vital-ws / no-smart-fix

0 stars 3 forks source link

Update dependency express to v4 - autoclosed #24

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express (source) 3.0.0 -> 4.16.0 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 7.5 WS-2014-0005
High High 7.5 CVE-2017-1000048
High High 7.5 CVE-2017-16138
High High 7.5 CVE-2014-10064
High High 7.5 CVE-2017-16119
High High 7.3 CVE-2014-6394
High High 7.3 CVE-2014-6394
Medium Medium 6.1 CVE-2013-7370
Medium Medium 6.1 WS-2013-0004
Medium Medium 6.1 CVE-2013-7371
Medium Medium 6.1 CVE-2014-6393

Release Notes

expressjs/express ### [`v4.16.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4160--2017-09-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.5...4.16.0) \=================== - Add `"json escape"` setting for `res.json` and `res.jsonp` - Add `express.json` and `express.urlencoded` to parse bodies - Add `options` argument to `res.download` - Improve error message when autoloading invalid view engine - Improve error messages when non-function provided as middleware - Skip `Buffer` encoding when not generating ETag for small response - Use `safe-buffer` for improved Buffer API - deps: accepts@~1.3.4 - deps: mime-types@~2.1.16 - deps: content-type@~1.0.4 - perf: remove argument reassignment - perf: skip parameter parsing when no parameters - deps: etag@~1.8.1 - perf: replace regular expression with substring - deps: finalhandler@1.1.0 - Use `res.headersSent` when available - deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` - deps: proxy-addr@~2.0.2 - Fix trimming leading / trailing OWS in `X-Forwarded-For` - deps: forwarded@~0.1.2 - deps: ipaddr.js@1.5.2 - perf: reduce overhead when no `X-Forwarded-For` header - deps: qs@6.5.1 - Fix parsing & compacting very deep objects - deps: send@0.16.0 - Add 70 new types for file extensions - Add `immutable` option - Fix missing `` in default error & redirects - Set charset as "UTF-8" for .js and .json - Use instance methods on steam to check for listeners - deps: mime@1.4.1 - perf: improve path validation speed - deps: serve-static@1.13.0 - Add 70 new types for file extensions - Add `immutable` option - Set charset as "UTF-8" for .js and .json - deps: send@0.16.0 - deps: setprototypeof@1.1.0 - deps: utils-merge@1.0.1 - deps: vary@~1.1.2 - perf: improve header token parsing speed - perf: re-use options object when generating ETags - perf: remove dead `.charset` set in `res.jsonp` ### [`v4.15.5`](https://togithub.com/expressjs/express/blob/master/History.md#​4155--2017-09-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.4...4.15.5) \=================== - deps: debug@2.6.9 - deps: finalhandler@~1.0.6 - deps: debug@2.6.9 - deps: parseurl@~1.3.2 - deps: fresh@0.5.2 - Fix handling of modified headers with invalid dates - perf: improve ETag match loop - perf: improve `If-None-Match` token parsing - deps: send@0.15.6 - Fix handling of modified headers with invalid dates - deps: debug@2.6.9 - deps: etag@~1.8.1 - deps: fresh@0.5.2 - perf: improve `If-Match` token parsing - deps: serve-static@1.12.6 - deps: parseurl@~1.3.2 - deps: send@0.15.6 - perf: improve slash collapsing ### [`v4.15.4`](https://togithub.com/expressjs/express/blob/master/History.md#​4154--2017-08-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.3...4.15.4) \=================== - deps: debug@2.6.8 - deps: depd@~1.1.1 - Remove unnecessary `Buffer` loading - deps: finalhandler@~1.0.4 - deps: debug@2.6.8 - deps: proxy-addr@~1.1.5 - Fix array argument being altered - deps: ipaddr.js@1.4.0 - deps: qs@6.5.0 - deps: send@0.15.4 - deps: debug@2.6.8 - deps: depd@~1.1.1 - deps: http-errors@~1.6.2 - deps: serve-static@1.12.4 - deps: send@0.15.4 ### [`v4.15.3`](https://togithub.com/expressjs/express/blob/master/History.md#​4153--2017-05-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.2...4.15.3) \=================== - Fix error when `res.set` cannot add charset to `Content-Type` - deps: debug@2.6.7 - Fix `DEBUG_MAX_ARRAY_LENGTH` - deps: ms@2.0.0 - deps: finalhandler@~1.0.3 - Fix missing `` in HTML document - deps: debug@2.6.7 - deps: proxy-addr@~1.1.4 - deps: ipaddr.js@1.3.0 - deps: send@0.15.3 - deps: debug@2.6.7 - deps: ms@2.0.0 - deps: serve-static@1.12.3 - deps: send@0.15.3 - deps: type-is@~1.6.15 - deps: mime-types@~2.1.15 - deps: vary@~1.1.1 - perf: hoist regular expression ### [`v4.15.2`](https://togithub.com/expressjs/express/blob/master/History.md#​4152--2017-03-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.1...4.15.2) \=================== - deps: qs@6.4.0 - Fix regression parsing keys starting with `[` ### [`v4.15.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4151--2017-03-05) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.0...4.15.1) \=================== - deps: send@0.15.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - Fix strict violation in broken environments - deps: serve-static@1.12.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - deps: send@0.15.1 ### [`v4.15.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4150--2017-03-01) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.1...4.15.0) \=================== - Add debug message when loading view engine - Add `next("router")` to exit from router - Fix case where `router.use` skipped requests routes did not - Remove usage of `res._headers` private field - Improves compatibility with Node.js 8 nightly - Skip routing when `req.url` is not set - Use `%o` in path debug to tell types apart - Use `Object.create` to setup request & response prototypes - Use `setprototypeof` module to replace `__proto__` setting - Use `statuses` instead of `http` module for status messages - deps: debug@2.6.1 - Allow colors in workers - Deprecated `DEBUG_FD` environment variable set to `3` or higher - Fix error when running under React Native - Use same color for same namespace - deps: ms@0.7.2 - deps: etag@~1.8.0 - Use SHA1 instead of MD5 for ETag hashing - Works with FIPS 140-2 OpenSSL configuration - deps: finalhandler@~1.0.0 - Fix exception when `err` cannot be converted to a string - Fully URL-encode the pathname in the 404 - Only include the pathname in the 404 message - Send complete HTML document - Set `Content-Security-Policy: default-src 'self'` header - deps: debug@2.6.1 - deps: fresh@0.5.