Skip to content

fix(deps): update dependency express to v5#75

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/express-5.x
Open

fix(deps): update dependency express to v5#75
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/express-5.x

Conversation

@renovate

@renovate renovate Bot commented Oct 13, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
express (source) 4.22.15.2.1 age confidence
@types/express (source) 5.0.05.0.6 age confidence

Release Notes

expressjs/express (express)

v5.2.1

Compare Source

=======================

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

v5.2.0

Compare Source

========================

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@​1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@​4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@​6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

v4.22.2

Compare Source

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: expressjs/express@v4.22.1...v4.22.2


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/express-5.x branch from e1f07b7 to c31683d Compare October 13, 2025 19:19
@renovate renovate Bot force-pushed the renovate/express-5.x branch 4 times, most recently from af2ddb2 to f35283e Compare October 27, 2025 22:50
@renovate renovate Bot force-pushed the renovate/express-5.x branch from f35283e to fe8925a Compare November 10, 2025 19:04
@renovate renovate Bot force-pushed the renovate/express-5.x branch from fe8925a to 11e9700 Compare November 18, 2025 23:56
@renovate renovate Bot force-pushed the renovate/express-5.x branch 3 times, most recently from 56bece4 to 3b779f4 Compare December 4, 2025 21:46
@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from f74038b to 8f5c922 Compare December 31, 2025 16:45
@renovate renovate Bot force-pushed the renovate/express-5.x branch from 8f5c922 to 9fed4ec Compare January 8, 2026 16:32
@renovate renovate Bot force-pushed the renovate/express-5.x branch 8 times, most recently from 55bf19c to 99cf984 Compare January 23, 2026 17:46
@renovate renovate Bot force-pushed the renovate/express-5.x branch from 99cf984 to a087704 Compare February 12, 2026 15:43
@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from 4092be3 to 0396908 Compare March 20, 2026 10:07
@renovate renovate Bot force-pushed the renovate/express-5.x branch from 0396908 to 46875e6 Compare April 1, 2026 17:47
@renovate renovate Bot force-pushed the renovate/express-5.x branch from 46875e6 to e61489c Compare April 8, 2026 19:03
@renovate renovate Bot force-pushed the renovate/express-5.x branch 2 times, most recently from 190cead to ddf0975 Compare May 20, 2026 09:36
@renovate renovate Bot force-pushed the renovate/express-5.x branch from ddf0975 to bb4da1f Compare May 28, 2026 14:35
@renovate renovate Bot force-pushed the renovate/express-5.x branch from bb4da1f to e6af56e Compare July 12, 2026 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants