Skip to content

chore(deps): update dependency express to v5 (app/package.json) (main) #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ivankatliarchuk wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency express to v5 (app/package.json) (main) #120

ivankatliarchuk wants to merge 1 commit into from

Conversation

@ivankatliarchuk
Copy link
Member

@ivankatliarchuk ivankatliarchuk commented Apr 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
express (source) dependencies major 4.18.1 -> 5.1.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

expressjs/express (express)

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: [email protected]
  • deps: [email protected]

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: [email protected]
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: [email protected]
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: [email protected]
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

v4.21.2

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

v4.20.0

Compare Source

==========

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

  • Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

  • Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

v4.18.3

Compare Source

==========

v4.18.2

Compare Source

===================

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@ivankatliarchuk ivankatliarchuk added dependencies A PR that updates dependencies - used by Release Drafter deps js renovate Universal dependency update tool rule::1 type::major datasource::npm manager:npm labels Apr 1, 2025
@ivankatliarchuk ivankatliarchuk self-assigned this Apr 1, 2025
@github-actions
Copy link

github-actions bot commented Apr 1, 2025

@ivankatliarchuk: There are no 'kind' label on this PR. You need a 'kind' label.
Label can be added by writing in a comment ⬇️

  • /kind feature
  • /kind fix
  • /kind chore
  • /kind docs
  • /kind refactor
  • /kind github
  • /kind security
  • /kind question
Details

I am a bot created to help the cloudkats developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the DeFiCh/oss-governance-bot repository.

@ivankatliarchuk ivankatliarchuk force-pushed the renovate/main-app-express-5.x branch from 84909b4 to 7757a6a Compare April 4, 2025 04:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ivankatliarchuk ivankatliarchuk

Labels

datasource::npm dependencies A PR that updates dependencies - used by Release Drafter deps js manager:npm needs/kind renovate Universal dependency update tool rule::1 type::major

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ivankatliarchuk