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - perf: delay reading header values until needed - perf: enable strict mode - perf: hoist regular expressions - perf: remove duplicate conditional - perf: remove unnecessary boolean coercions - perf: skip checking modified time if ETag check failed - perf: skip parsing `If-None-Match` when no `ETag` header - perf: use `Date.parse` instead of `new Date` - deps: qs@6.3.1 - Fix array parsing from skipping empty values - Fix compacting nested arrays - deps: send@0.15.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: debug@2.6.1 - deps: etag@~1.8.0 - deps: fresh@0.5.0 - deps: http-errors@~1.6.1 - deps: serve-static@1.12.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Send complete HTML document in redirect response - Set default CSP header in redirect response - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: send@0.15.0 - perf: add fast match path for `*` route - perf: improve `req.ips` performance ### [`v4.14.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4141--2017-01-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.0...4.14.1) \=================== - deps: content-disposition@0.5.2 - deps: finalhandler@0.5.1 - Fix exception when `err.headers` is not an object - deps: statuses@~1.3.1 - perf: hoist regular expressions - perf: remove duplicate validation path - deps: proxy-addr@~1.1.3 - deps: ipaddr.js@1.2.0 - deps: send@0.14.2 - deps: http-errors@~1.5.1 - deps: ms@0.7.2 - deps: statuses@~1.3.1 - deps: serve-static@~1.11.2 - deps: send@0.14.2 - deps: type-is@~1.6.14 - deps: mime-types@~2.1.13 ### [`v4.14.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4140--2016-06-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.4...4.14.0) \=================== - Add `acceptRanges` option to `res.sendFile`/`res.sendfile` - Add `cacheControl` option to `res.sendFile`/`res.sendfile` - Add `options` argument to `req.range` - Includes the `combine` option - Encode URL in `res.location`/`res.redirect` if not already encoded - Fix some redirect handling in `res.sendFile`/`res.sendfile` - Fix Windows absolute path check using forward slashes - Improve error with invalid arguments to `req.get()` - Improve performance for `res.json`/`res.jsonp` in most cases - Improve `Range` header handling in `res.sendFile`/`res.sendfile` - deps: accepts@~1.3.3 - Fix including type extensions in parameters in `Accept` parsing - Fix parsing `Accept` parameters with quoted equals - Fix parsing `Accept` parameters with quoted semicolons - Many performance improvements - deps: mime-types@~2.1.11 - deps: negotiator@0.6.1 - deps: content-type@~1.0.2 - perf: enable strict mode - deps: cookie@0.3.1 - Add `sameSite` option - Fix cookie `Max-Age` to never be a floating point number - Improve error message when `encode` is not a function - Improve error message when `expires` is not a `Date` - Throw better error for invalid argument to parse - Throw on invalid values provided to `serialize` - perf: enable strict mode - perf: hoist regular expression - perf: use for loop in parse - perf: use string concatenation for serialization - deps: finalhandler@0.5.0 - Change invalid or non-numeric status code to 500 - Overwrite status message to match set status code - Prefer `err.statusCode` if `err.status` is invalid - Set response headers from `err.headers` object - Use `statuses` instead of `http` module for status messages - deps: proxy-addr@~1.1.2 - Fix accepting various invalid netmasks - Fix IPv6-mapped IPv4 validation edge cases - IPv4 netmasks must be contiguous - IPv6 addresses cannot be used as a netmask - deps: ipaddr.js@1.1.1 - deps: qs@6.2.0 - Add `decoder` option in `parse` function - deps: range-parser@~1.2.0 - Add `combine` option to combine overlapping ranges - Fix incorrectly returning -1 when there is at least one valid range - perf: remove internal function - deps: send@0.14.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Correctly inherit from `Stream` class - Fix `Content-Range` header in 416 responses when using `start`/`end` options - Fix `Content-Range` header missing from default 416 responses - Fix redirect error when `path` contains raw non-URL characters - Fix redirect when `path` starts with multiple forward slashes - Ignore non-byte `Range` headers - deps: http-errors@~1.5.0 - deps: range-parser@~1.2.0 - deps: statuses@~1.3.0 - perf: remove argument reassignment - deps: serve-static@~1.11.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Fix redirect error when `req.url` contains raw non-URL characters - Ignore non-byte `Range` headers - Use status code 301 for redirects - deps: send@0.14.1 - deps: type-is@~1.6.13 - Fix type error when given invalid type to match against - deps: mime-types@~2.1.11 - deps: vary@~1.1.0 - Only accept valid field names in the `field` argument - perf: use strict equality when possible ### [`v4.13.4`](https://togithub.com/expressjs/express/blob/master/History.md#​4134--2016-01-21) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.3...4.13.4) \=================== - deps: content-disposition@0.5.1 - perf: enable strict mode - deps: cookie@0.1.5 - Throw on invalid values provided to `serialize` - deps: depd@~1.1.0 - Support web browser loading - perf: enable strict mode - deps: escape-html@~1.0.3 - perf: enable strict mode - perf: optimize string replacement - perf: use faster string coercion - deps: finalhandler@0.4.1 - deps: escape-html@~1.0.3 - deps: merge-descriptors@1.0.1 - perf: enable strict mode - deps: methods@~1.1.2 - perf: enable strict mode - deps: parseurl@~1.3.1 - perf: enable strict mode - deps: proxy-addr@~1.0.10 - deps: ipaddr.js@1.0.5 - perf: enable strict mode - deps: range-parser@~1.0.3 - perf: enable strict mode - deps: send@0.13.1 - deps: depd@~1.1.0 - deps: destroy@~1.0.4 - deps: escape-html@~1.0.3 - deps: range-parser@~1.0.3 - deps: serve-static@~1.10.2 - deps: escape-html@~1.0.3 - deps: parseurl@~1.3.0 - deps: send@0.13.1 ### [`v4.13.3`](https://togithub.com/expressjs/express/blob/master/History.md#​4133--2015-08-02) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.2...4.13.3) \=================== - Fix infinite loop condition using `mergeParams: true` - Fix inner numeric indices incorrectly altering parent `req.params` ### [`v4.13.2`](https://togithub.com/expressjs/express/blob/master/History.md#​4132--2015-07-31) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.1...4.13.2) \=================== - deps: accepts@~1.2.12 - deps: mime-types@~2.1.4 - deps: array-flatten@1.1.1 - perf: enable strict mode - deps: path-to-regexp@0.1.7 - Fix regression with escaped round brackets and matching groups - deps: type-is@~1.6.6 - deps: mime-types@~2.1.4 ### [`v4.13.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4131--2015-07-05) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.0...4.13.1) \=================== - deps: accepts@~1.2.10 - deps: mime-types@~2.1.2 - deps: qs@4.0.0 - Fix dropping parameters like `hasOwnProperty` - Fix various parsing edge cases - deps: type-is@~1.6.4 - deps: mime-types@~2.1.2 - perf: enable strict mode - perf: remove argument reassignment ### [`v4.13.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4130--2015-06-20) [Compare Source](https://togithub.com/expressjs/express/compare/4.12.4...4.13.0) \=================== - Add settings to debug output - Fix `res.format` error when only `default` provided - Fix issue where `next('route')` in `app.param` would incorrectly skip values - Fix hiding platform issues with `decodeURIComponent` - Only `URIError`s are a 400 - Fix using `*` before params in routes - Fix using capture groups before params in routes - Simplify `res.cookie` to call `res.append` - Use `array-flatten` module for flattening arrays - deps: accepts@~1.2.9 - deps: mime-types@~2.1.1 - perf: avoid argument reassignment & argument slice - perf: avoid negotiator recursive construction - perf: enable strict mode - perf: remove unnecessary bitwise operator - deps: cookie@0.1.3 - perf: deduce the scope of try-catch deopt - perf: remove argument reassignments - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - Always include entity length in ETags for hash length extensions - Generate non-Stats ETags using MD5 only (no longer CRC32) - Improve stat performance by removing hashing - Improve support for JXcore - Remove base64 padding in ETags to shorten - Support "fake" stats objects in environments without fs - Use MD5 instead of MD4 in weak ETags over 1KB - deps: finalhandler@0.4.0 - Fix a false-positive when unpiping in Node.js 0.8 - Support `statusCode` property on `Error` objects - Use `unpipe` module for unpiping requests - deps: escape-html@1.0.2 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove argument reassignment - deps: fresh@0.3.0 - Add weak `ETag` matching support - deps: on-finished@~2.3.0 - Add defined behavior for HTTP `CONNECT` requests - Add defined behavior for HTTP `Upgrade` requests - deps: ee-first@1.1.1 - deps: path-to-regexp@0.1.6 - deps: send@0.13.0 - Allow Node.js HTTP server to set `Date` response header - Fix incorrectly removing `Content-Location` on 304 response - Improve the default redirect response headers - Send appropriate headers on default error response - Use `http-errors` for standard emitted errors - Use `statuses` instead of `http` module for status messages - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - deps: fresh@0.3.0 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove unnecessary array allocations - deps: serve-static@~1.10.0 - Add `fallthrough` option - Fix reading options from options prototype - Improve the default redirect response headers - Malformed URLs now `next()` instead of 400 - deps: escape-html@1.0.2 - deps: send@0.13.0 - perf: enable strict mode - perf: remove argument reassignment - deps: type-is@~1.6.3 - deps: mime-types@~2.1.1 - perf: reduce try block size - perf: remove bitwise operations - perf: enable strict mode - perf: isolate `app.render` try block - perf: remove argument reassignments in application - perf: remove argument reassignments in request prototype - perf: remove argument reassignments in response prototype - perf: remove argument reassignments in routing - perf: remove argument reassignments in `View` - perf: skip attempting to decode zero length string - perf: use saved reference to `http.STATUS_CODES` ### [`v4.12.4`](https://togithub.com/expressjs/express/blob/master/History.md#​4124--2015-05-17) [Compare Source](https://togithub.com/expressjs/express/compare/4.12.3...4.12.4) \=================== - deps: accepts@~1.2.7 - deps: mime-types@~2.0.11 - deps: negotiator@0.5.3 - deps: debug@~2.2.0 - deps: ms@0.7.1 - deps: depd@~1.0.1 - deps: etag@~1.6.0 - Improve support for JXcore - Support "fake" stats objects in environments without `fs` - deps: finalhandler@0.3.6 - deps: debug@~2.2.0 - deps: on-finished@~2.2.1 - deps: on-finished@~2.2.1 - Fix `isFinished(req)` when data buffered - deps: proxy-addr@~1.0.8 - deps: ipaddr.js@1.0.1 - deps: qs@2.4.2 - Fix allowing parameters like `constructor` - deps: send@0.12.3 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: etag@~1.6.0 - deps: ms@0.7.1 - deps: on-finished@~2.2.1 - deps: serve-static@~1.9.3 - deps: send@0.12.3 - deps: type-is@~1.6.2 - deps: mime-types@~2.0.11 ### [`v4.12.3`](https://togithub.com/expressjs/express/blob/master/History.md#​4123--2015-03-17) [Compare Source](https://togithub.com/expressjs/express/compare/4.12.2...4.12.3) \=================== - deps: accepts@~1.2.5 - deps: mime-types@~2.0.10 - deps: debug@~2.1.3 - Fix high intensity foreground color for bold - deps: ms@0.7.0 - deps: finalhandler@0.3.4 - deps: debug@~2.1.3 - deps: proxy-addr@~1.0.7 - deps: ipaddr.js@0.1.9 - deps: qs@2.4.1 - Fix error when parameter `hasOwnProperty` is present - deps: send@0.12.2 - Throw errors early for invalid `extensions` or `index` options - deps: debug@~2.1.3 - deps: serve-static@~1.9.2 - deps: send@0.12.2 - deps: type-is@~1.6.1 - deps: mime-types@~2.0.10 ### [`v4.12.2`](https://togithub.com/expressjs/express/blob/master/History.md#​4122--2015-03-02) [Compare Source](https://togithub.com/expressjs/express/compare/4.12.1...4.12.2) \=================== - Fix regression where `"Request aborted"` is logged using `res.sendFile` ### [`v4.12.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4121--2015-03-01) [Compare Source](https://togithub.com/expressjs/express/compare/4.12.0...4.12.1) \=================== - Fix constructing application with non-configurable prototype properties - Fix `ECONNRESET` errors from `res.sendFile` usage - Fix `req.host` when using "trust proxy" hops count - Fix `req.protocol`/`req.secure` when using "trust proxy" hops count - Fix wrong `code` on aborted connections from `res.sendFile` - deps: merge-descriptors@1.0.0 ### [`v4.12.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4120--2015-02-23) [Compare Source](https://togithub.com/expressjs/express/compare/4.11.2...4.12.0) \=================== - Fix `"trust proxy"` setting to inherit when app is mounted - Generate `ETag`s for all request responses - No longer restricted to only responses for `GET` and `HEAD` requests - Use `content-type` to parse `Content-Type` headers - deps: accepts@~1.2.4 - Fix preference sorting to be stable for long acceptable lists - deps: mime-types@~2.0.9 - deps: negotiator@0.5.1 - deps: cookie-signature@1.0.6 - deps: send@0.12.1 - Always read the stat size from the file - Fix mutating passed-in `options` - deps: mime@1.3.4 - deps: serve-static@~1.9.1 - deps: send@0.12.1 - deps: type-is@~1.6.0 - fix argument reassignment - fix false-positives in `hasBody` `Transfer-Encoding` check - support wildcard for both type and subtype (`*/*`) - deps: mime-types@~2.0.9 ### [`v4.11.2`](https://togithub.com/expressjs/express/blob/master/History.md#​4112--2015-02-01) [Compare Source](https://togithub.com/expressjs/express/compare/4.11.1...4.11.2) \=================== - Fix `res.redirect` double-calling `res.end` for `HEAD` requests - deps: accepts@~1.2.3 - deps: mime-types@~2.0.8 - deps: proxy-addr@~1.0.6 - deps: ipaddr.js@0.1.8 - deps: type-is@~1.5.6 - deps: mime-types@~2.0.8 ### [`v4.11.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4111--2015-01-20) [Compare Source](https://togithub.com/expressjs/express/compare/4.11.0...4.11.1) \=================== - deps: send@0.11.1 - Fix root path disclosure - deps: serve-static@~1.8.1 - Fix redirect loop in Node.js 0.11.14 - Fix root path disclosure - deps: send@0.11.1 ### [`v4.11.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4110--2015-01-13) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.8...4.11.0) \=================== - Add `res.append(field, val)` to append headers - Deprecate leading `:` in `name` for `app.param(name, fn)` - Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead - Deprecate `app.param(fn)` - Fix `OPTIONS` responses to include the `HEAD` method properly - Fix `res.sendFile` not always detecting aborted connection - Match routes iteratively to prevent stack overflows - deps: accepts@~1.2.2 - deps: mime-types@~2.0.7 - deps: negotiator@0.5.0 - deps: send@0.11.0 - deps: debug@~2.1.1 - deps: etag@~1.5.1 - deps: ms@0.7.0 - deps: on-finished@~2.2.0 - deps: serve-static@~1.8.0 - deps: send@0.11.0 ### [`v4.10.8`](https://togithub.com/expressjs/express/blob/master/History.md#​4108--2015-01-13) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.7...4.10.8) \=================== - Fix crash from error within `OPTIONS` response handler - deps: proxy-addr@~1.0.5 - deps: ipaddr.js@0.1.6 ### [`v4.10.7`](https://togithub.com/expressjs/express/blob/master/History.md#​4107--2015-01-04) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.6...4.10.7) \=================== - Fix `Allow` header for `OPTIONS` to not contain duplicate methods - Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304 - deps: debug@~2.1.1 - deps: finalhandler@0.3.3 - deps: debug@~2.1.1 - deps: on-finished@~2.2.0 - deps: methods@~1.1.1 - deps: on-finished@~2.2.0 - deps: serve-static@~1.7.2 - Fix potential open redirect when mounted at root - deps: type-is@~1.5.5 - deps: mime-types@~2.0.7 ### [`v4.10.6`](https://togithub.com/expressjs/express/blob/master/History.md#​4106--2014-12-12) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.5...4.10.6) \=================== - Fix exception in `req.fresh`/`req.stale` without response headers ### [`v4.10.5`](https://togithub.com/expressjs/express/blob/master/History.md#​4105--2014-12-10) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.4...4.10.5) \=================== - Fix `res.send` double-calling `res.end` for `HEAD` requests - deps: accepts@~1.1.4 - deps: mime-types@~2.0.4 - deps: type-is@~1.5.4 - deps: mime-types@~2.0.4 ### [`v4.10.4`](https://togithub.com/expressjs/express/blob/master/History.md#​4104--2014-11-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.3...4.10.4) \=================== - Fix `res.sendfile` logging standard write errors ### [`v4.10.3`](https://togithub.com/expressjs/express/blob/master/History.md#​4103--2014-11-23) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.2...4.10.3) \=================== - Fix `res.sendFile` logging standard write errors - deps: etag@~1.5.1 - deps: proxy-addr@~1.0.4 - deps: ipaddr.js@0.1.5 - deps: qs@2.3.3 - Fix `arrayLimit` behavior ### [`v4.10.2`](https://togithub.com/expressjs/express/blob/master/History.md#​4102--2014-11-09) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.1...4.10.2) \=================== - Correctly invoke async router callback asynchronously - deps: accepts@~1.1.3 - deps: mime-types@~2.0.3 - deps: type-is@~1.5.3 - deps: mime-types@~2.0.3 ### [`v4.10.1`](https://togithub.com/expressjs/express/blob/master/History.md#​4101--2014-10-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.10.0...4.10.1) \=================== - Fix handling of URLs containing `://` in the path - deps: qs@2.3.2 - Fix parsing of mixed objects and values ### [`v4.10.0`](https://togithub.com/expressjs/express/blob/master/History.md#​4100--2014-10-23) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.8...4.10.0) \=================== - Add support for `app.set('views', array)` - Views are looked up in sequence in array of directories - Fix `res.send(status)` to mention `res.sendStatus(status)` - Fix handling of invalid empty URLs - Use `content-disposition` module for `res.attachment`/`res.download` - Sends standards-compliant `Content-Disposition` header - Full Unicode support - Use `path.resolve` in view lookup - deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support - deps: depd@~1.0.0 - deps: etag@~1.5.0 - Improve string performance - Slightly improve speed for weak ETags over 1KB - deps: finalhandler@0.3.2 - Terminate in progress response only on error - Use `on-finished` to determine request status - deps: debug@~2.1.0 - deps: on-finished@~2.1.1 - deps: on-finished@~2.1.1 - Fix handling of pipelined requests - deps: qs@2.3.0 - Fix parsing of mixed implicit and explicit arrays - deps: send@0.10.1 - deps: debug@~2.1.0 - deps: depd@~1.0.0 - deps: etag@~1.5.0 - deps: on-finished@~2.1.1 - deps: serve-static@~1.7.1 - deps: send@0.10.1 ### [`v4.9.8`](https://togithub.com/expressjs/express/blob/master/History.md#​498--2014-10-17) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.7...4.9.8) \================== - Fix `res.redirect` body when redirect status specified - deps: accepts@~1.1.2 - Fix error when media type has invalid parameter - deps: negotiator@0.4.9 ### [`v4.9.7`](https://togithub.com/expressjs/express/blob/master/History.md#​497--2014-10-10) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.6...4.9.7) \================== - Fix using same param name in array of paths ### [`v4.9.6`](https://togithub.com/expressjs/express/blob/master/History.md#​496--2014-10-08) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.5...4.9.6) \================== - deps: accepts@~1.1.1 - deps: mime-types@~2.0.2 - deps: negotiator@0.4.8 - deps: serve-static@~1.6.4 - Fix redirect loop when index file serving disabled - deps: type-is@~1.5.2 - deps: mime-types@~2.0.2 ### [`v4.9.5`](https://togithub.com/expressjs/express/blob/master/History.md#​495--2014-09-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.4...4.9.5) \================== - deps: etag@~1.4.0 - deps: proxy-addr@~1.0.3 - Use `forwarded` npm module - deps: send@0.9.3 - deps: etag@~1.4.0 - deps: serve-static@~1.6.3 - deps: send@0.9.3 ### [`v4.9.4`](https://togithub.com/expressjs/express/blob/master/History.md#​494--2014-09-19) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.3...4.9.4) \================== - deps: qs@2.2.4 - Fix issue with object keys starting with numbers truncated ### [`v4.9.3`](https://togithub.com/expressjs/express/blob/master/History.md#​493--2014-09-18) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.2...4.9.3) \================== - deps: proxy-addr@~1.0.2 - Fix a global leak when multiple subnets are trusted - deps: ipaddr.js@0.1.3 ### [`v4.9.2`](https://togithub.com/expressjs/express/blob/master/History.md#​492--2014-09-17) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.1...4.9.2) \================== - Fix regression for empty string `path` in `app.use` - Fix `router.use` to accept array of middleware without path - Improve error message for bad `app.use` arguments ### [`v4.9.1`](https://togithub.com/expressjs/express/blob/master/History.md#​491--2014-09-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.9.0...4.9.1) \================== - Fix `app.use` to accept array of middleware without path - deps: depd@0.4.5 - deps: etag@~1.3.1 - deps: send@0.9.2 - deps: depd@0.4.5 - deps: etag@~1.3.1 - deps: range-parser@~1.0.2 - deps: serve-static@~1.6.2 - deps: send@0.9.2 ### [`v4.9.0`](https://togithub.com/expressjs/express/blob/master/History.md#​490--2014-09-08) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.8...4.9.0) \================== - Add `res.sendStatus` - Invoke callback for sendfile when client aborts - Applies to `res.sendFile`, `res.sendfile`, and `res.download` - `err` will be populated with request aborted error - Support IP address host in `req.subdomains` - Use `etag` to generate `ETag` headers - deps: accepts@~1.1.0 - update `mime-types` - deps: cookie-signature@1.0.5 - deps: debug@~2.0.0 - deps: finalhandler@0.2.0 - Set `X-Content-Type-Options: nosniff` header - deps: debug@~2.0.0 - deps: fresh@0.2.4 - deps: media-typer@0.3.0 - Throw error when parameter format invalid on parse - deps: qs@2.2.3 - Fix issue where first empty value in array is discarded - deps: range-parser@~1.0.2 - deps: send@0.9.1 - Add `lastModified` option - Use `etag` to generate `ETag` header - deps: debug@~2.0.0 - deps: fresh@0.2.4 - deps: serve-static@~1.6.1 - Add `lastModified` option - deps: send@0.9.1 - deps: type-is@~1.5.1 - fix `hasbody` to be true for `content-length: 0` - deps: media-typer@0.3.0 - deps: mime-types@~2.0.1 - deps: vary@~1.0.0 - Accept valid `Vary` header string as `field` ### [`v4.8.8`](https://togithub.com/expressjs/express/blob/master/History.md#​488--2014-09-04) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.7...4.8.8) \================== - deps: send@0.8.5 - Fix a path traversal issue when using `root` - Fix malicious path detection for empty string path - deps: serve-static@~1.5.4 - deps: send@0.8.5 ### [`v4.8.7`](https://togithub.com/expressjs/express/blob/master/History.md#​487--2014-08-29) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.6...4.8.7) \================== - deps: qs@2.2.2 - Remove unnecessary cloning ### [`v4.8.6`](https://togithub.com/expressjs/express/blob/master/History.md#​486--2014-08-27) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.5...4.8.6) \================== - deps: qs@2.2.0 - Array parsing fix - Performance improvements ### [`v4.8.5`](https://togithub.com/expressjs/express/blob/master/History.md#​485--2014-08-18) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.4...4.8.5) \================== - deps: send@0.8.3 - deps: destroy@1.0.3 - deps: on-finished@2.1.0 - deps: serve-static@~1.5.3 - deps: send@0.8.3 ### [`v4.8.4`](https://togithub.com/expressjs/express/blob/master/History.md#​484--2014-08-14) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.3...4.8.4) \================== - deps: qs@1.2.2 - deps: send@0.8.2 - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream` - deps: serve-static@~1.5.2 - deps: send@0.8.2 ### [`v4.8.3`](https://togithub.com/expressjs/express/blob/master/History.md#​483--2014-08-10) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.2...4.8.3) \================== - deps: parseurl@~1.3.0 - deps: qs@1.2.1 - deps: serve-static@~1.5.1 - Fix parsing of weird `req.originalUrl` values - deps: parseurl@~1.3.0 - deps: utils-merge@1.0.0 ### [`v4.8.2`](https://togithub.com/expressjs/express/blob/master/History.md#​482--2014-08-07) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.1...4.8.2) \================== - deps: qs@1.2.0 - Fix parsing array of objects ### [`v4.8.1`](https://togithub.com/expressjs/express/blob/master/History.md#​481--2014-08-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.8.0...4.8.1) \================== - fix incorrect deprecation warnings on `res.download` - deps: qs@1.1.0 - Accept urlencoded square brackets - Accept empty values in implicit array notation ### [`v4.8.0`](https://togithub.com/expressjs/express/blob/master/History.md#​480--2014-08-05) [Compare Source](https://togithub.com/expressjs/express/compare/4.7.4...4.8.0) \================== - add `res.sendFile` - accepts a file system path instead of a URL - requires an absolute path or `root` option specified - deprecate `res.sendfile` -- use `res.sendFile` instead - support mounted app as any argument to `app.use()` - deps: qs@1.0.2 - Complete rewrite - Limits array length to 20 - Limits object depth to 5 - Limits parameters to 1,000 - deps: send@0.8.1 - Add `extensions` option - deps: serve-static@~1.5.0 - Add `extensions` option - deps: send@0.8.1 ### [`v4.7.4`](https://togithub.com/expressjs/express/blob/master/History.md#​474--2014-08-04) [Compare Source](https://togithub.com/expressjs/express/compare/4.7.3...4.7.4) \================== - fix `res.sendfile` regression for serving directory index files - deps: send@0.7.4 - Fix incorrect 403 on Windows and Node.js 0.11 - Fix serving index files without root dir - deps: serve-static@~1.4.4 - deps: send@0.7.4 ### [`v4.7.3`](https://togithub.com/expressjs/express/blob/master/History.md#​473--2014-08-04) [Compare Source](https://togithub.com/expressjs/express/compare/4.7.2...4.7.3) \================== - deps: send@0.7.3 - Fix incorrect 403 on Windows and Node.js 0.11 - deps: serve-static@~1.4.3 - Fix incorrect 403 on Windows and Node.js 0.11 - deps: send@0.7.3 ### [`v4.7.2`](https://togithub.com/expressjs/express/blob/master/History.md#​472--2014-07-27) [Compare Source](https://togithub.com/expressjs/express/compare/4.7.1...4.7.2) \================== - deps: depd@0.4.4 - Work-around v8 generating empty stack traces - deps: send@0.7.2 - deps: depd@0.4.4 - deps: serve-static@~1.4.2 ### [`v4.7.1`](https://togithub.com/expressjs/express/blob/master/History.md#​471--2014-07-26) [Compare Source](https://togithub.com/expressjs/express/compare/4.7.0...4.7.1) \================== - deps: depd@0.4.3 - Fix exception when global `Error.stackTraceLimit` is too low - deps: send@0.7.1 - deps: depd@0.4.3 - deps: serve-static@~1.4.1 ### [`v4.7.0`](https://togithub.com/expressjs/express/blob/master/History.md#​470--2014-07-25) [Compare Source](https://togithub.com/expressjs/express/compare/4.6.1...4.7.0) \================== - fix `req.protocol` for proxy-direct connections - configurable query parser with `app.set('query parser', parser)` - `app.set('query parser', 'extended')` parse with "qs" module - `app.set('query parser', 'simple')` parse with "querystring" core module - `app.set('query parser', false)` disable query string parsing - `app.set('query parser', true)` enable simple parsing - deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead - deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead - deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead - deps: debug@1.0.4 - deps: depd@0.4.2 - Add `TRACE_DEPRECATION` environment variable - Remove non-standard grey color from color output - Support `--no-deprecation` argument - Support `--trace-deprecation` argument - deps: finalhandler@0.1.0 - Respond after request fully read - deps: debug@1.0.4 - deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` - deps: send@0.7.0 - Add `dotfiles` option - Cap `maxAge` value to 1 year - deps: debug@1.0.4 - deps: depd@0.4.2 - deps: serve-static@~1.4.0 - deps: parseurl@~1.2.0 - deps: send@0.7.0 - perf: prevent multiple `Buffer` creation in `res.send` ### [`v4.6.1`](https://togithub.com/expressjs/express/blob/master/History.md#​461--2014-07-12) [Compare Source](https://togithub.com/expressjs/express/compare/4.6.0...4.6.1) \================== - fix `subapp.mountpath` regression for `app.use(subapp)` ### [`v4.6.0`](https://togithub.com/expressjs/express/blob/master/History.md#​460--2014-07-11) [Compare Source](https://togithub.com/expressjs/express/compare/4.5.1...4.6.0) \================== - accept multiple callbacks to `app.use()` - add explicit "Rosetta Flash JSONP abuse" protection - previous versions are not vulnerable; this is just explicit protection - catch errors in multiple `req.param(name, fn)` handlers - deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead - fix `res.send(status, num)` to send `num` as json (not error) - remove unnecessary escaping when `res.jsonp` returns JSON response - support non-string `path` in `app.use(path, fn)` - supports array of paths - supports `RegExp` - router: fix optimization on router exit - router: refactor location of `try` blocks - router: speed up standard `app.use(fn)` - deps: debug@1.0.3 - Add support for multiple wildcards in namespaces - deps: finalhandler@0.0.3 - deps: debug@1.0.3 - deps: methods@1.1.0 - add `CONNECT` - deps: parseurl@~1.1.3 - faster parsing of href-only URLs - deps: path-to-regexp@0.1.3 - deps: send@0.6.0 - deps: debug@1.0.3 - deps: serve-static@~1.3.2 - deps: parseurl@~1.1.3 - deps: send@0.6.0 - perf: fix arguments reassign deopt in some `res` methods ### [`v4.5.1`](https://togithub.com/expressjs/express/blob/master/History.md#​451--2014-07-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.5.0...4.5.1) \================== - fix routing regression when altering `req.method` ### [`v4.5.0`](https://togithub.com/expressjs/express/blob/master/History.md#​450--2014-07-04) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.5...4.5.0) \================== - add deprecation message to non-plural `req.accepts*` - add deprecation message to `res.send(body, status)` - add deprecation message to `res.vary()` - add `headers` option to `res.sendfile` - use to set headers on successful file transfer - add `mergeParams` option to `Router` - merges `req.params` from parent routes - add `req.hostname` -- correct name for what `req.host` returns - deprecate things with `depd` module - deprecate `req.host` -- use `req.hostname` instead - fix behavior when handling request without routes - fix handling when `route.all` is only route - invoke `router.param()` only when route matches - restore `req.params` after invoking router - use `finalhandler` for final response handling - use `media-typer` to alter content-type charset - deps: accepts@~1.0.7 - deps: send@0.5.0 - Accept string for `maxage` (converted by `ms`) - Include link in default redirect response - deps: serve-static@~1.3.0 - Accept string for `maxAge` (converted by `ms`) - Add `setHeaders` option - Include HTML link in redirect response - deps: send@0.5.0 - deps: type-is@~1.3.2 ### [`v4.4.5`](https://togithub.com/expressjs/express/blob/master/History.md#​445--2014-06-26) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.4...4.4.5) \================== - deps: cookie-signature@1.0.4 - fix for timing attacks ### [`v4.4.4`](https://togithub.com/expressjs/express/blob/master/History.md#​444--2014-06-20) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.3...4.4.4) \================== - fix `res.attachment` Unicode filenames in Safari - fix "trim prefix" debug message in `express:router` - deps: accepts@~1.0.5 - deps: buffer-crc32@​0.2.3 ### [`v4.4.3`](https://togithub.com/expressjs/express/blob/master/History.md#​443--2014-06-11) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.2...4.4.3) \================== - fix persistence of modified `req.params[name]` from `app.param()` - deps: accepts@1.0.3 - deps: negotiator@0.4.6 - deps: debug@1.0.2 - deps: send@0.4.3 - Do not throw uncatchable error on file open race condition - Use `escape-html` for HTML escaping - deps: debug@1.0.2 - deps: finished@1.2.2 - deps: fresh@0.2.2 - deps: serve-static@1.2.3 - Do not throw uncatchable error on file open race condition - deps: send@0.4.3 ### [`v4.4.2`](https://togithub.com/expressjs/express/blob/master/History.md#​442--2014-06-09) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.1...4.4.2) \================== - fix catching errors from top-level handlers - use `vary` module for `res.vary` - deps: debug@1.0.1 - deps: proxy-addr@1.0.1 - deps: send@0.4.2 - fix "event emitter leak" warnings - deps: debug@1.0.1 - deps: finished@1.2.1 - deps: serve-static@1.2.2 - fix "event emitter leak" warnings - deps: send@0.4.2 - deps: type-is@1.2.1 ### [`v4.4.1`](https://togithub.com/expressjs/express/blob/master/History.md#​441--2014-06-02) [Compare Source](https://togithub.com/expressjs/express/compare/4.4.0...4.4.1) \================== - deps: methods@1.0.1 - deps: send@0.4.1 - Send `max-age` in `Cache-Control` in correct format - deps: serve-static@1.2.1 - use `escape-html` for escaping - deps: send@0.4.1 ### [`v4.4.0`](https://togithub.com/expressjs/express/blob/master/History.md#​440--2014-05-30) [Compare Source](https://togithub.com/expressjs/express/compare/4.3.2...4.4.0) \================== - custom etag control with `app.set('etag', val)` - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation - `app.set('etag', 'weak')` weak tag - `app.set('etag', 'strong')` strong etag - `app.set('etag', false)` turn off - `app.set('etag', true)` standard etag - mark `res.send` ETag as weak and reduce collisions - update accepts to 1.0.2 - Fix interpretation when header not in request - update send to 0.4.0 - Calculate ETag with md5 for reduced collisions - Ignore stream errors after request ends - deps: debug@0.8.1 - update serve-static to 1.2.0 - Calculate ETag with md5 for reduced collisions - Ignore stream errors after request ends - deps: send@0.4.0 ### [`v4.3.2`](https://togithub.com/expressjs/express/blob/master/History.md#​432--2014-05-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.3.1...4.3.2) \================== - fix handling of errors from `router.param()` callbacks ### [`v4.3.1`](https://togithub.com/expressjs/express/blob/master/History.md#​431--2014-05-23) [Compare Source](https://togithub.com/expressjs/express/compare/4.3.0...4.3.1) \================== - revert "fix behavior of multiple `app.VERB` for the same path" - this caused a regression in the order of route execution ### [`v4.3.0`](https://togithub.com/expressjs/express/blob/master/History.md#​430--2014-05-21) [Compare Source](https://togithub.com/expressjs/express/compare/4.2.0...4.3.0) \================== - add `req.baseUrl` to access the path stripped from `req.url` in routes - fix behavior of multiple `app.VERB` for the same path - fix issue routing requests among sub routers - invoke `router.param()` only when necessary instead of every match - proper proxy trust with `app.set('trust proxy', trust)` - `app.set('trust proxy', 1)` trust first hop - `app.set('trust proxy', 'loopback')` trust loopback addresses - `app.set('trust proxy', '10.0.0.1')` trust single IP - `app.set('trust proxy', '10.0.0.1/16')` trust subnet - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list - `app.set('trust proxy', false)` turn off - `app.set('trust proxy', true)` trust everything - set proper `charset` in `Content-Type` for `res.send` - update type-is to 1.2.0 - support suffix matching ### [`v4.2.0`](https://togithub.com/expressjs/express/blob/master/History.md#​420--2014-05-11) [Compare Source](https://togithub.com/expressjs/express/compare/4.1.2...4.2.0) \================== - deprecate `app.del()` -- use `app.delete()` instead - deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead - the edge-case `res.json(status, num)` requires `res.status(status).json(num)` - deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)` - fix `req.next` when inside router instance - include `ETag` header in `HEAD` requests - keep previous `Content-Type` for `res.jsonp` - support PURGE method - add `app.purge` - add `router.purge` - include PURGE in `app.all` - update debug to 0.8.0 - add `enable()` method - change from stderr to stdout - update methods to 1.0.0 - add PURGE ### [`v4.1.2`](https://togithub.com/expressjs/express/blob/master/History.md#​412--2014-05-08) [Compare Source](https://togithub.com/expressjs/express/compare/4.1.1...4.1.2) \================== - fix `req.host` for IPv6 literals - fix `res.jsonp` error if callback param is object ### [`v4.1.1`](https://togithub.com/expressjs/express/blob/master/History.md#​411--2014-04-27) [Compare