Releases: expressjs/express
Releases · expressjs/express
4.21.0
What's Changed
- Deprecate
"back"
magic string in redirects by @blakeembrey in #5935 - finalhandler@1.3.1 by @wesleytodd in #5954
- fix(deps): serve-static@1.16.2 by @wesleytodd in #5951
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in #5946
New Contributors
- @agadzinski93 made their first contribution in #5946
Full Changelog: 4.20.0...4.21.0
5.0.0
What's Changed
- 4.19.2 Staging by @wesleytodd in #5561
- remove duplicate location test for data uri by @wesleytodd in #5562
- feat: document beta releases expectations by @marco-ippolito in #5565
- Cut down on duplicated CI runs by @jonchurch in #5564
- Add a Threat Model by @UlisesGascon in #5526
- Assign captain of encodeurl by @blakeembrey in #5579
- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by @jonchurch in #5587 - docs: update Security.md by @inigomarquinez in #5590
- docs: update triage nomination policy by @UlisesGascon in #5600
- Add CodeQL (SAST) by @UlisesGascon in #5433
- docs: add UlisesGascon as triage initiative captain by @UlisesGascon in #5605
- Use object with null prototype for various app properties by @EvanHahn in #4861
- deps: encodeurl@~2.0.0 by @blakeembrey in #5569
- skip QUERY method test by @jonchurch in #5628
- ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in #5639
- add support Node.js@22 in the CI by @mertcanaltin in #5627
- doc: add table of contents, tc/triager lists to readme by @mertcanaltin in #5619
- List and sort all projects, add captains by @blakeembrey in #5653
- Call callback once on listen error by @wesleytodd in #3216
- docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in #5666
- ✨ bring back query tests for node 21 by @ctcpip in #5690
- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by @jonchurch in #5672 - skip QUERY tests for Node 21 only, still not supported by @jonchurch in #5695
- 📝 update people, add ctcpip to TC by @ctcpip in #5683
- remove minor version pinning from ci by @jonchurch in #5722
- Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in #5762
- Replace Appveyor windows testing with GHA by @jonchurch in #5599
- Add OSSF Scorecard badge by @UlisesGascon in #5436
- Throw on invalid status codes by @jonchurch in #4212
- Use Array.flat instead of array-flatten by @almic in #5677
- Adopt Node@18 as the minimum supported version by @UlisesGascon in #5803
- Ignore
expires
andmaxAge
inres.clearCookie()
by @jonchurch in #5792 - send@1.0.0 by @wesleytodd in #5786
- chore: upgrade
debug
dep from 3.10 to 4.3.6 by @carpasse in #5829 - refactor: replace 'path-is-absolute' dep with node:path isAbsolute method by @carpasse in #5830
- update scorecard link by @bjohansebas in #5814
- Nominate @IamLizu to the triage team by @UlisesGascon in #5836
- deps: path-to-regexp@0.1.8 by @blakeembrey in #5603
- docs: specify new instructions for
question
anddiscuss
by @IamLizu in #5835 - 5.x: Upgrading
merge-descriptors
with allowing minors by @RobinTail in #5782 - 4.x: Upgrade
merge-descriptors
dependency by @RobinTail in #5781 - WIP: serve-static@2 by @wesleytodd in #5790
- chore: upgrade qs dp from 6.11.0 to 6.13.0 by @carpasse in #5847
- Upgrade cookie signature by @IamLizu in #5833
- accepts@2 by @wesleytodd in #5881
- mime-types@3 by @wesleytodd in #5882
- type-is@^2.0.0 by @wesleytodd in #5883
- content-disposition@^1.0.0 by @wesleytodd in #5884
- fix(deps): finalhandler@^2.0.0 by @wesleytodd in #5899
- path-to-regexp@0.1.10 by @blakeembrey in #5902
- update to
fresh@^2.0.0
by @jonchurch in #5916 - router@^2.0.0 by @wesleytodd in #5885
- Adopt Node@18 as the minimum supported version by @UlisesGascon in #5595
- master -> 5.0 by @ctcpip in #5785
- 🔧 update CI, remove unsupported versions, clean up by @ctcpip in #5931
- Delete
back
as a magic string by @blakeembrey in #5933 - Release 5.0 by @dougwilson in #2237
New Contributors
- @marco-ippolito made their first contribution in #5565
- @inigomarquinez made their first contribution in #5590
- @mertcanaltin made their first contribution in #5627
- @ctcpip made their first contribution in #5690
- @IamLizu made their first contribution in #5762
- @almic made their first contribution in #5677
- @carpasse made their first contribution in #5829
- @bjohansebas made their first contribution in #5814
- @RobinTail made their first contribution in #5782
Full Changelog: v5.0.0-beta.3...v5.0.0
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
) - Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by @wesleytodd in #5561
- remove duplicate location test for data uri by @wesleytodd in #5562
- feat: document beta releases expectations by @marco-ippolito in #5565
- Cut down on duplicated CI runs by @jonchurch in #5564
- Add a Threat Model by @UlisesGascon in #5526
- Assign captain of encodeurl by @blakeembrey in #5579
- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by @jonchurch in #5587 - docs: update Security.md by @inigomarquinez in #5590
- docs: update triage nomination policy by @UlisesGascon in #5600
- Add CodeQL (SAST) by @UlisesGascon in #5433
- docs: add UlisesGascon as triage initiative captain by @UlisesGascon in #5605
- deps: encodeurl@~2.0.0 by @blakeembrey in #5569
- skip QUERY method test by @jonchurch in #5628
- ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in #5639
- add support Node.js@22 in the CI by @mertcanaltin in #5627
- doc: add table of contents, tc/triager lists to readme by @mertcanaltin in #5619
- List and sort all projects, add captains by @blakeembrey in #5653
- docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in #5666
- ✨ bring back query tests for node 21 by @ctcpip in #5690
- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by @jonchurch in #5672 - skip QUERY tests for Node 21 only, still not supported by @jonchurch in #5695
- 📝 update people, add ctcpip to TC by @ctcpip in #5683
- remove minor version pinning from ci by @jonchurch in #5722
- Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in #5762
- Replace Appveyor windows testing with GHA by @jonchurch in #5599
- Add OSSF Scorecard badge by @UlisesGascon in #5436
- update scorecard link by @bjohansebas in #5814
- Nominate @IamLizu to the triage team by @UlisesGascon in #5836
- deps: path-to-regexp@0.1.8 by @blakeembrey in #5603
- docs: specify new instructions for
question
anddiscuss
by @IamLizu in #5835 - 4.x: Upgrade
merge-descriptors
dependency by @RobinTail in #5781 - path-to-regexp@0.1.10 by @blakeembrey in #5902
New Contributors
- @marco-ippolito made their first contribution in #5565
- @inigomarquinez made their first contribution in #5590
- @mertcanaltin made their first contribution in #5627
- @ctcpip made their first contribution in #5690
- @bjohansebas made their first contribution in #5814
Full Changelog: 4.19.1...4.20.0
v5.0.0-beta.3
Full Changelog: 5.0.0-beta.2...v5.0.0-beta.3
4.19.2
5.0.0-beta.2
What's Changed
- lib: fix typo ocurred -> occurred by @caioagiani in #4805
- examples: defend from privilege elevation by @KoyamaSohei in #4120
- replace "replaces" with "replacer" in jsdoc by @apeltop in #4843
- Add install size badge to README by @styfle in #3710
- Replace deprecated String.prototype.substr() by @CommanderRoot in #4860
- fix: remove deprecated html attribute by @Hashen110 in #4866
- fix: parameter index is not described in JSDoc by @Hashen110 in #4867
- fix: continue is unnecessary as the last statement in a loop by @Hashen110 in #4868
- Deprecate non integer status codes in v4 by @jonchurch in #4223
- Add root support in res.download() by @mmito in #4855
- res.format(): call default using
obj
as the context by @shesek in #3587 - Feature/4171 depd by @UlisesGascon in #4174
- Validate
maxAge
appropriateness before use by @cjbarth in #3936 - deps: statuses@2.0.1 by @3imed-jaberi in #4336
- test: fix typo by @Hashen110 in #4882
- docs: fix typo: http -> HTTP by @ghousemohamed in #4872
- Update Security.md by @netcode in #4890
- examples: add missing associated labels by @Hashen110 in #4884
- Increase timeout for mocha to 7500 by @grisu48 in #4887
- Release 4.18 by @dougwilson in #4287
- Expanding the benchmark. by @denizy97 in #4880
- examples: remove unused params by @alxdrg in #4914
- Grammatically updated the express documentation for better comprehension by @REALSTEVEIG in #4926
- Freenode is dead/dying by @theabhinavdas in #5013
- Use https: protocol instead of deprecated git: protocol by @vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in #5034
- ci: update actions/checkout to v3 by @armujahid in #5027
- test: remove unused function arguments in params by @raksbisht in #5124
- Remove unused originalIndex from acceptParams by @raksbisht in #5119
- Fixed typos by @raksbisht in #5117
- examples: remove unused params by @raksbisht in #5113
- fix: parameter str is not described in JSDoc by @raksbisht in #5130
- fix: typos in History.md by @raksbisht in #5131
- build : add Node.js@19.7 by @abenhamdine in #5028
