Bump express from 4.19.2 to 5.0.0 (!34) · Merge requests · tools / infra / zeroscale

Merged Dependabot requested to merge dependabot-npm_and_yarn-express-5.0.0 into master 7 months ago

Bumps express from 4.19.2 to 5.0.0.

Release notes

5.0.0

What's Changed

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

Use object with null prototype for various app properties by @EvanHahn in expressjs/express#4861

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

Call callback once on listen error by @wesleytodd in expressjs/express#3216

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

Throw on invalid status codes by @jonchurch in expressjs/express#4212

Use Array.flat instead of array-flatten by @almic in expressjs/express#5677

Adopt Node@18 as the minimum supported version by @UlisesGascon in expressjs/express#5803

Ignore expires and maxAge in res.clearCookie() by @jonchurch in expressjs/express#5792

send@1.0.0 by @wesleytodd in expressjs/express#5786

chore: upgrade debug dep from 3.10 to 4.3.6 by @carpasse in expressjs/express#5829

refactor: replace 'path-is-absolute' dep with node:path isAbsolute method by @carpasse in expressjs/express#5830

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

5.x: Upgrading merge-descriptors with allowing minors by @RobinTail in expressjs/express#5782

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

WIP: serve-static@2 by @wesleytodd in expressjs/express#5790

chore: upgrade qs dp from 6.11.0 to 6.13.0 by @carpasse in expressjs/express#5847

Upgrade cookie signature by @IamLizu in expressjs/express#5833

accepts@2 by @wesleytodd in expressjs/express#5881

mime-types@3 by @wesleytodd in expressjs/express#5882

type-is@^2.0.0 by @wesleytodd in expressjs/express#5883

content-disposition@^1.0.0 by @wesleytodd in expressjs/express#5884

... (truncated)

Changelog

Sourced from express's changelog.

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

change:

res.clearCookie will ignore user provided maxAge and expires options

deps: cookie-signature@^1.2.1

deps: debug@4.3.6

deps: merge-descriptors@^2.0.0

deps: serve-static@^2.1.0

deps: qs@6.13.0

deps: accepts@^2.0.0

deps: mime-types@^3.0.0

application/javascript => text/javascript

deps: type-is@^2.0.0

deps: content-disposition@^1.0.0

deps: finalhandler@^2.0.0

deps: fresh@^2.0.0

deps: body-parser@^2.0.1

deps: send@^1.1.0

5.0.0-beta.3 / 2024-03-25

This incorporates all changes after 4.19.1 up to 4.19.2.

5.0.0-beta.2 / 2024-03-20

This incorporates all changes after 4.17.2 up to 4.19.1.

5.0.0-beta.1 / 2022-02-14

This is the first Express 5.0 beta release, based off 4.17.2 and includes changes from 5.0.0-alpha.8.

change:

Default "query parser" setting to 'simple'

Requires Node.js 4+

Use mime-types for file to content type mapping

deps: array-flatten@3.0.0

deps: body-parser@2.0.0-beta.1

req.body is no longer always initialized to {}