chore(deps): bump path-to-regexp, @nestjs/core, @nestjs/platform-express, @nestjs/swagger, @nestjs/typeorm, express and @nestjs/testing

[dependabot]

Bumps path-to-regexp to 3.3.0 and updates ancestor dependencies path-to-regexp, @nestjs/core, @nestjs/platform-express, @nestjs/swagger, @nestjs/typeorm, express and @nestjs/testing. These dependencies need to be updated together.

Updates path-to-regexp from 0.1.7 to 3.3.0

Release notes

Sourced from path-to-regexp's releases.

Add backtracking protection

Fixed

• Add backtrack protection to 3.x release (#321) d31670a

pillarjs/path-to-regexp@v3.2.0...v3.3.0

Match Function

Added

• Add native match function to library

Validate and sensitive options

• Add sensitive option for tokensToFunction (#191)
• Add validate option to path functions (#178)

Fix backtracking in 1.x

Fixed

• Add backtrack protection to 1.x release (#320) 925ac8e
• Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Backport token to function options

Added

• Backport TokensToFunctionOptions

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

• Add backtrack protection to parameters 29b96b4
  • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

• Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

... (truncated)

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

• Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)
• Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

• Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

• Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

• Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

• Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

• Handle non-ending paths where the final character is a delimiter
  • E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

• New option! Ability to set endsWith to match paths like /test?query=string up to the query string
• New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)
• Remove isarray dependency
• Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)
• Remove overloaded keys argument that accepted options
• Remove keys list attached to the RegExp output
• Remove asterisk functionality (it's a real pain to properly encode)
• Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

• Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

• Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)
• Allow a delimiter option to be passed in with parse
• Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

• 2eb1293 3.3.0
• d31670a Add backtrack protection to 3.x release (#321)
• 6d2e8db 3.2.0
• 0e0dce9 Add native match function to library
• dd966ea Fix validate: false examples in README
• ead0298 Changed coverage tool to nyc (#201)
• 1aa2238 Bump node version tests
• f232e6d 3.1.0
• cb331c6 Update dev dependencies
• 36344dc Rename noValidate option to validate
• Additional commits viewable in compare view

Updates @nestjs/core from 9.4.3 to 10.4.2

Release notes

Sourced from @​nestjs/core's releases.

v10.4.2 (2024-09-16)

Dependencies

• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@​dependabot[bot])
• platform-fastify
  • #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@​dependabot[bot])
• Other
  • #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@​dependabot[bot])
  • #13946 chore(deps): bump webpack and @​nestjs/cli in /sample/02-gateways (@​dependabot[bot])
  • #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@​dependabot[bot])
  • #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13968 chore(deps-dev): bump @​commitlint/cli from 19.4.0 to 19.5.0 (@​dependabot[bot])
  • #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@​dependabot[bot])
  • #13973 chore(deps-dev): bump @​types/node from 22.5.1 to 22.5.5 (@​dependabot[bot])
  • #13922 chore(deps): bump @​apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #13921 chore(deps): bump @​apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@​dependabot[bot])
  • #13928 chore(deps-dev): bump @​types/node from 22.5.0 to 22.5.1 (@​dependabot[bot])
  • #13929 chore(deps-dev): bump @​commitlint/config-angular from 19.3.0 to 19.4.1 (@​dependabot[bot])
  • #13893 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@​dependabot[bot])
  • #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@​dependabot[bot])
  • #13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@​dependabot[bot])
  • #13901 chore(deps-dev): bump @​types/node from 22.3.0 to 22.5.0 (@​dependabot[bot])
  • #13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@​dependabot[bot])
  • #13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@​dependabot[bot])
  • #13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@​dependabot[bot])
  • #13890 chore(deps-dev): bump @​types/node from 22.2.0 to 22.3.0 (@​dependabot[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• @​haouvw

v10.3.10 (2024-07-01)

Bug fixes

• core
  • #13712 fix(core): when using forward references on exports array (@​micalevisk)

Enhancements

• platform-fastify
  • #13734 feat(fastify-adapter): support for skipping middie registration (@​ancyrweb)

Dependencies

• Other
  • #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@​dependabot[bot])
  • #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@​dependabot[bot])

... (truncated)

Commits

• 696b441 chore(@​nestjs) publish v10.4.2 release
• fff4b96 chore(deps): bump tslib from 2.6.3 to 2.7.0
• e0d2ba6 chore(core,express,fastify): fix deps with security issues
• 8b4af57 chore: fix some comments
• 67f32e8 chore(@​nestjs) publish v10.4.1 release
• 6f624d1 chore: update readme
• 5bcd024 chore(@​nestjs) publish v10.4.0 release
• 821b080 fix(core): unhandled promise rejection in interceptors consumer
• b59d5ac chore(@​nestjs) publish v10.3.10 release
• 284f437 docs: update readme
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 9.4.3 to 10.4.2

Release notes

Sourced from @​nestjs/platform-express's releases.

v10.4.2 (2024-09-16)

Dependencies

• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@​dependabot[bot])
• platform-fastify
  • #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@​dependabot[bot])
• Other
  • #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@​dependabot[bot])
  • #13946 chore(deps): bump webpack and @​nestjs/cli in /sample/02-gateways (@​dependabot[bot])
  • #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@​dependabot[bot])
  • #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13968 chore(deps-dev): bump @​commitlint/cli from 19.4.0 to 19.5.0 (@​dependabot[bot])
  • #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@​dependabot[bot])
  • #13973 chore(deps-dev): bump @​types/node from 22.5.1 to 22.5.5 (@​dependabot[bot])
  • #13922 chore(deps): bump @​apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #13921 chore(deps): bump @​apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@​dependabot[bot])
  • #13928 chore(deps-dev): bump @​types/node from 22.5.0 to 22.5.1 (@​dependabot[bot])
  • #13929 chore(deps-dev): bump @​commitlint/config-angular from 19.3.0 to 19.4.1 (@​dependabot[bot])
  • #13893 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@​dependabot[bot])
  • #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@​dependabot[bot])
  • #13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@​dependabot[bot])
  • #13901 chore(deps-dev): bump @​types/node from 22.3.0 to 22.5.0 (@​dependabot[bot])
  • #13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@​dependabot[bot])
  • #13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@​dependabot[bot])
  • #13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@​dependabot[bot])
  • #13890 chore(deps-dev): bump @​types/node from 22.2.0 to 22.3.0 (@​dependabot[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• @​haouvw

v10.3.10 (2024-07-01)

Bug fixes

• core
  • #13712 fix(core): when using forward references on exports array (@​micalevisk)

Enhancements

• platform-fastify
  • #13734 feat(fastify-adapter): support for skipping middie registration (@​ancyrweb)

Dependencies

• Other
  • #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@​dependabot[bot])
  • #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@​dependabot[bot])

... (truncated)

Commits

• 696b441 chore(@​nestjs) publish v10.4.2 release
• fff4b96 chore(deps): bump tslib from 2.6.3 to 2.7.0
• e0d2ba6 chore(core,express,fastify): fix deps with security issues
• 67f32e8 chore(@​nestjs) publish v10.4.1 release
• 6f624d1 chore: update readme
• 5bcd024 chore(@​nestjs) publish v10.4.0 release
• b59d5ac chore(@​nestjs) publish v10.3.10 release
• 284f437 docs: update readme
• 99d31e3 chore(deps): bump tslib from 2.6.2 to 2.6.3
• 013dbd3 chore: update readmes
• Additional commits viewable in compare view

Updates @nestjs/swagger from 6.3.0 to 7.4.1

Release notes

Sourced from @​nestjs/swagger's releases.

