Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Sourced from zod's releases.

v3.22.3

Commits:

• 1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit
• 9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)
• f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)
• 64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors
• 18115a8f128680b4526df58ce96deab7dce93b93 Formatting
• 28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors
• ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)
• 2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)
• 1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

• 13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint
• 0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)
• 8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)
• 792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)

• 932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)
• 0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

• 1e61d76 3.22.3
• 2ba00fe [2609] fix ReDoS vulnerability in email regex (#2824)
• ae0f7a2 docs: update ref to discriminated-unions docs (#2485)
• ad2ee9c 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• 28c1927 Update sponsors
• 18115a8 Formatting
• 64dcc8e Update sponsors
• f59be09 clarify datetime ISO 8601 (#2673)
• 9bd3879 docs: remove obsolete text about readonly types (#2676)
• 1e23990 Commit
• Additional commits viewable in compare view

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

• 640e694 0.1.12
• f01c26a Merge commit from fork
• 0c71192 0.1.11
• 8f09549 Add error on bad input values
• See full diff in compare view

Sourced from qs's changelog.

6.13.0

• [New] parse: add strictDepth option (#511)
• [Tests] use npm audit instead of aud

6.12.3

• [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
• [meta] fix changelog indentation

6.12.2

• [Fix] parse: parse encoded square brackets (#506)
• [readme] add CII best practices badge

6.12.1

• [Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)
• [Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
• [Refactor] utils: use +=
• [Tests] increase coverage

6.12.0

• [New] parse/stringify: add decodeDotInKeys/encodeDotKeys options (#488)
• [New] parse: add duplicates option
• [New] parse/stringify: add allowEmptyArrays option to allow [] in object values (#487)
• [Refactor] parse/stringify: move allowDots config logic to its own variable
• [Refactor] stringify: move option-handling code into normalizeStringifyOptions
• [readme] update readme, add logos (#484)
• [readme] stringify: clarify default arrayFormat behavior
• [readme] fix line wrapping
• [readme] remove dead badges
• [Deps] update side-channel
• [meta] make the dist build 50% smaller
• [meta] add sideEffects flag
• [meta] run build in prepack, not prepublish
• [Tests] parse: remove useless tests; add coverage
• [Tests] stringify: increase coverage
• [Tests] use mock-property
• [Tests] stringify: improve coverage
• [Dev Deps] update @ljharb/eslint-config , aud, has-override-mistake, has-property-descriptors, mock-property, npmignore, object-inspect, tape
• [Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak
• [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6

6.11.2

• [Fix] parse: Fix parsing when the global Object prototype is frozen (#473)
• [Tests] add passing test cases with empty keys (#473)

6.11.1

• [Fix] stringify: encode comma values more consistently (#463)
• [readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)
• [meta] remove extraneous code backticks (#457)
• [meta] fix changelog markdown

... (truncated)

• 5cf516c v6.13.0
• 8d56df2 [New] parse: add strictDepth option
• c9a6694 [Tests] use npm audit instead of aud
• f90cc35 v6.12.3
• 1bf9f7a [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
• 7ebf48b [meta] fix changelog indentation
• d0dff11 v6.12.2
• f0b8d03 [Dev Deps] update @ljharb/eslint-config, object-inspect, tape
• 81835ff [Fix]: parse: parse encoded square brackets
• db47dcc [readme] add CII best practices badge
• Additional commits viewable in compare view

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.