Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency express to version 4.17.1 馃専 #8179

merged 2 commits into from Aug 6, 2020


Copy link

@renovate renovate bot commented Aug 5, 2020

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor 4.16.4 -> 4.17.1
express (source) devDependencies minor 4.16.4 -> 4.17.1

Release Notes



Compare Source


  • Revert "Improve error message for null/undefined to res.status"


Compare Source


  • Add express.raw to parse bodies into Buffer
  • Add express.text to parse bodies into string
  • Improve error message for non-strings to res.sendFile
  • Improve error message for null/undefined to res.status
  • Support multiple hosts in X-Forwarded-Host
  • deps: accepts@~1.3.7
  • deps: body-parser@1.19.0
  • Add encoding MIK
  • Add petabyte (pb) support
  • Fix parsing array brackets after index
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2
  • deps: iconv-lite@0.4.24
  • deps: qs@6.7.0
  • deps: raw-body@2.4.0
  • deps: type-is@~1.6.17
  • deps: content-disposition@0.5.3
  • deps: cookie@0.4.0
  • Add SameSite=None support
  • deps: finalhandler@~1.1.2
  • Set stricter Content-Security-Policy header
  • deps: parseurl@~1.3.3
  • deps: statuses@~1.5.0
  • deps: parseurl@~1.3.3
  • deps: proxy-addr@~2.0.5
  • deps: ipaddr.js@1.9.0
  • deps: qs@6.7.0
  • Fix parsing array brackets after index
  • deps: range-parser@~1.2.1
  • deps: send@0.17.1
  • Set stricter CSP header in redirect & error responses
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: range-parser@~1.2.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call
  • deps: serve-static@1.14.1
  • Set stricter CSP header in redirect response
  • deps: parseurl@~1.3.3
  • deps: send@0.17.1
  • deps: setprototypeof@1.1.1
  • deps: statuses@~1.5.0
  • Add 103 Early Hints
  • deps: type-is@~1.6.18
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

Renovate configuration

馃搮 Schedule: "before 3am on the first day of the month" in timezone America/New_York.

馃殾 Automerge: Disabled by config. Please merge this manually once you are satisfied.

鈾伙笍 Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

馃敃 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added renovate Triggered by renovatebot type: dependencies labels Aug 5, 2020
Copy link

cypress-bot bot commented Aug 5, 2020

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

Copy link

cypress bot commented Aug 5, 2020

Test summary

7929 0 130 2

Run details

Project cypress
Status Passed
Commit 6cca805
Started Aug 6, 2020 5:38 AM
Ended Aug 6, 2020 5:44 AM
Duration 06:14 馃挕
OS Linux Debian - 10.1
Browser Multiple

View run in Cypress Dashboard 鉃★笍

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

Copy link

@jennifer-shehane jennifer-shehane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it looks like express updated one of their deps, finalhandler, which has changed how they set content-security-policy headers by default: pillarjs/finalhandler#26

This is causing this test to fail. I'm not sure if this will affect any behavior.

Copy link

flotwig commented Aug 5, 2020

Cypress does its own stuff to the CSP header anyways (see #7936) so this change will be overridden by Cypress. We're seeing the snapshot change because the e2e scaffolding code uses express to launch the different HTTP servers used by the tests. @jennifer-shehane This is safe to update the snapshot and merge.

flotwig previously approved these changes Aug 5, 2020
@renovate renovate bot changed the title fix(deps): update dependency express to version 4.17.1 馃専 fix(deps): update dependency express to version 4.17.1 馃専 Aug 6, 2020
@jennifer-shehane jennifer-shehane merged commit 7341476 into develop Aug 6, 2020
@renovate renovate bot deleted the renovate/express-4.x branch August 6, 2020 06:11
Copy link

cypress-bot bot commented Aug 20, 2020

Released in 5.0.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v5.0.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Aug 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
renovate Triggered by renovatebot type: dependencies
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants