Closed mend-app-sh[bot] closed 3 months ago
This PR contains the following updates:
4.17.3
4.19.2
[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR contains the following updates:
4.17.3->4.19.2Release Notes
expressjs/express (express)
### [`v4.19.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://togithub.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://togithub.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4190--2024-03-20) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.3...4.19.0) \========== - Prevent open redirect allow list bypass due to encodeurl - deps: cookie@0.6.0 ### [`v4.18.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-29) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser@1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: raw-body@2.5.2 - deps: cookie@0.6.0 - Add `partitioned` option ### [`v4.18.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4182--2022-10-08) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.1...4.18.2) \=================== - Fix regression routing a large stack in a single route - deps: body-parser@1.20.1 - deps: qs@6.11.0 - perf: remove unnecessary object clone - deps: qs@6.11.0 ### [`v4.18.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4181--2022-04-29) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.0...4.18.1) \=================== - Fix hanging on large stack of sync routes ### [`v4.18.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4180--2022-04-25) [Compare Source](https://togithub.com/expressjs/express/compare/4.17.3...4.18.0) \=================== - Add "root" option to `res.download` - Allow `options` without `filename` in `res.download` - Deprecate string and non-integer arguments to `res.status` - Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` - Fix handling very large stacks of sync middleware - Ignore `Object.prototype` values in settings through `app.set`/`app.get` - Invoke `default` with same arguments as types in `res.format` - Support proper 205 responses using `res.send` - Use `http-errors` for `res.format` error - deps: body-parser@1.20.0 - Fix error message for json parse whitespace in `strict` - Fix internal error when inflated body exceeds limit - Prevent loss of async hooks context - Prevent hanging when request already read - deps: depd@2.0.0 - deps: http-errors@2.0.0 - deps: on-finished@2.4.1 - deps: qs@6.10.3 - deps: raw-body@2.5.1 - deps: cookie@0.5.0 - Add `priority` option - Fix `expires` option to reject invalid dates - deps: depd@2.0.0 - Replace internal `eval` usage with `Function` constructor - Use instance methods on `process` to check for listeners - deps: finalhandler@1.2.0 - Remove set content headers that break response - deps: on-finished@2.4.1 - deps: statuses@2.0.1 - deps: on-finished@2.4.1 - Prevent loss of async hooks context - deps: qs@6.10.3 - deps: send@0.18.0 - Fix emitted 416 error missing headers property - Limit the headers removed for 304 response - deps: depd@2.0.0 - deps: destroy@1.2.0 - deps: http-errors@2.0.0 - deps: on-finished@2.4.1 - deps: statuses@2.0.1 - deps: serve-static@1.15.0 - deps: send@0.18.0 - deps: statuses@2.0.1 - Remove code 306 - Rename `425 Unordered Collection` to standard `425 Too Early`Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.