Sourced from webpack-dev-middleware's\r\nreleases.
\r\n\r\n\r\nv5.3.4
\r\n5.3.4\r\n(2024-03-20)
\r\nBug Fixes
\r\n\r\nv5.3.3
\r\n5.3.3\r\n(2022-05-18)
\r\nBug Fixes
\r\n\r\nv5.3.2
\r\n5.3.2\r\n(2022-05-17)
\r\nBug Fixes
\r\n\r\nv5.3.1
\r\n5.3.1\r\n(2022-02-01)
\r\nBug Fixes
\r\n\r\n
Sourced from webpack-dev-middleware's\r\nchangelog.
\r\n\r\n\r\n5.3.4\r\n(2024-03-20)
\r\nBug Fixes
\r\n\r\n5.3.3\r\n(2022-05-18)
\r\nBug Fixes
\r\n\r\n5.3.2\r\n(2022-05-17)
\r\nBug Fixes
\r\n\r\n5.3.1\r\n(2022-02-01)
\r\nBug Fixes
\r\n\r\n
86071ea
\r\nchore(release): 5.3.4189c4ac
\r\nfix(security): do not allow to read files above (#1779)f3c62b8
\r\nchore(release): 5.3.3eeb8aa8
\r\nfix: types for Request
and Response
(#1271)1a45388
\r\nchore(release): 5.3.2b8fb945
\r\nchore(deps): memfs force update (#1269)f88067d
\r\nchore: update deps and ci (#1260)7186318
\r\nchore(deps-dev): bump @commitlint/cli
57c50ef
\r\nci: update checkout
, setup-node
, and\r\ncodecov
actions (#1267)840146a
\r\nchore(deps-dev): bump @babel/preset-env
d3f807d
\r\nVersion 3.1.109ee26dd
\r\nMocha TDDe469741
\r\nBasic pollution protection715e950
\r\nMerge pull request #756 from\r\nJeffrey-mu/maincabe314
\r\nInclude advanced usage examples29b076c
\r\nAdded header11503c7
\r\nMerge branch 'main' of github.com:mde/ejs into main7690404
\r\nAdded security banner to READMEf47d7ae
\r\nUpdate SECURITY.md828cea1
\r\nUpdate SECURITY.mdSourced from express's\r\nreleases.
\r\n\r\n\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603- docs: specify new instructions for
\r\nquestion
and\r\ndiscuss
by@IamLizu
in expressjs/express#5835- 4.x: Upgrade
\r\nmerge-descriptors
dependency by@RobinTail
in expressjs/express#5781- path-to-regexp@0.1.10 by
\r\n@blakeembrey
in\r\nexpressjs/express#5902New Contributors
\r\n\r\n
\r\n- \r\n
@marco-ippolito
\r\nmade their first contribution in expressjs/express#5565- \r\n
@inigomarquinez
\r\nmade their first contribution in expressjs/express#5590- \r\n
@mertcanaltin
\r\nmade their first contribution in expressjs/express#5627- \r\n
@ctcpip
made\r\ntheir first contribution in expressjs/express#5690- \r\n
@bjohansebas
\r\nmade their first contribution in expressjs/express#5814Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.20.0
\r\n\r\n
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n- deps: raw-body@2.5.2
\r\n- deps: cookie@0.6.0\r\n
\r\n\r\n
\r\n- Add
\r\npartitioned
option4.18.2 / 2022-10-08
\r\n\r\n
\r\n\r\n- Fix regression routing a large stack in a single route
\r\n- deps: body-parser@1.20.1
\r\n
... (truncated)
\r\n21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor href125bb74
\r\npath-to-regexp@0.1.10 (#5902)2a980ad
\r\nmerge-descriptors@1.0.3 (#5781)a3e7e05
\r\ndocs: specify new instructions for question
and\r\ndiscuss
c5addb9
\r\ndeps: path-to-regexp@0.1.8 (#5603)e35380a
\r\ndocs: add @IamLizu
to the\r\ntriage team (#5836)This version was pushed to npm by ulisesgascon, a new\r\nreleaser for express since your current version.
