fix(deps): update dependency express to ^4.21.0
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| express (source) | dependencies | minor | ^4.17.1 -> ^4.21.0 |
| @types/express (source) | devDependencies | patch | ^4.17.13 -> ^4.17.21 |
Release Notes
expressjs/express (express)
v4.21.0
What's Changed
- Deprecate
"back"magic string in redirects by @blakeembrey in https://github.com/expressjs/express/pull/5935 - finalhandler@1.3.1 by @wesleytodd in https://github.com/expressjs/express/pull/5954
- fix(deps): serve-static@1.16.2 by @wesleytodd in https://github.com/expressjs/express/pull/5951
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in https://github.com/expressjs/express/pull/5946
New Contributors
- @agadzinski93 made their first contribution in https://github.com/expressjs/express/pull/5946
Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
v4.20.0
==========
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depthoption to customize the depth level in the parser - IMPORTANT: The default
depthlevel for parsing URL-encoded data is now32(previously wasInfinity)
- add
- Remove link renderization in html while using
res.redirect - deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\,|, and^to align better with URL spec
- Removes encoding of
- Deprecate passing
options.maxAgeandoptions.expirestores.clearCookie- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
v4.19.2
==========
- Improved fix for open redirect allow list bypass
v4.19.1
==========
- Allow passing non-strings to res.location with new encoding handling checks
v4.19.0
==========
- Prevent open redirect allow list bypass due to encodeurl
- deps: cookie@0.6.0
v4.18.3
==========
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- deps: cookie@0.6.0
- Add
partitionedoption
- Add
v4.18.2
===================
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0
v4.18.1
===================
- Fix hanging on large stack of sync routes
v4.18.0
===================
- Add "root" option to
res.download - Allow
optionswithoutfilenameinres.download - Deprecate string and non-integer arguments to
res.status - Fix behavior of
null/undefinedasmaxAgeinres.cookie - Fix handling very large stacks of sync middleware
- Ignore
Object.prototypevalues in settings throughapp.set/app.get - Invoke
defaultwith same arguments as types inres.format - Support proper 205 responses using
res.send - Use
http-errorsforres.formaterror - deps: body-parser@1.20.0
- Fix error message for json parse whitespace in
strict - Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
- Fix error message for json parse whitespace in
- deps: cookie@0.5.0
- Add
priorityoption - Fix
expiresoption to reject invalid dates
- Add
- deps: depd@2.0.0
- Replace internal
evalusage withFunctionconstructor - Use instance methods on
processto check for listeners
- Replace internal
- deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- Prevent loss of async hooks context
- deps: qs@6.10.3
- deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
- deps: serve-static@1.15.0
- deps: send@0.18.0
- deps: statuses@2.0.1
- Remove code 306
- Rename
425 Unordered Collectionto standard425 Too Early
v4.17.3
===================
- deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
- deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
- deps: cookie@0.4.2
- deps: qs@6.9.7
- Fix handling of
__proto__keys
- Fix handling of
- pref: remove unnecessary regexp for trust proxy
v4.17.2
===================
- Fix handling of
undefinedinres.jsonp - Fix handling of
undefinedwhen"json escape"is enabled - Fix incorrect middleware execution with unanchored
RegExps - Fix
res.jsonp(obj, status)deprecation message - Fix typo in
res.isJSDoc - deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
- deps: content-disposition@0.5.4
- deps: safe-buffer@5.2.1
- deps: cookie@0.4.1
- Fix
maxAgeoption to reject invalid values
- Fix
- deps: proxy-addr@~2.0.7
- Use
req.socketover deprecatedreq.connection - deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
- Use
- deps: qs@6.9.6
- deps: safe-buffer@5.2.1
- deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
- deps: serve-static@1.14.2
- deps: send@0.17.2
- deps: setprototypeof@1.2.0
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.