Wes Todd
Sorry, I had fallen so far behind in notifications I never saw this. You are very welcome to join us over there, we have a ton of work to do...
PR Welcome!
Yep, we had to synchronize releases for security reasons, but we were unable to get the docs all updated. Please open PRs with this where you can, we will need...
Yeah I can't either. @dougwilson might remember. Either way, I think we can land this as a nice small improvement to our transitive deps without much impact.
Since it is out, I think we can discuss here publicly. Is the report that there was a way to XSS via the url? Would the encode html not catch...
Sorry for the delay replying here, but I think we decided to bump `encodeurl` across the board and deal with it later right?
[Merged the bump to 2.x](https://github.com/pillarjs/finalhandler/commit/45806e3c67364aa037f9111e98d4b653116608da). We can address the needs when we start work on `express@6` which may include removing some of these packages anyway.
Yep, as @slagiewka says, please read our migration guide. v5 is a breaking upgrade, and you will need to make some changes to the path syntax you use. If you...
This is true of all libraries, you have benefited these past years from the stability (and stagnation 😉) of the project. If you are doing something like `npm install express`...
In fact, I just pinned this issue so that folks are more likely to see it than to open a new one.