\r\n74b2db2
\r\n3.0.388f1429
\r\nupdate eslint. lint, fix unit tests.415d660
\r\nSnyk js braces 6838727 (#40)190510f
\r\nfix tests, skip 1 test in test/braces.expand716eb9f
\r\nreadme bumpa5851e5
\r\nMerge pull request #37\r\nfrom coderaiser/fix/vulnerability2092bd1
\r\nfeature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
\r\nfix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
\r\nremove funding file665ab5d
\r\nupdate keepEscaping doc (#27)Sourced from webpack's\r\nreleases.
\r\n\r\n\r\nv5.94.0
\r\nBug Fixes
\r\n\r\n
\r\n- Added runtime condition for harmony reexport checked
\r\n- Handle properly\r\n
\r\ndata
/http
/https
protocols in\r\nsource maps- Make
\r\nbigint
optimistic when browserslist not found- Move
\r\n@types/eslint-scope
to dev deps- Related in asset stats is now always an array when no related\r\nfound
\r\n- Handle ASI for export declarations
\r\n- Mangle destruction incorrect with export named default properly
\r\n- Fixed unexpected asi generation with sequence expression
\r\n- Fixed a lot of types
\r\nNew Features
\r\n\r\n
\r\n- Added new external type "module-import"
\r\n- Support
\r\nwebpackIgnore
fornew URL()
\r\nconstruction- [CSS]
\r\n@import
pathinfo supportSecurity
\r\n\r\n
\r\n- Fixed DOM clobbering in auto public path
\r\nv5.93.0
\r\nBug Fixes
\r\n\r\n
\r\n- Generate correct relative path to runtime chunks
\r\n- Makes
\r\nDefinePlugin
quieter under default log level- Fixed mangle destructuring default in namespace import
\r\n- Fixed consumption of eager shared modules for module federation
\r\n- Strip slash for pretty regexp
\r\n- Calculate correct contenthash for CSS generator options
\r\nNew Features
\r\n\r\n
\r\n- Added the
\r\nbinary
generator option for asset modules to\r\nexplicitly keep source maps produced by loaders- Added the
\r\nmodern-module
library value for tree shakable\r\noutput- Added the
\r\noverrideStrict
option to override strict or\r\nnon-strict mode for javascript modulesv5.92.1
\r\nBug Fixes
\r\n\r\n
\r\n- Doesn't crash with an error when the css experiment is enabled and\r\ncontenthash is used
\r\nv5.92.0
\r\nBug Fixes
\r\n\r\n
\r\n\r\n- Correct tidle range's comutation for module federation
\r\n- Consider runtime for pure expression dependency update hash
\r\n- Return value in the
\r\nsubtractRuntime
function for\r\nruntime logic
... (truncated)
\r\neabf85d
\r\nchore(release): 5.94.0955e057
\r\nsecurity: fix DOM clobbering in auto public path9822387
\r\ntest: fixcbb86ed
\r\ntest: fix5ac3d7f
\r\nfix: unexpected asi generation with sequence expression2411661
\r\nsecurity: fix DOM clobbering in auto public pathb8c03d4
\r\nfix: unexpected asi generation with sequence expressionf46a03c
\r\nrevert: do not use heuristic fallback for "module-import"60f1898
\r\nfix: do not use heuristic fallback for "module-import"66306aa
\r\nRevert "fix: module-import get fallback from\r\nexternalsPresets"Sourced from micromatch's\r\nreleases.
\r\n\r\n\r\n4.0.8
\r\nUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We\r\nconsider the issues low-priority, so even if you see automated scanners\r\nsaying otherwise, don't be scared.
\r\n
Sourced from micromatch's\r\nchangelog.
\r\n\r\n\r\n[4.0.8] - 2024-08-22
\r\n\r\n
\r\n- backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch
\r\n[4.0.7] - 2024-05-22
\r\n\r\n
\r\n- this is basically v4.0.5, with some README updates
\r\n- it is vulnerable to CVE-2024-4067
\r\n- Updated braces to v3.0.3 to avoid CVE-2024-4068
\r\n- does NOT break API compatibility
\r\n[4.0.6] - 2024-05-21
\r\n\r\n
\r\n- Added
\r\nhasBraces
to check if a pattern contains\r\nbraces.- Fixes CVE-2024-4067
\r\n- BREAKS API COMPATIBILITY
\r\n- Should be labeled as a major release, but it's not.
\r\n[4.0.1 - 4.0.5]
\r\n[4.0.0] - 2019-03-20
\r\nAdded
\r\n\r\n
\r\n- Adds support for
\r\noptions.onMatch
. See the readme for\r\ndetails- Adds support for
\r\noptions.onIgnore
. See the readme for\r\ndetails- Adds support for
\r\noptions.onResult
. See the readme for\r\ndetailsBreaking changes
\r\n\r\n
\r\n- Require Node.js >= 8.6
\r\n- Removed support for passing an array of brace patterns to\r\n
\r\nmicromatch.braces()
.- To strictly enforce closing brackets (for
\r\n{
,\r\n[
, and(
), you must now use\r\nstrictBrackets=true
instead of\r\nstrictErrors
.- \r\n
cache
- caching and all related options and methods\r\nhave been removed- \r\n
options.unixify
was renamed to\r\noptions.windows
- \r\n
options.nodupes
Was removed. Duplicates are always\r\nremoved by default. You can override this with custom behavior by using\r\ntheonMatch
,onResult
and\r\nonIgnore
functions.- \r\n
options.snapdragon
was removed, as snapdragon is no\r\nlonger used.- \r\n
options.sourcemap
was removed, as snapdragon is no\r\nlonger used, which provided sourcemap support.[3.0.0] - 2017-04-11
\r\nComplete overhaul, with 36,000+ new unit tests validated against\r\nactual output generated by Bash and minimatch. More specifically,\r\n35,000+ of the tests:
\r\n\r\n
\r\n- micromatch results are directly compared to bash results
\r\n- in rare cases, when micromatch and bash disagree, micromatch's\r\nresults are compared to minimatch's results
\r\n- micromatch is much more accurate than minimatch, so there were cases\r\nwhere I had to make assumptions. I'll try to document these.
\r\nThis refactor introduces a parser and compiler that are supersets of\r\nmore granular parsers and compilers from other sub-modules. Each of\r\nthese sub-modules has a singular responsibility and focuses on a certain\r\ntype of matching that aligns with a specific part of the Bash\r\n"expansion" API.
\r\nThese sub-modules work like plugins to seamlessly create the\r\nmicromatch parser/compiler, so that strings are parsed in one pass, an\r\nAST\r\nis created, then a new string is generated by the compiler.
\r\n\r\n
... (truncated)
\r\n8bd704e
\r\n4.0.8a0e6841
\r\nrun verb to generate README documentation4ec2884
\r\nMerge branch 'v4' into hauserkristof-feature/v4.0.803aa805
\r\nMerge pull request #266\r\nfrom hauserkristof/feature/v4.0.8814f5f7
\r\nlint67fcce6
\r\nfix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
\r\nfix: CVE numbers in CHANGELOGd9dbd9a
\r\nfeat: updated CHANGELOG2ab1315
\r\nfix: use actions/setup-node@v41406ea3
\r\nfeat: rework test to work on macos with node 10,12 and 14Sourced from express's\r\nreleases.
\r\n\r\n\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603- docs: specify new instructions for
\r\nquestion
and\r\ndiscuss
by@IamLizu
in expressjs/express#5835- 4.x: Upgrade
\r\nmerge-descriptors
dependency by@RobinTail
in expressjs/express#5781- path-to-regexp@0.1.10 by
\r\n@blakeembrey
in\r\nexpressjs/express#5902New Contributors
\r\n\r\n
\r\n- \r\n
@marco-ippolito
\r\nmade their first contribution in expressjs/express#5565- \r\n
@inigomarquinez
\r\nmade their first contribution in expressjs/express#5590- \r\n
@mertcanaltin
\r\nmade their first contribution in expressjs/express#5627- \r\n
@ctcpip
made\r\ntheir first contribution in expressjs/express#5690- \r\n
@bjohansebas
\r\nmade their first contribution in expressjs/express#5814Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.20.0
\r\n\r\n
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n- deps: raw-body@2.5.2
\r\n- deps: cookie@0.6.0\r\n
\r\n\r\n
\r\n- Add
\r\npartitioned
option
21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor href125bb74
\r\npath-to-regexp@0.1.10 (#5902)2a980ad
\r\nmerge-descriptors@1.0.3 (#5781)a3e7e05
\r\ndocs: specify new instructions for question
and\r\ndiscuss
c5addb9
\r\ndeps: path-to-regexp@0.1.8 (#5603)e35380a
\r\ndocs: add @IamLizu
to the\r\ntriage team (#5836)This version was pushed to npm by ulisesgascon, a new\r\nreleaser for express since your current version.
