[Snyk-dev] Upgrade express-fileupload from 0.0.5 to 0.4.0 #107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade express-fileupload from 0.0.5 to 0.4.0. See this package in npm: express-fileupload See this project in Snyk: https://app.dev.snyk.io/org/zolamk/project/5483dab8-2f10-4b7c-8f31-19ba2bdd02e1?utm_source=github&utm_medium=referral&page=upgrade-pr
|
General comment |
There was a problem hiding this comment.
Other issues:
Issue 3 on line 15 for file package.json.
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
Directory Traversal SNYK-JS-ADMZIP-1065796 |
584 | No Known Exploit |
 |
Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415 |
584 | Mature |
package.json
Outdated
| @@ -25,7 +25,7 @@ | |||
| "ejs-locals": "1.0.2", | |||
| "errorhandler": "1.2.0", | |||
| "express": "4.12.4", | |||
| "express-fileupload": "0.0.5", | |||
| "express-fileupload": "0.4.0", | |||
| @@ -25,7 +25,7 @@ | |||
| "ejs-locals": "1.0.2", | |||
| "errorhandler": "1.2.0", | |||
| "express": "4.12.4", | |||
| "express-fileupload": "0.0.5", | |||
| "express-fileupload": "0.6.0", | |||
| @@ -1,4 +1,4 @@ | |||
| { | |||
| z{ | |||
ferreiratiago
requested changes
Sep 4, 2024
| @@ -25,7 +25,7 @@ | |||
| "ejs-locals": "1.0.2", | |||
| "errorhandler": "1.2.0", | |||
| "express": "4.12.4", | |||
| "express-fileupload": "0.0.5", | |||
| "express-fileupload": "0.6.0", | |||
There was a problem hiding this comment.
Please add more information here, and fix this typo.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade express-fileupload from 0.0.5 to 0.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 10 versions ahead of your current version.
The recommended version was released on 6 years ago.
Issues fixed by the recommended upgrade:
SNYK-JS-ADMZIP-1065796
npm:adm-zip:20180415
Release notes
Package name: express-fileupload
-
0.4.0 - 2018-01-24
-
0.3.0 - 2017-10-07
-
0.2.0 - 2017-08-28
- Support for Node.js v6 and above. No longer supporting versions of Node older than 6
- Promise returned in .mv() (#42) (9bf6e61)
-
0.1.4 - 2017-06-30
- #36 Add error handlers for parser errors (0713f6f) @ dries
-
0.1.3 - 2017-04-30
- #21 safeFileName: Extensions are unexpectedly stripped out
- preserveExtension (PR #27) (8f599b4) @ pronein
- fix readme (PR #26) (63c759a) @ cactucs
-
0.1.2 - 2017-03-09
- #16 Upload Large file
- Improve performance for large files (PR #22) (e23f337) @ targos
-
0.1.1 - 2017-02-18
- #6 Crashes when multipart request is empty (3d72084)
- #9 & #11 body-parser interferes with express-fileupload and vice versa (92d7ad5)
- #19 TypeError: callback is not a function (df3df26)
- Unit testing and test coverage. Addresses #5 (266c10d)
- Field array parsing (PR #20)
-
0.1.0 - 2017-02-18
-
0.0.7 - 2017-02-10
- #17 multiple input file input doesn't work (ec6270d)
-
0.0.6 - 2017-01-14
-
0.0.5 - 2016-04-22
from express-fileupload GitHub release notesRelease 0.4.0
Fix for #50
NOTE: all versions moving forward will enforce support for Node 6+
Breaking Changes
.mv()now returns a Promise whencallbackargument is not providedNew Features
Bugfixes
Bugfixes
New Features
Bugfixes
New Features
Breaking Changes
Breaking Change 1.) No more urlencoded support
As of v0.1.0, there is NO MORE
application/x-www-form-urlencodedSUPPORT! Moving forward, express-fileupload is considered a "multipart" solution only. If you want to parseurlencodedrequests, use body-parser.Breaking Change 2.) Support for Node v4.x.x and above now
Usage with Node <4 is no longer supported. Use at your own risk.
Bugfixes
New Features
markdown update
Bugfixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: