Skip to content

Commit

Permalink
chore(deps): bump express from 4.19.1 to 4.21.2 in /functions (#1218)
Browse files Browse the repository at this point in the history
Bumps [express](https://github.com/expressjs/express) from 4.19.1 to 4.21.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in <a href="https://github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in <a href="https://github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a href="https://github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a href="https://github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in <a href="https://github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a href="https://github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a href="https://github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a> in <a href="https://github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a> made their first contribution in <a href="https://github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li>
<li>Remove link renderization in html while using <code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a href="https://github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a href="https://github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a> in <a href="https://github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a href="https://github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in <a href="https://github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>, <code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>, <code>body-parser</code> by <a href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a href="https://github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a> in <a href="https://github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a> in <a href="https://github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and <code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using <code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a regex</li>
<li>Adds backtracking protection to parameters without regexes defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and <code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
<h1>4.19.2 / 2024-03-25</h1>
<ul>
<li>Improved fix for open redirect allow list bypass</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a> 4.21.2</li>
<li><a href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a> deps: bump path-to-regexp@0.1.12 (<a href="https://github.com/expressjs/express/issues/6209">#6209</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a> deps: path-to-regexp@0.1.11 (<a href="https://github.com/expressjs/express/issues/5956">#5956</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a> docs: add funding (<a href="https://github.com/expressjs/express/issues/6065">#6065</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/8e229f92752ad51462c868b99f6e6c2e559801b0"><code>8e229f9</code></a> 4.21.1</li>
<li><a href="https://github.com/expressjs/express/commit/a024c8a7b658a178cbdb9bde33030b7500172815"><code>a024c8a</code></a> fix(deps): cookie@0.7.1</li>
<li><a href="https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff"><code>7e562c6</code></a> 4.21.0</li>
<li><a href="https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb"><code>1bcde96</code></a> fix(deps): qs@6.13.0 (<a href="https://github.com/expressjs/express/issues/5946">#5946</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997"><code>7d36477</code></a> fix(deps): serve-static@1.16.2 (<a href="https://github.com/expressjs/express/issues/5951">#5951</a>)</li>
<li><a href="https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b"><code>40d2d8f</code></a> fix(deps): finalhandler@1.3.1</li>
<li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.19.1...4.21.2">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser for express since your current version.</p>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.19.1&new-version=4.21.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
  • Loading branch information
mergify[bot] authored Dec 20, 2024
2 parents c007e7e + bd8cdb8 commit 86044b2
Showing 1 changed file with 179 additions and 49 deletions.
Loading

0 comments on commit 86044b2

Please sign in to comment.