\r\nSourced from serve-static's\r\nreleases.
\r\n\r\n\r\n1.16.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Remove link renderization in html while redirecting (expressjs/serve-static#173)
\r\nNew Contributors
\r\n\r\n
\r\n- \r\n
@UlisesGascon
\r\nmade their first contribution in expressjs/serve-static#173Full Changelog: https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0
\r\n
Sourced from serve-static's\r\nchangelog.
\r\n\r\n\r\n1.16.2 / 2024-09-11
\r\n\r\n
\r\n- deps: encodeurl@~2.0.0
\r\n1.16.1 / 2024-09-11
\r\n\r\n
\r\n- deps: send@0.19.0
\r\n1.16.0 / 2024-09-10
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n
This version was pushed to npm by wesleytodd, a new releaser\r\nfor serve-static since your current version.
\r\nSourced from express's\r\nreleases.
\r\n\r\n\r\n4.21.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Deprecate
\r\n"back"
magic string in redirects by\r\n@blakeembrey
\r\nin expressjs/express#5935- finalhandler@1.3.1 by
\r\n@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
\r\n@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
\r\n@agadzinski93
\r\nin expressjs/express#5946New Contributors
\r\n\r\n
\r\n- \r\n
@agadzinski93
\r\nmade their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.21.0 / 2024-09-11
\r\n\r\n
\r\n- Deprecate
\r\nres.location("back")
and\r\nres.redirect("back")
magic string- deps: serve-static@1.16.2\r\n
\r\n\r\n
\r\n- includes send@0.19.0
\r\n- deps: finalhandler@1.3.1
\r\n- deps: qs@6.13.0
\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n
... (truncated)
\r\n7e562c6
\r\n4.21.01bcde96
\r\nfix(deps): qs@6.13.0 (#5946)7d36477
\r\nfix(deps): serve-static@1.16.2 (#5951)40d2d8f
\r\nfix(deps): finalhandler@1.3.177ada90
\r\nDeprecate "back"
magic string in redirects (#5935)21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor hrefThis version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.
\r\nSourced from send's\r\nreleases.
\r\n\r\n\r\n0.19.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Remove link renderization in html while redirecting (pillarjs/send#235)
\r\nNew Contributors
\r\n\r\n
\r\n- \r\n
@UlisesGascon
\r\nmade their first contribution in pillarjs/send#235Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0
\r\n
Sourced from send's\r\nchangelog.
\r\n\r\n\r\n0.19.0 / 2024-09-10
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n
9d2db99
\r\n0.19.0ae4f298
\r\nMerge commit from forkThis version was pushed to npm by ulisesgascon, a new\r\nreleaser for send since your current version.
\r\nSourced from express's\r\nreleases.
\r\n\r\n\r\n4.21.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Deprecate
\r\n"back"
magic string in redirects by\r\n@blakeembrey
\r\nin expressjs/express#5935- finalhandler@1.3.1 by
\r\n@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
\r\n@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
\r\n@agadzinski93
\r\nin expressjs/express#5946New Contributors
\r\n\r\n
\r\n- \r\n
@agadzinski93
\r\nmade their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.21.0 / 2024-09-11
\r\n\r\n
\r\n- Deprecate
\r\nres.location("back")
and\r\nres.redirect("back")
magic string- deps: serve-static@1.16.2\r\n
\r\n\r\n
\r\n- includes send@0.19.0
\r\n- deps: finalhandler@1.3.1
\r\n- deps: qs@6.13.0
\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n
... (truncated)
\r\n7e562c6
\r\n4.21.01bcde96
\r\nfix(deps): qs@6.13.0 (#5946)7d36477
\r\nfix(deps): serve-static@1.16.2 (#5951)40d2d8f
\r\nfix(deps): finalhandler@1.3.177ada90
\r\nDeprecate "back"
magic string in redirects (#5935)21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor hrefThis version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.
\r\nSourced from serve-static's\r\nreleases.
\r\n\r\n\r\n1.16.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Remove link renderization in html while redirecting (expressjs/serve-static#173)
\r\nNew Contributors
\r\n\r\n
\r\n- \r\n
@UlisesGascon
\r\nmade their first contribution in expressjs/serve-static#173Full Changelog: https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0
\r\n1.15.0
\r\n\r\n
\r\n- deps: send@0.18.0\r\n
\r\n\r\n
\r\n- Fix emitted 416 error missing headers property
\r\n- Limit the headers removed for 304 response
\r\n- deps: depd@2.0.0
\r\n- deps: destroy@1.2.0
\r\n- deps: http-errors@2.0.0
\r\n- deps: on-finished@2.4.1
\r\n- deps: statuses@2.0.1
\r\n1.14.2
\r\n\r\n
\r\n- deps: send@0.17.2\r\n
\r\n\r\n
\r\n- deps: http-errors@1.8.1
\r\n- deps: ms@2.1.3
\r\n- pref: ignore empty http tokens
\r\n
Sourced from serve-static's\r\nchangelog.
\r\n\r\n\r\n1.16.2 / 2024-09-11
\r\n\r\n
\r\n- deps: encodeurl@~2.0.0
\r\n1.16.1 / 2024-09-11
\r\n\r\n
\r\n- deps: send@0.19.0
\r\n1.16.0 / 2024-09-10
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n1.15.0 / 2022-03-24
\r\n\r\n
\r\n- deps: send@0.18.0\r\n
\r\n\r\n
\r\n- Fix emitted 416 error missing headers property
\r\n- Limit the headers removed for 304 response
\r\n- deps: depd@2.0.0
\r\n- deps: destroy@1.2.0
\r\n- deps: http-errors@2.0.0
\r\n- deps: on-finished@2.4.1
\r\n- deps: statuses@2.0.1
\r\n1.14.2 / 2021-12-15
\r\n\r\n
\r\n- deps: send@0.17.2\r\n
\r\n\r\n
\r\n- deps: http-errors@1.8.1
\r\n- deps: ms@2.1.3
\r\n- pref: ignore empty http tokens
\r\n
ec9c5ec
\r\n1.16.2f454d37
\r\nfix(deps): encodeurl@~2.0.077a8255
\r\n1.16.14263f49
\r\nfix(deps): send@0.19.048c7397
\r\n1.16.00c11fad
\r\nMerge commit from fork9b5a12a
\r\n1.15.0a39a0df
\r\ndocs: update CI linkd702ea2
\r\nbuild: Node.js@17.8ff1510a
\r\ndeps: send@0.18.0This version was pushed to npm by wesleytodd, a new releaser\r\nfor serve-static since your current version.
\r\nSourced from express's\r\nreleases.
\r\n\r\n\r\n4.21.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Deprecate
\r\n"back"
magic string in redirects by\r\n@blakeembrey
\r\nin expressjs/express#5935- finalhandler@1.3.1 by
\r\n@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
\r\n@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
\r\n@agadzinski93
\r\nin expressjs/express#5946New Contributors
\r\n\r\n
\r\n- \r\n
@agadzinski93
\r\nmade their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.21.0 / 2024-09-11
\r\n\r\n
\r\n- Deprecate
\r\nres.location("back")
and\r\nres.redirect("back")
magic string- deps: serve-static@1.16.2\r\n
\r\n\r\n
\r\n- includes send@0.19.0
\r\n- deps: finalhandler@1.3.1
\r\n- deps: qs@6.13.0
\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n
... (truncated)
\r\n7e562c6
\r\n4.21.01bcde96
\r\nfix(deps): qs@6.13.0 (#5946)7d36477
\r\nfix(deps): serve-static@1.16.2 (#5951)40d2d8f
\r\nfix(deps): finalhandler@1.3.177ada90
\r\nDeprecate "back"
magic string in redirects (#5935)21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor hrefThis version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.
\r\nSourced from send's\r\nreleases.
\r\n\r\n\r\n0.19.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Remove link renderization in html while redirecting (pillarjs/send#235)
\r\nNew Contributors
\r\n\r\n
\r\n- \r\n
@UlisesGascon
\r\nmade their first contribution in pillarjs/send#235Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0
\r\n
Sourced from send's\r\nchangelog.
\r\n\r\n\r\n0.19.0 / 2024-09-10
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n0.18.0 / 2022-03-23
\r\n\r\n
\r\n- Fix emitted 416 error missing headers property
\r\n- Limit the headers removed for 304 response
\r\n- deps: depd@2.0.0\r\n
\r\n\r\n
\r\n- Replace internal
\r\neval
usage withFunction
\r\nconstructor- Use instance methods on
\r\nprocess
to check for\r\nlisteners- deps: destroy@1.2.0
\r\n- deps: http-errors@2.0.0\r\n
\r\n\r\n
\r\n- deps: depd@2.0.0
\r\n- deps: statuses@2.0.1
\r\n- deps: on-finished@2.4.1
\r\n- deps: statuses@2.0.1
\r\n0.17.2 / 2021-12-11
\r\n\r\n
\r\n- pref: ignore empty http tokens
\r\n- deps: http-errors@1.8.1\r\n
\r\n\r\n
\r\n- deps: inherits@2.0.4
\r\n- deps: toidentifier@1.0.1
\r\n- deps: setprototypeof@1.2.0
\r\n- deps: ms@2.1.3
\r\n
9d2db99
\r\n0.19.0ae4f298
\r\nMerge commit from forkb69cbb3
\r\n0.18.0f53edbb
\r\nLimit the headers removed for 304 response706d6dd
\r\ndocs: add security policyb690ba4
\r\ndocs: fix linux build badge linkfed09ff
\r\ndocs: update copyrightaee1a65
\r\ndeps: destroy@1.2.06060bda
\r\ndeps: on-finished@2.4.18055f78
\r\nbuild: Node.js@17.7This version was pushed to npm by ulisesgascon, a new\r\nreleaser for send since your current version.
\r\nSourced from express's\r\nreleases.
\r\n\r\n\r\n4.21.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Deprecate
\r\n"back"
magic string in redirects by\r\n@blakeembrey
\r\nin expressjs/express#5935- finalhandler@1.3.1 by
\r\n@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
\r\n@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
\r\n@agadzinski93
\r\nin expressjs/express#5946New Contributors
\r\n\r\n
\r\n- \r\n
@agadzinski93
\r\nmade their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.21.0 / 2024-09-11
\r\n\r\n
\r\n- Deprecate
\r\nres.location("back")
and\r\nres.redirect("back")
magic string- deps: serve-static@1.16.2\r\n
\r\n\r\n
\r\n- includes send@0.19.0
\r\n- deps: finalhandler@1.3.1
\r\n- deps: qs@6.13.0
\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n4.19.2 / 2024-03-25
\r\n\r\n
\r\n- Improved fix for open redirect allow list bypass
\r\n4.19.1 / 2024-03-20
\r\n\r\n
\r\n- Allow passing non-strings to res.location with new encoding handling\r\nchecks
\r\n4.19.0 / 2024-03-20
\r\n\r\n
\r\n- Prevent open redirect allow list bypass due to encodeurl
\r\n- deps: cookie@0.6.0
\r\n4.18.3 / 2024-02-29
\r\n\r\n
\r\n\r\n- Fix routing requests without method
\r\n- deps: body-parser@1.20.2\r\n
\r\n\r\n
\r\n- Fix strict json error message on Node.js 19+
\r\n- deps: content-type@~1.0.5
\r\n
... (truncated)
\r\n7e562c6
\r\n4.21.01bcde96
\r\nfix(deps): qs@6.13.0 (#5946)7d36477
\r\nfix(deps): serve-static@1.16.2 (#5951)40d2d8f
\r\nfix(deps): finalhandler@1.3.177ada90
\r\nDeprecate "back"
magic string in redirects (#5935)21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor hrefThis version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.
\r\n