Update dependency express to v4.19.2 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express (source)	4.9.7 -> 4.19.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

expressjs/express (express)

v4.19.2

Compare Source

==========

• Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

• Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

v4.18.3

Compare Source

==========

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

v4.18.2

Compare Source

===================

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

v4.18.1

Compare Source

===================

• Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Remove code 306
  • Rename 425 Unordered Collection to standard 425 Too Early

v4.17.3

Compare Source

===================

• deps: accepts@~1.3.8
  • deps: mime-types@~2.1.34
  • deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • Fix handling of __proto__ keys
• pref: remove unnecessary regexp for trust proxy

v4.17.2

Compare Source

===================

• Fix handling of undefined in res.jsonp
• Fix handling of undefined when "json escape" is enabled
• Fix incorrect middleware execution with unanchored RegExps
• Fix res.jsonp(obj, status) deprecation message
• Fix typo in res.is JSDoc
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: type-is@~1.6.18
• deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Fix maxAge option to reject invalid values
• deps: proxy-addr@~2.0.7
  • Use req.socket over deprecated req.connection
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • pref: ignore empty http tokens
• deps: [email protected]
  • deps: [email protected]
• deps: [email protected]

v4.17.1

Compare Source

===================

• Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

• Add express.raw to parse bodies into Buffer
• Add express.text to parse bodies into string
• Improve error message for non-strings to res.sendFile
• Improve error message for null/undefined to res.status
• Support multiple hosts in X-Forwarded-Host
• deps: accepts@~1.3.7
• deps: [email protected]
  • Add encoding MIK
  • Add petabyte (pb) support
  • Fix parsing array brackets after index
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: type-is@~1.6.17
• deps: [email protected]
• deps: [email protected]
  • Add SameSite=None support
• deps: finalhandler@~1.1.2
  • Set stricter Content-Security-Policy header
  • deps: parseurl@~1.3.3
  • deps: statuses@~1.5.0
• deps: parseurl@~1.3.3
• deps: proxy-addr@~2.0.5
  • deps: [email protected]
• deps: [email protected]
  • Fix parsing array brackets after index
• deps: range-parser@~1.2.1
• deps: [email protected]
  • Set stricter CSP header in redirect & error responses
  • deps: http-errors@~1.7.2
  • deps: [email protected]
  • deps: [email protected]
  • deps: range-parser@~1.2.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call
• deps: [email protected]
  • Set stricter CSP header in redirect response
  • deps: parseurl@~1.3.3
  • deps: [email protected]
• deps: [email protected]
• deps: statuses@~1.5.0
  • Add 103 Early Hints
• deps: type-is@~1.6.18
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

v4.16.4

Compare Source

===================

• Fix issue where "Request aborted" may be logged in res.sendfile
• Fix JSDoc for Router constructor
• deps: [email protected]
  • Fix deprecation warnings on Node.js 10+
  • Fix stack trace for strict json parse error
  • deps: depd@~1.1.2
  • deps: http-errors@~1.6.3
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: type-is@~1.6.16
• deps: proxy-addr@~2.0.4
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]

v4.16.3

Compare Source

===================

• deps: accepts@~1.3.5
  • deps: mime-types@~2.1.18
• deps: depd@~1.1.2
  • perf: remove argument reassignment
• deps: encodeurl@~1.0.2
  • Fix encoding % as last character
• deps: [email protected]
  • Fix 404 output for bad / missing pathnames
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0
• deps: proxy-addr@~2.0.3
  • deps: [email protected]
• deps: [email protected]
  • Fix incorrect end tag in default error & redirects
  • deps: depd@~1.1.2
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0
• deps: [email protected]
  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
  • deps: [email protected]
• deps: statuses@~1.4.0
• deps: type-is@~1.6.16
  • deps: mime-types@~2.1.18

v4.16.2

Compare Source

===================

• Fix TypeError in res.send when given Buffer and ETag header set
• perf: skip parsing of entire X-Forwarded-Proto header

v4.16.1

Compare Source

===================

• deps: [email protected]
• deps: [email protected]
  • Fix regression when root is incorrectly set to a file
  • deps: [email protected]

v4.16.0

Compare Source

===================

• Add "json escape" setting for res.json and res.jsonp
• Add express.json and express.urlencoded to parse bodies
• Add options argument to res.download
• Improve error message when autoloading invalid view engine
• Improve error messages when non-function provided as middleware
• Skip Buffer encoding when not generating ETag for small response
• Use safe-buffer for improved Buffer API
• deps: accepts@~1.3.4
  • deps: mime-types@~2.1.16
• deps: content-type@~1.0.4
  • perf: remove argument reassignment
  • perf: skip parameter parsing when no parameters
• deps: etag@~1.8.1
  • perf: replace regular expression with substring
• deps: [email protected]
  • Use res.headersSent when available
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: proxy-addr@~2.0.2
  • Fix trimming leading / trailing OWS in X-Forwarded-For
  • deps: forwarded@~0.1.2
  • deps: [email protected]
  • perf: reduce overhead when no X-Forwarded-For header
• deps: [email protected]
  • Fix parsing & compacting very deep objects
• deps: [email protected]
  • Add 70 new types for file extensions
  • Add immutable option
  • Fix missing </html> in default error & redirects
  • Set charset as "UTF-8" for .js and .json
  • Use instance methods on steam to check for listeners
  • deps: [email protected]
  • perf: improve path validation speed
• deps: [email protected]
  • Add 70 new types for file extensions
  • Add immutable option
  • Set charset as "UTF-8" for .js and .json
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
• deps: vary@~1.1.2
  • perf: improve header token parsing speed
• perf: re-use options object when generating ETags
• perf: remove dead .charset set in res.jsonp

v4.15.5

Compare Source

===================

• deps: [email protected]
• deps: finalhandler@~1.0.6
  • deps: [email protected]
  • deps: parseurl@~1.3.2
• deps: [email protected]
  • Fix handling of modified headers with invalid dates
  • perf: improve ETag match loop
  • perf: improve If-None-Match token parsing
• deps: [email protected]
  • Fix handling of modified headers with invalid dates
  • deps: [email protected]
  • deps: etag@~1.8.1
  • deps: [email protected]
  • perf: improve If-Match token parsing
• deps: [email protected]
  • deps: parseurl@~1.3.2
  • deps: [email protected]
  • perf: improve slash collapsing

v4.15.4

Compare Source

===================

• deps: [email protected]
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading
• deps: finalhandler@~1.0.4
  • deps: [email protected]
• deps: proxy-addr@~1.1.5
  • Fix array argument being altered
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
  • deps: depd@~1.1.1
  • deps: http-errors@~1.6.2
• deps: [email protected]
  • deps: [email protected]

v4.15.3

Compare Source

===================

• Fix error when res.set cannot add charset to Content-Type
• deps: [email protected]
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: [email protected]
• deps: finalhandler@~1.0.3
  • Fix missing </html> in HTML document
  • deps: [email protected]
• deps: proxy-addr@~1.1.4
  • deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
• deps: type-is@~1.6.15
  • deps: mime-types@~2.1.15
• deps: vary@~1.1.1
  • perf: hoist regular expression

v4.15.2

Compare Source

===================

• deps: [email protected]
  • Fix regression parsing keys starting with [

v4.15.1

Compare Source

===================

• deps: [email protected]
  • Fix issue when Date.parse does not return NaN on invalid date
  • Fix strict violation in broken environments
• deps: [email protected]
  • Fix issue when Date.parse does not return NaN on invalid date
  • deps: [email protected]

v4.15.0

Compare Source

===================

• Add debug message when loading view engine
• Add next("router") to exit from router
• Fix case where router.use skipped requests routes did not
• Remove usage of res._headers private field
  • Improves compatibility with Node.js 8 nightly
• Skip routing when req.url is not set
• Use %o in path debug to tell types apart
• Use Object.create to setup request & response prototypes
• Use setprototypeof module to replace __proto__ setting
• Use statuses instead of http module for status messages
• deps: [email protected]
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable set to 3 or higher
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: [email protected]
• deps: etag@~1.8.0
  • Use SHA1 instead of MD5 for ETag hashing
  • Works with FIPS 140-2 OpenSSL configuration
• deps: finalhandler@~1.0.0
  • Fix exception when err cannot be converted to a string
  • Fully URL-encode the pathname in the 404
  • Only include the pathname in the 404 message
  • Send complete HTML document
  • Set Content-Security-Policy: default-src 'self' header
  • deps: [email protected]
• deps: [email protected]
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • perf: delay reading header values until needed
  • perf: enable strict mode
  • perf: hoist regular expressions
  • perf: remove duplicate conditional
  • perf: remove unnecessary boolean coercions
  • perf: skip checking modified time if ETag check failed
  • perf: skip parsing If-None-Match when no ETag header
  • perf: use Date.parse instead of new Date
• deps: [email protected]
  • Fix array parsing from skipping empty values
  • Fix compacting nested arrays
• deps: [email protected]
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • Remove usage of res._headers private field
  • Support If-Match and If-Unmodified-Since headers
  • Use res.getHeaderNames() when available
  • Use res.headersSent when available
  • deps: [email protected]
  • deps: etag@~1.8.0
  • deps: [email protected]
  • deps: http-errors@~1.6.1
• deps: [email protected]
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • Remove usage of res._headers private field
  • Send complete HTML document in redirect response
  • Set default CSP header in redirect response
  • Support If-Match and If-Unmodified-Since headers
  • Use res.getHeaderNames() when available
  • Use res.headersSent when available
  • deps: [email protected]
• perf: add fast match path for * route
• perf: improve req.ips performance

v4.14.1

Compare Source

===================

• deps: [email protected]
• deps: [email protected]
  • Fix exception when err.headers is not an object
  • deps: statuses@~1.3.1
  • perf: hoist regular expressions
  • perf: remove duplicate validation path
• deps: proxy-addr@~1.1.3
  • deps: [email protected]
• deps: [email protected]
  • deps: http-errors@~1.5.1
  • deps: [email protected]
  • deps: statuses@~1.3.1
• deps: serve-static@~1.11.2
  • deps: [email protected]
• deps: type-is@~1.6.14
  • deps: mime-types@~2.1.13

v4.14.0

Compare Source

===================

• Add acceptRanges option to res.sendFile/res.sendfile
• Add cacheControl option to res.sendFile/res.sendfile
• Add options argument to req.range
  • Includes the combine option
• Encode URL in res.location/res.redirect if not already encoded
• Fix some redirect handling in res.sendFile/res.sendfile
• Fix Windows absolute path check using forward slashes
• Improve error with invalid arguments to req.get()
• Improve performance for res.json/res.jsonp in most cases
• Improve Range header handling in res.sendFile/res.sendfile
• deps: accepts@~1.3.3
  • Fix including type extensions in parameters in Accept parsing
  • Fix parsing Accept parameters with quoted equals
  • Fix parsing Accept parameters with quoted semicolons
  • Many performance improvements
  • deps: mime-types@~2.1.11
  • deps: [email protected]
• deps: content-type@~1.0.2
  • perf: enable strict mode
• deps: [email protected]
  • Add sameSite option
  • Fix cookie Max-Age to never be a floating point number
  • Improve error message when encode is not a function
  • Improve error message when expires is not a Date
  • Throw better error for invalid argument to parse
  • Throw on invalid values provided to serialize
  • perf: enable strict mode
  • perf: hoist regular expression
  • perf: use for loop in parse
  • perf: use string concatenation for serialization
• deps: [email protected]
  • Change invalid or non-numeric status code to 500
  • Overwrite status message to match set status code
  • Prefer err.statusCode if err.status is invalid
  • Set response headers from err.headers object
  • Use statuses instead of http module for status messages
• deps: proxy-addr@~1.1.2
  • Fix accepting various invalid netmasks
  • Fix IPv6-mapped IPv4 validation edge cases
  • IPv4 netmasks must be contiguous
  • IPv6 addresses cannot be used as a netmask
  • deps: [email protected]
• deps: [email protected]
  • Add decoder option in parse function
• deps: range-parser@~1.2.0
  • Add combine option to combine overlapping ranges
  • Fix incorrectly returning -1 when there is at least one valid range
  • perf: remove internal function
• deps: [email protected]
  • Add acceptRanges option
  • Add cacheControl option
  • Attempt to combine multiple ranges into single range
  • Correctly inherit from Stream class
  • Fix Content-Range header in 416 responses when using start/end options
  • Fix Content-Range header missing from default 416 responses
  • Fix redirect error when path contains raw non-URL characters
  • Fix redirect when path starts with multiple forward slashes
  • Ignore non-byte Range headers
  • deps: http-errors@~1.5.0
  • deps: range-parser@~1.2.0
  • deps: statuses@~1.3.0
  • perf: remove argument reassignment
• deps: serve-static@~1.11.1
  • Add acceptRanges option
  • Add cacheControl option
  • Attempt to combine multiple ranges into single range
  • Fix redirect error when req.url contains raw non-URL characters
  • Ignore non-byte Range headers
  • Use status code 301 for redirects
  • deps: [email protected]
• deps: type-is@~1.6.13
  • Fix type error when given invalid type to match against
  • deps: mime-types@~2.1.11
• deps: vary@~1.1.0
  • Only accept valid field names in the field argument
• perf: use strict equality when possible

v4.13.4

Compare Source

===================

• deps: [email protected]
  • perf: enable strict mode
• deps: [email protected]
  • Throw on invalid values provided to serialize
• deps: depd@~1.1.0
  • Support web browser loading
  • perf: enable strict mode
• deps: escape-html@~1.0.3
  • perf: enable strict mode
  • perf: optimize string replacement
  • perf: use faster string coercion
• deps: [email protected]
  • deps: escape-html@~1.0.3
• deps: [email protected]
  • perf: enable strict mode
• deps: methods@~1.1.2
  • perf: enable strict mode
• deps: parseurl@~1.3.1
  • perf: enable strict mode
• deps: proxy-addr@~1.0.10
  • deps: [email protected]
  • perf: enable strict mode
• deps: range-parser@~1.0.3
  • perf: enable strict mode
• deps: [email protected]
  • deps: depd@~1.1.0
  • deps: destroy@~1.0.4
  • deps: escape-html@~1.0.3
  • deps: range-parser@~1.0.3
• deps: serve-static@~1.10.2
  • deps: escape-html@~1.0.3
  • deps: parseurl@~1.3.0
  • deps: [email protected]

v4.13.3

Compare Source

===================

• Fix infinite loop condition using mergeParams: true
• Fix inner numeric indices incorrectly altering parent req.params

v4.13.2

Compare Source

===================

• deps: accepts@~1.2.12
  • deps: mime-types@~2.1.4
• deps: [email protected]
  • perf: enable strict mode
• deps: [email protected]
  • Fix regression with escaped round brackets and matching groups
• deps: type-is@~1.6.6
  • deps: mime-types@~2.1.4

v4.13.1

Compare Source

===================

• deps: accepts@~1.2.10
  • deps: mime-types@~2.1.2
• deps: [email protected]
  • Fix dropping parameters like hasOwnProperty
  • Fix various parsing edge cases
• deps: type-is@~1.6.4
  • deps: mime-types@~2.1.2
  • perf: enable strict mode
  • perf: remove argument reassignment

v4.13.0

Compare Source

===================

• Add settings to debug output
• Fix res.format error when only default provided
• Fix issue where next('route') in app.param would incorrectly skip values
• Fix hiding platform issues with decodeURIComponent
  • Only URIErrors are a 400
• Fix using * before params in routes
• Fix using capture groups before params in routes
• Simplify res.cookie to call res.append
• Use array-flatten module for flattening arrays
• deps: accepts@~1.2.9
  • deps: mime-types@~2.1.1
  • perf: avoid argument reassignment & argument slice
  • perf: avoid negotiator recursive construction
  • perf: enable strict mode
  • perf: remove unnecessary bitwise operator
• deps: [email protected]
  • perf: deduce the scope of try-catch deopt
  • perf: remove argument reassignments
• deps: [email protected]
• deps: etag@~1.7.0
  • Always include entity length in ETags for hash length extensions
  • Generate non-Stats ETags using MD5 only (no longer CRC32)
  • Improve stat performance by removing hashing
  • Improve support for JXcore
  • Remove base64 padding in ETags to shorten
  • Support "fake" stats objects in environments without fs
  • Use MD5 instead of MD4 in weak ETags over 1KB
• deps: [email protected]
  • Fix a false-positive when unpiping in Node.js 0.8
  • Support statusCode property on Error objects
  • Use unpipe module for unpiping requests
  • deps: [email protected]
  • deps: on-finished@~2.3.0
  • perf: enable strict mode
  • perf: remove argument reassignment
• deps: [email protected]
  • Add weak ETag matching support
• deps: on-finished@~2.3.0
  • Add defined behavior for HTTP CONNECT requests
  • Add defined behavior for HTTP Upgrade requests
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • Allow Node.js HTTP server to set Date response header
  • Fix incorrectly removing Content-Location on 304 response
  • Improve the default redirect response headers
  • Send appropriate headers on default error response
  • Use http-errors for standard emitted errors
  • Use statuses instead of http module for status messages
  • deps: [email protected]
  • deps: etag@~1.7.0
  • deps: [email protected]
  • deps: on-finished@~2.3.0
  • perf: enable strict mode
  • perf: remove unnecessary array allocations
• deps: serve-static@~1.10.0
  • Add fallthrough option
  • Fix reading options from options prototype
  • Improve the default redirect response headers
  • Malformed URLs now next() instead of 400
  • deps: [email protected]
  • deps: [email protected]
  • perf: enable strict mode
  • perf: remove argument reassignment
• deps: type-is@~1.6.3
  • deps: mime-types@~2.1.1
  • perf: reduce try block size
  • perf: remove bitwise operations
• perf: enable strict mode
• perf: isolate app.render try block
• perf: remove argument reassignments in application
• perf: remove argument reassignments in request prototype
• perf: remove argument reassignments in response prototype
• perf: remove argument reassignments in routing
• perf: remove argument reassignments in View
• perf: skip attempting to decode zero length string
• perf: use saved reference to http.STATUS_CODES

v4.12.4

Compare Source

===================

• deps: accepts@~1.2.7
  • deps: mime-types@~2.0.11
  • deps: [email protected]
• deps: debug@~2.2.0
  • deps: [email protected]
• deps: depd@~1.0.1
• deps: etag@~1.6.0
  • Improve support for JXcore
  • Support "fake" stats objects in environments without fs
• deps: [email protected]
  • deps: debug@~2.2.0
  • deps: on-finished@~2.2.1
• deps: on-finished@~2.2.1
  • Fix isFinished(req) when data buffered
• deps: proxy-addr@~1.0.8
  • deps: [email protected]
• deps: [email protected]

• Fix allowing parameters like constructor

• deps: [email protected]
  • deps: debug@~2.2.0
  • deps: depd@~1.0.1
  • deps: etag@~1.6.0
  • deps: [email protected]
  • deps: on-finished@~2.2.1
• deps: serve-static@~1.9.3
  • deps: [email protected]
• deps: type-is@~1.6.2
  • deps: mime-types@~2.0.11

v4.12.3

Compare Source

===================

• deps: accepts@~1.2.5
  • deps: mime-types@~2.0.10
• deps: debug@~2.1.3
  • Fix high intensity foreground color for bold
  • deps: [email protected]
• deps: [email protected]
  • deps: debug@~2.1.3
• deps: proxy-addr@~1.0.7
  • deps: [email protected]
• deps: [email protected]
  • Fix error when parameter hasOwnProperty is present
• deps: [email protected]
  • Throw errors early for invalid extensions or index options
  • deps: debug@~2.1.3
• deps: serve-static@~1.9.2
  • deps: [email protected]
• deps: type-is@~1.6.1
  • deps: mime-types@~2.0.10

v4.12.2

Compare Source

===================

• Fix regression where "Request aborted" is logged using res.sendFile

v4.12.1

Compare Source

===================

• Fix constructing application with non-configurable prototype properties
• Fix ECONNRESET errors from res.sendFile usage
• Fix req.host when using "trust proxy" hops count
• Fix req.protocol/req.secure when using "trust proxy" hops count
• Fix wrong code on aborted connections from res.sendFile
• deps: [email protected]

v4.12.0

Compare Source

===================

• Fix "trust proxy" setting to inherit when app is mounted
• Generate ETags for all request responses
  • No longer restricted to only responses for GET and HEAD requests
• Use content-type to parse Content-Type headers
• deps: accepts@~1.2.4
  • Fix preference sorting to be stable for long acceptable lists
  • deps: mime-types@~2.0.9
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • Always read the stat size from the file
  • Fix mutating passed-in options
  • deps: [email protected]
• deps: serve-static@~1.9.1
  • deps: [email protected]
• deps: type-is@~1.6.0
  • fix argument reassignment
  • fix false-positives in hasBody Transfer-Encoding check
  • support wildcard for both type and subtype (*/*)
  • deps: mime-types@~2.0.9

v4.11.2

Compare Source

===================

• Fix res.redirect double-calling res.end for HEAD requests
• deps: accepts@~1.2.3
  • deps: mime-types@~2.0.8
• deps: proxy-addr@~1.0.6
  • deps: [email protected]
• deps: type-is@~1.5.6
  • deps: mime-types@~2.0.8

v4.11.1

Compare Source

===================

• deps: [email protected]
  • Fix root path disclosure
• deps: serve-static@~1.8.1
  • Fix redirect loop in Node.js 0.11.14
  • Fix root path disclosure
  • deps: [email protected]

v4.11.0

Compare Source

===================

• Add res.append(field, val) to append headers
• Deprecate leading : in name for app.param(name, fn)
• Deprecate req.param() -- use req.params, req.body, or req.query instead
• Deprecate app.param(fn)
• Fix OPTIONS responses to include the HEAD method properly
• Fix res.sendFile not always detecting aborted connection
• Match routes iteratively to prevent stack overflows
• deps: accepts@~1.2.2
  • deps: mime-types@~2.0.7
  • deps: [email protected]
• deps: [email protected]
  • deps: debug@~2.1.1
  • deps: etag@~1.5.1
  • deps: [email protected]
  • deps: on-finished@~2.2.0
• deps: serve-static@~1.8.0
  • deps: [email protected]

v4.10.8

Compare Source

===================

• Fix crash from error within OPTIONS response handler
• deps: proxy-addr@~1.0.5
  • deps: [email protected]

v4.10.7

Compare Source

===================

• Fix Allow header for OPTIONS to not contain duplicate methods
• Fix incorrect "Request aborted" for res.sendFile when HEAD or 304
• deps: debug@~2.1.1
• deps: [email protected]
  • deps: debug@~2.1.1
  • deps: on-finished@~2.2.0
• deps: methods@~1.1.1
• deps: on-finished@~2.2.0
• deps: serve-static@~1.7.2
  • Fix potential open redirect when mounted at root
• deps: type-is@~1.5.5
  • deps: mime-types@~2.0.7

v4.10.6

Compare Source

===================

• Fix exception in req.fresh/req.stale without response headers

v4.10.5

Compare Source

===================

• Fix res.send double-calling res.end for HEAD requests
• deps: accepts@~1.1.4
  • deps: mime-types@~2.0.4
• deps: type-is@~1.5.4
  • deps: mime-types@~2.0.4

v4.10.4

Compare Source

===================

• Fix res.sendfile logging standard write errors

v4.10.3

Compare Source

===================

• Fix res.sendFile logging standard write errors
• deps: etag@~1.5.1
• deps: proxy-addr@~1.0.4
  • deps: [email protected]
• deps: [email protected]
  • Fix arrayLimit behavior

v4.10.2

Compare Source

===================

• Correctly invoke async router callback asynchronously
• deps: accepts@~1.1.3
  • deps: mime-types@~2.0.3
• deps: type-is@~1.5.3
  • deps: mime-types@~2.0.3

v4.10.1

Compare Source

===================

• Fix handling of URLs containing :// in the path
• deps: [email protected]
  • Fix parsing of mixed objects and values

v4.10.0

Compare Source

===================

• Add support for app.set('views', array)
  • Views are looked up in sequence in array of directories
• Fix res.send(status) to mention res.sendStatus(status)
• Fix handling of invalid empty URLs
• Use content-disposition module for res.attachment/res.download
  • Sends standards-compliant Content-Disposition header
  • Full Unicode support
• Use path.resolve in view lookup
• deps: debug@~2.1.0
  • Implement DEBUG_FD env variable support
• deps: depd@~1.0.0
• deps: etag@~1.5.0
  • Improve string performance
  • Slightly improve speed for weak ETags over 1KB
• deps: [email protected]
  • Terminate in progress response only on error
  • Use on-finished to determine request status
  • deps: debug@~2.1.0
  • deps: on-finished@~2.1.1
• deps: on-finished@~2.1.1
  • Fix handling of pipelined requests
• deps: [email protected]
  • Fix parsing of mixed implicit and explicit arrays
• deps: [email protected]
  • deps: debug@~2.1.0
  • deps: depd@~1.0.0
  • deps: etag@~1.5.0
  • deps: on-finished@~2.1.1
• deps: serve-static@~1.7.1
  • deps: [email protected]

v4.9.8

Compare Source

==================

• Fix res.redirect body when redirect status specified
• deps: accepts@~1.1.2
  • Fix error when media type has invalid parameter
  • deps: [email protected]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.