Skip to content

fix(deps): vuln minor: express · patch: joi [tests/core]#800

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
v3from
engraver-auto-version-upgrade/minorpatch/npm/core/0-1783384370
Open

fix(deps): vuln minor: express · patch: joi [tests/core]#800
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
v3from
engraver-auto-version-upgrade/minorpatch/npm/core/0-1783384370

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • tests/core (npm)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
express 4.18.2 4.22.2 minor Direct 2 MEDIUM, 2 LOW
joi 17.6 17.6.4 patch Direct 1 MEDIUM

Security Details

ℹ️ Other Vulnerabilities (5)
Package CVE Severity Summary Unsafe Version Fixed In Case
express GHSA-rv95-896h-c2vc MODERATE Express.js Open Redirect in malformed URLs 4.18.2 4.19.2 -
express CVE-2024-29041 MODERATE Express.js Open Redirect in malformed URLs 4.18.2 - -
joi GHSA-q7cg-457f-vx79 MODERATE joi has an uncaught RangeError on deeply nested input through recursive link() schemas 17.6 18.2.1 -
express GHSA-qw6h-vgh9-j6wx LOW express vulnerable to XSS via response.redirect() 4.18.2 4.20.0 -
express CVE-2024-43796 LOW express vulnerable to XSS via response.redirect() 4.18.2 - -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants