Skip to content

fix(deps): update npm dependencies updates (major)#112

Open
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/major-npm-dependencies-updates
Open

fix(deps): update npm dependencies updates (major)#112
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/major-npm-dependencies-updates

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Oct 27, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
express (source) ^4.18.2^5.0.0 age confidence
nodemon (source) 2.0.153.1.14 age confidence

Release Notes

expressjs/express (express)

v5.2.1

Compare Source

=======================

v5.2.0

Compare Source

========================

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@​1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@​4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@​6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

v4.22.1

Compare Source

v4.22.0

Compare Source

v4.21.2

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

v4.20.0

Compare Source

==========

  • deps: serve-static@​0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@​0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@​0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@​0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

  • Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

  • Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@​0.6.0

v4.18.3

Compare Source

==========

  • Fix routing requests without method
  • deps: body-parser@​1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@​2.5.2
  • deps: cookie@​0.6.0
    • Add partitioned option
remy/nodemon (nodemon)

v3.1.14

Compare Source

Bug Fixes

v3.1.13

Compare Source

Bug Fixes

v3.1.12

Compare Source

Bug Fixes

v3.1.11

Compare Source

v3.1.10

Compare Source

Bug Fixes

v3.1.9

Compare Source

Bug Fixes
  • maintain backward support for exitcrash (9c9de6e)

v3.1.8

Compare Source

Bug Fixes

v3.1.7

Compare Source

Bug Fixes

v3.1.6

Compare Source

Bug Fixes

v3.1.5

Compare Source

Bug Fixes
  • add missing ignore option to type defintion of config (#​2224) (254c2ab)

v3.1.4

Compare Source

Bug Fixes

v3.1.3

Compare Source

Bug Fixes

v3.1.2

Compare Source

Bug Fixes

v3.1.1

Compare Source

Bug Fixes

v3.1.0

Compare Source

Features

v3.0.3

Compare Source

Bug Fixes

v3.0.2

Compare Source

Bug Fixes

v3.0.1

Compare Source

Bug Fixes

v3.0.0

Compare Source

Bug Fixes
Features
  • always use polling on IBM i (3b58104)
BREAKING CHANGES
  • official support for node@​8 dropped.

However there's no function being used in semver that breaks node 8,
so it's technically still possible to run with node 8, but it will
no longer be supported (or tested in CI).

v2.0.22

Compare Source

Bug Fixes

v2.0.21

Compare Source

Bug Fixes

v2.0.20

Compare Source

Bug Fixes
  • remove postinstall script (e099e91)

v2.0.19

Compare Source

Bug Fixes

v2.0.18

Compare Source

Bug Fixes
  • revert update-notifier forcing esm (1b3bc8c)

v2.0.17

Compare Source

Bug Fixes

v2.0.16

Compare Source

Bug Fixes
  • support windows by using path.delimiter (e26aaa9)

Configuration

📅 Schedule: Branch creation - "before 8am on monday" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/major-npm-dependencies-updates branch 2 times, most recently from 3406dec to fabae0a Compare November 11, 2025 18:11
@renovate renovate bot force-pushed the renovate/major-npm-dependencies-updates branch from fabae0a to c954166 Compare February 12, 2026 13:29
@renovate renovate bot force-pushed the renovate/major-npm-dependencies-updates branch 2 times, most recently from cf6cc4a to 0d2ab87 Compare February 21, 2026 01:24
@renovate renovate bot force-pushed the renovate/major-npm-dependencies-updates branch from 0d2ab87 to 440aa59 Compare March 5, 2026 19:40
@renovate renovate bot changed the title chore(deps): update dependency nodemon to v3 fix(deps): update npm dependencies updates (major) Mar 27, 2026
@renovate renovate bot force-pushed the renovate/major-npm-dependencies-updates branch from 440aa59 to 0a36091 Compare March 27, 2026 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants