Sourced from express's releases.
4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by
@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
@marco-ippolito
in expressjs/express#5565- Cut down on duplicated CI runs by
@jonchurch
in expressjs/express#5564- Add a Threat Model by
@UlisesGascon
in expressjs/express#5526- Assign captain of encodeurl by
@blakeembrey
in expressjs/express#5579- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
@inigomarquinez
in expressjs/express#5590- docs: update triage nomination policy by
@UlisesGascon
in expressjs/express#5600- Add CodeQL (SAST) by
@UlisesGascon
in expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
@UlisesGascon
in expressjs/express#5605- deps: encodeurl@~2.0.0 by
@blakeembrey
in expressjs/express#5569- skip QUERY method test by
@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
@mertcanaltin
in expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
@mertcanaltin
in expressjs/express#5619- List and sort all projects, add captains by
@blakeembrey
in expressjs/express#5653- docs: add
@UlisesGascon
as captain for cookie-parser by@UlisesGascon
in expressjs/express#5666- ✨ bring back query tests for node 21 by
@ctcpip
in expressjs/express#5690- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by
@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
@UlisesGascon
in expressjs/express#5436- update scorecard link by
@bjohansebas
in expressjs/express#5814- Nominate
@IamLizu
to the triage team by@UlisesGascon
in expressjs/express#5836- deps: path-to-regexp@0.1.8 by
@blakeembrey
in expressjs/express#5603- docs: specify new instructions for
question
anddiscuss
by@IamLizu
in expressjs/express#5835- 4.x: Upgrade
merge-descriptors
dependency by@RobinTail
in expressjs/express#5781- path-to-regexp@0.1.10 by
@blakeembrey
in expressjs/express#5902New Contributors
@marco-ippolito
made their first contribution in expressjs/express#5565@inigomarquinez
made their first contribution in expressjs/express#5590@mertcanaltin
made their first contribution in expressjs/express#5627@ctcpip
made their first contribution in expressjs/express#5690@bjohansebas
made their first contribution in expressjs/express#5814Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.20.0
Sourced from express's changelog.
4.20.0 / 2024-09-10
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add
depth
option to customize the depth level in the parser- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
)- Remove link renderization in html while using
res.redirect
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of
\
,|
, and^
to align better with URL spec- Deprecate passing
options.maxAge
andoptions.expires
tores.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
21df421
4.20.04c9ddc1
feat: upgrade to serve-static@0.16.09ebe5d5
feat: upgrade to send@0.19.0 (#5928)ec4a01b
feat: upgrade to body-parser@1.20.3 (#5926)54271f6
fix: don't render redirect values in anchor href125bb74
path-to-regexp@0.1.10 (#5902)2a980ad
merge-descriptors@1.0.3 (#5781)a3e7e05
docs: specify new instructions for question
and discuss
c5addb9
deps: path-to-regexp@0.1.8 (#5603)e35380a
docs: add @IamLizu
to the triage team (#5836)