Release 7.4.1

• Merge pull request #3071 from nestjs/renovate/npm-path-to-regexp-vulnerability (057e560)
• chore(deps): update dependency @​types/jest to v29.5.13 (7721ad5)
• chore(deps): update dependency husky to v9.1.6 (ba963e1)
• fix(deps): update dependency path-to-regexp to v3.3.0 [security] (0c1e756)
• chore(deps): update commitlint monorepo to v19.5.0 (4e13bb0)
• chore(deps): update dependency express to v4.20.0 (df76aa1)
• chore(deps): update typescript-eslint monorepo to v8.5.0 (f5f1b02)
• chore(deps): update dependency @​types/node to v20.16.5 (d1a3da6)
• chore(deps): update dependency @​types/node to v20.16.4 (f7098ce)
• chore(deps): update dependency eslint-plugin-import to v2.30.0 (bdbbeb9)
• chore(deps): update typescript-eslint monorepo to v8.4.0 (e3976b5)
• chore(deps): update dependency lint-staged to v15.2.10 (2ef9f9e)
• chore(deps): update dependency @​types/node to v20.16.3 (526801f)
• chore(deps): update commitlint monorepo to v19.4.1 (375e3ac)
• chore(deps): update dependency @​types/node to v20.16.2 (7f0b3a9)
• chore(deps): update typescript-eslint monorepo to v8.3.0 (84cfcd2)
• chore(deps): update dependency ts-jest to v29.2.5 (1374005)
• chore(deps): update dependency husky to v9.1.5 (39a5a15)
• chore(deps): update typescript-eslint monorepo to v8.2.0 (c3f98b2)
• chore(deps): update dependency @​types/node to v20.16.1 (ca5f7a5)
• chore(deps): update dependency @​types/node to v20.16.0 (5d4436f)
• chore(deps): update dependency @​types/node to v20.15.0 (986351f)
• chore(deps): update nest monorepo to v10.4.1 (2e11b2d)
• chore(deps): update dependency lint-staged to v15.2.9 (2e4b4dd)
• chore(deps): update typescript-eslint monorepo to v8.1.0 (f499e54)
• chore(deps): update nest monorepo to v10.4.0 (15ad2b6)
• chore(deps): update dependency @​types/node to v20.14.15 (ea25697)
• chore(deps): update dependency @​commitlint/cli to v19.4.0 (51d7f50)
• chore(deps): update typescript-eslint monorepo to v8.0.1 (341918a)
• chore(deps): update dependency lint-staged to v15.2.8 (02e0341)
• chore(deps): update dependency @​types/node to v20.14.14 (9cb4742)
• chore(deps): update dependency ts-jest to v29.2.4 (ab74629)
• chore(deps): update typescript-eslint monorepo to v8 (c5964c0)
• chore(deps): update typescript-eslint monorepo to v7.18.0 (13f99fe)
• chore(deps): update dependency husky to v9.1.4 (6715367)
• chore(deps): update dependency @​types/node to v20.14.13 (b122574)
• chore(deps): update dependency husky to v9.1.3 (68b9814)
• chore(deps): update dependency husky to v9.1.2 (6f83cd0)
• chore(deps): update dependency @​types/node to v20.14.12 (8323c3b)
• chore(deps): update typescript-eslint monorepo to v7.17.0 (5f40531)
• chore(deps): update dependency ts-jest to v29.2.3 (def2f77)
• chore(deps): update dependency husky to v9.1.1 (7c175bb)
• chore(deps): update dependency husky to v9.1.0 (0637912)
• chore(deps): update dependency @​types/node to v20.14.11 (28424c9)
• chore(deps): update dependency @​types/lodash to v4.17.7 (976d5c5)
• chore(deps): update typescript-eslint monorepo to v7.16.1 (29f59e9)
• chore(deps): update dependency release-it to v17.6.0 (f42c75f)
• chore(deps): update dependency ts-jest to v29.2.2 (05db366)
• chore(deps): update dependency ts-jest to v29.2.1 (b4e4f91)

... (truncated)

Commits

• 14f6521 chore(): release v7.4.1
• 057e560 Merge pull request #3071 from nestjs/renovate/npm-path-to-regexp-vulnerability
• 7721ad5 chore(deps): update dependency @​types/jest to v29.5.13
• ba963e1 chore(deps): update dependency husky to v9.1.6
• 0c1e756 fix(deps): update dependency path-to-regexp to v3.3.0 [security]
• 4e13bb0 chore(deps): update commitlint monorepo to v19.5.0
• df76aa1 chore(deps): update dependency express to v4.20.0
• f5f1b02 chore(deps): update typescript-eslint monorepo to v8.5.0
• d1a3da6 chore(deps): update dependency @​types/node to v20.16.5
• f7098ce chore(deps): update dependency @​types/node to v20.16.4
• Additional commits viewable in compare view

Updates @nestjs/typeorm from 9.0.1 to 10.0.2

Release notes

Sourced from @​nestjs/typeorm's releases.

Release 10.0.2

• Merge pull request #1839 from nestjs/renovate/reflect-metadata-0.x (bb8fde8)
• chore(deps): update dependency reflect-metadata to v0.2.1 (3f96c18)
• Merge pull request #1901 from nestjs/renovate/nest-monorepo (7d29e89)
• chore(deps): update nest monorepo to v10.3.2 (b98cca9)
• Merge pull request #1802 from nestjs/renovate/cimg-node-21.x (24fa80b)
• chore(deps): update typescript-eslint monorepo to v6.21.0 (fc8c697)
• chore(deps): update dependency lint-staged to v15.2.2 (af287d6)
• chore(deps): update dependency prettier to v3.2.5 (6331626)
• chore(deps): update dependency husky to v9.0.10 (226a494)
• chore(deps): update dependency @​types/node to v20.11.16 (1d4329c)
• chore(deps): update dependency @​types/jest to v29.5.12 (dc37e84)
• chore(deps): update dependency @​types/node to v20.11.15 (429a881)
• chore(deps): update dependency @​types/node to v20.11.14 (36069c2)
• chore(deps): update dependency lint-staged to v15.2.1 (17fa212)
• chore(deps): update dependency @​types/node to v20.11.13 (7d1b6bc)
• chore(deps): update typescript-eslint monorepo to v6.20.0 (3a8f7c3)
• chore(deps): update dependency husky to v9.0.7 (b159e73)
• chore(deps): update dependency @​types/node to v20.11.10 (f0eea1c)
• chore(deps): update dependency @​types/node to v20.11.9 (f09ac1d)
• chore(deps): update dependency @​types/node to v20.11.8 (a1c893a)
• chore(deps): update dependency typeorm to v0.3.20 (b66376e)
• chore(deps): update dependency @​types/node to v20.11.7 (1138485)
• chore(deps): update dependency husky to v9.0.6 (f162e7f)
• chore(deps): update dependency @​types/uuid to v9.0.8 (d3360a2)
• chore(deps): update dependency husky to v9.0.5 (d79860c)
• chore(deps): update commitlint monorepo to v18.6.0 (0ab224c)
• chore(deps): update dependency husky to v9 (dfd5759)
• chore(deps): update dependency @​types/node to v20.11.6 (955ef3a)
• chore(deps): update nest monorepo to v10.3.1 (d5dafcd)
• chore(deps): update dependency release-it to v17.0.3 (80185ed)
• chore(deps): update typescript-eslint monorepo to v6.19.1 (a6b699c)
• chore(deps): update commitlint monorepo to v18.5.0 (4841b2b)
• chore(deps): update dependency ts-jest to v29.1.2 (e81545b)
• chore(deps): update dependency prettier to v3.2.4 (717c125)
• chore(deps): update dependency @​types/node to v20.11.5 (e17b8e9)
• chore(deps): update dependency prettier to v3.2.3 (eed4bca)
• chore(deps): update node.js to v21.6 (b6fb90c)
• chore(deps): update dependency @​types/node to v20.11.4 (3d3a615)
• chore(deps): update dependency @​types/node to v20.11.3 (d5ff8b5)
• chore(deps): update typescript-eslint monorepo to v6.19.0 (037875c)
• chore(deps): update dependency @​types/node to v20.11.2 (87e70a8)
• chore(deps): update dependency @​types/node to v20.11.1 (fd9f964)
• chore(deps): update dependency supertest to v6.3.4 (457131a)
• chore(deps): update dependency prettier to v3.2.2 (fdaac7e)
• chore(deps): update dependency prettier to v3.2.1 (e1ddec6)
• chore(deps): update dependency @​types/node to v20.11.0 (2fa65a6)
• chore(deps): update dependency @​types/node to v20.10.8 (2e51cd4)
• chore(deps): update typescript-eslint monorepo to v6.18.1 (10fa21c)
• chore(deps): update dependency @​types/node to v20.10.7 (dc16e47)

... (truncated)

Commits

• eaca93c chore(): release v10.0.2
• bb8fde8 Merge pull request #1839 from nestjs/renovate/reflect-metadata-0.x
• 3f96c18 chore(deps): update dependency reflect-metadata to v0.2.1
• 7d29e89 Merge pull request #1901 from nestjs/renovate/nest-monorepo
• b98cca9 chore(deps): update nest monorepo to v10.3.2
• 24fa80b Merge pull request #1802 from nestjs/renovate/cimg-node-21.x
• fc8c697 chore(deps): update typescript-eslint monorepo to v6.21.0
• af287d6 chore(deps): update dependency lint-staged to v15.2.2
• 6331626 chore(deps): update dependency prettier to v3.2.5
• 226a494 chore(deps): update dependency husky to v9.0.10
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: path-to-regexp@0.1.8 by @​blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5

... (truncated)

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates @nestjs/testing from 9.4.3 to 10.4.2

Release notes

Sourced from @​nestjs/testing's releases.

v10.4.2 (2024-09-16)

Dependencies

• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@​dependabot[bot])
• platform-fastify
  • #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@​dependabot[bot])
• Other
  • #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@​dependabot[bot])
  • #13946 chore(deps): bump webpack and @​nestjs/cli in /sample/02-gateways (@​dependabot[bot])
  • #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@​dependabot[bot])
  • #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13968 chore(deps-dev): bump @​commitlint/cli from 19.4.0 to 19.5.0 (@​dependabot[bot])
  • #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@​dependabot[bot])
  • #13973 chore(deps-dev): bump @​types/node from 22.5.1 to 22.5.5 (@​dependabot[bot])
  • #13922 chore(deps): bump @​apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #13921 chore(deps): bump @​apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@​dependabot[bot])
  • #13928 chore(deps-dev): bump @​types/node from 22.5.0 to 22.5.1 (@​dependabot[bot])
  • #13929 chore(deps-dev): bump @​commitlint/config-angular from 19.3.0 to 19.4.1 (@​dependabot[bot])
  • #13893 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@​dependabot[bot])
  • #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@​dependabot[bot])
  • #13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@​dependabot[bot])
  • #13901 chore(deps-dev): bump @​types/node from 22.3.0 to 22.5.0 (@​dependabot[bot])
  • #13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@​dependabot[bot])
  • #13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@​dependabot[bot])
  • #13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@​dependabot[bot])
  • #13890 chore(deps-dev): bump @​types/node from 22.2.0 to 22.3.0 (@​dependabot[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• @​haouvw

v10.3.10 (2024-07-01)

Bug fixes

• core
  • #13712 fix(core): when using forward references on exports array (@​micalevisk)

Enhancements

• platform-fastify
  • #13734 feat(fastify-adapter): support for skipping middie registration (@​ancyrweb)

Dependencies

• Other
  • #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@​dependabot[bot])
  • #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@​dependabot[bot])

... (truncated)

Commits

• 696b441 chore(@​nestjs) publish v10.4.2 release
• fff4b96 chore(deps): bump tslib from 2.6.3 to 2.7.0
• 67f32e8 chore(@​nestjs) publish v10.4.1 release
• 6f624d1 chore: update readme
• 5bcd024 chore(@​nestjs) publish v10.4.0 release
• b59d5ac chore(@​nestjs) publish v10.3.10 release
• 284f437 docs: update readme
• 99d31e3 chore(deps): bump tslib from 2.6.2 to 2.6.3
• 013dbd3 chore: update readmes
• fcd2c58 chore(@​nestjs) publish v10.3.9 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this...

Description has been truncated