• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

Unleash / unleash / 10816730699
87%
master: 91%

Build:
Build:
LAST BUILD BRANCH: main
DEFAULT BRANCH: master
Ran 11 Sep 2024 05:40PM UTC
Jobs 1
Files 670
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

11 Sep 2024 05:35PM UTC coverage: 87.545% (-0.01%) from 87.558%
10816730699

push

github

web-flow
fix(deps): update dependency express to v4.20.0 [security] (#8138)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [express](http://expressjs.com/)
([source](https://redirect.github.com/expressjs/express)) | [`4.19.2` ->
`4.20.0`](https://renovatebot.com/diffs/npm/express/4.19.2/4.20.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.19.2/4.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-43796](https://redirect.github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx)

### Impact

In express <4.20.0, passing untrusted user input - even after sanitizing
it - to `response.redirect()` may execute untrusted code

### Patches

this issue is patched in express 4.20.0

### Workarounds

users are encouraged to upgrade to the patched version of express, but
otherwise can workaround this issue by making sure any untrusted inputs
are safe, ideally by validating them against an explicit allowlist

### Details

successful exploitation of this vector requires the following:

1. The attacker MUST control the input to response.redirect()
1. express MUST NOT redirect before the template appears
1. the browser MUST NOT complete redirection before:
1. the user MUST click on the link in the template

---

### Release Notes

<details>
<summary>expressjs/express (express)</summary>

###
[`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/Hist... (continued)

2737 of 3581 branches covered (76.43%)

13833 of 15801 relevant lines covered (87.55%)

742.58 hits per line

Jobs
ID Job ID Ran Files Coverage
1 10816730699.1 11 Sep 2024 05:40PM UTC 0
87.55
GitHub Action Run
Source Files on build 10816730699
Detailed source file information is not available for this build.
  • Back to Repo
  • f95e81ee on github
  • Prev Build on main (#10815864354)
  • Next Build on main (#10869196314)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc