[Snyk] Upgrade express from 4.3.2 to 4.19.2

[BuloZB]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express from 4.3.2 to 4.19.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 79 versions ahead of your current version.

• The recommended version was released 2 months ago, on 2024-03-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Directory Traversal npm:send:20140912	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Root Path Disclosure npm:send:20151103	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Non-Constant Time String Comparison npm:cookie-signature:20160804	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Cross-site Scripting (XSS) npm:express:20140912	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit
	Open Redirect npm:serve-static:20150113	429/1000 Why? Has a fix available, CVSS 4.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: [email protected]
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: [email protected]

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: [email protected] and [email protected] by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add [email protected] by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: [email protected]
    • deps: [email protected]
    • perf: remove unnecessary object clone
  • deps: [email protected]
• 4.18.1 - 2022-04-29
  
  • Fix hanging on large stack of sync routes
• 4.18.0 - 2022-04-25
  
  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: [email protected]
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: [email protected]
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: [email protected]
    • Remove set content headers that break response
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Prevent loss of async hooks context
  • deps: [email protected]
  • deps: [email protected]
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Remove code 306
    • Rename 425 Unordered Collection to standard 425 Too Early
• 4.17.3 - 2022-02-17
  
  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy
• 4.17.2 - 2021-12-17
  
  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • deps: type-is@~1.6.18
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
    • deps: [email protected]
    • deps: [email protected]
    • pref: ignore empty http tokens
  • deps: [email protected]
    • deps: [email protected]
  • deps: [email protected]
• 4.17.1 - 2019-05-26
• 4.17.0 - 2019-05-17
• 4.16.4 - 2018-10-11
• 4.16.3 - 2018-03-12
• 4.16.2 - 2017-10-10
• 4.16.1 - 2017-09-29
• 4.16.0 - 2017-09-28
• 4.15.5 - 2017-09-25
• 4.15.4 - 2017-08-07
• 4.15.3 - 2017-05-17
• 4.15.2 - 2017-03-06
• 4.15.1 - 2017-03-06
• 4.15.0 - 2017-03-01
• 4.14.1 - 2017-01-28
• 4.14.0 - 2016-06-16
• 4.13.4 - 2016-01-22
• 4.13.3 - 2015-08-03
• 4.13.2 - 2015-07-31
• 4.13.1 - 2015-07-06
• 4.13.0 - 2015-06-21
• 4.12.4 - 2015-05-18
• 4.12.3 - 2015-03-17
• 4.12.2 - 2015-03-03
• 4.12.1 - 2015-03-02
• 4.12.0 - 2015-02-23
• 4.11.2 - 2015-02-01
• 4.11.1 - 2015-01-21
• 4.11.0 - 2015-01-14
• 4.10.8 - 2015-01-13
• 4.10.7 - 2015-01-05
• 4.10.6 - 2014-12-13
• 4.10.5 - 2014-12-11
• 4.10.4 - 2014-11-25
• 4.10.3 - 2014-11-24
• 4.10.2 - 2014-11-10
• 4.10.1 - 2014-10-29
• 4.10.0 - 2014-10-24
• 4.9.8 - 2014-10-18
• 4.9.7 - 2014-10-10
• 4.9.6 - 2014-10-09
• 4.9.5 - 2014-09-25
• 4.9.4 - 2014-09-20
• 4.9.3 - 2014-09-18
• 4.9.2 - 2014-09-18
• 4.9.1 - 2014-09-17
• 4.9.0 - 2014-09-09
• 4.8.8 - 2014-09-05
• 4.8.7 - 2014-08-30
• 4.8.6 - 2014-08-28
• 4.8.5 - 2014-08-19
• 4.8.4 - 2014-08-15
• 4.8.3 - 2014-08-11
• 4.8.2 - 2014-08-07
• 4.8.1 - 2014-08-06
• 4.8.0 - 2014-08-06
• 4.7.4 - 2014-08-04
• 4.7.3 - 2014-08-04
• 4.7.2 - 2014-07-27
• 4.7.1 - 2014-07-26
• 4.7.0 - 2014-07-26
• 4.6.1 - 2014-07-13
• 4.6.0 - 2014-07-12
• 4.5.1 - 2014-07-06
• 4.5.0 - 2014-07-05
• 4.4.5 - 2014-06-27
• 4.4.4 - 2014-06-20
• 4.4.3 - 2014-06-12
• 4.4.2 - 2014-06-10
• 4.4.1 - 2014-06-03
• 4.4.0 - 2014-05-31
• 4.3.2 - 2014-05-29

from express GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.