Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump express from 4.17.1 to 4.19.2 #7

Closed
wants to merge 368 commits into from
Closed

Bump express from 4.17.1 to 4.19.2 #7

wants to merge 368 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 6, 2024

Bumps express from 4.17.1 to 4.19.2.

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: [email protected]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Josh Frye and others added 30 commits February 21, 2021 12:34
Update root domain
adda7b9
Fix spec
3eeb2d8
Formatting
12793a3
Cleanup
e5f81cc
Update GA
f98c72d
Send heartbeat right after a switch is created
3724fe3
Update GA
8ac46d0
Typos
815bc8d
Update bundler version
654839a
Finish styling
9e512b8
Update gems
27946ee
@dependabot
Bump rubocop from 1.10.0 to 1.11.0
7b4398d 
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.10.0...v1.11.0)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump rubocop-performance from 1.9.2 to 1.10.0
f442cf1 
Bumps [rubocop-performance](https://github.com/rubocop/rubocop-performance) from 1.9.2 to 1.10.0.
- [Release notes](https://github.com/rubocop/rubocop-performance/releases)
- [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-performance@v1.9.2...v1.10.0)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump eslint from 7.20.0 to 7.21.0
9f39de1 
Bumps [eslint](https://github.com/eslint/eslint) from 7.20.0 to 7.21.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.20.0...v7.21.0)

Signed-off-by: dependabot[bot] <[email protected]>
Merge pull request #6 from detonateapp/dependabot/bundler/rubocop-1.11.0
8531635 
Bump rubocop from 1.10.0 to 1.11.0
Merge pull request #7 from detonateapp/dependabot/bundler/rubocop-per…
099cd56 
…formance-1.10.0

Bump rubocop-performance from 1.9.2 to 1.10.0
Merge pull request #8 from detonateapp/dependabot/npm_and_yarn/eslint…
52e802a 
…-7.21.0

Bump eslint from 7.20.0 to 7.21.0
@dependabot
Bump rubocop-performance from 1.10.0 to 1.10.1
03d6f1d 
Bumps [rubocop-performance](https://github.com/rubocop/rubocop-performance) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/rubocop/rubocop-performance/releases)
- [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-performance@v1.10.0...v1.10.1)

Signed-off-by: dependabot[bot] <[email protected]>
Update dependabot.yml
393a503
Merge pull request #9 from detonateapp/dependabot/bundler/rubocop-per…
dff734a 
…formance-1.10.1

Bump rubocop-performance from 1.10.0 to 1.10.1
@dependabot
Bump puma from 5.2.1 to 5.2.2
ac19900 
Bumps [puma](https://github.com/puma/puma) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v5.2.1...v5.2.2)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump jquery from 3.5.1 to 3.6.0
cf2014b 
Bumps [jquery](https://github.com/jquery/jquery) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](jquery/jquery@3.5.1...3.6.0)

Signed-off-by: dependabot[bot] <[email protected]>
Merge pull request #12 from detonateapp/dependabot/npm_and_yarn/jquer…
1614046 
…y-3.6.0
Merge pull request #11 from detonateapp/dependabot/bundler/puma-5.2.2
afa603e
@dependabot
Bump rspec-rails from 4.0.2 to 4.1.0
622047b 
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](rspec/rspec-rails@v4.0.2...v4.1.0)

Signed-off-by: dependabot[bot] <[email protected]>
Merge pull request #13 from detonateapp/dependabot/bundler/rspec-rail…
0bb54ee 
…s-4.1.0
@dependabot
Bump rspec-rails from 4.1.0 to 5.0.0
757bba4 
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md)
- [Commits](rspec/rspec-rails@v4.1.0...v5.0.0)

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump bundler-audit from 0.7.0.1 to 0.8.0
9ee3854 
Bumps [bundler-audit](https://github.com/postmodern/bundler-audit) from 0.7.0.1 to 0.8.0.
- [Release notes](https://github.com/postmodern/bundler-audit/releases)
- [Changelog](https://github.com/rubysec/bundler-audit/blob/master/ChangeLog.md)
- [Commits](rubysec/bundler-audit@v0.7.0.1...v0.8.0)

Signed-off-by: dependabot[bot] <[email protected]>
Disable signup
9bf1477
Disable signup
d782d95
dependabot bot and others added 18 commits July 12, 2021 22:07
@dependabot
Bump rubocop-rails from 2.11.2 to 2.11.3
acda277 
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.11.2 to 2.11.3.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rails@v2.11.2...v2.11.3)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@joshfng
Merge pull request #109 from allocatedev/dependabot/bundler/rubocop-r…
609e9f1 
…ails-2.11.3

Bump rubocop-rails from 2.11.2 to 2.11.3
@joshfng
Merge pull request #108 from allocatedev/dependabot/bundler/avo-1.11.5
d6b48df 
Bump avo from 1.11.4 to 1.11.5
@joshfng
Remove Avo
7d01761
@joshfng
Bump gems
22c6779
@dependabot
Bump eslint from 7.30.0 to 7.31.0
dff22a9 
Bumps [eslint](https://github.com/eslint/eslint) from 7.30.0 to 7.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.30.0...v7.31.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/setup-node from 2.2.0 to 2.3.0
e7d1aa6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@joshfng
Bump gems
f81e3c1
@joshfng
Merge pull request #111 from allocatedev/dependabot/github_actions/ac…
3730810 
…tions/setup-node-2.3.0

Bump actions/setup-node from 2.2.0 to 2.3.0
@joshfng
Merge pull request #110 from allocatedev/dependabot/npm_and_yarn/esli…
78976e0 
…nt-7.31.0

Bump eslint from 7.30.0 to 7.31.0
@dependabot
Bump listen from 3.5.1 to 3.6.0
7829249 
Bumps [listen](https://github.com/guard/listen) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](guard/listen@v3.5.1...v3.6.0)

---
updated-dependencies:
- dependency-name: listen
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@joshfng
Merge pull request #113 from allocatedev/dependabot/bundler/listen-3.6.0
5f9430b 
Bump listen from 3.5.1 to 3.6.0
@dependabot
Bump rubocop from 1.18.3 to 1.18.4
06191f8 
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.18.3 to 1.18.4.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.18.3...v1.18.4)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@joshfng
Merge pull request #114 from allocatedev/dependabot/bundler/rubocop-1…
ffcd293 
….18.4

Bump rubocop from 1.18.3 to 1.18.4
@joshfng
Bump gems
6f9feff
@joshfng
Bump gems
5fe12db
@joshfng
Update README
650cdb8
@dependabot
Bump express from 4.17.1 to 4.19.2
50236c7 
Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 6, 2024
@joshfng joshfng force-pushed the main branch 2 times, most recently from 8808ccb to 72d2edd Compare September 7, 2024 00:02
@joshfng joshfng closed this Sep 7, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 7, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/express-4.19.2 branch September 7, 2024 00:20
@joshfng joshfng restored the dependabot/npm_and_yarn/express-4.19.2 branch September 8, 2024 14:15
@joshfng
Copy link
Owner

joshfng commented Sep 8, 2024

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 8, 2024

Looks like this PR is closed. If you re-open it, I'll rebase it, as long as no-one else has edited it.

@joshfng joshfng deleted the dependabot/npm_and_yarn/express-4.19.2 branch September 8, 2024 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@joshfng