fix(deps): update dependency express to v4.19.2 - autoclosed #219

renovate · 2024-03-07T21:53:00Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express (source)	`4.17.1` -> `4.19.2`

Release Notes

expressjs/express (express)

`v4.19.2`

Compare Source

==========

Improved fix for open redirect allow list bypass

`v4.19.1`

Compare Source

==========

Allow passing non-strings to res.location with new encoding handling checks

`v4.19.0`

Compare Source

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2

`v4.18.2`

Compare Source

===================

Fix regression routing a large stack in a single route
deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
deps: qs@6.11.0

`v4.18.1`

Compare Source

===================

Fix hanging on large stack of sync routes

`v4.18.0`

Compare Source

===================

Add "root" option to res.download
Allow options without filename in res.download
Deprecate string and non-integer arguments to res.status
Fix behavior of null/undefined as maxAge in res.cookie
Fix handling very large stacks of sync middleware
Ignore Object.prototype values in settings through app.set/app.get
Invoke default with same arguments as types in res.format
Support proper 205 responses using res.send
Use http-errors for res.format error
deps: body-parser@1.20.0
- Fix error message for json parse whitespace in strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
deps: cookie@0.5.0
- Add priority option
- Fix expires option to reject invalid dates
deps: depd@2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: on-finished@2.4.1
- Prevent loss of async hooks context
deps: qs@6.10.3
deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: serve-static@1.15.0
- deps: send@0.18.0
deps: statuses@2.0.1
- Remove code 306
- Rename 425 Unordered Collection to standard 425 Too Early

`v4.17.3`

Compare Source

===================

deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
deps: cookie@0.4.2
deps: qs@6.9.7
- Fix handling of __proto__ keys
pref: remove unnecessary regexp for trust proxy

`v4.17.2`

Compare Source

===================

Fix handling of undefined in res.jsonp
Fix handling of undefined when "json escape" is enabled
Fix incorrect middleware execution with unanchored RegExps
Fix res.jsonp(obj, status) deprecation message
Fix typo in res.is JSDoc
deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
deps: content-disposition@0.5.4
- deps: safe-buffer@5.2.1
deps: cookie@0.4.1
- Fix maxAge option to reject invalid values
deps: proxy-addr@~2.0.7
- Use req.socket over deprecated req.connection
- deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
deps: qs@6.9.6
deps: safe-buffer@5.2.1
deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
deps: serve-static@1.14.2
- deps: send@0.17.2
deps: setprototypeof@1.2.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

github-actions bot added the size/L label Mar 7, 2024

renovate bot changed the title ~~fix(deps): update dependency express to v4.18.3~~ fix(deps): update dependency express to v4.19.0 Mar 20, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 1125d20 to 1698c22 Compare March 20, 2024 18:43

renovate bot changed the title ~~fix(deps): update dependency express to v4.19.0~~ fix(deps): update dependency express to v4.19.1 Mar 20, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from 1698c22 to e8a9ac4 Compare March 20, 2024 23:21

fix(deps): update dependency express to v4.19.2

fdac562

renovate bot changed the title ~~fix(deps): update dependency express to v4.19.1~~ fix(deps): update dependency express to v4.19.2 Mar 25, 2024

renovate bot force-pushed the renovate/express-4.x-lockfile branch from e8a9ac4 to fdac562 Compare March 25, 2024 15:02

renovate bot changed the title ~~fix(deps): update dependency express to v4.19.2~~ fix(deps): update dependency express to v4.19.2 - autoclosed Mar 26, 2024

renovate bot closed this Mar 26, 2024

renovate bot deleted the renovate/express-4.x-lockfile branch March 26, 2024 21:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency express to v4.19.2 - autoclosed #219

fix(deps): update dependency express to v4.19.2 - autoclosed #219

renovate bot commented Mar 7, 2024 •

edited

Loading

fix(deps): update dependency express to v4.19.2 - autoclosed #219

fix(deps): update dependency express to v4.19.2 - autoclosed #219

Conversation

renovate bot commented Mar 7, 2024 • edited Loading

Release Notes

Configuration

renovate bot commented Mar 7, 2024 •

edited

Loading