Source](https://togithub.com/expressjs/express/compare/4.1.0...4.1.1) \================== - fix package.json to reflect supported node version ### [`v4.1.0`](https://togithub.com/expressjs/express/blob/master/History.md#​410--2014-04-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.0.0...4.1.0) \================== - pass options from `res.sendfile` to `send` - preserve casing of headers in `res.header` and `res.set` - support unicode file names in `res.attachment` and `res.download` - update accepts to 1.0.1 - deps: negotiator@0.4.0 - update cookie to 0.1.2 - Fix for maxAge == 0 - made compat with expires field - update send to 0.3.0 - Accept API options in options object - Coerce option types - Control whether to generate etags - Default directory access to 403 when index disabled - Fix sending files with dots without root set - Include file path in etag - Make "Can't set headers after they are sent." catchable - Send full entity-body for multi range requests - Set etags to "weak" - Support "If-Range" header - Support multiple index paths - deps: mime@1.2.11 - update serve-static to 1.1.0 - Accept options directly to `send` module - Resolve relative paths at middleware setup - Use parseurl to parse the URL from request - deps: send@0.3.0 - update type-is to 1.1.0 - add non-array values support - add `multipart` as a shorthand ### [`v4.0.0`](https://togithub.com/expressjs/express/blob/master/History.md#​400--2014-04-09) [Compare Source](https://togithub.com/expressjs/express/compare/3.21.2...4.0.0) \================== - remove: - node 0.8 support - connect and connect's patches except for charset handling - express(1) - moved to [express-generator](https://togithub.com/expressjs/generator) - `express.createServer()` - it has been deprecated for a long time. Use `express()` - `app.configure` - use logic in your own app code - `app.router` - is removed - `req.auth` - use `basic-auth` instead - `req.accepted*` - use `req.accepts*()` instead - `res.location` - relative URL resolution is removed - `res.charset` - include the charset in the content type when using `res.set()` - all bundled middleware except `static` - change: - `app.route` -> `app.mountpath` when mounting an express app in another express app - `json spaces` no longer enabled by default in development - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings` - `req.params` is now an object instead of an array - `res.locals` is no longer a function. It is a plain js object. Treat it as such. - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object - refactor: - `req.accepts*` with [accepts](https://togithub.com/expressjs/accepts) - `req.is` with [type-is](https://togithub.com/expressjs/type-is) - [path-to-regexp](https://togithub.com/component/path-to-regexp) - add: - `app.router()` - returns the app Router instance - `app.route()` - Proxy to the app's `Router#route()` method to create a new route - Router & Route - public API ### [`v3.21.2`](https://togithub.com/expressjs/express/blob/master/History.md#​3212--2015-07-31) [Compare Source](https://togithub.com/expressjs/express/compare/3.21.1...3.21.2) \=================== - deps: connect@2.30.2 - deps: body-parser@~1.13.3 - deps: compression@~1.5.2 - deps: errorhandler@~1.4.2 - deps: method-override@~2.3.5 - deps: serve-index@~1.7.2 - deps: type-is@~1.6.6 - deps: vhost@~3.0.1 - deps: vary@~1.0.1 - Fix setting empty header from empty `field` - perf: enable strict mode - perf: remove argument reassignments ### [`v3.21.1`](https://togithub.com/expressjs/express/blob/master/History.md#​3211--2015-07-05) [Compare Source](https://togithub.com/expressjs/express/compare/3.21.0...3.21.1) \=================== - deps: basic-auth@~1.0.3 - deps: connect@2.30.1 - deps: body-parser@~1.13.2 - deps: compression@~1.5.1 - deps: errorhandler@~1.4.1 - deps: morgan@~1.6.1 - deps: pause@0.1.0 - deps: qs@4.0.0 - deps: serve-index@~1.7.1 - deps: type-is@~1.6.4 ### [`v3.21.0`](https://togithub.com/expressjs/express/blob/master/History.md#​3210--2015-06-18) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.3...3.21.0) \=================== - deps: basic-auth@1.0.2 - perf: enable strict mode - perf: hoist regular expression - perf: parse with regular expressions - perf: remove argument reassignment - deps: connect@2.30.0 - deps: body-parser@~1.13.1 - deps: bytes@2.1.0 - deps: compression@~1.5.0 - deps: cookie@0.1.3 - deps: cookie-parser@~1.3.5 - deps: csurf@~1.8.3 - deps: errorhandler@~1.4.0 - deps: express-session@~1.11.3 - deps: finalhandler@0.4.0 - deps: fresh@0.3.0 - deps: morgan@~1.6.0 - deps: serve-favicon@~2.3.0 - deps: serve-index@~1.7.0 - deps: serve-static@~1.10.0 - deps: type-is@~1.6.3 - deps: cookie@0.1.3 - perf: deduce the scope of try-catch deopt - perf: remove argument reassignments - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - Always include entity length in ETags for hash length extensions - Generate non-Stats ETags using MD5 only (no longer CRC32) - Improve stat performance by removing hashing - Improve support for JXcore - Remove base64 padding in ETags to shorten - Support "fake" stats objects in environments without fs - Use MD5 instead of MD4 in weak ETags over 1KB - deps: fresh@0.3.0 - Add weak `ETag` matching support - deps: mkdirp@0.5.1 - Work in global strict mode - deps: send@0.13.0 - Allow Node.js HTTP server to set `Date` response header - Fix incorrectly removing `Content-Location` on 304 response - Improve the default redirect response headers - Send appropriate headers on default error response - Use `http-errors` for standard emitted errors - Use `statuses` instead of `http` module for status messages - deps: escape-html@1.0.2 - deps: etag@~1.7.0 - deps: fresh@0.3.0 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove unnecessary array allocations ### [`v3.20.3`](https://togithub.com/expressjs/express/blob/master/History.md#​3203--2015-05-17) [Compare Source](https://togithub.com/expressjs/express/compare/3.20.2...3.20.3) \=================== - deps: connect@2.29.2 - deps: body-parser@~1.12.4 - deps: compression@~1.4.4 - deps: connect-timeout@~1.6.2 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: errorhandler@~1.3.6 - deps: finalhandler@0.3.6 - deps: method-override@~2.3.3 - deps: morg