Update dependency express to v3.11.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	3.5.1 -> 3.11.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
Medium	6.1	CVE-2014-6393	#208

---

Release Notes

expressjs/express

v3.11.0

Compare Source

===================

• deprecate things with depd module
• deps: buffer-crc32@​0.2.3
• deps: connect@2.20.2
  • deprecate verify option to json -- use body-parser npm module instead
  • deprecate verify option to urlencoded -- use body-parser npm module instead
  • deprecate things with depd module
  • use finalhandler for final response handling
  • use media-typer to parse content-type for charset
  • deps: body-parser@1.4.3
  • deps: connect-timeout@1.1.1
  • deps: cookie-parser@1.3.1
  • deps: csurf@1.2.2
  • deps: errorhandler@1.1.0
  • deps: express-session@1.4.0
  • deps: multiparty@3.2.9
  • deps: serve-index@1.1.2
  • deps: type-is@1.3.1
  • deps: vhost@2.0.0

v3.10.5

Compare Source

===================

• deps: connect@2.19.6
  • deps: body-parser@1.3.1
  • deps: compression@1.0.7
  • deps: debug@1.0.2
  • deps: serve-index@1.1.1
  • deps: serve-static@1.2.3
• deps: debug@1.0.2
• deps: send@0.4.3
  • Do not throw uncatchable error on file open race condition
  • Use escape-html for HTML escaping
  • deps: debug@1.0.2
  • deps: finished@1.2.2
  • deps: fresh@0.2.2

v3.10.4

Compare Source

===================

• deps: connect@2.19.5
  • fix "event emitter leak" warnings
  • deps: csurf@1.2.1
  • deps: debug@1.0.1
  • deps: serve-static@1.2.2
  • deps: type-is@1.2.1
• deps: debug@1.0.1
• deps: send@0.4.2
  • fix "event emitter leak" warnings
  • deps: finished@1.2.1
  • deps: debug@1.0.1

v3.10.3

Compare Source

===================

• use vary module for res.vary
• deps: connect@2.19.4
  • deps: errorhandler@1.0.2
  • deps: method-override@2.0.2
  • deps: serve-favicon@2.0.1
• deps: debug@1.0.0

v3.10.2

Compare Source

===================

• deps: connect@2.19.3
  • deps: compression@1.0.6

v3.10.1

Compare Source

===================

• deps: connect@2.19.2
  • deps: compression@1.0.4
• deps: proxy-addr@1.0.1

v3.10.0

Compare Source

===================

• deps: connect@2.19.1
  • deprecate methodOverride() -- use method-override npm module instead
  • deps: body-parser@1.3.0
  • deps: method-override@2.0.1
  • deps: multiparty@3.2.8
  • deps: response-time@2.0.0
  • deps: serve-static@1.2.1
• deps: methods@1.0.1
• deps: send@0.4.1
  • Send max-age in Cache-Control in correct format

v3.9.0

Compare Source

==================

• custom etag control with app.set('etag', val)
  • app.set('etag', function(body, encoding){ return '"etag"' }) custom etag generation
  • app.set('etag', 'weak') weak tag
  • app.set('etag', 'strong') strong etag
  • app.set('etag', false) turn off
  • app.set('etag', true) standard etag
• Include ETag in HEAD requests
• mark res.send ETag as weak and reduce collisions
• update connect to 2.18.0
  • deps: compression@1.0.3
  • deps: serve-index@1.1.0
  • deps: serve-static@1.2.0
• update send to 0.4.0
  • Calculate ETag with md5 for reduced collisions
  • Ignore stream errors after request ends
  • deps: debug@0.8.1

v3.8.1

Compare Source

==================

• update connect to 2.17.3
  • deps: body-parser@1.2.2
  • deps: express-session@1.2.1
  • deps: method-override@1.0.2

v3.8.0

Compare Source

==================

• keep previous Content-Type for res.jsonp
• set proper charset in Content-Type for res.send
• update connect to 2.17.1
  • fix res.charset appending charset when content-type has one
  • deps: express-session@1.2.0
  • deps: morgan@1.1.1
  • deps: serve-index@1.0.3

v3.7.0

Compare Source

==================

• proper proxy trust with app.set('trust proxy', trust)
  • app.set('trust proxy', 1) trust first hop
  • app.set('trust proxy', 'loopback') trust loopback addresses
  • app.set('trust proxy', '10.0.0.1') trust single IP
  • app.set('trust proxy', '10.0.0.1/16') trust subnet
  • app.set('trust proxy', '10.0.0.1, 10.0.0.2') trust list
  • app.set('trust proxy', false) turn off
  • app.set('trust proxy', true) trust everything
• update connect to 2.16.2
  • deprecate res.headerSent -- use res.headersSent
  • deprecate res.on("header") -- use on-headers module instead
  • fix edge-case in res.appendHeader that would append in wrong order
  • json: use body-parser
  • urlencoded: use body-parser
  • dep: bytes@1.0.0
  • dep: cookie-parser@1.1.0
  • dep: csurf@1.2.0
  • dep: express-session@1.1.0
  • dep: method-override@1.0.1

v3.6.0

Compare Source

==================

• deprecate app.del() -- use app.delete() instead
• deprecate res.json(obj, status) -- use res.json(status, obj) instead
  • the edge-case res.json(status, num) requires res.status(status).json(num)
• deprecate res.jsonp(obj, status) -- use res.jsonp(status, obj) instead
  • the edge-case res.jsonp(status, num) requires res.status(status).jsonp(num)
• support PURGE method
  • add app.purge
  • add router.purge
  • include PURGE in app.all
• update connect to 2.15.0
  • Add res.appendHeader
  • Call error stack even when response has been sent
  • Patch res.headerSent to return Boolean
  • Patch res.headersSent for node.js 0.8
  • Prevent default 404 handler after response sent
  • dep: compression@1.0.2
  • dep: connect-timeout@1.1.0
  • dep: debug@^0.8.0
  • dep: errorhandler@1.0.1
  • dep: express-session@1.0.4
  • dep: morgan@1.0.1
  • dep: serve-favicon@2.0.0
  • dep: serve-index@1.0.2
• update debug to 0.8.0
  • add enable() method
  • change from stderr to stdout
• update methods to 1.0.0
  • add PURGE
• update mkdirp to 0.5.0

v3.5.3

Compare Source

==================

• fix req.host for IPv6 literals
• fix res.jsonp error if callback param is object

v3.5.2

Compare Source

==================

• update connect to 2.14.5
• update cookie to 0.1.2
• update mkdirp to 0.4.0
• update send to 0.3.0

---

• If you want to rebase/retry this PR, check this box.