[Snyk] Upgrade express-fileupload from 1.1.5 to 1.5.2

[linuxclick]

Snyk has created this PR to upgrade express-fileupload from 1.1.5 to 1.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.

• The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	589	No Known Exploit
	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	589	Proof of Concept

Release notes

Package name: express-fileupload

• 1.5.2 - 2025-07-05
  

  What's Changed

  • Fix possible conflicts for temporary files names(issue #384).
  • Update some of the dev dependencies
  • Update CI node versions.

  Full Changelog: v1.5.1...v.1.5.2

• 1.5.1 - 2024-07-13
  

  What's Changed

  • New option hashAlgorithm.

  Full Changelog: v1.5.0...v.1.5.1

• 1.5.0 - 2024-03-14
  

  What's Changed

  • Ability to set custom logger for debug logging. See option logger.
  • Optimize upload timer.

  Full Changelog: v1.4.3...v.1.5.0

• 1.4.3 - 2023-11-21
  

  What's Changed

  • TypeError - Cannot read properties of undefined (reading 'includes') in lib/isEligibleRequest.js (issue #364).

  Full Changelog: v1.4.2...v.1.4.3

• 1.4.2 - 2023-11-01
  

  What's Changed

  • Fix TypeError: file.destroy is not a function (issue #259).
  • Stricter request method and headers checks (to comply with RFC 2046).
  • Do not run next after abortion on limit (issue #238).

  Full Changelog: v1.4.1...v.1.4.2

• 1.4.1 - 2023-09-24
  

  What's Changed

  • Fix processing file names with special characters(Issue #342 )
  • Significantly decreased package size due using generated files for tests.
  • Update dependencies.

  Full Changelog: v1.4.0...v.1.4.1

• 1.4.0 - 2022-05-24
  

  What's Changed

  • Bump minimist from 1.2.5 to 1.2.6 by @ dependabot in #310
  • Upgrade busboy version by @ duterte in #315

  New Contributors

  • @ dependabot made their first contribution in #310
  • @ duterte made their first contribution in #315

  Full Changelog: v1.3.1...v1.4.0

• 1.3.1 - 2022-02-02
  

  Updates

  • Have promiseCallback make callbacks and promises behave the same (#302)
  • Fix prototype pollution in utilities.js (#301)
  • Switch to CircleCI (ddf5530)
  • End support for Node versions < 12 (ab3d252)
• 1.3.0 - 2022-02-02
  

  1.3.0

• 1.2.1 - 2021-01-11
• 1.2.0 - 2020-08-14
• 1.1.10 - 2020-08-06
• 1.1.9 - 2020-07-31
• 1.1.8 - 2020-07-29
• 1.1.7-alpha.4 - 2020-07-16
• 1.1.7-alpha.3 - 2020-04-08
• 1.1.7-alpha.2 - 2020-04-06
• 1.1.7-alpha.1 - 2020-04-03
• 1.1.6 - 2019-11-19
• 1.1.6-alpha.6 - 2019-10-22
• 1.1.6-alpha.5 - 2019-09-19
• 1.1.6-alpha.4 - 2019-09-12
• 1.1.6-alpha.3 - 2019-09-11
• 1.1.6-alpha.2 - 2019-09-10
• 1.1.6-alpha.1 - 2019-09-10
• 1.1.5 - 2019-06-07

from express-fileupload GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs