build(deps): bump express from 4.18.2 to 4.19.2 #884

dependabot · 2024-03-28T18:26:57Z

Bumps express from 4.18.2 to 4.19.2.

Release notes

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

codeclimate · 2024-04-12T16:07:25Z

Code Climate has analyzed commit e54ccdf and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (95% is the threshold).

This pull request will bring the total coverage in the repository to 97.9%.

View more on Code Climate.

Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Young <1447339+nathanyoung@users.noreply.github.com>

* build(deps): bump tar from 6.1.14 to 6.2.1 (#887) Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.14 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.14...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Young <1447339+nathanyoung@users.noreply.github.com> * build(deps): bump express from 4.18.2 to 4.19.2 (#884) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Young <1447339+nathanyoung@users.noreply.github.com> * build(deps): bump es5-ext from 0.10.53 to 0.10.63 (#872) Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.53 to 0.10.63. - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.63) --- updated-dependencies: - dependency-name: es5-ext dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: react-select 3.1.0 to 4.3.1 (#811) * BREAKING CHANGE: New Buttons (#865) BREAKING CHANGE: * wip * more wip * fix errors * form label help text tokens * mediamodal close button * Update Theming.stories.mdx * fix build * Update Button.VisualTests.stories.tsx * Update Button.VisualTests.stories.tsx * cleanup * chore(release): 1.0.0-beta.1 [skip ci] # [1.0.0-beta.1](v0.157.7...v1.0.0-beta.1) (2024-02-02) * BREAKING CHANGE: New Buttons (#865) ([935c361](935c361)), closes [#865](#865) ### BREAKING CHANGES * * wip * more wip * fix errors * form label help text tokens * mediamodal close button * Update Theming.stories.mdx * fix build * Update Button.VisualTests.stories.tsx * Update Button.VisualTests.stories.tsx * cleanup * fix(Button): secondary neutral hover color (#866) * chore(release): 1.0.0-beta.2 [skip ci] # [1.0.0-beta.2](v1.0.0-beta.1...v1.0.0-beta.2) (2024-02-02) ### Bug Fixes * **Button:** secondary neutral hover color ([#866](#866)) ([dbde3f3](dbde3f3)) * feat(Button): tone prop (#867) * add tone prop * fix up * update FileUpload * Update FileUpload.Overview.stories.mdx * Update Table.Overview.stories.mdx * Update Toast.Overview.stories.mdx * chore(release): 1.0.0-beta.3 [skip ci] # [1.0.0-beta.3](v1.0.0-beta.2...v1.0.0-beta.3) (2024-02-09) ### Features * **Button:** tone prop ([#867](#867)) ([918eeea](918eeea)) * fix(Button): loading state icon color (#868) * fix(Button): loading state icon color * Update MediaModal.VisualTests.stories.tsx * chore(release): 1.0.0-beta.4 [skip ci] # [1.0.0-beta.4](v1.0.0-beta.3...v1.0.0-beta.4) (2024-02-13) ### Bug Fixes * **Button:** loading state icon color ([#868](#868)) ([96c93c9](96c93c9)) * docs(Button): tone documentation (#869) * Update Button.Overview.stories.mdx * Update Button.Overview.stories.mdx * chore(release): 1.0.0-beta.5 [skip ci] # [1.0.0-beta.5](v1.0.0-beta.4...v1.0.0-beta.5) (2024-02-13) * fix(FormControls): specify width 100 instead of relying on flex auto (#870) * chore(release): 1.0.0-beta.6 [skip ci] # [1.0.0-beta.6](v1.0.0-beta.5...v1.0.0-beta.6) (2024-02-13) ### Bug Fixes * **FormControls:** specify width 100 instead of relying on flex auto ([#870](#870)) ([a78ba2e](a78ba2e)) * feat(TextInputFloating): new component (#874) * wip * wip * lint * Create TextInputFloating.test.tsx * style lint * update prefix and suffix styles * div wrapper * safari workaround * Update FormControls.stories.mdx * Update FormTheming.stories.mdx * Create TextInputFloating.Playground.stories.tsx * visual tests * chore(release): 1.0.0-beta.7 [skip ci] # [1.0.0-beta.7](v1.0.0-beta.6...v1.0.0-beta.7) (2024-02-29) ### Features * **TextInputFloating:** new component ([#874](#874)) ([a19211b](a19211b)) * fix(TextInputFloating): prefix/suffix focus styles, clear icon (#875) * fix(TextInputFloating): prefix and suffix focus styling * remove-light clear icon * chore(release): 1.0.0-beta.8 [skip ci] # [1.0.0-beta.8](v1.0.0-beta.7...v1.0.0-beta.8) (2024-03-01) ### Bug Fixes * **TextInputFloating:** prefix/suffix focus styles, clear icon ([#875](#875)) ([7e90a7c](7e90a7c)) * feat(SelectInputNativeFloating): new component (#877) * feat(SelectInputNativeFloating): new component * Update SelectInputNativeFloating.test.tsx * helpText component * use HelpText component everywhere * wip * Update FormControls.stories.mdx * Update FormTheming.stories.mdx * Update Toggle.tsx * Update Toggle.tsx * fix toggle alignment * more documentation * chore(release): 1.0.0-beta.9 [skip ci] # [1.0.0-beta.9](v1.0.0-beta.8...v1.0.0-beta.9) (2024-03-06) ### Features * **SelectInputNativeFloating:** new component ([#877](#877)) ([62dc894](62dc894)) * feat(TextareaInputFloating): new component (#878) * feat(TextareaInputFloating): new component * lint * chore(release): 1.0.0-beta.10 [skip ci] # [1.0.0-beta.10](v1.0.0-beta.9...v1.0.0-beta.10) (2024-03-06) ### Features * **TextareaInputFloating:** new component ([#878](#878)) ([c3e0b3a](c3e0b3a)) * docs: floating and default input examples (#879) * chore(release): 1.0.0-beta.11 [skip ci] # [1.0.0-beta.11](v1.0.0-beta.10...v1.0.0-beta.11) (2024-03-06) * fix: rename floating inputs to inset (#880) * cleanup * fix: rename floating inputs to inset * lint * chore(release): 1.0.0-beta.12 [skip ci] # [1.0.0-beta.12](v1.0.0-beta.11...v1.0.0-beta.12) (2024-03-07) ### Bug Fixes * rename floating inputs to inset ([#880](#880)) ([b13ab19](b13ab19)) * chore(deps): bump palmetto-design-tokens from 0.78.0 to 0.78.1 (#881) * feat(SelectInputs): make dropdown indicator match icon (#882) * feat(SelectInputs): make dropdown indicator match icon * Update SelectInputNativeInset.module.scss * chore(release): 1.0.0-beta.13 [skip ci] # [1.0.0-beta.13](v1.0.0-beta.12...v1.0.0-beta.13) (2024-03-15) ### Features * **SelectInputs:** make dropdown indicator match icon ([#882](#882)) ([3c9a80c](3c9a80c)) * fix(SelectInputInset): rename SelectInputNativeInset to SelectInputInset (#883) * chore(release): 1.0.0-beta.14 [skip ci] # [1.0.0-beta.14](v1.0.0-beta.13...v1.0.0-beta.14) (2024-03-15) ### Bug Fixes * **SelectInputInset:** rename SelectInputNativeInset to SelectInputInset ([#883](#883)) ([bfaacd7](bfaacd7)) * feat: update drop shadows (#885) * feat: update dropshadows * prevent false positives * chore(release): 1.0.0-beta.15 [skip ci] # [1.0.0-beta.15](v1.0.0-beta.14...v1.0.0-beta.15) (2024-04-05) ### Features * update drop shadows ([#885](#885)) ([189b809](189b809)) * feat: update drop shadows (#886) * chore(release): 1.0.0-beta.16 [skip ci] # [1.0.0-beta.16](v1.0.0-beta.15...v1.0.0-beta.16) (2024-04-05) ### Features * update drop shadows ([#886](#886)) ([bc78fa2](bc78fa2)) * build: package updates (#888) * build(deps): bump tar from 6.1.14 to 6.2.1 (#887) Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.14 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.14...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Young <1447339+nathanyoung@users.noreply.github.com> * build(deps): bump express from 4.18.2 to 4.19.2 (#884) Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nathan Young <1447339+nathanyoung@users.noreply.github.com> * build(deps): bump es5-ext from 0.10.53 to 0.10.63 (#872) Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.53 to 0.10.63. - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.63) --- updated-dependencies: - dependency-name: es5-ext dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(release): 1.0.0-beta.17 [skip ci] # [1.0.0-beta.17](v1.0.0-beta.16...v1.0.0-beta.17) (2024-04-12) * bump(deps): package bumps (#890) * bump(deps): dependency updates * update chromatic * Update yarn.lock * babel * Update yarn.lock * chore(release): 1.0.0-beta.18 [skip ci] # [1.0.0-beta.18](v1.0.0-beta.17...v1.0.0-beta.18) (2024-04-30) ### Features * update drop shadows ([#885](#885)) ([7aae6b1](7aae6b1)) * Update package.json * palmetto-design-tokens 0.79.2 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> BREAKING CHANGE: New Buttons

dependabot bot requested a review from nathanyoung as a code owner March 28, 2024 18:26

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 28, 2024

nathanyoung approved these changes Apr 5, 2024

View reviewed changes

nathanyoung added 2 commits April 5, 2024 11:08

Merge branch 'main' into dependabot/npm_and_yarn/express-4.19.2

42551ad

Merge branch 'main' into dependabot/npm_and_yarn/express-4.19.2

e54ccdf

nathanyoung merged commit a692aa9 into main Apr 12, 2024
10 checks passed

nathanyoung deleted the dependabot/npm_and_yarn/express-4.19.2 branch April 12, 2024 16:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump express from 4.18.2 to 4.19.2 #884

build(deps): bump express from 4.18.2 to 4.19.2 #884

dependabot bot commented on behalf of github Mar 28, 2024 •

edited

Loading

codeclimate bot commented Apr 12, 2024

build(deps): bump express from 4.18.2 to 4.19.2 #884

build(deps): bump express from 4.18.2 to 4.19.2 #884

Conversation

dependabot bot commented on behalf of github Mar 28, 2024 • edited Loading

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

codeclimate bot commented Apr 12, 2024

dependabot bot commented on behalf of github Mar 28, 2024 •

edited

Loading