Skip to content

chore(deps): update dependency express to v5 #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
specmatic-builder wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency express to v5 #189

specmatic-builder wants to merge 1 commit into from

Conversation

@specmatic-builder
Copy link
Contributor

@specmatic-builder specmatic-builder commented Apr 6, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express (source) ^4.21.0^5.0.0 age adoption passing confidence

Release Notes

expressjs/express (express)

v5.2.1

Compare Source

=======================

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

v5.2.0

Compare Source

========================

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@​1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@​4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@​6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. Specmatic specific configuration is managed here.

@kaushall kaushall force-pushed the renovate/express-5.x branch from 0ebd9cb to 24df57a Compare April 8, 2025 09:46
@specmatic-builder specmatic-builder changed the title Update dependency express to v5 chore(deps): update dependency express to v5 May 24, 2025
@specmatic-builder specmatic-builder force-pushed the renovate/express-5.x branch 2 times, most recently from 6f205eb to 1c7598b Compare October 14, 2025 07:21
@specmatic-builder specmatic-builder force-pushed the renovate/express-5.x branch 2 times, most recently from 6283451 to da45772 Compare December 29, 2025 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependency renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@specmatic-builder