Skip to content

Update dependency compression to ^1.8.1#22

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/compression-1.x
Open

Update dependency compression to ^1.8.1#22
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/compression-1.x

Conversation

@dev-mend-for-github-com

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
compression dependencies minor ^1.7.4^1.8.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability
Low Low 3.4 CVE-2025-7339

Release Notes

expressjs/compression (compression)

v1.8.1

Compare Source

==========

v1.8.0

Compare Source

==================

  • Use res.headersSent when available
  • Replace _implicitHeader with writeHead property
  • add brotli support for versions of node that support it
  • Add the enforceEncoding option for requests without Accept-Encoding header

v1.7.5

Compare Source

==================

  • deps: Replace accepts with negotiator@~0.6.4
    • Add preference option
  • deps: bytes@​3.1.2
    • Add petabyte (pb) support
    • Fix "thousandsSeparator" incorrecting formatting fractional part
    • Fix return value for un-parsable strings
  • deps: compressible@~2.0.18
    • Mark font/ttf as compressible
    • Remove compressible from multipart/mixed
    • deps: mime-db@'>= 1.43.0 < 2'
  • deps: safe-buffer@​5.2.1

  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com Bot added the security fix Security fix generated by Mend label Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants