Skip to content

fix(deps): update dependency express to v5#534

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/express-5.x
Open

fix(deps): update dependency express to v5#534
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/express-5.x

Conversation

@renovate

@renovate renovate Bot commented Mar 31, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
express (source) ^4.18.2^5.0.0 age confidence

Release Notes

expressjs/express (express)

v5.2.1

Compare Source

=======================

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

v5.2.0

Compare Source

========================

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@​1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@​4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@​6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

v4.22.2

Compare Source

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: expressjs/express@v4.22.1...v4.22.2

v4.22.1

Compare Source

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

v4.22.0

Compare Source

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sonarqubecloud

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Mar 31, 2025

Copy link
Copy Markdown
Contributor

Coverage Report for ./server/

Status Category Percentage Covered / Total
🟢 Lines 79.35% (🎯 60%) 223 / 281
🟢 Statements 79.35% (🎯 60%) 223 / 281
🟢 Functions 100% (🎯 60%) 8 / 8
🟢 Branches 68.65% (🎯 60%) 46 / 67
File CoverageNo changed files found.
Generated in workflow #1076 for commit 65c7fb5 by the Vitest Coverage Report Action

@github-actions

github-actions Bot commented Mar 31, 2025

Copy link
Copy Markdown
Contributor

Coverage Report for ./client/

Status Category Percentage Covered / Total
🟢 Lines 82.13% (🎯 70%) 800 / 974
🟢 Statements 82.13% (🎯 70%) 800 / 974
🟢 Functions 77.77% (🎯 70%) 56 / 72
🟢 Branches 83.72% (🎯 70%) 144 / 172
File CoverageNo changed files found.
Generated in workflow #1076 for commit 65c7fb5 by the Vitest Coverage Report Action

@renovate renovate Bot force-pushed the renovate/express-5.x branch from 76b889e to 583a817 Compare August 10, 2025 13:56
@sonarqubecloud

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch from 583a817 to 3297f78 Compare September 25, 2025 14:48
@sonarqubecloud

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch from 3297f78 to 1021865 Compare November 19, 2025 00:51
@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from 9bf73af to a62cd66 Compare December 2, 2025 01:50
@renovate renovate Bot force-pushed the renovate/express-5.x branch from a62cd66 to babe6fa Compare December 31, 2025 15:03
@renovate renovate Bot force-pushed the renovate/express-5.x branch from babe6fa to cf3b38f Compare January 8, 2026 19:10
@sonarqubecloud

sonarqubecloud Bot commented Jan 8, 2026

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from bfcffb3 to d0ca501 Compare February 17, 2026 19:17
@sonarqubecloud

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from 6e41ca8 to bd0fa3c Compare April 1, 2026 17:49
@renovate renovate Bot force-pushed the renovate/express-5.x branch from bd0fa3c to abfd473 Compare April 8, 2026 17:58
@renovate renovate Bot force-pushed the renovate/express-5.x branch from abfd473 to a84bde9 Compare April 29, 2026 11:42
@sonarqubecloud

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch from a84bde9 to 8a8b916 Compare May 18, 2026 12:28
@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from 7ef247b to f903e5d Compare June 1, 2026 22:51
@renovate renovate Bot force-pushed the renovate/express-5.x branch from f903e5d to 5ca9b06 Compare June 11, 2026 18:17
@sonarqubecloud

Copy link
Copy Markdown

@renovate renovate Bot force-pushed the renovate/express-5.x branch from 5ca9b06 to 65c7fb5 Compare July 12, 2026 13:00
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants