Bump the npm_and_yarn group across 1 directory with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
@aws-sdk/client-s3	3.677.0	3.709.0
@bull-board/express	4.12.2	6.5.3
@sentry/browser	6.19.7	7.119.1
@sentry/node	6.19.7	8.43.0
axios	1.6.7	1.7.4
express-session	1.18.0	1.18.1
@types/express-session	1.18.0	1.18.1
tailwindcss	1.9.6	3.4.16
vite	5.1.4	5.4.11
@aws-sdk/credential-providers	3.540.0	3.709.0
dompurify	3.0.11	3.2.3
dset	3.1.3	3.1.4
webpack	5.91.0	5.97.1

Updates @aws-sdk/client-s3 from 3.677.0 to 3.709.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.709.0

3.709.0(2024-12-10)

Chores

• codegen: update clients for String dispatch fix (#6721) (c6859500)

Documentation Changes

• client-dsql: Doc only update to examples for DeleteMultiRegionClusters & CreateMultiRegionClusters (ca62a3c1)
• client-application-auto-scaling: Doc only update for AAS Predictive Scaling policy configuration API. (ba20f1db)

New Features

• clients: update client endpoints as of 2024-12-10 (6f523dce)
• client-sesv2: Introduces support for creating DEED (Deterministic Easy-DKIM) identities. (9587ce34)
• client-ivs-realtime: IVS Real-Time now offers customers the ability to customize thumbnails recording mode and interval for both Individual Participant Recording (IPR) and Server-Side Compositions (SSC). (e9f436eb)
• client-connect: Add support for Push Notifications for Amazon Connect chat. With Push Notifications enabled an alert could be sent to customers about new messages even when they aren't actively using the mobile application. (8f9a63c6)
• client-finspace: Update KxCommandLineArgument value parameter regex to allow for spaces and semicolons (db4712c8)
• client-bcm-pricing-calculator: Updated condition key inference from Workload Estimate, Bill Scenario, and Bill Estimate resources. Updated documentation links. (7e392d42)

---

For list of updated packages, view updated-packages.md in assets-3.709.0.zip

v3.708.0

3.708.0(2024-12-09)

Chores

• client-sesv2: enable sigv4a code generation in sesv2 ahead of service availability (#6719) (bdfa8685)

Documentation Changes

• client-ecs: This is a documentation only update to address various tickets for Amazon ECS. (8dfab180)
• client-workspaces: Added text to clarify case-sensitivity (f62407ad)
• client-appsync: Provides description of new Amazon Bedrock runtime datasource. (35613283)
• client-keyspaces: Amazon Keyspaces: adding the list of IAM actions required by the UpdateKeyspace API. (a4233c3b)

New Features

• clients: update client endpoints as of 2024-12-09 (0141da01)
• client-cognito-identity-provider: Change CustomDomainConfig from a required to an optional parameter for the UpdateUserPoolDomain operation. (7c1425c9)
• client-ec2: This release includes a new API for modifying instance network-performance-options after launch. (2f49c14f)
• client-medialive: H265 outputs now support disabling the deblocking filter. (4adf1d4f)

---

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.709.0 (2024-12-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.705.0 (2024-12-03)

Features

• client-s3: Amazon S3 Metadata stores object metadata in read-only, fully managed Apache Iceberg metadata tables that you can query. You can create metadata table configurations for S3 general purpose buckets. (b6368e5)

3.703.0 (2024-12-02)

Features

• client-s3: Amazon S3 introduces support for AWS Dedicated Local Zones (a4b4303)

3.701.0 (2024-11-26)

Note: Version bump only for package @​aws-sdk/client-s3

3.700.0 (2024-11-25)

Features

• client-s3: Amazon Simple Storage Service / Features: Add support for ETag based conditional writes in PutObject and CompleteMultiPartUpload APIs to prevent unintended object modifications. (453f462)

3.699.0 (2024-11-22)

... (truncated)

Commits

• fec23be Publish v3.709.0
• c685950 chore(codegen): update clients for String dispatch fix (#6721)
• 728fa5a Publish v3.705.0
• b6368e5 feat(client-s3): Amazon S3 Metadata stores object metadata in read-only, full...
• b5217c1 Publish v3.703.0
• a4b4303 feat(client-s3): Amazon S3 introduces support for AWS Dedicated Local Zones
• abe093d Publish v3.701.0
• c7fdd8b chore(middleware-flexible-checksums): add requestAlgorithmMemberHttpHeader (#...
• 53b12f4 Publish v3.700.0
• 453f462 feat(client-s3): Amazon Simple Storage Service / Features: Add support for ET...
• Additional commits viewable in compare view

Updates @bull-board/express from 4.12.2 to 6.5.3

Release notes

Sourced from @​bull-board/express's releases.

Release 6.5.3

• fix(JobActions): show actions for "waiting children" jobs just as for "waiting" ones [#855](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/855)
• chore(deps): bump the npm_and_yarn group across 6 directories with 1 update [#853](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/853)
• bump hono version ca566d6

Release 6.5.2

• fix: support for older BullMQ versions, round 2 1634438

Release 6.5.1

• Fix h3 adapter route param decode [#852](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/852)
• fix: elysia readme 3f92a7e
• fix: add Elysia to main readme 5cb902a
• fix: revert support for older BullMQ versions 00fd989

Release 6.5.0

• Add elysia adapter (with fixes) [#851](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/851)
• elysia style fix 5408c73
• fix: handle unsupported locale without errors 64ee653
• fix: show loading error only on dev 0f2a40b

Release 6.4.1

• Add elysia adapter [#769](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/769)
• chore(deps): bump webpack in the npm_and_yarn group across 1 directory [#848](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/848)
• fix: allow usage of bullmq-pro, closes #849 [#849](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/849)
• Deps bump b00834d
• Revert "Add elysia adapter (#769)" 4b175fa
• feat: remove babel.config & webpack 0677784
• fix: add skipLibCheck 234e85a

Release 6.4.0

• feat: paused jobs: support edit/duplicate/clean [#846](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/846)

Release 6.3.3

• fix: handle an error when highlighting an unmount component, occurs when navigating between tabs 9add4ed
• fix: failed status should show Error tab at start 7cad06e

Release 6.3.2

• fix: add check in each one of bull queue adapters d0e42c7

Release 6.3.1

• missing translations [#842](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/842)

Release 6.3.0

• feat: add status filters on overview page [#840](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/840)
• fix: add body parser to koa adapter, closes #841 [#841](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/841)
• feat: refactor styles and some behavior of dashboard queue filter b821a84
• bump deps a095204
• fix: improve failed locale, fallback to en-US 6ecc79d

Release 6.2.4

... (truncated)

Changelog

Sourced from @​bull-board/express's changelog.

v6.5.3

• fix(JobActions): show actions for "waiting children" jobs just as for "waiting" ones [#855](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/855)
• chore(deps): bump the npm_and_yarn group across 6 directories with 1 update [#853](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/853)
• bump hono version ca566d6

v6.5.2

16 November 2024

• Release 6.5.2 bfd8b4e
• fix: support for older BullMQ versions, round 2 1634438

v6.5.1

16 November 2024

• Fix h3 adapter route param decode [#852](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/852)
• Release 6.5.1 c72b28c
• fix: elysia readme 3f92a7e
• fix: add Elysia to main readme 5cb902a

v6.5.0

13 November 2024

• Add elysia adapter (with fixes) [#851](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/851)
• Release 6.5.0 5ce3088
• elysia style fix 5408c73
• fix: handle unsupported locale without errors 64ee653

v6.4.1

13 November 2024

• Add elysia adapter [#769](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/769)
• chore(deps): bump webpack in the npm_and_yarn group across 1 directory [#848](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/848)
• fix: allow usage of bullmq-pro, closes #849 [#849](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/849)
• Deps bump b00834d
• Revert "Add elysia adapter (#769)" 4b175fa
• feat: remove babel.config & webpack 0677784

v6.4.0

12 November 2024

• feat: paused jobs: support edit/duplicate/clean [#846](https://github.com/felixmosh/bull-board/tree/HEAD/packages/express/issues/846)
• Release 6.4.0 b423427

v6.3.3

... (truncated)

Commits

• 4917821 Release 6.5.3
• bfd8b4e Release 6.5.2
• c72b28c Release 6.5.1
• 5ce3088 Release 6.5.0
• 9892a50 Release 6.4.1
• 234e85a fix: add skipLibCheck
• 4b175fa Revert "Add elysia adapter (#769)"
• b00834d Deps bump
• f07c544 Add elysia adapter (#769)
• b423427 Release 6.4.0
• Additional commits viewable in compare view

Updates @sentry/browser from 6.19.7 to 7.119.1

Release notes

Sourced from @​sentry/browser's releases.

7.119.1

• fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

• backport(tracing): Report dropped spans for transactions (#13343)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.96 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.89 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.14 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.52 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	35.77 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.66 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped)	31.71 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.72 KB
@​sentry/browser - Webpack (gzipped)	22.91 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped)	79.17 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.49 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	36.17 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	25.41 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	221.92 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	109.52 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	76.24 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	39.45 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	72.4 KB
@​sentry/react - Webpack (gzipped)	22.94 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	90.16 KB
@​sentry/nextjs Client - Webpack (gzipped)	54.27 KB
@​sentry-internal/feedback - Webpack (gzipped)	17.34 KB

7.118.0

• fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.83 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.77 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.02 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.38 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	35.64 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.53 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped)	31.6 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.61 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

7.119.1

• fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

• backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

• fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

7.117.0

• feat(browser/v7): Publish browserprofling CDN bundle (#12224)
• fix(v7/publish): Add v7 tag to @sentry/replay (#12304)

7.116.0

• build(craft): Publish lambda layer under its own name for v7 (#12098) (#12099)

This release publishes a new AWS Lambda layer under the name SentryNodeServerlessSDKv7 that users still running v7 can use instead of pinning themselves to SentryNodeServerlessSDK:235.

7.115.0

• feat(v7): Add support for global onUnhandled Error/Promise for Bun (#11959)
• fix(replay/v7): Fix user activity not being updated in start() (#12003)
• ref(api): Remove lastEventId deprecation warnings (#12042)

7.114.0

Important Changes

• fix(browser/v7): Continuously record CLS (#11935)

This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the cases where it should have been reported. With this change, the CLS web vital should now always be reported for pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.

Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.

Other Changes

• build(aws-lambda/v7): Turn off lambda layer publishing (#11875)
• feat(v7): Add tunnel support to multiplexed transport (#11851)
• fix(opentelemetry-node): support HTTP_REQUEST_METHOD attribute (#11929)
• fix(react/v7): Fix react router v4/v5 span names (#11940)

... (truncated)

Commits

• c8452e1 release: 7.119.1
• 5a88ff6 fix(browser/v7): Ensure wrap() only returns functions (#13838 backport) (#1...
• 5adcbf9 Merge branch 'release/7.119.0' into v7
• f58bf69 release: 7.119.0
• a6bc39f fix(ci): GH dropped macos-11 at the end of June 24 (#13360)
• 2060d84 meta(changelog): Update CHANGELOG.md for 7.119.0 (#13350)
• f54c97a backport(tracing): Report dropped spans for transactions (#13343)
• eeae3cf test(v7/loader): Update Loader Script to latest (#12765)
• d3e2c7b meta(v7): Ignore pem for tests (#13051)
• 47f1710 Merge branch 'release/7.118.0' into v7
• Additional commits viewable in compare view

Updates @sentry/node from 6.19.7 to 8.43.0

Release notes

Sourced from @​sentry/node's releases.

8.43.0

Important Changes

• feat(nuxt): Add option autoInjectServerSentry (no default import()) (#14553)

  Using the dynamic import() as the default behavior for initializing the SDK on the server-side did not work for every project. The default behavior of the SDK has been changed, and you now need to use the --import flag to initialize Sentry on the server-side to leverage full functionality.

  Example with --import:

  node --import ./.output/server/sentry.server.config.mjs .output/server/index.mjs

  In case you are not able to use the --import flag, you can enable auto-injecting Sentry in the nuxt.config.ts (comes with limitations):

  sentry: {
    autoInjectServerSentry: 'top-level-import', // or 'experimental_dynamic-import'
  },

• feat(browser): Adds LaunchDarkly and OpenFeature integrations (#14207)

  Adds browser SDK integrations for tracking feature flag evaluations through the LaunchDarkly JS SDK and OpenFeature Web SDK:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  integrations: [
  // Track LaunchDarkly feature flags
  Sentry.launchDarklyIntegration(),
  // Track OpenFeature feature flags
  Sentry.openFeatureIntegration(),
  ],
  });

  • Read more about the Feature Flags feature in Sentry.
  • Read more about the LaunchDarkly SDK Integration.
  • Read more about the OpenFeature SDK Integration.

• feat(browser): Add featureFlagsIntegration for custom tracking of flag evaluations (#14582)

  Adds a browser integration to manually track feature flags with an API. Feature flags are attached to subsequent error events:

  import * as Sentry from '@sentry/browser';

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

8.43.0

Important Changes

• feat(nuxt): Add option autoInjectServerSentry (no default import()) (#14553)

  Using the dynamic import() as the default behavior for initializing the SDK on the server-side did not work for every project. The default behavior of the SDK has been changed, and you now need to use the --import flag to initialize Sentry on the server-side to leverage full functionality.

  Example with --import:

  node --import ./.output/server/sentry.server.config.mjs .output/server/index.mjs

  In case you are not able to use the --import flag, you can enable auto-injecting Sentry in the nuxt.config.ts (comes with limitations):

  sentry: {
    autoInjectServerSentry: 'top-level-import', // or 'experimental_dynamic-import'
  },

• feat(browser): Adds LaunchDarkly and OpenFeature integrations (#14207)

  Adds browser SDK integrations for tracking feature flag evaluations through the LaunchDarkly JS SDK and OpenFeature Web SDK:

  import * as Sentry from '@sentry/browser';
  Sentry.init({
  integrations: [
  // Track LaunchDarkly feature flags
  Sentry.launchDarklyIntegration(),
  // Track OpenFeature feature flags
  Sentry.openFeatureIntegration(),
  ],
  });

  • Read more about the Feature Flags feature in Sentry.
  • Read more about the LaunchDarkly SDK Integration.
  • Read more about the OpenFeature SDK Integration.

• feat(browser): Add featureFlagsIntegration for custom tracking of flag evaluations (#14582)

  Adds a browser integration to manually track feature flags with an API. Feature flags are attached to subsequent error events:

  import * as Sentry from '@sentry/browser';

... (truncated)

Commits

• 88ab7ce release: 8.43.0
• 177e5d1 Merge pull request #14639 from getsentry/prepare-release/8.43.0
• 5be252c meta(changelog): Update changelog for 8.43.0
• a9dcdb8 test: Skip double installing playwright in E2E tests (#14633)
• a9cfd11 fix(node): Guard against invalid maxSpanWaitDuration values (#14632)
• f962eef feat(deps): Bump @​opentelemetry/instrumentation from 0.55.0 to 0.56.0 (#14625)
• 4df242d feat(deps): Bump @​sentry/rollup-plugin from 2.22.6 to 2.22.7 (#14622)
• a5a4e8c feat(deps): Bump @​sentry/webpack-plugin from 2.22.6 to 2.22.7 (#14623)
• 242ed75 fix(core): Filter out unactionable CEFSharp promise rejection error by defaul...
• 7f0bd25 feat(astro): Add Astro 5 support (#14613)
• Additional commits viewable in compare view

Updates axios from 1.6.7 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates express-session from 1.18.0 to 1.18.1

Release notes

Sourced from express-session's releases.

1.18.1...

Description has been truncated

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud