-3038624	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKMVNPLUGIN-3038623	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKPYTHONPLUGIN-3039677	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKSBTPLUGIN-3038626	No	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	/1000 Why?	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	/1000 Why?	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Remote Memory Exposure npm:mongoose:20160116	No	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Directory Traversal npm:st:20140206	No	Proof of Concept
	644/1000 Why? Mature exploit, Has a fix available, CVSS 4.3	Open Redirect npm:st:20171013	Yes	Mature
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @snyk/nodejs-runtime-agent

The new version differs by 38 commits.

• 224571c Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.19.2 snyk/snyk-goof#122 from snyk/snyk-upgrade-b499e5dec6c8943e8e5be3b991567d16
• e03426f fix: upgrade needle from 2.5.2 to 2.6.0
• a51b60b Merge pull request [Snyk] Security upgrade express from 4.12.4 to 4.19.2 snyk/snyk-goof#121 from snyk/snyk-upgrade-1b807b9de1acd5e1c9e71d472d42b551
• dbf7424 fix: upgrade debug from 4.1.1 to 4.3.2
• 93bbf24 Merge pull request [Snyk] Security upgrade snyk from 1.290.2 to 1.996.0 snyk/snyk-goof#119 from antonsamper/master
• 41798c3 chore(package): update engine
• efc27b5 Merge pull request [Snyk-dev] Fix for 110 vulnerabilities snyk/snyk-goof#116 from snyk/snyk-upgrade-d663568433e6c3f41671947a0885bd4b
• 0c70f97 fix: upgrade needle from 2.5.0 to 2.5.2
• 8946c95 Merge pull request [Snyk-dev] Fix for 110 vulnerabilities snyk/snyk-goof#114 from snyk/feat/needle
• ac9aabf feat: upgrade needle (redirect bug)
• ade9436 Merge pull request [Snyk-dev] Fix for 111 vulnerabilities snyk/snyk-goof#111 from snyk/snyk-fix-93368b07b9de27f1dbf0560f8ba14c21
• 4b5269a test: update test fixture to match acorn@5.7.2
• 919477e fix: package.json & package-lock.json to reduce vulnerabilities
• a502cbb Merge pull request [Snyk] Fix for 49 vulnerabilities snyk/snyk-goof#107 from snyk/docs/readme
• dde1526 docs: describe supported Node versions on our README.md
• 83fe936 Merge pull request [Snyk-dev] Fix for 98 vulnerabilities snyk/snyk-goof#103 from snyk/chore/codeowners
• 4b0109f chore: codeowners
• 435f878 Merge pull request [Snyk] Fix for 16 vulnerabilities snyk/snyk-goof#99 from snyk/chore/bumps
• 8ef98c8 test: limit concurrency to 1
• c53384a chore: upgrade tap; js-yaml is no longer
• 50a0844 chore: bump semver
• 391a2c5 chore: low-risk bumps
• 800766c chore: run tests on random port
• 3d90fb9 test: try and close the demo server cleanly

See the full diff

Package name: adm-zip

The new version differs by 84 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request #341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request #315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request #322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request #327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request #331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser

The new version differs by 250 commits.

• 424dadd 1.19.2
• 11248a2 deps: raw-body@2.4.3
• 7a088eb build: Node.js@14.19
• ecedf31 build: Node.js@16.14
• b6bfabd build: Node.js@17.5
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: Node.js@17.4
• 70560b1 build: mocha@9.2.0
• 548a06f build: supertest@6.2.2
• 3b00678 deps: bytes@3.1.2
• d5acb61 build: mocha@9.1.4
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: qs@6.9.7
• c631b58 build: supertest@6.2.1
• c81a8e2 build: eslint-plugin-import@2.25.4
• 3c4dcb8 build: Node.js@17.3
• d0a214b 1.19.1
• fb172d4 build: eslint-plugin-promise@5.2.0
• c5e63cb build: Node.js@17.2
• c6d43bd build: eslint-plugin-import@2.25.3
• 313ed6d build: eslint-plugin-promise@5.1.1
• 8389b51 deps: bytes@3.1.1
• aae94b2 deps: http-errors@1.8.1
• 7f84d4f deps: raw-body@2.4.2

See the full diff

Package name: cfenv

The new version differs by 3 commits.

• fb0a2aa update dependencies, now at version 1.2.4
• 63e072a version 1.2.3
• 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: errorhandler

The new version differs by 85 commits.

• c41e9aa 1.4.3
• ffce329 build: istanbul@0.4.2
• 90a8777 build: Node.js@4.2
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: istanbul@0.4.1
• fdeb13c build: mocha@2.3.4
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: istanbul@0.3.19
• 5ee62b7 deps: escape-html@1.0.3
• 1e89ae7 build: istanbul@0.3.18
• ef1e8f1 build: supertest@1.1.0
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: io.js@2.5
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: express

The new version differs by 250 commits.

• b28db2c 4.19.2
• 0b74695 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• 4ee853e docs: loosen TC activity rules
• 414854b docs: nominating @ wesleytodd to be project captian
• 06c6b88 docs: update release date
• 1b51eda 4.18.3
• b625132 build: pin Node 21.x to minor
• e3eca80 build: pin Node 21.x to minor
• 23b44b3 build: support Node.js 21.6.2
• b9fea12 build: support Node.js 21.x in appveyor
• c259c34 build: support Node.js 21.x
• fdeb1d3 build: support Node.js 20.x in appveyor
• 734b281 build: support Node.js 20.x
• 0e3ab6e examples: improve view count in cookie-sessions
• 59af63a build: Node.js@18.19
• e720c5a docs: add documentation for benchmarks

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request #240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix [Snyk] Upgrade body-parser from 1.9.0 to 1.20.2 #2
• 829f395 version bump
• db49535 Merge pull request #237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request #233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Fix for 5 vulnerabilities #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request #232 from RomanBurunkov/master
• 05004b7 Merge pull request #230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request #222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff
</deta...