Bumps send and express. These dependencies needed to be updated together.
Updates send from 0.16.2 to 0.19.0
Release notes
Sourced from send's releases.
0.19.0
What's Changed
New Contributors
Full Changelog: pillarjs/send@0.18.0...0.19.0
Changelog
Sourced from send's changelog.
0.19.0 / 2024年09月10日
- Remove link renderization in html while redirecting
0.18.0 / 2022年03月23日
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- Replace internal
eval usage with Function constructor
- Use instance methods on
process to check for listeners
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
0.17.2 / 2021年12月11日
- pref: ignore empty http tokens
- deps: http-errors@1.8.1
- deps: inherits@2.0.4
- deps: toidentifier@1.0.1
- deps: setprototypeof@1.2.0
- deps: ms@2.1.3
0.17.1 / 2019年05月10日
- Set stricter CSP header in redirect & error responses
- deps: range-parser@~1.2.1
0.17.0 / 2019年05月03日
- deps: http-errors@~1.7.2
- Set constructor name when possible
- Use
toidentifier module to make class names
- deps: depd@~1.1.2
- deps: setprototypeof@1.1.1
- deps: statuses@'>= 1.5.0 < 2'
- deps: mime@1.6.0
- Add extensions for JPEG-2000 images
- Add new
font/* types from IANA
- Add WASM mapping
- Update
.bdoc to application/bdoc
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates express from 4.16.4 to 4.20.0
Release notes
Sourced from express's releases.
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth level for parsing URL-encoded data is now 32 (previously was Infinity)
- Remove link renderization in html while using
res.redirect
Other Changes
New Contributors
Full Changelog: expressjs/express@4.19.1...4.20.0
... (truncated)
Changelog
Sourced from express's changelog.
4.20.0 / 2024年09月10日
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth option to customize the depth level in the parser
- IMPORTANT: The default
depth level for parsing URL-encoded data is now 32 (previously was Infinity)
- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\, |, and ^ to align better with URL spec
- Deprecate passing
options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
4.19.2 / 2024年03月25日
- Improved fix for open redirect allow list bypass
4.19.1 / 2024年03月20日
- Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024年03月20日
- Prevent open redirect allow list bypass due to encodeurl
- deps: cookie@0.6.0
4.18.3 / 2024年02月29日
- Fix routing requests without method
- deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
- deps: cookie@0.6.0
4.18.2 / 2022年10月08日
- Fix regression routing a large stack in a single route
- deps: body-parser@1.20.1
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps send and express. These dependencies needed to be updated together.
Updates
sendfrom 0.16.2 to 0.19.0Release notes
Sourced from send's releases.
Changelog
Sourced from send's changelog.
... (truncated)
Commits
9d2db990.19.0ae4f298Merge commit from forkb69cbb30.18.0f53edbbLimit the headers removed for 304 response706d6dddocs: add security policyb690ba4docs: fix linux build badge linkfed09ffdocs: update copyrightaee1a65deps: destroy@1.2.06060bdadeps: on-finished@2.4.18055f78build: Node.js@17.7Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates
expressfrom 4.16.4 to 4.20.0Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
21df4214.20.04c9ddc1feat: upgrade to serve-static@0.16.09ebe5d5feat: upgrade to send@0.19.0 (#5928)ec4a01bfeat: upgrade to body-parser@1.20.3 (#5926)54271f6fix: don't render redirect values in anchor href125bb74path-to-regexp@0.1.10 (#5902)2a980admerge-descriptors@1.0.3 (#5781)a3e7e05docs: specify new instructions forquestionanddiscussc5addb9deps: path-to-regexp@0.1.8 (#5603)e35380adocs: add@IamLizuto the triage team (#5836)Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.