web/cryptpad
Archived
5
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Releases Wiki Activity

Update dependency express to ~4.22.0 #5

Open
jcabillot wants to merge 2 commits from renovate/express-4.x into master
pull from: renovate/express-4.x
merge into: web:master
Conversation 0 Commits 2 Files Changed 2
+384 -153
jcabillot commented 2026-05-26 20:05:21 -04:00
Owner
Copy Link
Copy Source

This PR contains the following updates:

Package Type Update Change
express (source) dependencies minor ~4.16.0~4.22.0

Release Notes

expressjs/express (express)

v4.22.2

Compare Source

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/v4.22.1...v4.22.2

v4.22.1

Compare Source

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: https://github.com/expressjs/express/compare/4.22.0...v4.22.1

v4.22.0

Compare Source

Important: Security

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.2...4.22.0

v4.21.2

Compare Source

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

v4.20.0

Compare Source

==========

  • deps: serve-static@​0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@​0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@​0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@​0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

  • Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

  • Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@​0.6.0

v4.18.3

Compare Source

==========

  • Fix routing requests without method
  • deps: body-parser@​1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@​2.5.2
  • deps: cookie@​0.6.0
    • Add partitioned option

v4.18.2

Compare Source

===================

  • Fix regression routing a large stack in a single route
  • deps: body-parser@​1.20.1
    • deps: qs@​6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@​6.11.0

v4.18.1

Compare Source

===================

  • Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: body-parser@​1.20.0
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: depd@​2.0.0
    • deps: http-errors@​2.0.0
    • deps: on-finished@​2.4.1
    • deps: qs@​6.10.3
    • deps: raw-body@​2.5.1
  • deps: cookie@​0.5.0
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: depd@​2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: finalhandler@​1.2.0
    • Remove set content headers that break response
    • deps: on-finished@​2.4.1
    • deps: statuses@​2.0.1
  • deps: on-finished@​2.4.1
    • Prevent loss of async hooks context
  • deps: qs@​6.10.3
  • deps: send@​0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@​2.0.0
    • deps: destroy@​1.2.0
    • deps: http-errors@​2.0.0
    • deps: on-finished@​2.4.1
    • deps: statuses@​2.0.1
  • deps: serve-static@​1.15.0
    • deps: send@​0.18.0
  • deps: statuses@​2.0.1
    • Remove code 306
    • Rename 425 Unordered Collection to standard 425 Too Early

v4.17.3

Compare Source

===================

  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: negotiator@​0.6.3
  • deps: body-parser@​1.19.2
    • deps: bytes@​3.1.2
    • deps: qs@​6.9.7
    • deps: raw-body@​2.4.3
  • deps: cookie@​0.4.2
  • deps: qs@​6.9.7
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy

v4.17.2

Compare Source

===================

  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@​1.19.1
    • deps: bytes@​3.1.1
    • deps: http-errors@​1.8.1
    • deps: qs@​6.9.6
    • deps: raw-body@​2.4.2
    • deps: safe-buffer@​5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@​0.5.4
    • deps: safe-buffer@​5.2.1
  • deps: cookie@​0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@​0.2.0
    • deps: ipaddr.js@​1.9.1
  • deps: qs@​6.9.6
  • deps: safe-buffer@​5.2.1
  • deps: send@​0.17.2
    • deps: http-errors@​1.8.1
    • deps: ms@​2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@​1.14.2
    • deps: send@​0.17.2
  • deps: setprototypeof@​1.2.0

v4.17.1

Compare Source

===================

  • Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

  • Add express.raw to parse bodies into Buffer
  • Add express.text to parse bodies into string
  • Improve error message for non-strings to res.sendFile
  • Improve error message for null/undefined to res.status
  • Support multiple hosts in X-Forwarded-Host
  • deps: accepts@~1.3.7
  • deps: body-parser@​1.19.0
    • Add encoding MIK
    • Add petabyte (pb) support
    • Fix parsing array brackets after index
    • deps: bytes@​3.1.0
    • deps: http-errors@​1.7.2
    • deps: iconv-lite@​0.4.24
    • deps: qs@​6.7.0
    • deps: raw-body@​2.4.0
    • deps: type-is@~1.6.17
  • deps: content-disposition@​0.5.3
  • deps: cookie@​0.4.0
    • Add SameSite=None support
  • deps: finalhandler@~1.1.2
    • Set stricter Content-Security-Policy header
    • deps: parseurl@~1.3.3
    • deps: statuses@~1.5.0
  • deps: parseurl@~1.3.3
  • deps: proxy-addr@~2.0.5
    • deps: ipaddr.js@​1.9.0
  • deps: qs@​6.7.0
    • Fix parsing array brackets after index
  • deps: range-parser@~1.2.1
  • deps: send@​0.17.1
    • Set stricter CSP header in redirect & error responses
    • deps: http-errors@~1.7.2
    • deps: mime@​1.6.0
    • deps: ms@​2.1.1
    • deps: range-parser@~1.2.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
  • deps: serve-static@​1.14.1
    • Set stricter CSP header in redirect response
    • deps: parseurl@~1.3.3
    • deps: send@​0.17.1
  • deps: setprototypeof@​1.1.1
  • deps: statuses@~1.5.0
    • Add 103 Early Hints
  • deps: type-is@~1.6.18
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [express](https://expressjs.com/) ([source](https://github.com/expressjs/express)) | dependencies | minor | [`~4.16.0` → `~4.22.0`](https://renovatebot.com/diffs/npm/express/4.16.4/4.22.2) | --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.22.2`](https://github.com/expressjs/express/releases/tag/v4.22.2) [Compare Source](https://github.com/expressjs/express/compare/v4.22.1...v4.22.2) #### What's Changed - fix: restore >20 array parsing for `req.query` repeated keys ([`8d09bfe6`](https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db)) - This also unifies array-cap behavior across notations. Indexed notation (`a[0]=...`) was historically capped at qs's default `arrayLimit` of 20 even in older qs versions; after this change it also allows up to 1000 items. - deps: qs@\~6.15.1 - deps: body-parser@\~1.20.5 #### New Contributors - [@&#8203;suuuuuuminnnnnn](https://github.com/suuuuuuminnnnnn) made their first contribution in [#&#8203;7021](https://github.com/expressjs/express/pull/7021) - [@&#8203;SAY-5](https://github.com/SAY-5) made their first contribution in [#&#8203;7181](https://github.com/expressjs/express/pull/7181) **Full Changelog**: <https://github.com/expressjs/express/compare/v4.22.1...v4.22.2> ### [`v4.22.1`](https://github.com/expressjs/express/releases/tag/v4.22.1) [Compare Source](https://github.com/expressjs/express/compare/4.22.0...v4.22.1) #### What's Changed > \[!IMPORTANT]\ > The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release. - Release: 4.22.1 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6934](https://github.com/expressjs/express/pull/6934) **Full Changelog**: <https://github.com/expressjs/express/compare/4.22.0...v4.22.1> ### [`v4.22.0`](https://github.com/expressjs/express/releases/tag/4.22.0) [Compare Source](https://github.com/expressjs/express/compare/4.21.2...4.22.0) #### Important: Security - Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6)) #### What's Changed - Refactor: improve readability by [@&#8203;sazk07](https://github.com/sazk07) in [#&#8203;6190](https://github.com/expressjs/express/pull/6190) - ci: add support for Node.js\@&#8203;23.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6080](https://github.com/expressjs/express/pull/6080) - Method functions with no path should error by [@&#8203;wesleytodd](https://github.com/wesleytodd) in [#&#8203;5957](https://github.com/expressjs/express/pull/5957) - ci: updated github actions ci workflow by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6323](https://github.com/expressjs/express/pull/6323) - ci: reorder `npm i` steps to fix ci for older node versions by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6336](https://github.com/expressjs/express/pull/6336) - Backport: ci: add node.js 24 to test matrix by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6506](https://github.com/expressjs/express/pull/6506) - chore(4.x): wider range for query test skip by [@&#8203;jonchurch](https://github.com/jonchurch) in [#&#8203;6513](https://github.com/expressjs/express/pull/6513) - use tilde notation for certain dependencies by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6905](https://github.com/expressjs/express/pull/6905) - deps: qs\@&#8203;6.14.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6909](https://github.com/expressjs/express/pull/6909) - deps: use tilde notation for `qs` by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6919](https://github.com/expressjs/express/pull/6919) - Release: 4.22.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6921](https://github.com/expressjs/express/pull/6921) **Full Changelog**: <https://github.com/expressjs/express/compare/4.21.2...4.22.0> ### [`v4.21.2`](https://github.com/expressjs/express/releases/tag/4.21.2) [Compare Source](https://github.com/expressjs/express/compare/4.21.1...4.21.2) #### What's Changed - Add funding field (v4) by [@&#8203;bjohansebas](https://github.com/bjohansebas) in [#&#8203;6065](https://github.com/expressjs/express/pull/6065) - deps: path-to-regexp\@&#8203;0.1.11 by [@&#8203;blakeembrey](https://github.com/blakeembrey) in [#&#8203;5956](https://github.com/expressjs/express/pull/5956) - deps: bump path-to-regexp\@&#8203;0.1.12 by [@&#8203;jonchurch](https://github.com/jonchurch) in [#&#8203;6209](https://github.com/expressjs/express/pull/6209) - Release: 4.21.2 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6094](https://github.com/expressjs/express/pull/6094) **Full Changelog**: <https://github.com/expressjs/express/compare/4.21.1...4.21.2> ### [`v4.21.1`](https://github.com/expressjs/express/releases/tag/4.21.1) [Compare Source](https://github.com/expressjs/express/compare/4.21.0...4.21.1) #### What's Changed - Backport a fix for CVE-2024-47764 to the 4.x branch by [@&#8203;joshbuker](https://github.com/joshbuker) in [#&#8203;6029](https://github.com/expressjs/express/pull/6029) - Release: 4.21.1 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6031](https://github.com/expressjs/express/pull/6031) **Full Changelog**: <https://github.com/expressjs/express/compare/4.21.0...4.21.1> ### [`v4.21.0`](https://github.com/expressjs/express/releases/tag/4.21.0) [Compare Source](https://github.com/expressjs/express/compare/4.20.0...4.21.0) #### What's Changed - Deprecate `"back"` magic string in redirects by [@&#8203;blakeembrey](https://github.com/blakeembrey) in [#&#8203;5935](https://github.com/expressjs/express/pull/5935) - finalhandler\@&#8203;1.3.1 by [@&#8203;wesleytodd](https://github.com/wesleytodd) in [#&#8203;5954](https://github.com/expressjs/express/pull/5954) - fix(deps): serve-static\@&#8203;1.16.2 by [@&#8203;wesleytodd](https://github.com/wesleytodd) in [#&#8203;5951](https://github.com/expressjs/express/pull/5951) - Upgraded dependency qs to 6.13.0 to match qs in body-parser by [@&#8203;agadzinski93](https://github.com/agadzinski93) in [#&#8203;5946](https://github.com/expressjs/express/pull/5946) #### New Contributors - [@&#8203;agadzinski93](https://github.com/agadzinski93) made their first contribution in [#&#8203;5946](https://github.com/expressjs/express/pull/5946) **Full Changelog**: <https://github.com/expressjs/express/compare/4.20.0...4.21.0> ### [`v4.20.0`](https://github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10) [Compare Source](https://github.com/expressjs/express/compare/4.19.2...4.20.0) \========== - deps: serve-static\@&#8203;0.16.0 - Remove link renderization in html while redirecting - deps: send\@&#8203;0.19.0 - Remove link renderization in html while redirecting - deps: body-parser\@&#8203;0.6.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - Remove link renderization in html while using `res.redirect` - deps: path-to-regexp\@&#8203;0.1.10 - Adds support for named matching groups in the routes using a regex - Adds backtracking protection to parameters without regexes defined - deps: encodeurl@\~2.0.0 - Removes encoding of `\`, `|`, and `^` to align better with URL spec - Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie` - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie ### [`v4.19.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://github.com/expressjs/express/blob/HEAD/History.md#4190--2024-03-20) [Compare Source](https://github.com/expressjs/express/compare/4.18.3...4.19.0) \========== - Prevent open redirect allow list bypass due to encodeurl - deps: cookie\@&#8203;0.6.0 ### [`v4.18.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-29) [Compare Source](https://github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: body-parser\@&#8203;1.20.2 - Fix strict json error message on Node.js 19+ - deps: content-type@\~1.0.5 - deps: raw-body\@&#8203;2.5.2 - deps: cookie\@&#8203;0.6.0 - Add `partitioned` option ### [`v4.18.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4182--2022-10-08) [Compare Source](https://github.com/expressjs/express/compare/4.18.1...4.18.2) \=================== - Fix regression routing a large stack in a single route - deps: body-parser\@&#8203;1.20.1 - deps: qs\@&#8203;6.11.0 - perf: remove unnecessary object clone - deps: qs\@&#8203;6.11.0 ### [`v4.18.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4181--2022-04-29) [Compare Source](https://github.com/expressjs/express/compare/4.18.0...4.18.1) \=================== - Fix hanging on large stack of sync routes ### [`v4.18.0`](https://github.com/expressjs/express/blob/HEAD/History.md#4180--2022-04-25) [Compare Source](https://github.com/expressjs/express/compare/4.17.3...4.18.0) \=================== - Add "root" option to `res.download` - Allow `options` without `filename` in `res.download` - Deprecate string and non-integer arguments to `res.status` - Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` - Fix handling very large stacks of sync middleware - Ignore `Object.prototype` values in settings through `app.set`/`app.get` - Invoke `default` with same arguments as types in `res.format` - Support proper 205 responses using `res.send` - Use `http-errors` for `res.format` error - deps: body-parser\@&#8203;1.20.0 - Fix error message for json parse whitespace in `strict` - Fix internal error when inflated body exceeds limit - Prevent loss of async hooks context - Prevent hanging when request already read - deps: depd\@&#8203;2.0.0 - deps: http-errors\@&#8203;2.0.0 - deps: on-finished\@&#8203;2.4.1 - deps: qs\@&#8203;6.10.3 - deps: raw-body\@&#8203;2.5.1 - deps: cookie\@&#8203;0.5.0 - Add `priority` option - Fix `expires` option to reject invalid dates - deps: depd\@&#8203;2.0.0 - Replace internal `eval` usage with `Function` constructor - Use instance methods on `process` to check for listeners - deps: finalhandler\@&#8203;1.2.0 - Remove set content headers that break response - deps: on-finished\@&#8203;2.4.1 - deps: statuses\@&#8203;2.0.1 - deps: on-finished\@&#8203;2.4.1 - Prevent loss of async hooks context - deps: qs\@&#8203;6.10.3 - deps: send\@&#8203;0.18.0 - Fix emitted 416 error missing headers property - Limit the headers removed for 304 response - deps: depd\@&#8203;2.0.0 - deps: destroy\@&#8203;1.2.0 - deps: http-errors\@&#8203;2.0.0 - deps: on-finished\@&#8203;2.4.1 - deps: statuses\@&#8203;2.0.1 - deps: serve-static\@&#8203;1.15.0 - deps: send\@&#8203;0.18.0 - deps: statuses\@&#8203;2.0.1 - Remove code 306 - Rename `425 Unordered Collection` to standard `425 Too Early` ### [`v4.17.3`](https://github.com/expressjs/express/blob/HEAD/History.md#4173--2022-02-16) [Compare Source](https://github.com/expressjs/express/compare/4.17.2...4.17.3) \=================== - deps: accepts@\~1.3.8 - deps: mime-types@\~2.1.34 - deps: negotiator\@&#8203;0.6.3 - deps: body-parser\@&#8203;1.19.2 - deps: bytes\@&#8203;3.1.2 - deps: qs\@&#8203;6.9.7 - deps: raw-body\@&#8203;2.4.3 - deps: cookie\@&#8203;0.4.2 - deps: qs\@&#8203;6.9.7 - Fix handling of `__proto__` keys - pref: remove unnecessary regexp for trust proxy ### [`v4.17.2`](https://github.com/expressjs/express/blob/HEAD/History.md#4172--2021-12-16) [Compare Source](https://github.com/expressjs/express/compare/4.17.1...4.17.2) \=================== - Fix handling of `undefined` in `res.jsonp` - Fix handling of `undefined` when `"json escape"` is enabled - Fix incorrect middleware execution with unanchored `RegExp`s - Fix `res.jsonp(obj, status)` deprecation message - Fix typo in `res.is` JSDoc - deps: body-parser\@&#8203;1.19.1 - deps: bytes\@&#8203;3.1.1 - deps: http-errors\@&#8203;1.8.1 - deps: qs\@&#8203;6.9.6 - deps: raw-body\@&#8203;2.4.2 - deps: safe-buffer\@&#8203;5.2.1 - deps: type-is@\~1.6.18 - deps: content-disposition\@&#8203;0.5.4 - deps: safe-buffer\@&#8203;5.2.1 - deps: cookie\@&#8203;0.4.1 - Fix `maxAge` option to reject invalid values - deps: proxy-addr@\~2.0.7 - Use `req.socket` over deprecated `req.connection` - deps: forwarded\@&#8203;0.2.0 - deps: ipaddr.js\@&#8203;1.9.1 - deps: qs\@&#8203;6.9.6 - deps: safe-buffer\@&#8203;5.2.1 - deps: send\@&#8203;0.17.2 - deps: http-errors\@&#8203;1.8.1 - deps: ms\@&#8203;2.1.3 - pref: ignore empty http tokens - deps: serve-static\@&#8203;1.14.2 - deps: send\@&#8203;0.17.2 - deps: setprototypeof\@&#8203;1.2.0 ### [`v4.17.1`](https://github.com/expressjs/express/blob/HEAD/History.md#4171--2019-05-25) [Compare Source](https://github.com/expressjs/express/compare/4.17.0...4.17.1) \=================== - Revert "Improve error message for `null`/`undefined` to `res.status`" ### [`v4.17.0`](https://github.com/expressjs/express/blob/HEAD/History.md#4170--2019-05-16) [Compare Source](https://github.com/expressjs/express/compare/4.16.4...4.17.0) \=================== - Add `express.raw` to parse bodies into `Buffer` - Add `express.text` to parse bodies into string - Improve error message for non-strings to `res.sendFile` - Improve error message for `null`/`undefined` to `res.status` - Support multiple hosts in `X-Forwarded-Host` - deps: accepts@\~1.3.7 - deps: body-parser\@&#8203;1.19.0 - Add encoding MIK - Add petabyte (`pb`) support - Fix parsing array brackets after index - deps: bytes\@&#8203;3.1.0 - deps: http-errors\@&#8203;1.7.2 - deps: iconv-lite\@&#8203;0.4.24 - deps: qs\@&#8203;6.7.0 - deps: raw-body\@&#8203;2.4.0 - deps: type-is@\~1.6.17 - deps: content-disposition\@&#8203;0.5.3 - deps: cookie\@&#8203;0.4.0 - Add `SameSite=None` support - deps: finalhandler@\~1.1.2 - Set stricter `Content-Security-Policy` header - deps: parseurl@\~1.3.3 - deps: statuses@\~1.5.0 - deps: parseurl@\~1.3.3 - deps: proxy-addr@\~2.0.5 - deps: ipaddr.js\@&#8203;1.9.0 - deps: qs\@&#8203;6.7.0 - Fix parsing array brackets after index - deps: range-parser@\~1.2.1 - deps: send\@&#8203;0.17.1 - Set stricter CSP header in redirect & error responses - deps: http-errors@\~1.7.2 - deps: mime\@&#8203;1.6.0 - deps: ms\@&#8203;2.1.1 - deps: range-parser@\~1.2.1 - deps: statuses@\~1.5.0 - perf: remove redundant `path.normalize` call - deps: serve-static\@&#8203;1.14.1 - Set stricter CSP header in redirect response - deps: parseurl@\~1.3.3 - deps: send\@&#8203;0.17.1 - deps: setprototypeof\@&#8203;1.1.1 - deps: statuses@\~1.5.0 - Add `103 Early Hints` - deps: type-is@\~1.6.18 - deps: mime-types@\~2.1.24 - perf: prevent internal `throw` on invalid type </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ1cGRhdGVkSW5WZXIiOiI0My4xOTUuMTIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOltdfQ==-->
jcabillot added 1 commit 2026-05-26 20:05:23 -04:00
Update dependency express to ~4.22.0
web/cryptpad/pipeline/head There was a failure building this commit
Details
web/cryptpad/pipeline/pr-master There was a failure building this commit
Details
c788c67385
jcabillot added 1 commit 2026-05-29 15:50:48 -04:00
Merge branch 'master' into renovate/express-4.x d8091ca3de
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
cloudix_mcp_server fluxcd jcabillot opencodecabilloteu renovate
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: web/cryptpad#5
Delete Branch "renovate/express-4.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?