Build(deps): Bump express from 4.19.2 to 4.21.0
Bumps express from 4.19.2 to 4.21.0.
Release notes
Sourced from express's releases.
4.21.0
What's Changed
- Deprecate
"back"
magic string in redirects by@blakeembrey
in expressjs/express#5935- finalhandler@1.3.1 by
@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
@agadzinski93
in expressjs/express#5946New Contributors
@agadzinski93
made their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by
@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
@marco-ippolito
in expressjs/express#5565- Cut down on duplicated CI runs by
@jonchurch
in expressjs/express#5564- Add a Threat Model by
@UlisesGascon
in expressjs/express#5526- Assign captain of encodeurl by
@blakeembrey
in expressjs/express#5579- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
@inigomarquinez
in expressjs/express#5590- docs: update triage nomination policy by
@UlisesGascon
in expressjs/express#5600- Add CodeQL (SAST) by
@UlisesGascon
in expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
@UlisesGascon
in expressjs/express#5605- deps: encodeurl@~2.0.0 by
@blakeembrey
in expressjs/express#5569- skip QUERY method test by
@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
@mertcanaltin
in expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
@mertcanaltin
in expressjs/express#5619- List and sort all projects, add captains by
@blakeembrey
in expressjs/express#5653- docs: add
@UlisesGascon
as captain for cookie-parser by@UlisesGascon
in expressjs/express#5666✨ bring back query tests for node 21 by@ctcpip
in expressjs/express#5690- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
@jonchurch
in expressjs/express#5695📝 update people, add ctcpip to TC by@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by
@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
@UlisesGascon
in expressjs/express#5436- update scorecard link by
@bjohansebas
in expressjs/express#5814- Nominate
@IamLizu
to the triage team by@UlisesGascon
in expressjs/express#5836- deps: path-to-regexp@0.1.8 by
@blakeembrey
in expressjs/express#5603
... (truncated)
Changelog
Sourced from express's changelog.
4.21.0 / 2024-09-11
- Deprecate
res.location("back")
andres.redirect("back")
magic string- deps: serve-static@1.16.2
- includes send@0.19.0
- deps: finalhandler@1.3.1
- deps: qs@6.13.0
4.20.0 / 2024-09-10
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\
,|
, and^
to align better with URL spec- Deprecate passing
options.maxAge
andoptions.expires
tores.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
-
7e562c6
4.21.0 -
1bcde96
fix(deps): qs@6.13.0 (#5946) -
7d36477
fix(deps): serve-static@1.16.2 (#5951) -
40d2d8f
fix(deps): finalhandler@1.3.1 -
77ada90
Deprecate"back"
magic string in redirects (#5935) -
21df421
4.20.0 -
4c9ddc1
feat: upgrade to serve-static@0.16.0 -
9ebe5d5
feat: upgrade to send@0.19.0 (#5928) -
ec4a01b
feat: upgrade to body-parser@1.20.3 (#5926) -
54271f6
fix: don't render redirect values in anchor href - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts