Closed mend-for-github-com[bot] closed 2 years ago
This PR contains the following updates:
3.1.2
3.21.2
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been flagged for autoclosing, however it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.
This PR contains the following updates:
3.1.2
->3.21.2
Release Notes
expressjs/express
### [`v3.21.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3212--2015-07-31) [Compare Source](https://togithub.com/expressjs/express/compare/3.21.1...3.21.2) \=================== - deps: connect@2.30.2 - deps: body-parser@~1.13.3 - deps: compression@~1.5.2 - deps: errorhandler@~1.4.2 - deps: method-override@~2.3.5 - deps: serve-index@~1.7.2 - deps: type-is@~1.6.6 - deps: vhost@~3.0.1 - deps: vary@~1.0.1 - Fix setting empty header from empty `field` - perf: enable strict mode - perf: remove argument reassignments ### [`v3.21.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3211--2015-07-05) [Compare Source](https://togithub.com/expressjs/express/compare/3.21.0...3.21.1) \=================== - deps: basic-auth@~1.0.3 - deps: connect@2.30.1 - deps: body-parser@~1.13.2 - deps: compression@~1.5.1 - deps: errorhandler@~1.4.1 - deps: morgan@~1.6.1 - deps: pause@0.1.0 - deps: qs@4.0.0 - deps: serve-index@~1.7.1 - deps: type-is@~1.6.4 ### [`v3.21.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3210--2015-06-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.3...3.21.0) \=================== - deps: basic-auth@1.0.2 - perf: enable strict mode - perf: hoist regular expression - perf: parse with regular expressions - perf: remove argument reassignment - deps: connect@2.30.0 - deps: body-parser@~1.13.1 - deps: bytes@2.1.0 - deps: compression@~1.5.0 - deps: cookie@0.1.3 - deps: cookie-parser@~1.3.5 - deps: csurf@~1.8.3 - deps: errorhandler@~1.4.0 - deps: express-session@~1.11.3 - deps: finalhandler@0.4.0 - deps: fresh@0.3.0 - deps: morgan@~1.6.0 - deps: serve-favicon@~2.3.0 - deps: serve-index@~1.7.0 - deps: serve-static@~1.10.0 - deps: type-is@~1.6.3 - deps: cookie@0.1.3 - perf: deduce the scope of try-catch deopt - perf: remove argument reassignments - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - Always include entity length in ETags for hash length extensions - Generate non-Stats ETags using MD5 only (no longer CRC32) - Improve stat performance by removing hashing - Improve support for JXcore - Remove base64 padding in ETags to shorten - Support "fake" stats objects in environments without fs - Use MD5 instead of MD4 in weak ETags over 1KB - deps: fresh@0.3.0 - Add weak `ETag` matching support - deps: mkdirp@0.5.1 - Work in global strict mode - deps: send@0.13.0 - Allow Node.js HTTP server to set `Date` response header - Fix incorrectly removing `Content-Location` on 304 response - Improve the default redirect response headers - Send appropriate headers on default error response - Use `http-errors` for standard emitted errors - Use `statuses` instead of `http` module for status messages - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - deps: fresh@0.3.0 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove unnecessary array allocations ### [`v3.20.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3203--2015-05-17) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.2...3.20.3) \=================== - deps: connect@2.29.2 - deps: body-parser@~1.12.4 - deps: compression@~1.4.4 - deps: connect-timeout@~1.6.2 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: errorhandler@~1.3.6 - deps: finalhandler@0.3.6 - deps: method-override@~2.3.3 - deps: morgan@~1.5.3 - deps: qs@2.4.2 - deps: response-time@~2.3.1 - deps: serve-favicon@~2.2.1 - deps: serve-index@~1.6.4 - deps: serve-static@~1.9.3 - deps: type-is@~1.6.2 - deps: debug@~2.2.0 - deps: ms@0.7.1 - deps: depd@~1.0.1 - deps: proxy-addr@~1.0.8 - deps: ipaddr.js@1.0.1 - deps: send@0.12.3 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: etag@~1.6.0 - deps: ms@0.7.1 - deps: on-finished@~2.2.1 ### [`v3.20.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3202--2015-03-16) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.1...3.20.2) \=================== - deps: connect@2.29.1 - deps: body-parser@~1.12.2 - deps: compression@~1.4.3 - deps: connect-timeout@~1.6.1 - deps: debug@~2.1.3 - deps: errorhandler@~1.3.5 - deps: express-session@~1.10.4 - deps: finalhandler@0.3.4 - deps: method-override@~2.3.2 - deps: morgan@~1.5.2 - deps: qs@2.4.1 - deps: serve-index@~1.6.3 - deps: serve-static@~1.9.2 - deps: type-is@~1.6.1 - deps: debug@~2.1.3 - Fix high intensity foreground color for bold - deps: ms@0.7.0 - deps: merge-descriptors@1.0.0 - deps: proxy-addr@~1.0.7 - deps: ipaddr.js@0.1.9 - deps: send@0.12.2 - Throw errors early for invalid `extensions` or `index` options - deps: debug@~2.1.3 ### [`v3.20.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3201--2015-02-28) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.0...3.20.1) \=================== - Fix `req.host` when using "trust proxy" hops count - Fix `req.protocol`/`req.secure` when using "trust proxy" hops count ### [`v3.20.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3200--2015-02-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.19.2...3.20.0) \=================== - Fix `"trust proxy"` setting to inherit when app is mounted - Generate `ETag`s for all request responses - No longer restricted to only responses for `GET` and `HEAD` requests - Use `content-type` to parse `Content-Type` headers - deps: connect@2.29.0 - Use `content-type` to parse `Content-Type` headers - deps: body-parser@~1.12.0 - deps: compression@~1.4.1 - deps: connect-timeout@~1.6.0 - deps: cookie-parser@~1.3.4 - deps: cookie-signature@1.0.6 - deps: csurf@~1.7.0 - deps: errorhandler@~1.3.4 - deps: express-session@~1.10.3 - deps: http-errors@~1.3.1 - deps: response-time@~2.3.0 - deps: serve-index@~1.6.2 - deps: serve-static@~1.9.1 - deps: type-is@~1.6.0 - deps: cookie-signature@1.0.6 - deps: send@0.12.1 - Always read the stat size from the file - Fix mutating passed-in `options` - deps: mime@1.3.4 ### [`v3.19.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3192--2015-02-01) [Compare Source](https://togithub.com/expressjs/express/compare/3.19.1...3.19.2) \=================== - deps: connect@2.28.3 - deps: compression@~1.3.1 - deps: csurf@~1.6.6 - deps: errorhandler@~1.3.3 - deps: express-session@~1.10.2 - deps: serve-index@~1.6.1 - deps: type-is@~1.5.6 - deps: proxy-addr@~1.0.6 - deps: ipaddr.js@0.1.8 ### [`v3.19.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3191--2015-01-20) [Compare Source](https://togithub.com/expressjs/express/compare/3.19.0...3.19.1) \=================== - deps: connect@2.28.2 - deps: body-parser@~1.10.2 - deps: serve-static@~1.8.1 - deps: send@0.11.1 - Fix root path disclosure ### [`v3.19.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3190--2015-01-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.6...3.19.0) \=================== - Fix `OPTIONS` responses to include the `HEAD` method property - Use `readline` for prompt in `express(1)` - deps: commander@2.6.0 - deps: connect@2.28.1 - deps: body-parser@~1.10.1 - deps: compression@~1.3.0 - deps: connect-timeout@~1.5.0 - deps: csurf@~1.6.4 - deps: debug@~2.1.1 - deps: errorhandler@~1.3.2 - deps: express-session@~1.10.1 - deps: finalhandler@0.3.3 - deps: method-override@~2.3.1 - deps: morgan@~1.5.1 - deps: serve-favicon@~2.2.0 - deps: serve-index@~1.6.0 - deps: serve-static@~1.8.0 - deps: type-is@~1.5.5 - deps: debug@~2.1.1 - deps: methods@~1.1.1 - deps: proxy-addr@~1.0.5 - deps: ipaddr.js@0.1.6 - deps: send@0.11.0 - deps: debug@~2.1.1 - deps: etag@~1.5.1 - deps: ms@0.7.0 - deps: on-finished@~2.2.0 ### [`v3.18.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3186--2014-12-12) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.5...3.18.6) \=================== - Fix exception in `req.fresh`/`req.stale` without response headers ### [`v3.18.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3185--2014-12-11) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.4...3.18.5) \=================== - deps: connect@2.27.6 - deps: compression@~1.2.2 - deps: express-session@~1.9.3 - deps: http-errors@~1.2.8 - deps: serve-index@~1.5.3 - deps: type-is@~1.5.4 ### [`v3.18.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3184--2014-11-23) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.3...3.18.4) \=================== - deps: connect@2.27.4 - deps: body-parser@~1.9.3 - deps: compression@~1.2.1 - deps: errorhandler@~1.2.3 - deps: express-session@~1.9.2 - deps: qs@2.3.3 - deps: serve-favicon@~2.1.7 - deps: serve-static@~1.5.1 - deps: type-is@~1.5.3 - deps: etag@~1.5.1 - deps: proxy-addr@~1.0.4 - deps: ipaddr.js@0.1.5 ### [`v3.18.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3183--2014-11-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.2...3.18.3) \=================== - deps: connect@2.27.3 - Correctly invoke async callback asynchronously - deps: csurf@~1.6.3 ### [`v3.18.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3182--2014-10-28) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.1...3.18.2) \=================== - deps: connect@2.27.2 - Fix handling of URLs containing `://` in the path - deps: body-parser@~1.9.2 - deps: qs@2.3.2 ### [`v3.18.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3181--2014-10-22) [Compare Source](https://togithub.com/expressjs/express/compare/3.18.0...3.18.1) \=================== - Fix internal `utils.merge` deprecation warnings - deps: connect@2.27.1 - deps: body-parser@~1.9.1 - deps: express-session@~1.9.1 - deps: finalhandler@0.3.2 - deps: morgan@~1.4.1 - deps: qs@2.3.0 - deps: serve-static@~1.7.1 - deps: send@0.10.1 - deps: on-finished@~2.1.1 ### [`v3.18.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3180--2014-10-17) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.8...3.18.0) \=================== - Use `content-disposition` module for `res.attachment`/`res.download` - Sends standards-compliant `Content-Disposition` header - Full Unicode support - Use `etag` module to generate `ETag` headers - deps: connect@2.27.0 - Use `http-errors` module for creating errors - Use `utils-merge` module for merging objects - deps: body-parser@~1.9.0 - deps: compression@~1.2.0 - deps: connect-timeout@~1.4.0 - deps: debug@~2.1.0 - deps: depd@~1.0.0 - deps: express-session@~1.9.0 - deps: finalhandler@0.3.1 - deps: method-override@~2.3.0 - deps: morgan@~1.4.0 - deps: response-time@~2.2.0 - deps: serve-favicon@~2.1.6 - deps: serve-index@~1.5.0 - deps: serve-static@~1.7.0 - deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support - deps: depd@~1.0.0 - deps: send@0.10.0 - deps: debug@~2.1.0 - deps: depd@~1.0.0 - deps: etag@~1.5.0 ### [`v3.17.8`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3178--2014-10-15) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.7...3.17.8) \=================== - deps: connect@2.26.6 - deps: compression@~1.1.2 - deps: csurf@~1.6.2 - deps: errorhandler@~1.2.2 ### [`v3.17.7`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3177--2014-10-08) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.6...3.17.7) \=================== - deps: connect@2.26.5 - Fix accepting non-object arguments to `logger` - deps: serve-static@~1.6.4 ### [`v3.17.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3176--2014-10-02) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.5...3.17.6) \=================== - deps: connect@2.26.4 - deps: morgan@~1.3.2 - deps: type-is@~1.5.2 ### [`v3.17.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3175--2014-09-24) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.4...3.17.5) \=================== - deps: connect@2.26.3 - deps: body-parser@~1.8.4 - deps: serve-favicon@~2.1.5 - deps: serve-static@~1.6.3 - deps: proxy-addr@~1.0.3 - Use `forwarded` npm module - deps: send@0.9.3 - deps: etag@~1.4.0 ### [`v3.17.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3174--2014-09-19) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.3...3.17.4) \=================== - deps: connect@2.26.2 - deps: body-parser@~1.8.3 - deps: qs@2.2.4 ### [`v3.17.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3173--2014-09-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.2...3.17.3) \=================== - deps: proxy-addr@~1.0.2 - Fix a global leak when multiple subnets are trusted - deps: ipaddr.js@0.1.3 ### [`v3.17.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3172--2014-09-15) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.1...3.17.2) \=================== - Use `crc` instead of `buffer-crc32` for speed - deps: connect@2.26.1 - deps: body-parser@~1.8.2 - deps: depd@0.4.5 - deps: express-session@~1.8.2 - deps: morgan@~1.3.1 - deps: serve-favicon@~2.1.3 - deps: serve-static@~1.6.2 - deps: depd@0.4.5 - deps: send@0.9.2 - deps: depd@0.4.5 - deps: etag@~1.3.1 - deps: range-parser@~1.0.2 ### [`v3.17.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3171--2014-09-08) [Compare Source](https://togithub.com/expressjs/express/compare/3.17.0...3.17.1) \=================== - Fix error in `req.subdomains` on empty host ### [`v3.17.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3170--2014-09-08) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.10...3.17.0) \=================== - Support `X-Forwarded-Host` in `req.subdomains` - Support IP address host in `req.subdomains` - deps: connect@2.26.0 - deps: body-parser@~1.8.1 - deps: compression@~1.1.0 - deps: connect-timeout@~1.3.0 - deps: cookie-parser@~1.3.3 - deps: cookie-signature@1.0.5 - deps: csurf@~1.6.1 - deps: debug@~2.0.0 - deps: errorhandler@~1.2.0 - deps: express-session@~1.8.1 - deps: finalhandler@0.2.0 - deps: fresh@0.2.4 - deps: media-typer@0.3.0 - deps: method-override@~2.2.0 - deps: morgan@~1.3.0 - deps: qs@2.2.3 - deps: serve-favicon@~2.1.3 - deps: serve-index@~1.2.1 - deps: serve-static@~1.6.1 - deps: type-is@~1.5.1 - deps: vhost@~3.0.0 - deps: cookie-signature@1.0.5 - deps: debug@~2.0.0 - deps: fresh@0.2.4 - deps: media-typer@0.3.0 - Throw error when parameter format invalid on parse - deps: range-parser@~1.0.2 - deps: send@0.9.1 - Add `lastModified` option - Use `etag` to generate `ETag` header - deps: debug@~2.0.0 - deps: fresh@0.2.4 - deps: vary@~1.0.0 - Accept valid `Vary` header string as `field` ### [`v3.16.10`](https://togithub.com/expressjs/express/blob/HEAD/History.md#31610--2014-09-04) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.9...3.16.10) \==================== - deps: connect@2.25.10 - deps: serve-static@~1.5.4 - deps: send@0.8.5 - Fix a path traversal issue when using `root` - Fix malicious path detection for empty string path ### [`v3.16.9`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3169--2014-08-29) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.8...3.16.9) \=================== - deps: connect@2.25.9 - deps: body-parser@~1.6.7 - deps: qs@2.2.2 ### [`v3.16.8`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3168--2014-08-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.7...3.16.8) \=================== - deps: connect@2.25.8 - deps: body-parser@~1.6.6 - deps: csurf@~1.4.1 - deps: qs@2.2.0 ### [`v3.16.7`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3167--2014-08-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.6...3.16.7) \=================== - deps: connect@2.25.7 - deps: body-parser@~1.6.5 - deps: express-session@~1.7.6 - deps: morgan@~1.2.3 - deps: serve-static@~1.5.3 - deps: send@0.8.3 - deps: destroy@1.0.3 - deps: on-finished@2.1.0 ### [`v3.16.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3166--2014-08-14) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.5...3.16.6) \=================== - deps: connect@2.25.6 - deps: body-parser@~1.6.4 - deps: qs@1.2.2 - deps: serve-static@~1.5.2 - deps: send@0.8.2 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream` ### [`v3.16.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3165--2014-08-11) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.4...3.16.5) \=================== - deps: connect@2.25.5 - Fix backwards compatibility in `logger` ### [`v3.16.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3164--2014-08-10) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.3...3.16.4) \=================== - Fix original URL parsing in `res.location` - deps: connect@2.25.4 - Fix `query` middleware breaking with argument - deps: body-parser@~1.6.3 - deps: compression@~1.0.11 - deps: connect-timeout@~1.2.2 - deps: express-session@~1.7.5 - deps: method-override@~2.1.3 - deps: on-headers@~1.0.0 - deps: parseurl@~1.3.0 - deps: qs@1.2.1 - deps: response-time@~2.0.1 - deps: serve-index@~1.1.6 - deps: serve-static@~1.5.1 - deps: parseurl@~1.3.0 ### [`v3.16.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3163--2014-08-07) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.2...3.16.3) \=================== - deps: connect@2.25.3 - deps: multiparty@3.3.2 ### [`v3.16.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3162--2014-08-07) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.1...3.16.2) \=================== - deps: connect@2.25.2 - deps: body-parser@~1.6.2 - deps: qs@1.2.0 ### [`v3.16.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#31610--2014-09-04) [Compare Source](https://togithub.com/expressjs/express/compare/3.16.0...3.16.1) \==================== - deps: connect@2.25.10 - deps: serve-static@~1.5.4 - deps: send@0.8.5 - Fix a path traversal issue when using `root` - Fix malicious path detection for empty string path ### [`v3.16.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3160--2014-08-05) [Compare Source](https://togithub.com/expressjs/express/compare/3.15.3...3.16.0) \=================== - deps: connect@2.25.0 - deps: body-parser@~1.6.0 - deps: compression@~1.0.10 - deps: csurf@~1.4.0 - deps: express-session@~1.7.4 - deps: qs@1.0.2 - deps: serve-static@~1.5.0 - deps: send@0.8.1 - Add `extensions` option ### [`v3.15.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3153--2014-08-04) [Compare Source](https://togithub.com/expressjs/express/compare/3.15.2...3.15.3) \=================== - fix `res.sendfile` regression for serving directory index files - deps: connect@2.24.3 - deps: serve-index@~1.1.5 - deps: serve-static@~1.4.4 - deps: send@0.7.4 - Fix incorrect 403 on Windows and Node.js 0.11 - Fix serving index files without root dir ### [`v3.15.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3152--2014-07-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.15.1...3.15.2) \=================== - deps: connect@2.24.2 - deps: body-parser@~1.5.2 - deps: depd@0.4.4 - deps: express-session@~1.7.2 - deps: morgan@~1.2.2 - deps: serve-static@~1.4.2 - deps: depd@0.4.4 - Work-around v8 generating empty stack traces - deps: send@0.7.2 - deps: depd@0.4.4 ### [`v3.15.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3151--2014-07-26) [Compare Source](https://togithub.com/expressjs/express/compare/3.15.0...3.15.1) \=================== - deps: connect@2.24.1 - deps: body-parser@~1.5.1 - deps: depd@0.4.3 - deps: express-session@~1.7.1 - deps: morgan@~1.2.1 - deps: serve-index@~1.1.4 - deps: serve-static@~1.4.1 - deps: depd@0.4.3 - Fix exception when global `Error.stackTraceLimit` is too low - deps: send@0.7.1 - deps: depd@0.4.3 ### [`v3.15.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3150--2014-07-22) [Compare Source](https://togithub.com/expressjs/express/compare/3.14.0...3.15.0) \=================== - Fix `req.protocol` for proxy-direct connections - Pass options from `res.sendfile` to `send` - deps: connect@2.24.0 - deps: body-parser@~1.5.0 - deps: compression@~1.0.9 - deps: connect-timeout@~1.2.1 - deps: debug@1.0.4 - deps: depd@0.4.2 - deps: express-session@~1.7.0 - deps: finalhandler@0.1.0 - deps: method-override@~2.1.2 - deps: morgan@~1.2.0 - deps: multiparty@3.3.1 - deps: parseurl@~1.2.0 - deps: serve-static@~1.4.0 - deps: debug@1.0.4 - deps: depd@0.4.2 - Add `TRACE_DEPRECATION` environment variable - Remove non-standard grey color from color output - Support `--no-deprecation` argument - Support `--trace-deprecation` argument - deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` - deps: send@0.7.0 - Add `dotfiles` option - Cap `maxAge` value to 1 year - deps: debug@1.0.4 - deps: depd@0.4.2 ### [`v3.14.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3140--2014-07-11) [Compare Source](https://togithub.com/expressjs/express/compare/3.13.0...3.14.0) \=================== - add explicit "Rosetta Flash JSONP abuse" protection - previous versions are not vulnerable; this is just explicit protection - deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead - fix `res.send(status, num)` to send `num` as json (not error) - remove unnecessary escaping when `res.jsonp` returns JSON response - deps: basic-auth@1.0.0 - support empty password - support empty username - deps: connect@2.23.0 - deps: debug@1.0.3 - deps: express-session@~1.6.4 - deps: method-override@~2.1.0 - deps: parseurl@~1.1.3 - deps: serve-static@~1.3.1 - deps: debug@1.0.3 - Add support for multiple wildcards in namespaces - deps: methods@1.1.0 - add `CONNECT` - deps: parseurl@~1.1.3 - faster parsing of href-only URLs ### [`v3.13.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3130--2014-07-03) [Compare Source](https://togithub.com/expressjs/express/compare/3.12.1...3.13.0) \=================== - add deprecation message to `app.configure` - add deprecation message to `req.auth` - use `basic-auth` to parse `Authorization` header - deps: connect@2.22.0 - deps: csurf@~1.3.0 - deps: express-session@~1.6.1 - deps: multiparty@3.3.0 - deps: serve-static@~1.3.0 - deps: send@0.5.0 - Accept string for `maxage` (converted by `ms`) - Include link in default redirect response ### [`v3.12.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3121--2014-06-26) [Compare Source](https://togithub.com/expressjs/express/compare/3.12.0...3.12.1) \=================== - deps: connect@2.21.1 - deps: cookie-parser@1.3.2 - deps: cookie-signature@1.0.4 - deps: express-session@~1.5.2 - deps: type-is@~1.3.2 - deps: cookie-signature@1.0.4 - fix for timing attacks ### [`v3.12.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3120--2014-06-21) [Compare Source](https://togithub.com/expressjs/express/compare/3.11.0...3.12.0) \=================== - use `media-typer` to alter content-type charset - deps: connect@2.21.0 - deprecate `connect(middleware)` -- use `app.use(middleware)` instead - deprecate `connect.createServer()` -- use `connect()` instead - fix `res.setHeader()` patch to work with with get -> append -> set pattern - deps: compression@~1.0.8 - deps: errorhandler@~1.1.1 - deps: express-session@~1.5.0 - deps: serve-index@~1.1.3 ### [`v3.11.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3110--2014-06-19) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.5...3.11.0) \=================== - deprecate things with `depd` module - deps: buffer-crc32@0.2.3 - deps: connect@2.20.2 - deprecate `verify` option to `json` -- use `body-parser` npm module instead - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead - deprecate things with `depd` module - use `finalhandler` for final response handling - use `media-typer` to parse `content-type` for charset - deps: body-parser@1.4.3 - deps: connect-timeout@1.1.1 - deps: cookie-parser@1.3.1 - deps: csurf@1.2.2 - deps: errorhandler@1.1.0 - deps: express-session@1.4.0 - deps: multiparty@3.2.9 - deps: serve-index@1.1.2 - deps: type-is@1.3.1 - deps: vhost@2.0.0 ### [`v3.10.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3105--2014-06-11) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.4...3.10.5) \=================== - deps: connect@2.19.6 - deps: body-parser@1.3.1 - deps: compression@1.0.7 - deps: debug@1.0.2 - deps: serve-index@1.1.1 - deps: serve-static@1.2.3 - deps: debug@1.0.2 - deps: send@0.4.3 - Do not throw uncatchable error on file open race condition - Use `escape-html` for HTML escaping - deps: debug@1.0.2 - deps: finished@1.2.2 - deps: fresh@0.2.2 ### [`v3.10.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3104--2014-06-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.3...3.10.4) \=================== - deps: connect@2.19.5 - fix "event emitter leak" warnings - deps: csurf@1.2.1 - deps: debug@1.0.1 - deps: serve-static@1.2.2 - deps: type-is@1.2.1 - deps: debug@1.0.1 - deps: send@0.4.2 - fix "event emitter leak" warnings - deps: finished@1.2.1 - deps: debug@1.0.1 ### [`v3.10.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3103--2014-06-05) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.2...3.10.3) \=================== - use `vary` module for `res.vary` - deps: connect@2.19.4 - deps: errorhandler@1.0.2 - deps: method-override@2.0.2 - deps: serve-favicon@2.0.1 - deps: debug@1.0.0 ### [`v3.10.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3102--2014-06-03) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.1...3.10.2) \=================== - deps: connect@2.19.3 - deps: compression@1.0.6 ### [`v3.10.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3101--2014-06-03) [Compare Source](https://togithub.com/expressjs/express/compare/3.10.0...3.10.1) \=================== - deps: connect@2.19.2 - deps: compression@1.0.4 - deps: proxy-addr@1.0.1 ### [`v3.10.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#3100--2014-06-02) [Compare Source](https://togithub.com/expressjs/express/compare/3.9.0...3.10.0) \=================== - deps: connect@2.19.1 - deprecate `methodOverride()` -- use `method-override` npm module instead - deps: body-parser@1.3.0 - deps: method-override@2.0.1 - deps: multiparty@3.2.8 - deps: response-time@2.0.0 - deps: serve-static@1.2.1 - deps: methods@1.0.1 - deps: send@0.4.1 - Send `max-age` in `Cache-Control` in correct format ### [`v3.9.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#390--2014-05-30) [Compare Source](https://togithub.com/expressjs/express/compare/3.8.1...3.9.0) \================== - custom etag control with `app.set('etag', val)` - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation - `app.set('etag', 'weak')` weak tag - `app.set('etag', 'strong')` strong etag - `app.set('etag', false)` turn off - `app.set('etag', true)` standard etag - Include ETag in HEAD requests - mark `res.send` ETag as weak and reduce collisions - update connect to 2.18.0 - deps: compression@1.0.3 - deps: serve-index@1.1.0 - deps: serve-static@1.2.0 - update send to 0.4.0 - Calculate ETag with md5 for reduced collisions - Ignore stream errors after request ends - deps: debug@0.8.1 ### [`v3.8.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#381--2014-05-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.8.0...3.8.1) \================== - update connect to 2.17.3 - deps: body-parser@1.2.2 - deps: express-session@1.2.1 - deps: method-override@1.0.2 ### [`v3.8.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#380--2014-05-21) [Compare Source](https://togithub.com/expressjs/express/compare/3.7.0...3.8.0) \================== - keep previous `Content-Type` for `res.jsonp` - set proper `charset` in `Content-Type` for `res.send` - update connect to 2.17.1 - fix `res.charset` appending charset when `content-type` has one - deps: express-session@1.2.0 - deps: morgan@1.1.1 - deps: serve-index@1.0.3 ### [`v3.7.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#370--2014-05-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.6.0...3.7.0) \================== - proper proxy trust with `app.set('trust proxy', trust)` - `app.set('trust proxy', 1)` trust first hop - `app.set('trust proxy', 'loopback')` trust loopback addresses - `app.set('trust proxy', '10.0.0.1')` trust single IP - `app.set('trust proxy', '10.0.0.1/16')` trust subnet - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list - `app.set('trust proxy', false)` turn off - `app.set('trust proxy', true)` trust everything - update connect to 2.16.2 - deprecate `res.headerSent` -- use `res.headersSent` - deprecate `res.on("header")` -- use on-headers module instead - fix edge-case in `res.appendHeader` that would append in wrong order - json: use body-parser - urlencoded: use body-parser - dep: bytes@1.0.0 - dep: cookie-parser@1.1.0 - dep: csurf@1.2.0 - dep: express-session@1.1.0 - dep: method-override@1.0.1 ### [`v3.6.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#360--2014-05-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.5.3...3.6.0) \================== - deprecate `app.del()` -- use `app.delete()` instead - deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead - the edge-case `res.json(status, num)` requires `res.status(status).json(num)` - deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)` - support PURGE method - add `app.purge` - add `router.purge` - include PURGE in `app.all` - update connect to 2.15.0 - Add `res.appendHeader` - Call error stack even when response has been sent - Patch `res.headerSent` to return Boolean - Patch `res.headersSent` for node.js 0.8 - Prevent default 404 handler after response sent - dep: compression@1.0.2 - dep: connect-timeout@1.1.0 - dep: debug@^0.8.0 - dep: errorhandler@1.0.1 - dep: express-session@1.0.4 - dep: morgan@1.0.1 - dep: serve-favicon@2.0.0 - dep: serve-index@1.0.2 - update debug to 0.8.0 - add `enable()` method - change from stderr to stdout - update methods to 1.0.0 - add PURGE - update mkdirp to 0.5.0 ### [`v3.5.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#353--2014-05-08) [Compare Source](https://togithub.com/expressjs/express/compare/3.5.2...3.5.3) \================== - fix `req.host` for IPv6 literals - fix `res.jsonp` error if callback param is object ### [`v3.5.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#352--2014-04-24) [Compare Source](https://togithub.com/expressjs/express/compare/3.5.1...3.5.2) \================== - update connect to 2.14.5 - update cookie to 0.1.2 - update mkdirp to 0.4.0 - update send to 0.3.0 ### [`v3.5.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#351--2014-03-25) [Compare Source](https://togithub.com/expressjs/express/compare/3.5.0...3.5.1) \================== - pin less-middleware in generated app ### [`v3.5.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#350--2014-03-06) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.8...3.5.0) \================== - bump deps ### [`v3.4.8`](https://togithub.com/expressjs/express/blob/HEAD/History.md#348--2014-01-13) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.7...3.4.8) \================== - prevent incorrect automatic OPTIONS responses [#1868](https://togithub.com/expressjs/express/issues/1868) [@dpatti](https://togithub.com/dpatti) - update binary and examples for jade 1.0 [#1876](https://togithub.com/expressjs/express/issues/1876) [@yossi](https://togithub.com/yossi), [#1877](https://togithub.com/expressjs/express/issues/1877) [@reqshark](https://togithub.com/reqshark), [#1892](https://togithub.com/expressjs/express/issues/1892) [@matheusazzi](https://togithub.com/matheusazzi) - throw 400 in case of malformed paths [@rlidwka](https://togithub.com/rlidwka) ### [`v3.4.7`](https://togithub.com/expressjs/express/blob/HEAD/History.md#347--2013-12-10) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.6...3.4.7) \================== - update connect ### [`v3.4.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#346--2013-12-01) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.5...3.4.6) \================== - update connect (raw-body) ### [`v3.4.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#345--2013-11-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.4...3.4.5) \================== - update connect - res.location: remove leading ./ [#1802](https://togithub.com/expressjs/express/issues/1802) [@kapouer](https://togithub.com/kapouer) - res.redirect: fix \`res.redirect('toString') [#1829](https://togithub.com/expressjs/express/issues/1829) [@michaelficarra](https://togithub.com/michaelficarra) - res.send: always send ETag when content-length > 0 - router: add Router.all() method ### [`v3.4.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#344--2013-10-29) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.3...3.4.4) \================== - update connect - update supertest - update methods - express(1): replace bodyParser() with urlencoded() and json() [#1795](https://togithub.com/expressjs/express/issues/1795) [@chirag04](https://togithub.com/chirag04) ### [`v3.4.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#343--2013-10-23) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.2...3.4.3) \================== - update connect ### [`v3.4.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#342--2013-10-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.1...3.4.2) \================== - update connect - downgrade commander ### [`v3.4.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#341--2013-10-15) [Compare Source](https://togithub.com/expressjs/express/compare/3.4.0...3.4.1) \================== - update connect - update commander - jsonp: check if callback is a function - router: wrap encodeURIComponent in a try/catch [#1735](https://togithub.com/expressjs/express/issues/1735) ([@lxe](https://togithub.com/lxe)) - res.format: now includes charset [@1747](https://togithub.com/1747) ([@sorribas](https://togithub.com/sorribas)) - res.links: allow multiple calls [@1746](https://togithub.com/1746) ([@sorribas](https://togithub.com/sorribas)) ### [`v3.4.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#340--2013-09-07) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.8...3.4.0) \================== - add res.vary(). Closes [#1682](https://togithub.com/expressjs/express/issues/1682) - update connect ### [`v3.3.8`](https://togithub.com/expressjs/express/blob/HEAD/History.md#338--2013-09-02) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.7...3.3.8) \================== - update connect ### [`v3.3.7`](https://togithub.com/expressjs/express/blob/HEAD/History.md#337--2013-08-28) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.6...3.3.7) \================== - update connect ### [`v3.3.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#336--2013-08-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.5...3.3.6) \================== - Revert "remove charset from json responses. Closes [#1631](https://togithub.com/expressjs/express/issues/1631)" (causes issues in some clients) - add: req.accepts take an argument list ### [`v3.3.5`](https://togithub.com/expressjs/express/compare/3.3.4...3.3.5) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.4...3.3.5) ### [`v3.3.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#334--2013-07-08) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.3...3.3.4) \================== - update send and connect ### [`v3.3.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#333--2013-07-04) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.2...3.3.3) \================== - update connect ### [`v3.3.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#332--2013-07-03) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.1...3.3.2) \================== - update connect - update send - remove .version export ### [`v3.3.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#331--2013-06-27) [Compare Source](https://togithub.com/expressjs/express/compare/3.3.0...3.3.1) \================== - update connect ### [`v3.3.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#330--2013-06-26) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.6...3.3.0) \================== - update connect - add support for multiple X-Forwarded-Proto values. Closes [#1646](https://togithub.com/expressjs/express/issues/1646) - change: remove charset from json responses. Closes [#1631](https://togithub.com/expressjs/express/issues/1631) - change: return actual booleans from req.accept\* functions - fix jsonp callback array throw ### [`v3.2.6`](https://togithub.com/expressjs/express/blob/HEAD/History.md#326--2013-06-02) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.5...3.2.6) \================== - update connect ### [`v3.2.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#325--2013-05-21) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.4...3.2.5) \================== - update connect - update node-cookie - add: throw a meaningful error when there is no default engine - change generation of ETags with res.send() to GET requests only. Closes [#1619](https://togithub.com/expressjs/express/issues/1619) ### [`v3.2.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#324--2013-05-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.3...3.2.4) \================== - fix `req.subdomains` when no Host is present - fix `req.host` when no Host is present, return undefined ### [`v3.2.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#323--2013-05-07) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.2...3.2.3) \================== - update connect / qs ### [`v3.2.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#322--2013-05-03) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.1...3.2.2) \================== - update qs ### [`v3.2.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#321--2013-04-29) [Compare Source](https://togithub.com/expressjs/express/compare/3.2.0...3.2.1) \================== - add app.VERB() paths array deprecation warning - update connect - update qs and remove all ~ semver crap - fix: accept number as value of Signed Cookie ### [`v3.2.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#320--2013-04-15) [Compare Source](https://togithub.com/expressjs/express/compare/3.1.2...3.2.0) \================== - add "view" constructor setting to override view behaviour - add req.acceptsEncoding(name) - add req.acceptedEncodings - revert cookie signature change causing session race conditions - fix sorting of Accept values of the same qualityConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.