[Snyk] Upgrade express from 5.1.0 to 5.2.1 #885
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade express from 5.1.0 to 5.2.1. See this package in npm: express See this project in Snyk: https://app.snyk.io/org/shobhit.upadhyay/project/b2261392-196b-4069-a569-f3f831ff6517?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade express from 5.1.0 to 5.2.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 2 versions ahead of your current version.
The recommended version was released 23 days ago.
Issues fixed by the recommended upgrade:
SNYK-JS-BODYPARSER-14105059
SNYK-JS-JSYAML-13961110
Release notes
Package name: express
-
5.2.1 - 2025-12-01
-
5.2.0 - 2025-12-01
-
5.1.0 - 2025-03-31
- Update captains by @ UlisesGascon in #6027
- build: Node.js 23.0 by @ bjohansebas in #6075
- Add funding field (v5) by @ bjohansebas in #6064
- ✅ add discarded middleware test by @ ctcpip in #5819
- update homepage link http to https by @ bjohansebas in #5920
- Improve readme by @ bjohansebas in #5994
- Add bjohansebas as repo captain for expressjs.com by @ crandmck in #6058
- Remove Object.setPrototypeOf polyfill by @ Phillip9587 in #6081
- fix(buffer): use node:buffer instead of safe-buffer by @ bhavya3024 in #6071
- docs: Add DCO by @ UlisesGascon in #6048
- cleanup: remove promise support check from tests by @ Phillip9587 in #6148
- Use loop for acceptParams by @ blakeembrey in #6066
- Improve documentation step in release process by @ bjohansebas in #6150
- cleanup: remove unnecessary require for global Buffer by @ Phillip9587 in #6146
- cleanup: remove AsyncLocalStorage check by @ Phillip9587 in #6147
- update history.md for acceptParams change by @ jonchurch in #6177
- docs: add @ rxmarbles to the triage team by @ UlisesGascon in #6151
- refactor: improve readability by @ sazk07 in #6173
- docs: clarify the security process in the triage role by @ bjohansebas in #6217
- chore: replace
- Remove
- fix(securite): fix vulnerabilities by @ Abdel-Monaam-Aouini in #6211
- refactor: prefix built-in node module imports by @ slagiewka in #6236
- fix: remove download size badges by @ wesleytodd in #6266
- Remove unused
- fix: usage of
- Add support for OSSF scorecard reporting by @ UlisesGascon in #5431
- docs: add @ Phillip9587 to the triage team by @ bjohansebas in #6276
- fix: added a missing semicolon in css styles in examples/auth by @ pr4j3sh in #6297
- docs: include team email in the security policy by @ UlisesGascon in #6278
- refactor: simplify
- ci: updated github actions ci workflow by @ Phillip9587 in #6314
- ci: fix npm install --include typo by @ Phillip9587 in #6324
- ci: updated scorecard actions by @ Phillip9587 in #6322
- build(deps): use carat notation for dependency versions by @ dpopp07 in #6317
- chore(deps): update
- docs: retroactively note 5.0.0-beta.1 api change in history file by @ dpopp07 in #6333
- feat(deps): body-parser@^2.1.0 by @ wesleytodd in #6332
- feat(deps): router@^2.1.0 by @ wesleytodd in #6331
- Update repo captains by @ UlisesGascon in #6234
- deps: upgrade nyc by @ agungjati in #6122
- fix (deps): update deps by @ wesleytodd in #6337
- response: add support for ETag option in res.sendFile by @ juanarbol in #6073
- Update multiple links to use
- Extend res.links() to allow adding multiple links with the same rel #2729 by @ andvea in #4885
- docs: update emeritus triagers by @ UlisesGascon in #6345
- docs: update guidance for triager nominations by @ bjohansebas in #6349
- docs: clarify guidelines for becoming a committer by @ bjohansebas in #6364
- Nominate @ dpopp07 to the triage team by @ UlisesGascon in #6352
- fix(deps): qs@^6.14.0 by @ wesleytodd in #6374
- Add dependabot by @ UlisesGascon in #5435
- fix dependabot config by @ bjohansebas in #6392
- build(deps): bump github/codeql-action from 3.24.7 to 3.28.11 by @ dependabot in #6398
- build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @ dependabot in #6397
- feat(deps): finalhandler@2.1.0 by @ wesleytodd in #6373
- build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 by @ dependabot in #6399
- deps: body-parser@^2.2.0 by @ UlisesGascon in #6419
- deps: type-is@^2.0.1 by @ UlisesGascon in #6420
- deps: router@^2.2.0 by @ UlisesGascon in #6417
- ci: use full SHAs for github action versions by @ Phillip9587 in #6415
- doc: remove @ mertcanaltin from Triagers by @ mertcanaltin in #6408
- deps: serve-static@^2.2.0 by @ UlisesGascon in #6418
- 5.1.0 by @ wesleytodd in #6425
- @ bhavya3024 made their first contribution in #6071
- @ jonkoops made their first contribution in #6196
- @ Abdel-Monaam-Aouini made their first contribution in #6211
- @ slagiewka made their first contribution in #6236
- @ hamirmahal made their first contribution in #6256
- @ pr4j3sh made their first contribution in #6297
- @ Ayoub-Mabrouk made their first contribution in #6097
- @ dpopp07 made their first contribution in #6317
- @ agungjati made their first contribution in #6122
- @ andvea made their first contribution in #4885
- @ dependabot made their first contribution in #6398
from express GitHub release notesWhat's Changed
methodsdependency with standard library by @ jonkoops in #6196utils-mergedependency - use spread syntax instead by @ Phillip9587 in #6091depddependency by @ jonkoops in #6197Invalid action input 'persist-credentials'foractions/setup-node@v4inci.ymlby @ hamirmahal in #6256normalizeTypesfunction by @ Ayoub-Mabrouk in #6097debugto ^4.4.0 by @ Phillip9587 in #6313httpsinstead ofhttpby @ Phillip9587 in #6338New Contributors
Full Changelog: 5.0.1...v5.1.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: