[Snyk] Upgrade express-fileupload from 1.1.10 to 1.4.0

[snyk-bot]

Snyk has created this PR to upgrade express-fileupload from 1.1.10 to 1.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-05-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-DICER-2311764	546/1000 Why? Mature exploit, CVSS 7.5	Mature

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express-fileupload

• 1.4.0 - 2022-05-24
  

  What's Changed

  • Bump minimist from 1.2.5 to 1.2.6 by @ dependabot in #310
  • Upgrade busboy version by @ duterte in #315

  New Contributors

  • @ dependabot made their first contribution in #310
  • @ duterte made their first contribution in #315

  Full Changelog: v1.3.1...v1.4.0

• 1.3.1 - 2022-02-02
  

  Updates

  • Have promiseCallback make callbacks and promises behave the same (#302)
  • Fix prototype pollution in utilities.js (#301)
  • Switch to CircleCI (ddf5530)
  • End support for Node versions < 12 (ab3d252)
• 1.3.0 - 2022-02-02
  

  1.3.0

• 1.2.1 - 2021-01-11
  

  Updates:

  • (Fix) Stopped additional responses from being sent if a limit handler exists (#264)
  • Unhandled promise rejection warning (#257)
  • Changed example (#255)
  • Passing a Buffer body will pollute req.body when used along with processNested (#291)
• 1.2.0 - 2020-08-14
  

  Bug Fixes

  #241 Cleanup temporary files - @ nusu

• 1.1.10 - 2020-08-06
  

  Updates:

  Additional prototype-pollution security fix when using processNested (#239)

from express-fileupload GitHub release notes

Commit messages

Package name: express-fileupload

• 4f81fc8 1.4.0
• 78a66c1 Merge pull request [Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.7.0 snyk-fixtures/js-nested-manifest#315 from duterte/master
• 310a382 Merge branch 'richardgirges:master' into master
• f57198b fix linting error
• ce713c2 add workflow job filters
• e47cc7d trigger ci
• 74a0830 Refactor: upgrade to busboy 1.6.0
• d1d6c66 Refactor busboy is no longer a constructor, its a function
• 30d8535 Merge pull request [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/js-nested-manifest#310 from richardgirges/dependabot/npm_and_yarn/minimist-1.2.6
• e6948f9 Bump minimist from 1.2.5 to 1.2.6
• c9c7d83 Create SECURITY.md
• f9237aa help wanted readme update
• 651421b help wanted readme update
• 290f3cc 1.3.1
• ab3d252 node 12+ support
• 4afa5a1 1.3.0
• fe0ce3f circleci status badge
• 26f4a92 comment out console logs
• edd91ce Merge pull request [Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/js-nested-manifest#301 from zwade/master
• 47bc50c Merge remote-tracking branch 'origin/master'
• 3ba7d94 Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/js-nested-manifest#302 from zwade/zw-fix-tests
• ddf5530 support node 12+. fix security vulnerabilities re: npm audit
• 3cfbc7f Have promiseCallback make callbacks and promises behave the same
• 5e83249 Refactor prototype pollution check to be more comprehensive

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs