Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express-validator from 5.3.0 to 7.1.0 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade express-validator from 5.3.0 to 7.1.0 #8

wants to merge 1 commit into from

Conversation

OKEAMAH
Copy link
Member

@OKEAMAH OKEAMAH commented Aug 16, 2024

snyk-top-banner

Snyk has created this PR to upgrade express-validator from 5.3.0 to 7.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 36 versions ahead of your current version.

  • The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Code Injection
SNYK-JS-LODASH-1040724		 149 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-450202		 149 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 149 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 149 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		 149 Proof of Concept
medium severity Filter Bypass
SNYK-JS-EXPRESSVALIDATOR-174763		 149 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 149 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		 149 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		 149 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		 149 Proof of Concept
Release notes
Package name: express-validator
  • 7.1.0 - 2024-05-19
  • 7.0.1 - 2023-04-16
    • Fixed checkSchema() warning that known validators are unknown when its value is false - #1223
  • 7.0.0 - 2023-04-15

    🚀 🙌 First major version in almost 4 years! 🚀 🤯
    Thanks everybody for having the patience. Hopefully this version brings many improvements to your developer experience!

    Breaking changes 💥

    • Minimum supported Node.js version is now 14+
    • Removed deprecated APIs - #993
      • Import paths express-validator/check and express-validator/filter
      • Sanitization-only middlewares (e.g. sanitize(), sanitizeBody(), etc)
      • Deprecated TypeScript types (ValidationParamSchema and ValidationSchema)
    • isObject() validator now assumes options.strict = true by default
    • Validation errors changed shape
      • Field validation errors param property has been renamed to path
      • oneOf() validation errors no longer have a param: '_error' property
    • (TypeScript only) The ValidationError type is now a discriminated union, it might be necessary to use switch or if statements to check that you're dealing with the type that you want to debug/format
    • oneOf() signature changed: from oneOf(chains, message) to oneOf(chains, options: { message, errorType })
    • oneOf() default error structure now groups errors by their... validation group!, instead of in a flat list

    Checkout the migration guide for examples on how to work around some of these:
    https://express-validator.github.io/docs/migration-v6-to-v7

    New features ✨

    • Added validation for no unknown fields - #558, #578, #612, #1148, #809, #927, #1204
    • Added globstars (deep wildcard) support - #790, #1137, #1216
    • Added support for multiple custom validators/sanitizers in checkSchema() - #552, #1180
    • Added request-level bail - #1100, #1214
    • Added a ExpressValidator class which allows adding "persistent" custom validators, sanitizers, and options - #1077, #1079, #1209
    • Added oneOf() support to .if() - #1170
    • Added new error types to oneOf() - #956, #1022

    Bug fixes 🐛

    • Validating/sanitizing arrays no longer drops all but the first value - #791, #755, #704, #1002
    • Added missing ko-KR to MobilePhoneLocale - #1218, #1219
    • Don't silently fail when setting withMessage and not in schemas - #664

    New Contributors

    Full Changelog: v6.15.0...v7.0.0

  • 6.15.0 - 2023-02-16

    What's Changed

    Full Changelog: v6.14.3...v6.15.0

  • 6.14.3 - 2023-01-20

    What's Changed

    • docs: fixed typo in sanitization chain example by @ ankushknr19 in #1195
    • fixed infinite recursion when the request has a field called * (#1205)

    New Contributors

    Full Changelog: v6.14.2...v6.14.3

  • 6.14.2 - 2022-06-19

    What's Changed

    New Contributors

    Full Changelog: v6.14.1...v6.14.2

  • 6.14.1 - 2022-05-22

    What's Changed

    New Contributors

    Full Changelog: v6.14.0...v6.14.1

  • 6.14.0 - 2021-12-11

    What's Changed

    Full Changelog: v6.13.0...v6.14.0

  • 6.13.0 - 2021-10-12

    What's Changed

    New Contributors

    Full Changelog: v6.12.2...v6.13.0

  • 6.12.2 - 2021-09-26

    Fixes:

    • #1072: add type for checkSchema function return
    • #1092, #1086: correctly allow falsy values as options in checkSchema
  • 6.12.1 - 2021-07-23
  • 6.12.0 - 2021-06-14
  • 6.11.1 - 2021-05-08
  • 6.11.0 - 2021-05-08
  • 6.10.1 - 2021-04-24
  • 6.10.0 - 2021-02-23
  • 6.9.2 - 2021-01-04
  • 6.9.1 - 2021-01-03
  • 6.9.0 - 2020-12-25
  • 6.8.2 - 2020-12-25
  • 6.8.1 - 2020-12-21
  • 6.8.0 - 2020-12-08
  • 6.7.0 - 2020-11-23
  • 6.6.1 - 2020-08-02
  • 6.6.0 - 2020-06-21
  • 6.5.0 - 2020-05-17
  • 6.4.1 - 2020-05-01
  • 6.4.0 - 2020-02-01
  • 6.3.1 - 2019-12-29
  • 6.3.0 - 2019-11-24
  • 6.2.0 - 2019-08-30
  • 6.1.1 - 2019-07-01
  • 6.1.0 - 2019-06-27
  • 6.0.1 - 2019-06-21
  • 6.0.0 - 2019-06-20
  • 5.3.1 - 2018-12-23
  • 5.3.0 - 2018-07-23
from express-validator GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade express-validator from 5.3.0 to 7.1.0
bc9ae97 
Snyk has created this PR to upgrade express-validator from 5.3.0 to 7.1.0.

See this package in npm:
express-validator

See this project in Snyk:
https://app.snyk.io/org/okeamah/project/ec433d3a-7447-4663-81df-5844d2f51e48?utm_source=github&utm_medium=referral&page=upgrade-pr
sourcery-ai[bot]
sourcery-ai bot reviewed Aug 16, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai Sourcery AI sourcery-ai left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@OKEAMAH @snyk-bot