Update dependency express to v5 (!8) · Merge requests · Tris Haines / renovate-test-npm

This MR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	major	`^4.18.2` -> `^5.0.0`

Release Notes

expressjs/express (express)

`v5.1.0`

Compare Source

========================

Add support for Uint8Array in res.send()
Add support for ETag option in res.sendFile()
Add support for multiple links with the same rel in res.links()
Add funding field to package.json
perf: use loop for acceptParams
refactor: prefix built-in node module imports
deps: remove setprototypeof
deps: remove safe-buffer
deps: remove utils-merge
deps: remove methods
deps: remove depd
deps: debug@^4.4.0
deps: body-parser@^2.2.0
deps: router@^2.2.0
deps: content-type@^1.0.5
deps: finalhandler@^2.1.0
deps: qs@^6.14.0
deps: server-static@2.2.0
deps: type-is@2.0.1

`v5.0.1`

Compare Source

==========

Update cookie semver lock to address CVE-2024-47764

`v5.0.0`

Compare Source

=========================

remove:
- path-is-absolute dependency - use path.isAbsolute instead
breaking:
- res.status() accepts only integers, and input must be greater than 99 and less than 1000
  - will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
  - will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
- deps: send@1.0.0
- res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
change:
- res.clearCookie will ignore user provided maxAge and expires options
deps: cookie-signature@^1.2.1
deps: debug@4.3.6
deps: merge-descriptors@^2.0.0
deps: serve-static@^2.1.0
deps: qs@6.13.0
deps: accepts@^2.0.0
deps: mime-types@^3.0.0
- application/javascript => text/javascript
deps: type-is@^2.0.0
deps: content-disposition@^1.0.0
deps: finalhandler@^2.0.0
deps: fresh@^2.0.0
deps: body-parser@^2.0.1
deps: send@^1.1.0

==========

deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
deps: send@0.19.0
- Remove link renderization in html while redirecting
deps: body-parser@0.6.0
- add depth option to customize the depth level in the parser
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Remove link renderization in html while using res.redirect
deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
deps: encodeurl@~2.0.0
- Removes encoding of \, |, and ^ to align better with URL spec
Deprecate passing options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

`v4.19.2`

Compare Source

==========

Improved fix for open redirect allow list bypass

`v4.19.1`

Compare Source

==========

Allow passing non-strings to res.location with new encoding handling checks

`v4.19.0`

Compare Source

==========

Prevent open redirect allow list bypass due to encodeurl
deps: cookie@0.6.0

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
deps: cookie@0.6.0
- Add partitioned option

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited Jul 30, 2025 by renovatebot

Update dependency express to v5

Release Notes

What's Changed

What's Changed

What's Changed

New Contributors

Configuration

Merge request reports