keystone
keystone copied to clipboard
keystonejs
fix(deps): update dependency express to v5
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| express (source) | ^4.19.2 -> ^5.0.0 |
||||
| @types/express (source) | ^4.17.14 -> ^5.0.0 |
Release Notes
expressjs/express (express)
v5.1.0
========================
- Add support for
Uint8Arrayinres.send() - Add support for ETag option in
res.sendFile() - Add support for multiple links with the same rel in
res.links() - Add funding field to package.json
- perf: use loop for acceptParams
- refactor: prefix built-in node module imports
- deps: remove
setprototypeof - deps: remove
safe-buffer - deps: remove
utils-merge - deps: remove
methods - deps: remove
depd - deps:
debug@^4.4.0 - deps:
body-parser@^2.2.0 - deps:
router@^2.2.0 - deps:
content-type@^1.0.5 - deps:
finalhandler@^2.1.0 - deps:
qs@^6.14.0 - deps:
[email protected] - deps:
[email protected]
v5.0.1
==========
- Update
cookiesemver lock to address CVE-2024-47764
v5.0.0
=========================
- remove:
path-is-absolutedependency - usepath.isAbsoluteinstead
- breaking:
res.status()accepts only integers, and input must be greater than 99 and less than 1000- will throw a
RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.for inputs outside this range - will throw a
TypeError: Invalid status code: ${code}. Status code must be an integer.for non integer inputs
- will throw a
- deps: [email protected]
res.redirect('back')andres.location('back')is no longer a supported magic string, explicitly usereq.get('Referrer') || '/'.
- change:
res.clearCookiewill ignore user providedmaxAgeandexpiresoptions
- deps: cookie-signature@^1.2.1
- deps: [email protected]
- deps: merge-descriptors@^2.0.0
- deps: serve-static@^2.1.0
- deps: [email protected]
- deps: accepts@^2.0.0
- deps: mime-types@^3.0.0
application/javascript=>text/javascript
- deps: type-is@^2.0.0
- deps: content-disposition@^1.0.0
- deps: finalhandler@^2.0.0
- deps: fresh@^2.0.0
- deps: body-parser@^2.0.1
- deps: send@^1.1.0
Configuration
📅 Schedule: Branch creation - "before 7am on Tuesday,before 7am on Wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
Latest deployment of this branch, based on commit 982512ce6ea1dc9e950f96a7e2a3f7af7529c609:
| Sandbox | Source |
|---|---|
| @keystone-6/sandbox | Configuration |
![codesandbox-ci[bot] avatar](https://avatars.githubusercontent.com/in/38409?v=4 "Published by a pub.dev verified publisher"){kind=small}
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | @types/express@5.0.1 |  | |  |  | |
| @as-integrations/express5@1.1.1 |  | |  |  | |
 | @apollo/server@4.11.3 ⏵ 4.12.2 |  +1 | | |  -1 | |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
