express - npm Package Compare versions

Comparing version 3.20.1 to 3.20.2

History.md

@@ -0,1 +1,28 @@
+3.20.2 / 2015-03-16
+===================
+
+  * deps: connect@2.29.1
+    - deps: body-parser@~1.12.2
+    - deps: compression@~1.4.3
+    - deps: connect-timeout@~1.6.1
+    - deps: debug@~2.1.3
+    - deps: errorhandler@~1.3.5
+    - deps: express-session@~1.10.4
+    - deps: finalhandler@0.3.4
+    - deps: method-override@~2.3.2
+    - deps: morgan@~1.5.2
+    - deps: qs@2.4.1
+    - deps: serve-index@~1.6.3
+    - deps: serve-static@~1.9.2
+    - deps: type-is@~1.6.1
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+  * deps: merge-descriptors@1.0.0
+  * deps: proxy-addr@~1.0.7
+    - deps: ipaddr.js@0.1.9
+  * deps: send@0.12.2
+    - Throw errors early for invalid `extensions` or `index` options
+    - deps: debug@~2.1.3
+
 3.20.1 / 2015-02-28
@@ -2,0 +29,0 @@ ===================

package.json

 {
   "name": "express",
   "description": "Sinatra inspired web development framework",
-  "version": "3.20.1",
+  "version": "3.20.2",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
@@ -30,8 +30,9 @@ "contributors": [
     "basic-auth": "1.0.0",
-    "connect": "2.29.0",
+    "connect": "2.29.1",
     "content-disposition": "0.5.0",
     "content-type": "~1.0.1",
     "commander": "2.6.0",
+    "cookie": "0.1.2",
     "cookie-signature": "1.0.6",
-    "debug": "~2.1.1",
+    "debug": "~2.1.3",
     "depd": "~1.0.0",
@@ -41,12 +42,11 @@ "escape-html": "1.0.1",
     "fresh": "0.2.4",
+    "merge-descriptors": "1.0.0",
     "methods": "~1.1.1",
     "mkdirp": "0.5.0",
     "parseurl": "~1.3.0",
-    "proxy-addr": "~1.0.6",
+    "proxy-addr": "~1.0.7",
     "range-parser": "~1.0.2",
-    "send": "0.12.1",
+    "send": "0.12.2",
     "utils-merge": "1.0.0",
-    "vary": "~1.0.0",
-    "cookie": "0.1.2",
-    "merge-descriptors": "0.0.2"
+    "vary": "~1.0.0"
   },
@@ -56,6 +56,6 @@ "devDependencies": {
     "ejs": "2.3.1",
-    "istanbul": "0.3.6",
+    "istanbul": "0.3.8",
     "marked": "0.3.3",
-    "mocha": "~2.1.0",
-    "should": "~5.0.0",
+    "mocha": "~2.2.1",
+    "should": "~5.2.0",
     "supertest": "~0.15.0"
@@ -62,0 +62,0 @@ },

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

148144

increased by0.52%

Worsened metrics

Number of low supply chain risk alerts

4

increased by33.33%

Dependency changes

• + Addedconnect@2.29.1(transitive)

• + Addedfinalhandler@0.3.4(transitive)

• + Addedmerge-descriptors@1.0.0(transitive)

• + Addedqs@2.4.1(transitive)

• + Addedsend@0.12.2(transitive)

• - Removedconnect@2.29.0(transitive)

• - Removedfinalhandler@0.3.3(transitive)

• - Removedmerge-descriptors@0.0.2(transitive)

• - Removedqs@2.3.3(transitive)

• - Removedsend@0.12.1(transitive)

• Updatedconnect@2.29.1

• Updateddebug@~2.1.3

• Updatedmerge-descriptors@1.0.0

• Updatedproxy-addr@~1.0.7

• Updatedsend@0.12.2