Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: bump express to ^4.19.2 #9184

Merged
merged 6 commits into from May 10, 2024
Merged

feat: bump express to ^4.19.2 #9184

merged 6 commits into from May 10, 2024
+39 −33

Conversation

alcpereira
Copy link
Contributor

Due to CVE-2024-29041, we should bump express to version 4.19.2 or higher.

FYI I haven't tested yet the changes as I'm unsure how to properly do it.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Apr 2, 2024
edited

🦋 Changeset detected

Latest commit: 5d9470a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 16 packages
Name Type
@remix-run/dev Patch
@remix-run/express Patch
@remix-run/serve Patch
create-remix Patch
remix Patch
@remix-run/architect Patch
@remix-run/cloudflare Patch
@remix-run/cloudflare-pages Patch
@remix-run/cloudflare-workers Patch
@remix-run/css-bundle Patch
@remix-run/deno Patch
@remix-run/eslint-config Patch
@remix-run/node Patch
@remix-run/react Patch
@remix-run/server-runtime Patch
@remix-run/testing Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@brophdawg11
Copy link
Contributor

Thank you for the PR! Since this changes dependencies in source code would you mind branching from and repointing this to the dev branch?

@remix-cla-bot
Copy link
Contributor

remix-cla-bot bot commented Apr 2, 2024

Thank you for signing the Contributor License Agreement. Let's get this merged! 🥳

@alcpereira
feat: bump express to ^4.19.2
6ad3406 
Due to CVE-2024-29041, we should bump express to version 4.19.2 or higher
@alcpereira alcpereira changed the base branch from main to dev April 2, 2024 14:15
@alcpereira
Copy link
Contributor Author

Thank you for the PR! Since this changes dependencies in source code would you mind branching from and repointing this to the dev branch?

Done 🙏

@brophdawg11
Copy link
Contributor

Thank you - I forgot we have some flux in our templates between main and dev right now (main templates have been converted to be Vite, but dev is still esbuild). I'm going to wait for 2.9.0 stable to be released which will sync those up and then we'll get this merged and avoid any weird merge conflicts.

@brophdawg11 brophdawg11 self-assigned this Apr 2, 2024
@brophdawg11
Copy link
Contributor

Thanks!

@brophdawg11 brophdawg11 merged commit 0d2a014 into remix-run:dev May 10, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brophdawg11 brophdawg11 brophdawg11 approved these changes

Assignees

@brophdawg11 brophdawg11

Labels
adapter:express CLA Signed package:dev template:express
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alcpereira @brophdawg11