Skip to content

chore(deps): update dependency express to v4.22.1 (main)#16

Open
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/main-express-4.x-lockfile
Open

chore(deps): update dependency express to v4.22.1 (main)#16
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/main-express-4.x-lockfile

Conversation

@mend-for-github-com
Copy link
Copy Markdown

@mend-for-github-com mend-for-github-com bot commented Aug 4, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express (source) 4.18.24.22.1 age adoption passing confidence

Release Notes

expressjs/express (express)

v4.22.1

Compare Source

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

v4.22.0

Compare Source

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

v4.21.2

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

v4.20.0

Compare Source

==========

  • deps: serve-static@​0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@​0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@​0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@​0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

  • Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

  • Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@​0.6.0

v4.18.3

Compare Source

==========

  • Fix routing requests without method
  • deps: body-parser@​1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@​2.5.2
  • deps: cookie@​0.6.0
    • Add partitioned option

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Aug 4, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch 2 times, most recently from d248559 to 7941233 Compare October 1, 2025 08:28
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from 7941233 to db10274 Compare December 2, 2025 06:05
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from db10274 to 7451958 Compare December 16, 2025 08:16
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from 7451958 to f06e7cb Compare December 30, 2025 07:49
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.21.1 (main) Update dependency express to v4.22.0 (main) Dec 30, 2025
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.22.0 (main) Update dependency express to v4.22.1 (main) Jan 23, 2026
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.22.1 (main) Update dependency express to v4.22.0 (main) Jan 29, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from f06e7cb to d8607ee Compare February 12, 2026 06:52
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.22.0 (main) Update dependency express to v4.22.1 (main) Mar 15, 2026
@mend-for-github-com mend-for-github-com bot changed the title Update dependency express to v4.22.1 (main) chore(deps): update dependency express to v4.22.1 (main) Mar 23, 2026
@mend-for-github-com mend-for-github-com bot added patch release and removed security fix Security fix generated by Mend labels Mar 26, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/main-express-4.x-lockfile branch from d8607ee to b8ce9f1 Compare March 27, 2026 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

patch release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants