4.20.0
What's Changed
Important
- IMPORTANT: The default
depth
level for parsing URL-encoded data is now32
(previously wasInfinity
) - Remove link renderization in html while using
res.redirect
Other Changes
- 4.19.2 Staging by @wesleytodd in #5561
- remove duplicate location test for data uri by @wesleytodd in #5562
- feat: document beta releases expectations by @marco-ippolito in #5565
- Cut down on duplicated CI runs by @jonchurch in #5564
- Add a Threat Model by @UlisesGascon in #5526
- Assign captain of encodeurl by @blakeembrey in #5579
- Nominate jonchurch as repo captain for
http-errors
,expressjs.com
,morgan
,cors
,body-parser
by @jonchurch in #5587 - docs: update Security.md by @inigomarquinez in #5590
- docs: update triage nomination policy by @UlisesGascon in #5600
- Add CodeQL (SAST) by @UlisesGascon in #5433
- docs: add UlisesGascon as triage initiative captain by @UlisesGascon in #5605
- deps: encodeurl@~2.0.0 by @blakeembrey in #5569
- skip QUERY method test by @jonchurch in #5628
- ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in #5639
- add support Node.js@22 in the CI by @mertcanaltin in #5627
- doc: add table of contents, tc/triager lists to readme by @mertcanaltin in #5619
- List and sort all projects, add captains by @blakeembrey in #5653
- docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in #5666
- ✨ bring back query tests for node 21 by @ctcpip in #5690
- [v4] Deprecate
res.clearCookie
acceptingoptions.maxAge
andoptions.expires
by @jonchurch in #5672 - skip QUERY tests for Node 21 only, still not supported by @jonchurch in #5695
- 📝 update people, add ctcpip to TC by @ctcpip in #5683
- remove minor version pinning from ci by @jonchurch in #5722
- Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in #5762
- Replace Appveyor windows testing with GHA by @jonchurch in #5599
- Add OSSF Scorecard badge by @UlisesGascon in #5436
- update scorecard link by @bjohansebas in #5814
- Nominate @IamLizu to the triage team by @UlisesGascon in #5836
- deps: path-to-regexp@0.1.8 by @blakeembrey in #5603
- docs: specify new instructions for
question
anddiscuss
by @IamLizu in #5835 - 4.x: Upgrade
merge-descriptors
dependency by @RobinTail in #5781 - path-to-regexp@0.1.10 by @blakeembrey in #5902
New Contributors
- @marco-ippolito made their first contribution in #5565
- @inigomarquinez made their first contribution in #5590
- @mertcanaltin made their first contribution in #5627
- @ctcpip made their first contribution in #5690
- @bjohansebas made their first contribution in #5814
Full Changelog: 4.19.1...4.20.0