expressjs/express (express)
### [`v4.21.1`](https://redirect.github.com/expressjs/express/releases/tag/4.21.1)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.21.0...4.21.1)
#### What's Changed
- Backport a fix for CVE-2024-47764 to the 4.x branch by [@joshbuker](https://redirect.github.com/joshbuker) in [https://github.com/expressjs/express/pull/6029](https://redirect.github.com/expressjs/express/pull/6029)
- Release: 4.21.1 by [@UlisesGascon](https://redirect.github.com/UlisesGascon) in [https://github.com/expressjs/express/pull/6031](https://redirect.github.com/expressjs/express/pull/6031)
**Full Changelog**: https://github.com/expressjs/express/compare/4.21.0...4.21.1
### [`v4.21.0`](https://redirect.github.com/expressjs/express/releases/tag/4.21.0)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.20.0...4.21.0)
#### What's Changed
- Deprecate `"back"` magic string in redirects by [@blakeembrey](https://redirect.github.com/blakeembrey) in [https://github.com/expressjs/express/pull/5935](https://redirect.github.com/expressjs/express/pull/5935)
- finalhandler@1.3.1 by [@wesleytodd](https://redirect.github.com/wesleytodd) in [https://github.com/expressjs/express/pull/5954](https://redirect.github.com/expressjs/express/pull/5954)
- fix(deps): serve-static@1.16.2 by [@wesleytodd](https://redirect.github.com/wesleytodd) in [https://github.com/expressjs/express/pull/5951](https://redirect.github.com/expressjs/express/pull/5951)
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by [@agadzinski93](https://redirect.github.com/agadzinski93) in [https://github.com/expressjs/express/pull/5946](https://redirect.github.com/expressjs/express/pull/5946)
#### New Contributors
- [@agadzinski93](https://redirect.github.com/agadzinski93) made their first contribution in [https://github.com/expressjs/express/pull/5946](https://redirect.github.com/expressjs/express/pull/5946)
**Full Changelog**: https://github.com/expressjs/express/compare/4.20.0...4.21.0
### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0)
\==========
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add `depth` option to customize the depth level in the parser
- IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
- Remove link renderization in html while using `res.redirect`
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of `\`, `|`, and `^` to align better with URL spec
- Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
### [`v4.19.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.1...4.19.2)
\==========
- Improved fix for open redirect allow list bypass
### [`v4.19.1`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.0...4.19.1)
\==========
- Allow passing non-strings to res.location with new encoding handling checks
### [`v4.19.0`](https://redirect.github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.3...4.19.0)
### [`v4.18.3`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.2...4.18.3)
\==========
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
4.18.2->4.21.14.17.19->4.17.21Release Notes
expressjs/express (express)
### [`v4.21.1`](https://redirect.github.com/expressjs/express/releases/tag/4.21.1) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.21.0...4.21.1) #### What's Changed - Backport a fix for CVE-2024-47764 to the 4.x branch by [@joshbuker](https://redirect.github.com/joshbuker) in [https://github.com/expressjs/express/pull/6029](https://redirect.github.com/expressjs/express/pull/6029) - Release: 4.21.1 by [@UlisesGascon](https://redirect.github.com/UlisesGascon) in [https://github.com/expressjs/express/pull/6031](https://redirect.github.com/expressjs/express/pull/6031) **Full Changelog**: https://github.com/expressjs/express/compare/4.21.0...4.21.1 ### [`v4.21.0`](https://redirect.github.com/expressjs/express/releases/tag/4.21.0) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.20.0...4.21.0) #### What's Changed - Deprecate `"back"` magic string in redirects by [@blakeembrey](https://redirect.github.com/blakeembrey) in [https://github.com/expressjs/express/pull/5935](https://redirect.github.com/expressjs/express/pull/5935) - finalhandler@1.3.1 by [@wesleytodd](https://redirect.github.com/wesleytodd) in [https://github.com/expressjs/express/pull/5954](https://redirect.github.com/expressjs/express/pull/5954) - fix(deps): serve-static@1.16.2 by [@wesleytodd](https://redirect.github.com/wesleytodd) in [https://github.com/expressjs/express/pull/5951](https://redirect.github.com/expressjs/express/pull/5951) - Upgraded dependency qs to 6.13.0 to match qs in body-parser by [@agadzinski93](https://redirect.github.com/agadzinski93) in [https://github.com/expressjs/express/pull/5946](https://redirect.github.com/expressjs/express/pull/5946) #### New Contributors - [@agadzinski93](https://redirect.github.com/agadzinski93) made their first contribution in [https://github.com/expressjs/express/pull/5946](https://redirect.github.com/expressjs/express/pull/5946) **Full Changelog**: https://github.com/expressjs/express/compare/4.20.0...4.21.0 ### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0) \========== - deps: serve-static@0.16.0 - Remove link renderization in html while redirecting - deps: send@0.19.0 - Remove link renderization in html while redirecting - deps: body-parser@0.6.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - Remove link renderization in html while using `res.redirect` - deps: path-to-regexp@0.1.10 - Adds support for named matching groups in the routes using a regex - Adds backtracking protection to parameters without regexes defined - deps: encodeurl@~2.0.0 - Removes encoding of `\`, `|`, and `^` to align better with URL spec - Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie` - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie ### [`v4.19.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://redirect.github.com/expressjs/express/compare/4.18.3...83e77aff6a3859d58206f3ff9501277023c03f87) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.3...4.19.0) ### [`v4.18.3`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-26) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.