Update dependency express to v4.21.2 #17

renovate · 2023-03-22T11:40:48Z

This PR contains the following updates:

Package	Change	Age	Confidence
express (source)	`4.17.1` -> `4.21.2`

Release Notes

expressjs/express (express)

==========

deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
deps: send@0.19.0
- Remove link renderization in html while redirecting
deps: body-parser@0.6.0
- add depth option to customize the depth level in the parser
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Remove link renderization in html while using res.redirect
deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
deps: encodeurl@~2.0.0
- Removes encoding of \, |, and ^ to align better with URL spec
Deprecate passing options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

`v4.19.2`

Compare Source

==========

Improved fix for open redirect allow list bypass

`v4.19.1`

Compare Source

==========

Allow passing non-strings to res.location with new encoding handling checks

`v4.19.0`

Compare Source

==========

Prevent open redirect allow list bypass due to encodeurl
deps: cookie@0.6.0

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
deps: cookie@0.6.0
- Add partitioned option

`v4.18.2`

Compare Source

===================

Fix regression routing a large stack in a single route
deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
deps: qs@6.11.0

`v4.18.1`

Compare Source

===================

Fix hanging on large stack of sync routes

`v4.18.0`

Compare Source

===================

Add "root" option to res.download
Allow options without filename in res.download
Deprecate string and non-integer arguments to res.status
Fix behavior of null/undefined as maxAge in res.cookie
Fix handling very large stacks of sync middleware
Ignore Object.prototype values in settings through app.set/app.get
Invoke default with same arguments as types in res.format
Support proper 205 responses using res.send
Use http-errors for res.format error
deps: body-parser@1.20.0
- Fix error message for json parse whitespace in strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
deps: cookie@0.5.0
- Add priority option
- Fix expires option to reject invalid dates
deps: depd@2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: on-finished@2.4.1
- Prevent loss of async hooks context
deps: qs@6.10.3
deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: serve-static@1.15.0
- deps: send@0.18.0
deps: statuses@2.0.1
- Remove code 306
- Rename 425 Unordered Collection to standard 425 Too Early

`v4.17.3`

Compare Source

===================

deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
deps: cookie@0.4.2
deps: qs@6.9.7
- Fix handling of __proto__ keys
pref: remove unnecessary regexp for trust proxy

`v4.17.2`

Compare Source

===================

Fix handling of undefined in res.jsonp
Fix handling of undefined when "json escape" is enabled
Fix incorrect middleware execution with unanchored RegExps
Fix res.jsonp(obj, status) deprecation message
Fix typo in res.is JSDoc
deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
deps: content-disposition@0.5.4
- deps: safe-buffer@5.2.1
deps: cookie@0.4.1
- Fix maxAge option to reject invalid values
deps: proxy-addr@~2.0.7
- Use req.socket over deprecated req.connection
- deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
deps: qs@6.9.6
deps: safe-buffer@5.2.1
deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
deps: serve-static@1.14.2
- deps: send@0.17.2
deps: setprototypeof@1.2.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot changed the title ~~Update dependency express to v4.18.2~~ Update dependency express to v4.18.3 Feb 29, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from f3210a8 to 784037b Compare February 29, 2024 20:52

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 784037b to a4ee7f7 Compare March 21, 2024 06:02

renovate bot changed the title ~~Update dependency express to v4.18.3~~ Update dependency express to v4.19.1 Mar 21, 2024

renovate bot changed the title ~~Update dependency express to v4.19.1~~ Update dependency express to v4.19.2 Mar 26, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from a4ee7f7 to 66fb932 Compare March 26, 2024 05:43

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 66fb932 to 3be52dd Compare September 10, 2024 20:56

renovate bot changed the title ~~Update dependency express to v4.19.2~~ Update dependency express to v4.20.0 Sep 10, 2024

renovate bot changed the title ~~Update dependency express to v4.20.0~~ Update dependency express to v4.21.0 Sep 12, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 3be52dd to 8168164 Compare September 12, 2024 21:01

renovate bot changed the title ~~Update dependency express to v4.21.0~~ Update dependency express to v4.21.1 Oct 9, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 8168164 to 2933988 Compare October 9, 2024 02:24

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 2933988 to 94869f4 Compare December 6, 2024 23:34

renovate bot changed the title ~~Update dependency express to v4.21.1~~ Update dependency express to v4.21.2 Dec 6, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 94869f4 to 034b81b Compare January 24, 2025 07:41

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 034b81b to c300185 Compare February 1, 2025 00:16

renovate bot force-pushed the renovate/express-4.x-lockfile branch from c300185 to 8bbb430 Compare February 9, 2025 23:13

renovate bot force-pushed the renovate/express-4.x-lockfile branch 2 times, most recently from f265204 to 30ce1d5 Compare March 12, 2025 03:48

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 30ce1d5 to 1d80635 Compare March 13, 2025 23:26

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 1d80635 to ea14fc8 Compare March 21, 2025 00:14

renovate bot force-pushed the renovate/express-4.x-lockfile branch from ea14fc8 to 1f51ba1 Compare April 3, 2025 04:09

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 1f51ba1 to c2cc769 Compare April 12, 2025 00:03

renovate bot force-pushed the renovate/express-4.x-lockfile branch from c2cc769 to ce592bc Compare April 26, 2025 15:53

renovate bot force-pushed the renovate/express-4.x-lockfile branch from ce592bc to 0d75d53 Compare May 23, 2025 04:23

renovate bot force-pushed the renovate/express-4.x-lockfile branch 2 times, most recently from 3d00a8d to 0b3f727 Compare June 6, 2025 13:49

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 0b3f727 to 423413b Compare June 28, 2025 20:04

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 423413b to ee1c8e6 Compare July 6, 2025 07:58

Update dependency express to v4.21.2

c827ced

renovate bot force-pushed the renovate/express-4.x-lockfile branch from ee1c8e6 to c827ced Compare August 14, 2025 23:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency express to v4.21.2 #17

Update dependency express to v4.21.2 #17

Uh oh!

renovate bot commented Mar 22, 2023 •

edited

Loading

Uh oh!

Uh oh!

Update dependency express to v4.21.2 #17

Are you sure you want to change the base?

Update dependency express to v4.21.2 #17

Uh oh!

Conversation

renovate bot commented Mar 22, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

What's Changed

What's Changed

New Contributors

Configuration

Uh oh!

Uh oh!

renovate bot commented Mar 22, 2023 •

edited

Loading