#302 Bump express from 4.19.2 to 4.21.1 Pull request opened by dependabot[bot] Bumps express from 4.19.2 to 4.21.1. Release notes Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by `@​joshbuker` in expressjs/express#6029

• Release: 4.21.1 by `@​UlisesGascon` in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate

"back"

magic string in redirects by `@​blakeembrey` in expressjs/express#5935

• finalhandler@1.3.1 by `@​wesleytodd` in expressjs/express#5954

• fix(deps): serve-static@1.16.2 by `@​wesleytodd` in expressjs/express#5951

• Upgraded dependency qs to 6.13.0 to match qs in body-parser by `@​agadzinski93` in expressjs/express#5946

New Contributors

• `@​agadzinski93` made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default

depth

level for parsing URL-encoded data is now

32

(previously was

Infinity

)

• Remove link renderization in html while using

res.redirect

Other Changes

• 4.19.2 Staging by `@​wesleytodd` in expressjs/express#5561

• remove duplicate location test for data uri by `@​wesleytodd` in expressjs/express#5562

• feat: document beta releases expectations by `@​marco-ippolito` in expressjs/express#5565

• Cut down on duplicated CI runs by `@​jonchurch` in expressjs/express#5564

• Add a Threat Model by `@​UlisesGascon` in expressjs/express#5526

• Assign captain of encodeurl by `@​blakeembrey` in expressjs/express#5579

• Nominate jonchurch as repo captain for

http-errors

,

<http://expressjs.com|expressjs.com>

,

morgan

,

cors

,

body-parser

by `@​jonchurch` in expressjs/express#5587

• docs: update Security.md by `@​inigomarquinez` in expressjs/express#5590

• docs: update triage nomination policy by `@​UlisesGascon` in expressjs/express#5600

• Add CodeQL (SAST) by `@​UlisesGascon` in expressjs/express#5433

• docs: add UlisesGascon as triage initiative captain by `@​UlisesGascon` in expressjs/express#5605

• deps: encodeurl@~2.0.0 by `@​blakeembrey` in expressjs/express#5569

• skip QUERY method test by `@​jonchurch` in expressjs/express#5628

• ignore ETAG query test on 21 and 22, reuse skip util by `@​jonchurch` in expressjs/express#5639

• add support Node.js@22 in the CI by `@​mertcanaltin` in expressjs/express#5627

• doc: add table of contents, tc/triager lists to readme by `@​mertcanaltin` in expressjs/express#5619

• List and sort all projects, add captains by `@​blakeembrey` in expressjs/express#5653

• docs: add `@​UlisesGascon` as captain for cookie-parser by `@​UlisesGascon` in expressjs/express#5666

• ✨ bring back query tests for node 21 by `@​ctcpip` in expressjs/express#5690

• [v4] Deprecate

res.clearCookie

accepting

options.maxAge

and

options.expires

by `@​jonchurch` in expressjs/express#5672

• skip QUERY tests for Node 21 only, still not supported by `@​jonchurch` in expressjs/express#5695

... (truncated) Changelog Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate

res.location("back")

and

res.redirect("back")

magic string

• deps: serve-static@1.16.2

• includes send@0.19.0

• deps: finalhandler@1.3.1

• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0

• Remove link renderization in html while redirecting

• deps: send@0.19.0

• Remove link renderization in html while redirecting

• deps: body-parser@0.6.0

• add

depth

option to customize the depth level in the parser

• IMPORTANT: The default

depth

level for parsing URL-encoded data is now

32

(previously was

Infinity

)

• Remove link renderization in html while using

res.redirect

• deps: path-to-regexp@0.1.10

• Adds support for named matching groups in the routes using a regex

• Adds backtracking protection to parameters without regexes defined

• deps: encodeurl@~2.0.0

• Removes encoding of

\

,

|

, and

^

to align better with URL spec

• Deprecate passing

options.maxAge

and

options.expires

to

res.clearCookie

• Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits • `8e229f9` 4.21.1 • `a024c8a` fix(deps): cookie@0.7.1 • `7e562c6` 4.21.0 • <https://github.com/exp… osquery/osquery-site ✅ All checks have passed 1/1 successful checks