- test: remove unused function arguments in params by @raksbisht in #5137
- use random port in test so it won't fail on already listening by @rluvaton in #5162
- tests: use cb() instead of done() by @kristof-low in #5233
- examples: remove multipart example by @riddlew in #5195
- Update support Node.js@18 in the CI by @UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @DmytroKondrashov in #5414
- Release 4.18.3 by @UlisesGascon in #5505
- fix typo in release date by @UlisesGascon in #5527
- docs: nominating @wesleytodd to be project captian by @wesleytodd in #5511
- docs: loosen TC activity rules by @wesleytodd in #5510
- Add note on how to update docs for new release by @crandmck in #5541
- Release 4.19.0 by @wesleytodd in #5551
- Fix ci after location patch by @wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @wesleytodd in #5556
New Contributors
- @caioagiani made their first contribution in #4805
- @apeltop made their first contribution in #4843
- @styfle made their first contribution in #3710
- @CommanderRoot made their first contribution in #4860
- @Hashen110 made their first contribution in #4866
- @mmito made their first contribution in #4855
- @UlisesGascon made their first contribution in #4174
- @cjbarth made their first contribution in #3936
- @ghousemohamed made their first contribution in #4872
- @netcode made their first contribution in #4890
- @grisu48 made their first contribution in #4887
- @denizy97 made their first contribution in #4880
- @alxdrg made their first contribution in #4914
- @REALSTEVEIG made their first contribution in #4926
- @theabhinavdas made their first contribution in #5013
- @vcsjones made their first contribution in #5032
- @abenhamdine made their first contribution in #5034
- @armujahid made their first contribution in #5027
- @raksbisht made their first contribution in #5124
- @rluvaton made their first contribution in #5162
- @kristof-low made their first contribution in #5233
- @riddlew made their first contribution in #5195
- @DmytroKondrashov made their first contribution in #5414
- @crandmck made their first contribution in #5541
Full Changelog: v5.0.0-beta.1...5.0.0-beta.2
4.19.1
What's Changed
- Fix ci after location patch by @wesleytodd in #5552
- fixed un-edited version in history.md for 4.19.0 by @wesleytodd in #5556
Full Changelog: 4.19.0...4.19.1
4.19.0
What's Changed
- fix typo in release date by @UlisesGascon in #5527
- docs: nominating @wesleytodd to be project captian by @wesleytodd in #5511
- docs: loosen TC activity rules by @wesleytodd in #5510
- Add note on how to update docs for new release by @crandmck in #5541
- Prevent open redirect allow list bypass due to encodeurl
- Release 4.19.0 by @wesleytodd in #5551
New Contributors
Full Changelog: 4.18.3...4.19.0
4.18.3
Main Changes
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
Other Changes
- Use https: protocol instead of deprecated git: protocol by @vcsjones in #5032
- build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in #5034
- ci: update actions/checkout to v3 by @armujahid in #5027
- test: remove unused function arguments in params by @raksbisht in #5124
- Remove unused originalIndex from acceptParams by @raksbisht in #5119
- Fixed typos by @raksbisht in #5117
- examples: remove unused params by @raksbisht in #5113
- fix: parameter str is not described in JSDoc by @raksbisht in #5130
- fix: typos in History.md by @raksbisht in #5131
- build : add Node.js@19.7 by @abenhamdine in #5028
- test: remove unused function arguments in params by @raksbisht in #5137
- use random port in test so it won't fail on already listening by @rluvaton in #5162
- tests: use cb() instead of done() by @kristof-low in #5233
- examples: remove multipart example by @riddlew in #5195
- Update support Node.js@18 in the CI by @UlisesGascon in #5490
- Fix favicon-related bug in cookie-sessions example by @DmytroKondrashov in #5414
- Release 4.18.3 by @UlisesGascon in #5505
New Contributors
- @vcsjones made their first contribution in #5032
- @abenhamdine made their first contribution in #5034
- @armujahid made their first contribution in #5027
- @raksbisht made their first contribution in #5124
- @rluvaton made their first contribution in #5162
- @kristof-low made their first contribution in #5233
- @riddlew made their first contribution in #5195
- @DmytroKondrashov made their first contribution in #5414
Full Changelog: 4.18.2...4.18.3
4.18.2
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
- deps: qs@6.11.0