Update dependency express to v3.21.2 #6

boltlocal · 2022-11-06T13:37:14Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express (source)	`3.0.3` -> `3.21.2`

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

expressjs/express

`v3.21.2`

Compare Source

===================

deps: connect@2.30.2
- deps: body-parser@~1.13.3
- deps: compression@~1.5.2
- deps: errorhandler@~1.4.2
- deps: method-override@~2.3.5
- deps: serve-index@~1.7.2
- deps: type-is@~1.6.6
- deps: vhost@~3.0.1
deps: vary@~1.0.1
- Fix setting empty header from empty field
- perf: enable strict mode
- perf: remove argument reassignments

`v3.21.1`

Compare Source

===================

deps: basic-auth@~1.0.3
deps: connect@2.30.1
- deps: body-parser@~1.13.2
- deps: compression@~1.5.1
- deps: errorhandler@~1.4.1
- deps: morgan@~1.6.1
- deps: pause@0.1.0
- deps: qs@4.0.0
- deps: serve-index@~1.7.1
- deps: type-is@~1.6.4

`v3.21.0`

Compare Source

===================

deps: basic-auth@1.0.2
- perf: enable strict mode
- perf: hoist regular expression
- perf: parse with regular expressions
- perf: remove argument reassignment
deps: connect@2.30.0
- deps: body-parser@~1.13.1
- deps: bytes@2.1.0
- deps: compression@~1.5.0
- deps: cookie@0.1.3
- deps: cookie-parser@~1.3.5
- deps: csurf@~1.8.3
- deps: errorhandler@~1.4.0
- deps: express-session@~1.11.3
- deps: finalhandler@0.4.0
- deps: fresh@0.3.0
- deps: morgan@~1.6.0
- deps: serve-favicon@~2.3.0
- deps: serve-index@~1.7.0
- deps: serve-static@~1.10.0
- deps: type-is@~1.6.3
deps: cookie@0.1.3
- perf: deduce the scope of try-catch deopt
- perf: remove argument reassignments
deps: escape-html@1.0.2
deps: etag@~1.7.0
- Always include entity length in ETags for hash length extensions
- Generate non-Stats ETags using MD5 only (no longer CRC32)
- Improve stat performance by removing hashing
- Improve support for JXcore
- Remove base64 padding in ETags to shorten
- Support "fake" stats objects in environments without fs
- Use MD5 instead of MD4 in weak ETags over 1KB
deps: fresh@0.3.0
- Add weak ETag matching support
deps: mkdirp@0.5.1
- Work in global strict mode
deps: send@0.13.0
- Allow Node.js HTTP server to set Date response header
- Fix incorrectly removing Content-Location on 304 response
- Improve the default redirect response headers
- Send appropriate headers on default error response
- Use http-errors for standard emitted errors
- Use statuses instead of http module for status messages
- deps: escape-html@1.0.2
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove unnecessary array allocations

`v3.20.3`

Compare Source

===================

deps: connect@2.29.2
- deps: body-parser@~1.12.4
- deps: compression@~1.4.4
- deps: connect-timeout@~1.6.2
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: errorhandler@~1.3.6
- deps: finalhandler@0.3.6
- deps: method-override@~2.3.3
- deps: morgan@~1.5.3
- deps: qs@2.4.2
- deps: response-time@~2.3.1
- deps: serve-favicon@~2.2.1
- deps: serve-index@~1.6.4
- deps: serve-static@~1.9.3
- deps: type-is@~1.6.2
deps: debug@~2.2.0
- deps: ms@0.7.1
deps: depd@~1.0.1
deps: proxy-addr@~1.0.8
- deps: ipaddr.js@1.0.1
deps: send@0.12.3
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
- deps: on-finished@~2.2.1

`v3.20.2`

Compare Source

===================

deps: connect@2.29.1
- deps: body-parser@~1.12.2
- deps: compression@~1.4.3
- deps: connect-timeout@~1.6.1
- deps: debug@~2.1.3
- deps: errorhandler@~1.3.5
- deps: express-session@~1.10.4
- deps: finalhandler@0.3.4
- deps: method-override@~2.3.2
- deps: morgan@~1.5.2
- deps: qs@2.4.1
- deps: serve-index@~1.6.3
- deps: serve-static@~1.9.2
- deps: type-is@~1.6.1
deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
deps: merge-descriptors@1.0.0
deps: proxy-addr@~1.0.7
- deps: ipaddr.js@0.1.9
deps: send@0.12.2
- Throw errors early for invalid extensions or index options
- deps: debug@~2.1.3

`v3.20.1`

Compare Source

===================

Fix req.host when using "trust proxy" hops count
Fix req.protocol/req.secure when using "trust proxy" hops count

`v3.20.0`

Compare Source

===================

Fix "trust proxy" setting to inherit when app is mounted
Generate ETags for all request responses
- No longer restricted to only responses for GET and HEAD requests
Use content-type to parse Content-Type headers
deps: connect@2.29.0
- Use content-type to parse Content-Type headers
- deps: body-parser@~1.12.0
- deps: compression@~1.4.1
- deps: connect-timeout@~1.6.0
- deps: cookie-parser@~1.3.4
- deps: cookie-signature@1.0.6
- deps: csurf@~1.7.0
- deps: errorhandler@~1.3.4
- deps: express-session@~1.10.3
- deps: http-errors@~1.3.1
- deps: response-time@~2.3.0
- deps: serve-index@~1.6.2
- deps: serve-static@~1.9.1
- deps: type-is@~1.6.0
deps: cookie-signature@1.0.6
deps: send@0.12.1
- Always read the stat size from the file
- Fix mutating passed-in options
- deps: mime@1.3.4

`v3.19.2`

Compare Source

===================

deps: connect@2.28.3
- deps: compression@~1.3.1
- deps: csurf@~1.6.6
- deps: errorhandler@~1.3.3
- deps: express-session@~1.10.2
- deps: serve-index@~1.6.1
- deps: type-is@~1.5.6
deps: proxy-addr@~1.0.6
- deps: ipaddr.js@0.1.8

`v3.19.1`

Compare Source

===================

deps: connect@2.28.2
- deps: body-parser@~1.10.2
- deps: serve-static@~1.8.1
deps: send@0.11.1
- Fix root path disclosure

`v3.19.0`

Compare Source

===================

Fix OPTIONS responses to include the HEAD method property
Use readline for prompt in express(1)
deps: commander@2.6.0
deps: connect@2.28.1
- deps: body-parser@~1.10.1
- deps: compression@~1.3.0
- deps: connect-timeout@~1.5.0
- deps: csurf@~1.6.4
- deps: debug@~2.1.1
- deps: errorhandler@~1.3.2
- deps: express-session@~1.10.1
- deps: finalhandler@0.3.3
- deps: method-override@~2.3.1
- deps: morgan@~1.5.1
- deps: serve-favicon@~2.2.0
- deps: serve-index@~1.6.0
- deps: serve-static@~1.8.0
- deps: type-is@~1.5.5
deps: debug@~2.1.1
deps: methods@~1.1.1
deps: proxy-addr@~1.0.5
- deps: ipaddr.js@0.1.6
deps: send@0.11.0
- deps: debug@~2.1.1
- deps: etag@~1.5.1
- deps: ms@0.7.0
- deps: on-finished@~2.2.0

`v3.18.6`

Compare Source

===================

Fix exception in req.fresh/req.stale without response headers

`v3.18.5`

Compare Source

===================

deps: connect@2.27.6
- deps: compression@~1.2.2
- deps: express-session@~1.9.3
- deps: http-errors@~1.2.8
- deps: serve-index@~1.5.3
- deps: type-is@~1.5.4

`v3.18.4`

Compare Source

===================

deps: connect@2.27.4
- deps: body-parser@~1.9.3
- deps: compression@~1.2.1
- deps: errorhandler@~1.2.3
- deps: express-session@~1.9.2
- deps: qs@2.3.3
- deps: serve-favicon@~2.1.7
- deps: serve-static@~1.5.1
- deps: type-is@~1.5.3
deps: etag@~1.5.1
deps: proxy-addr@~1.0.4
- deps: ipaddr.js@0.1.5

`v3.18.3`

Compare Source

===================

deps: connect@2.27.3
- Correctly invoke async callback asynchronously
- deps: csurf@~1.6.3

`v3.18.2`

Compare Source

===================

deps: connect@2.27.2
- Fix handling of URLs containing :// in the path
- deps: body-parser@~1.9.2
- deps: qs@2.3.2

`v3.18.1`

Compare Source

===================

Fix internal utils.merge deprecation warnings
deps: connect@2.27.1
- deps: body-parser@~1.9.1
- deps: express-session@~1.9.1
- deps: finalhandler@0.3.2
- deps: morgan@~1.4.1
- deps: qs@2.3.0
- deps: serve-static@~1.7.1
deps: send@0.10.1
- deps: on-finished@~2.1.1

`v3.18.0`

Compare Source

===================

Use content-disposition module for res.attachment/res.download
- Sends standards-compliant Content-Disposition header
- Full Unicode support
Use etag module to generate ETag headers
deps: connect@2.27.0
- Use http-errors module for creating errors
- Use utils-merge module for merging objects
- deps: body-parser@~1.9.0
- deps: compression@~1.2.0
- deps: connect-timeout@~1.4.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: express-session@~1.9.0
- deps: finalhandler@0.3.1
- deps: method-override@~2.3.0
- deps: morgan@~1.4.0
- deps: response-time@~2.2.0
- deps: serve-favicon@~2.1.6
- deps: serve-index@~1.5.0
- deps: serve-static@~1.7.0
deps: debug@~2.1.0
- Implement DEBUG_FD env variable support
deps: depd@~1.0.0
deps: send@0.10.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: etag@~1.5.0

`v3.17.8`

Compare Source

===================

deps: connect@2.26.6
- deps: compression@~1.1.2
- deps: csurf@~1.6.2
- deps: errorhandler@~1.2.2

`v3.17.7`

Compare Source

===================

deps: connect@2.26.5
- Fix accepting non-object arguments to logger
- deps: serve-static@~1.6.4

`v3.17.6`

Compare Source

===================

deps: connect@2.26.4
- deps: morgan@~1.3.2
- deps: type-is@~1.5.2

`v3.17.5`

Compare Source

===================

deps: connect@2.26.3
- deps: body-parser@~1.8.4
- deps: serve-favicon@~2.1.5
- deps: serve-static@~1.6.3
deps: proxy-addr@~1.0.3
- Use forwarded npm module
deps: send@0.9.3
- deps: etag@~1.4.0

`v3.17.4`

Compare Source

===================

deps: connect@2.26.2
- deps: body-parser@~1.8.3
- deps: qs@2.2.4

`v3.17.3`

Compare Source

===================

deps: proxy-addr@~1.0.2
- Fix a global leak when multiple subnets are trusted
- deps: ipaddr.js@0.1.3

`v3.17.2`

Compare Source

===================

Use crc instead of buffer-crc32 for speed
deps: connect@2.26.1
- deps: body-parser@~1.8.2
- deps: depd@0.4.5
- deps: express-session@~1.8.2
- deps: morgan@~1.3.1
- deps: serve-favicon@~2.1.3
- deps: serve-static@~1.6.2
deps: depd@0.4.5
deps: send@0.9.2
- deps: depd@0.4.5
- deps: etag@~1.3.1
- deps: range-parser@~1.0.2

`v3.17.1`

Compare Source

===================

Fix error in req.subdomains on empty host

`v3.17.0`

Compare Source

===================

Support X-Forwarded-Host in req.subdomains
Support IP address host in req.subdomains
deps: connect@2.26.0
- deps: body-parser@~1.8.1
- deps: compression@~1.1.0
- deps: connect-timeout@~1.3.0
- deps: cookie-parser@~1.3.3
- deps: cookie-signature@1.0.5
- deps: csurf@~1.6.1
- deps: debug@~2.0.0
- deps: errorhandler@~1.2.0
- deps: express-session@~1.8.1
- deps: finalhandler@0.2.0
- deps: fresh@0.2.4
- deps: media-typer@0.3.0
- deps: method-override@~2.2.0
- deps: morgan@~1.3.0
- deps: qs@2.2.3
- deps: serve-favicon@~2.1.3
- deps: serve-index@~1.2.1
- deps: serve-static@~1.6.1
- deps: type-is@~1.5.1
- deps: vhost@~3.0.0
deps: cookie-signature@1.0.5
deps: debug@~2.0.0
deps: fresh@0.2.4
deps: media-typer@0.3.0
- Throw error when parameter format invalid on parse
deps: range-parser@~1.0.2
deps: send@0.9.1
- Add lastModified option
- Use etag to generate ETag header
- deps: debug@~2.0.0
- deps: fresh@0.2.4
deps: vary@~1.0.0
- Accept valid Vary header string as field

`v3.16.10`

Compare Source

====================

deps: connect@2.25.10
- deps: serve-static@~1.5.4
deps: send@0.8.5
- Fix a path traversal issue when using root
- Fix malicious path detection for empty string path

`v3.16.9`

Compare Source

===================

deps: connect@2.25.9
- deps: body-parser@~1.6.7
- deps: qs@2.2.2

`v3.16.8`

Compare Source

===================

deps: connect@2.25.8
- deps: body-parser@~1.6.6
- deps: csurf@~1.4.1
- deps: qs@2.2.0

`v3.16.7`

Compare Source

===================

deps: connect@2.25.7
- deps: body-parser@~1.6.5
- deps: express-session@~1.7.6
- deps: morgan@~1.2.3
- deps: serve-static@~1.5.3
deps: send@0.8.3
- deps: destroy@1.0.3
- deps: on-finished@2.1.0

`v3.16.6`

Compare Source

===================

deps: connect@2.25.6
- deps: body-parser@~1.6.4
- deps: qs@1.2.2
- deps: serve-static@~1.5.2
deps: send@0.8.2
- Work around fd leak in Node.js 0.10 for fs.ReadStream

`v3.16.5`

Compare Source

===================

deps: connect@2.25.5
- Fix backwards compatibility in logger

`v3.16.4`

Compare Source

===================

Fix original URL parsing in res.location
deps: connect@2.25.4
- Fix query middleware breaking with argument
- deps: body-parser@~1.6.3
- deps: compression@~1.0.11
- deps: connect-timeout@~1.2.2
- deps: express-session@~1.7.5
- deps: method-override@~2.1.3
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: qs@1.2.1
- deps: response-time@~2.0.1
- deps: serve-index@~1.1.6
- deps: serve-static@~1.5.1
deps: parseurl@~1.3.0

`v3.16.3`

Compare Source

===================

deps: connect@2.25.3
- deps: multiparty@3.3.2

`v3.16.2`

Compare Source

===================

deps: connect@2.25.2
- deps: body-parser@~1.6.2
- deps: qs@1.2.0

`v3.16.1`

Compare Source

====================

deps: connect@2.25.10
- deps: serve-static@~1.5.4
deps: send@0.8.5
- Fix a path traversal issue when using root
- Fix malicious path detection for empty string path

`v3.16.0`

Compare Source

===================

deps: connect@2.25.0
- deps: body-parser@~1.6.0
- deps: compression@~1.0.10
- deps: csurf@~1.4.0
- deps: express-session@~1.7.4
- deps: qs@1.0.2
- deps: serve-static@~1.5.0
deps: send@0.8.1
- Add extensions option

`v3.15.3`

Compare Source

===================

fix res.sendfile regression for serving directory index files
deps: connect@2.24.3
- deps: serve-index@~1.1.5
- deps: serve-static@~1.4.4
deps: send@0.7.4
- Fix incorrect 403 on Windows and Node.js 0.11
- Fix serving index files without root dir

`v3.15.2`

Compare Source

===================

deps: connect@2.24.2
- deps: body-parser@~1.5.2
- deps: depd@0.4.4
- deps: express-session@~1.7.2
- deps: morgan@~1.2.2
- deps: serve-static@~1.4.2
deps: depd@0.4.4
- Work-around v8 generating empty stack traces
deps: send@0.7.2
- deps: depd@0.4.4

`v3.15.1`

Compare Source

===================

deps: connect@2.24.1
- deps: body-parser@~1.5.1
- deps: depd@0.4.3
- deps: express-session@~1.7.1
- deps: morgan@~1.2.1
- deps: serve-index@~1.1.4
- deps: serve-static@~1.4.1
deps: depd@0.4.3
- Fix exception when global Error.stackTraceLimit is too low
deps: send@0.7.1
- deps: depd@0.4.3

`v3.15.0`

Compare Source

===================

Fix req.protocol for proxy-direct connections
Pass options from res.sendfile to send
deps: connect@2.24.0
- deps: body-parser@~1.5.0
- deps: compression@~1.0.9
- deps: connect-timeout@~1.2.1
- deps: debug@1.0.4
- deps: depd@0.4.2
- deps: express-session@~1.7.0
- deps: finalhandler@0.1.0
- deps: method-override@~2.1.2
- deps: morgan@~1.2.0
- deps: multiparty@3.3.1
- deps: parseurl@~1.2.0
- deps: serve-static@~1.4.0
deps: debug@1.0.4
deps: depd@0.4.2
- Add TRACE_DEPRECATION environment variable
- Remove non-standard grey color from color output
- Support --no-deprecation argument
- Support --trace-deprecation argument
deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path" RegExp
deps: send@0.7.0
- Add dotfiles option
- Cap maxAge value to 1 year
- deps: debug@1.0.4
- deps: depd@0.4.2

`v3.14.0`

Compare Source

===================

add explicit "Rosetta Flash JSONP abuse" protection
- previous versions are not vulnerable; this is just explicit protection
deprecate res.redirect(url, status) -- use res.redirect(status, url) instead
fix res.send(status, num) to send num as json (not error)
remove unnecessary escaping when res.jsonp returns JSON response
deps: basic-auth@1.0.0
- support empty password
- support empty username
deps: connect@2.23.0
- deps: debug@1.0.3
- deps: express-session@~1.6.4
- deps: method-override@~2.1.0
- deps: parseurl@~1.1.3
- deps: serve-static@~1.3.1
deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
deps: methods@1.1.0
- add CONNECT
deps: parseurl@~1.1.3
- faster parsing of href-only URLs

`v3.13.0`

Compare Source

===================

add deprecation message to app.configure
add deprecation message to req.auth
use basic-auth to parse Authorization header
deps: connect@2.22.0
- deps: csurf@~1.3.0
- deps: express-session@~1.6.1
- deps: multiparty@3.3.0
- deps: serve-static@~1.3.0
deps: send@0.5.0
- Accept string for maxage (converted by ms)
- Include link in default redirect response

`v3.12.1`

Compare Source

===================

deps: connect@2.21.1
- deps: cookie-parser@1.3.2
- deps: cookie-signature@1.0.4
- deps: express-session@~1.5.2
- deps: type-is@~1.3.2
deps: cookie-signature@1.0.4
- fix for timing attacks

`v3.12.0`

Compare Source

===================

use media-typer to alter content-type charset
deps: connect@2.21.0
- deprecate connect(middleware) -- use app.use(middleware) instead
- deprecate connect.createServer() -- use connect() instead
- fix res.setHeader() patch to work with with get -> append -> set pattern
- deps: compression@~1.0.8
- deps: errorhandler@~1.1.1
- deps: express-session@~1.5.0
- deps: serve-index@~1.1.3

`v3.11.0`

Compare Source

===================

deprecate things with depd module
deps: buffer-crc32@0.2.3
deps: connect@2.20.2
- deprecate verify option to json -- use body-parser npm module instead
- deprecate verify option to urlencoded -- use body-parser npm module instead
- deprecate things with depd module
- use finalhandler for final response handling
- use media-typer to parse content-type for charset
- deps: body-parser@1.4.3
- deps: connect-timeout@1.1.1
- deps: cookie-parser@1.3.1
- deps: csurf@1.2.2
- deps: errorhandler@1.1.0
- deps: express-session@1.4.0
- deps: multiparty@3.2.9
- deps: serve-index@1.1.2
- deps: type-is@1.3.1
- deps: vhost@2.0.0

`v3.10.5`

Compare Source

===================

deps: connect@2.19.6
- deps: body-parser@1.3.1
- deps: compression@1.0.7
- deps: debug@1.0.2
- deps: serve-index@1.1.1
- deps: serve-static@1.2.3
deps: debug@1.0.2
deps: send@0.4.3
- Do not throw uncatchable error on file open race condition
- Use escape-html for HTML escaping
- deps: debug@1.0.2
- deps: finished@1.2.2
- deps: fresh@0.2.2

`v3.10.4`

Compare Source

===================

deps: connect@2.19.5
- fix "event emitter leak" warnings
- deps: csurf@1.2.1
- deps: debug@1.0.1
- deps: serve-static@1.2.2
- deps: type-is@1.2.1
deps: debug@1.0.1
deps: send@0.4.2
- fix "event emitter leak" warnings
- deps: finished@1.2.1
- deps: debug@1.0.1

`v3.10.3`

Compare Source

===================

use vary module for res.vary
deps: connect@2.19.4
- deps: errorhandler@1.0.2
- deps: method-override@2.0.2
- deps: serve-favicon@2.0.1
deps: debug@1.0.0

`v3.10.2`

Compare Source

===================

deps: connect@2.19.3
- deps: compression@1.0.6

`v3.10.1`

Compare Source

===================

deps: connect@2.19.2
- deps: compression@1.0.4
deps: proxy-addr@1.0.1

`v3.10.0`

Compare Source

===================

deps: connect@2.19.1
- deprecate methodOverride() -- use method-override npm module instead
- deps: body-parser@1.3.0
- deps: method-override@2.0.1
- deps: multiparty@3.2.8
- deps: response-time@2.0.0
- deps: serve-static@1.2.1
deps: methods@1.0.1
deps: send@0.4.1
- Send max-age in Cache-Control in correct format

`v3.9.0`

Compare Source

==================

custom etag control with app.set('etag', val)
- app.set('etag', function(body, encoding){ return '"etag"' }) custom etag generation
- app.set('etag', 'weak') weak tag
- app.set('etag', 'strong') strong etag
- app.set('etag', false) turn off
- app.set('etag', true) standard etag
Include ETag in HEAD requests
mark res.send ETag as weak and reduce collisions
update connect to 2.18.0
- deps: compression@1.0.3
- deps: serve-index@1.1.0
- deps: serve-static@1.2.0
update send to 0.4.0
- Calculate ETag with md5 for reduced collisions
- Ignore stream errors after request ends
- deps: debug@0.8.1

`v3.8.1`

Compare Source

==================

update connect to 2.17.3
- deps: body-parser@1.2.2
- deps: express-session@1.2.1
- deps: method-override@1.0.2

`v3.8.0`

Compare Source

==================

keep previous Content-Type for res.jsonp
set proper charset in Content-Type for res.send
update connect to 2.17.1
- fix res.charset appending charset when content-type has one
- deps: express-session@1.2.0
- deps: morgan@1.1.1
- deps: serve-index@1.0.3

`v3.7.0`

Compare Source

==================

proper proxy trust with app.set('trust proxy', trust)
- app.set('trust proxy', 1) trust first hop
- app.set('trust proxy', 'loopback') trust loopback addresses
- app.set('trust proxy', '10.0.0.1') trust single IP
- app.set('trust proxy', '10.0.0.1/16') trust subnet
- app.set('trust proxy', '10.0.0.1, 10.0.0.2') trust list
- app.set('trust proxy', false) turn off
- app.set('trust proxy', true) trust everything
update connect to 2.16.2
- deprecate res.headerSent -- use res.headersSent
- deprecate res.on("header") -- use on-headers module instead
- fix edge-case in res.appendHeader that would append in wrong order
- json: use body-parser
- urlencoded: use body-parser
- dep: bytes@1.0.0
- dep: cookie-parser@1.1.0
- dep: csurf@1.2.0
- dep: express-session@1.1.0
- dep: method-override@1.0.1

`v3.6.0`

Compare Source

==================

deprecate app.del() -- use app.delete() instead
deprecate res.json(obj, status) -- use res.json(status, obj) instead
- the edge-case res.json(status, num) requires res.status(status).json(num)
deprecate res.jsonp(obj, status) -- use res.jsonp(status, obj) instead
- the edge-case res.jsonp(status, num) requires res.status(status).jsonp(num)
support PURGE method
- add app.purge
- add router.purge
- include PURGE in app.all
update connect to 2.15.0
- Add res.appendHeader
- Call error stack even when response has been sent
- Patch res.headerSent to return Boolean
- Patch res.headersSent for node.js 0.8
- Prevent default 404 handler after response sent
- dep: compression@1.0.2
- dep: connect-timeout@1.1.0
- dep: debug@^0.8.0
- dep: errorhandler@1.0.1
- dep: express-session@1.0.4
- dep: morgan@1.0.1
- dep: serve-favicon@2.0.0
- dep: serve-index@1.0.2
update debug to 0.8.0
- add enable() method
- change from stderr to stdout
update methods to 1.0.0
- add PURGE
update mkdirp to 0.5.0

`v3.5.3`

Compare Source

==================

fix req.host for IPv6 literals
fix res.jsonp error if callback param is object

`v3.5.2`

Compare Source

==================

update connect to 2.14.5
update cookie to 0.1.2
update mkdirp to 0.4.0
update send to 0.3.0

`v3.5.1`

Compare Source

==================

pin less-middleware in generated app

`v3.5.0`

Compare Source

==================

bump deps

`v3.4.8`

Compare Source

==================

prevent incorrect automatic OPTIONS responses #1868 @dpatti
update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi
throw 400 in case of malformed paths @rlidwka

`v3.4.7`

Compare Source

==================

update connect

`v3.4.6`

Compare Source

==================

update connect (raw-body)

`v3.4.5`

Compare Source

==================

update connect
res.location: remove leading ./ #1802 @kapouer
res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
res.send: always send ETag when content-length > 0
router: add Router.all() method

`v3.4.4`

Compare Source

==================

update connect
update supertest
update methods
express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04

`v3.4.3`

Compare Source

==================

update connect

`v3.4.2`

Compare Source

==================

update connect
downgrade commander

`v3.4.1`

Compare Source

==================

update connect
update commander
jsonp: check if callback is a function
router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
res.format: now includes charset @1747 (@sorribas)
res.links: allow multiple calls @1746 (@sorribas)

`v3.4.0`

Compare Source

==================

add res.vary(). Closes #1682
update connect

`v3.3.8`

Compare Source

==================

update connect

`v3.3.7`

Compare Source

==================

update connect

`v3.3.6`

Compare Source

==================

Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
add: req.accepts take an argument list

`v3.3.5`

Compare Source

`v3.3.4`

Compare Source

==================

update send and connect

`v3.3.3`

Compare Source

==================

update connect

`v3.3.2`

Compare Source

==================

update connect
update send
remove .version export

`v3.3.1`

Compare Source

==================

update connect

`v3.3.0`

Compare Source

==================

update connect
add support for multiple X-Forwarded-Proto values. Closes #1646
change: remove charset from json responses. Closes #1631
change: return actual booleans from req.accept* functions
fix jsonp callback array throw

`v3.2.6`

Compare Source

==================

update connect

`v3.2.5`

Compare Source

==================

update connect
update node-cookie
add: throw a meaningful error when there is no default engine
change generation of ETags with res.send() to GET requests only. Closes #1619

`v3.2.4`

Compare Source

==================

fix req.subdomains when no Host is present
fix req.host when no Host is present, return undefined

`v3.2.3`

Compare Source

==================

update connect / qs

`v3.2.2`

Compare Source

==================

update qs

`v3.2.1`

Compare Source

==================

add app.VERB() paths array deprecation warning
update connect
update qs and remove all ~ semver crap
fix: accept number as value of Signed Cookie

`v3.2.0`

Compare Source

==================

add "view" constructor setting to override view behaviour
add req.acceptsEncoding(name)
add req.acceptedEncodings
revert cookie signature change causing session race conditions
fix sorting of Accept values of the same quality

`v3.1.2`

Compare Source

==================

add support for custom Accept parameters
update cookie-signature

`v3.1.1`

Compare Source

==================

add X-Forwarded-Host support to req.host
fix relative redirects
update mkdirp
update buffer-crc32
remove legacy app.configure() method from app template.

`v3.1.0`

Compare Source

==================

add support for leading "." in "view engine" setting
add array support to res.set()
add node 0.8.x to travis.yml
add "subdomain offset" setting for tweaking req.subdomains
add res.location(url) implementing res.redirect()-like setting of Location
use app.get() for x-powered-by setting for inheritance
fix colons in passwords for req.auth

`v3.0.6`

Compare Source

==================

add http verb methods to Router
update connect
fix mangling of the res.cookie() options object
fix jsonp whitespace escape. Closes #1132

`v3.0.5`

Compare Source

==================

add throwing when a non-function is passed to a route
fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
revert "add 'etag' option"

`v3.0.4`

Compare Source

==================

add 'etag' option to disable res.send() Etags
add escaping of urls in text/plain in res.redirect()
for old browsers interpreting as html
change crc32 module for a more liberal license
update connect

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Update dependency express to v3.21.2

775ef1f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency express to v3.21.2 #6

Update dependency express to v3.21.2 #6

boltlocal bot commented Nov 6, 2022 •

edited

Loading

Update dependency express to v3.21.2 #6

Are you sure you want to change the base?

Update dependency express to v3.21.2 #6

Conversation

boltlocal bot commented Nov 6, 2022 • edited Loading

⚠ Dependency Lookup Warnings ⚠

Release Notes

Configuration

boltlocal bot commented Nov 6, 2022 •

edited

Loading