Update dependency express to v4.21.2
-
Review changes -
-
Download -
Patches
-
Plain diff
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
express (source) | dependencies | minor | 4.18.2 -> 4.21.2 |
Release Notes
expressjs/express (express)
v4.21.2
What's Changed
- Add funding field (v4) by @bjohansebas in https://github.com/expressjs/express/pull/6065
- deps: path-to-regexp@0.1.11 by @blakeembrey in https://github.com/expressjs/express/pull/5956
- deps: bump path-to-regexp@0.1.12 by @jonchurch in https://github.com/expressjs/express/pull/6209
- Release: 4.21.2 by @UlisesGascon in https://github.com/expressjs/express/pull/6094
Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2
v4.21.1
What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in https://github.com/expressjs/express/pull/6029
- Release: 4.21.1 by @UlisesGascon in https://github.com/expressjs/express/pull/6031
Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
v4.21.0
What's Changed
- Deprecate
"back"
magic string in redirects by @blakeembrey in https://github.com/expressjs/express/pull/5935 - finalhandler@1.3.1 by @wesleytodd in https://github.com/expressjs/express/pull/5954
- fix(deps): serve-static@1.16.2 by @wesleytodd in https://github.com/expressjs/express/pull/5951
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in https://github.com/expressjs/express/pull/5946
New Contributors
- @agadzinski93 made their first contribution in https://github.com/expressjs/express/pull/5946
Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
v4.20.0
==========
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth
option to customize the depth level in the parser - IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)
- add
- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\
,|
, and^
to align better with URL spec
- Removes encoding of
- Deprecate passing
options.maxAge
andoptions.expires
tores.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
v4.19.2
==========
- Improved fix for open redirect allow list bypass
v4.19.1
==========
- Allow passing non-strings to res.location with new encoding handling checks
v4.19.0
==========
- Prevent open redirect allow list bypass due to encodeurl
- deps: cookie@0.6.0
v4.18.3
==========
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- deps: cookie@0.6.0
- Add
partitioned
option
- Add
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Merge request reports
Loading