Sourced from body-parser's\r\nreleases.
\r\n\r\n\r\n1.20.3
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- deps: qs@6.13.0
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for\r\nparsing URL-encoded data is now32
(previously was\r\nInfinity
). DocumentationOther changes
\r\n\r\n
\r\n- chore: add support for OSSF scorecard reporting by
\r\n@inigomarquinez
\r\nin expressjs/body-parser#522- ci: fix errors in ci github action for node 8 and 9 by
\r\n@inigomarquinez
\r\nin expressjs/body-parser#523- fix: pin to node@22.4.1 by
\r\n@wesleytodd
in expressjs/body-parser#527- deps: qs@6.12.3 by
\r\n@melikhov-dev
\r\nin expressjs/body-parser#521- Add OSSF Scorecard badge by
\r\n@bjohansebas
in\r\nexpressjs/body-parser#531- Linter by
\r\n@UlisesGascon
\r\nin expressjs/body-parser#534- Release: 1.20.3 by
\r\n@UlisesGascon
\r\nin expressjs/body-parser#535New Contributors
\r\n\r\n
\r\n- \r\n
@inigomarquinez
\r\nmade their first contribution in expressjs/body-parser#522- \r\n
@melikhov-dev
\r\nmade their first contribution in expressjs/body-parser#521- \r\n
@bjohansebas
\r\nmade their first contribution in expressjs/body-parser#531- \r\n
@UlisesGascon
\r\nmade their first contribution in expressjs/body-parser#534Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
\r\n
Sourced from body-parser's\r\nchangelog.
\r\n\r\n\r\n1.20.3 / 2024-09-10
\r\n\r\n
\r\n- deps: qs@6.13.0
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)
1752951
\r\n1.20.339744cf
\r\nchore: linter (#534)b2695c4
\r\nMerge commit from forkade0f3f
\r\nadd scorecard to readme (#531)99a1bd6
\r\ndeps: qs@6.12.3 (#521)9478591
\r\nfix: pin to node@22.4.183db46a
\r\nci: fix errors in ci github action for node 8 and 9 (#523)9d4e212
\r\nchore: add support for OSSF scorecard reporting (#522)This version was pushed to npm by ulisesgascon, a new\r\nreleaser for body-parser since your current version.
\r\nSourced from express's\r\nreleases.
\r\n\r\n\r\n4.21.0
\r\nWhat's Changed
\r\n\r\n
\r\n- Deprecate
\r\n"back"
magic string in redirects by\r\n@blakeembrey
\r\nin expressjs/express#5935- finalhandler@1.3.1 by
\r\n@wesleytodd
in expressjs/express#5954- fix(deps): serve-static@1.16.2 by
\r\n@wesleytodd
in expressjs/express#5951- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
\r\n@agadzinski93
\r\nin expressjs/express#5946New Contributors
\r\n\r\n
\r\n- \r\n
@agadzinski93
\r\nmade their first contribution in expressjs/express#5946Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
\r\n4.20.0
\r\nWhat's Changed
\r\nImportant
\r\n\r\n
\r\n- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
Other Changes
\r\n\r\n
\r\n\r\n- 4.19.2 Staging by
\r\n@wesleytodd
in expressjs/express#5561- remove duplicate location test for data uri by
\r\n@wesleytodd
in expressjs/express#5562- feat: document beta releases expectations by
\r\n@marco-ippolito
\r\nin expressjs/express#5565- Cut down on duplicated CI runs by
\r\n@jonchurch
in expressjs/express#5564- Add a Threat Model by
\r\n@UlisesGascon
\r\nin expressjs/express#5526- Assign captain of encodeurl by
\r\n@blakeembrey
in\r\nexpressjs/express#5579- Nominate jonchurch as repo captain for
\r\nhttp-errors
,\r\nexpressjs.com
,morgan
,cors
,\r\nbody-parser
by@jonchurch
in expressjs/express#5587- docs: update Security.md by
\r\n@inigomarquinez
\r\nin expressjs/express#5590- docs: update triage nomination policy by
\r\n@UlisesGascon
\r\nin expressjs/express#5600- Add CodeQL (SAST) by
\r\n@UlisesGascon
\r\nin expressjs/express#5433- docs: add UlisesGascon as triage initiative captain by
\r\n@UlisesGascon
\r\nin expressjs/express#5605- deps: encodeurl@~2.0.0 by
\r\n@blakeembrey
in\r\nexpressjs/express#5569- skip QUERY method test by
\r\n@jonchurch
in expressjs/express#5628- ignore ETAG query test on 21 and 22, reuse skip util by
\r\n@jonchurch
in expressjs/express#5639- add support Node.js@22 in the CI by
\r\n@mertcanaltin
\r\nin expressjs/express#5627- doc: add table of contents, tc/triager lists to readme by
\r\n@mertcanaltin
\r\nin expressjs/express#5619- List and sort all projects, add captains by
\r\n@blakeembrey
in\r\nexpressjs/express#5653- docs: add
\r\n@UlisesGascon
\r\nas captain for cookie-parser by@UlisesGascon
\r\nin expressjs/express#5666- ✨ bring back query tests for node 21 by
\r\n@ctcpip
in expressjs/express#5690- [v4] Deprecate
\r\nres.clearCookie
accepting\r\noptions.maxAge
andoptions.expires
by@jonchurch
in expressjs/express#5672- skip QUERY tests for Node 21 only, still not supported by
\r\n@jonchurch
in expressjs/express#5695- 📝 update people, add ctcpip to TC by
\r\n@ctcpip
in expressjs/express#5683- remove minor version pinning from ci by
\r\n@jonchurch
in expressjs/express#5722- Fix link variable use in attribution section of CODE OF CONDUCT by\r\n
\r\n@IamLizu
in expressjs/express#5762- Replace Appveyor windows testing with GHA by
\r\n@jonchurch
in expressjs/express#5599- Add OSSF Scorecard badge by
\r\n@UlisesGascon
\r\nin expressjs/express#5436- update scorecard link by
\r\n@bjohansebas
in\r\nexpressjs/express#5814- Nominate
\r\n@IamLizu
to the\r\ntriage team by@UlisesGascon
\r\nin expressjs/express#5836- deps: path-to-regexp@0.1.8 by
\r\n@blakeembrey
in\r\nexpressjs/express#5603
... (truncated)
\r\nSourced from express's\r\nchangelog.
\r\n\r\n\r\n4.21.0 / 2024-09-11
\r\n\r\n
\r\n- Deprecate
\r\nres.location("back")
and\r\nres.redirect("back")
magic string- deps: serve-static@1.16.2\r\n
\r\n\r\n
\r\n- includes send@0.19.0
\r\n- deps: finalhandler@1.3.1
\r\n- deps: qs@6.13.0
\r\n4.20.0 / 2024-09-10
\r\n\r\n
\r\n- deps: serve-static@0.16.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: send@0.19.0\r\n
\r\n\r\n
\r\n- Remove link renderization in html while redirecting
\r\n- deps: body-parser@0.6.0\r\n
\r\n\r\n
\r\n- add
\r\ndepth
option to customize the depth level in the\r\nparser- IMPORTANT: The default
\r\ndepth
level for parsing\r\nURL-encoded data is now32
(previously was\r\nInfinity
)- Remove link renderization in html while using\r\n
\r\nres.redirect
- deps: path-to-regexp@0.1.10\r\n
\r\n\r\n
\r\n- Adds support for named matching groups in the routes using a\r\nregex
\r\n- Adds backtracking protection to parameters without regexes\r\ndefined
\r\n- deps: encodeurl@~2.0.0\r\n
\r\n\r\n
\r\n- Removes encoding of
\r\n\\
,|
, and\r\n^
to align better with URL spec- Deprecate passing
\r\noptions.maxAge
and\r\noptions.expires
tores.clearCookie
\r\n\r\n
\r\n- Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
\r\n
7e562c6
\r\n4.21.01bcde96
\r\nfix(deps): qs@6.13.0 (#5946)7d36477
\r\nfix(deps): serve-static@1.16.2 (#5951)40d2d8f
\r\nfix(deps): finalhandler@1.3.177ada90
\r\nDeprecate "back"
magic string in redirects (#5935)21df421
\r\n4.20.04c9ddc1
\r\nfeat: upgrade to serve-static@0.16.09ebe5d5
\r\nfeat: upgrade to send@0.19.0 (#5928)ec4a01b
\r\nfeat: upgrade to body-parser@1.20.3 (#5926)54271f6
\r\nfix: don't render redirect values in anchor hrefcreateRealmLineage
mutation to API (#1179)"}},{"before":"16c9679793ae6a07a36760d0b2675857eba9ab12","after":null,"ref":"refs/heads/dependabot/cargo/backend/openssl-0.10.66","pushedAt":"2024-09-09T15:23:03.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"5c691488da9d25f0b83fcadca99e5cbe7e077698","after":"389075497504c0e98676e343693af9641da927c7","ref":"refs/heads/master","pushedAt":"2024-09-09T15:22:54.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"LukasKalbertodt","name":"Lukas Kalbertodt","path":"/LukasKalbertodt","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7419664?s=80&v=4"},"commit":{"message":"Bump openssl from 0.10.64 to 0.10.66 in /backend (#1240)\n\nBumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.64\r\nto 0.10.66.\r\nSourced from openssl's\r\nreleases.
\r\n\r\n\r\nopenssl-v0.10.66
\r\nWhat's Changed
\r\n\r\n
\r\n- Fixed invariant violation in
\r\nMemBio::get_buf
with empty\r\nresults by@alex
in\r\nsfackler/rust-openssl#2266- Release openssl v0.10.66 by
\r\n@alex
in sfackler/rust-openssl#2267Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.65...openssl-v0.10.66
\r\nopenssl-v0.10.65
\r\nWhat's Changed
\r\n\r\n
\r\n- don't emit rerun-if-changed when vendoring by
\r\n@reaperhulk
in sfackler/rust-openssl#2177- Prepare for openssl-sys 0.9.101 release by
\r\n@alex
in sfackler/rust-openssl#2182- don't emit rerun-if-changed unless the path exists and is readable\r\nby
\r\n@reaperhulk
\r\nin sfackler/rust-openssl#2187- Added support for LibreSSL 3.9.0 by
\r\n@alex
in sfackler/rust-openssl#2202- Support stable LibreSSL 3.9.x by
\r\n@alex
in sfackler/rust-openssl#2209- openssl-sys 0.9.102 release by
\r\n@alex
in sfackler/rust-openssl#2210- Add repository field to openssl-macros crate by
\r\n@paolobarbolini
\r\nin sfackler/rust-openssl#2211- Add missing openssl-sys dependency by
\r\n@pieterdd
in sfackler/rust-openssl#2212- Test OpenSSL 3.3.0-beta1 by
\r\n@sfackler
in sfackler/rust-openssl#2216- test against 3.3.0 final by
\r\n@alex
in sfackler/rust-openssl#2218- fix min-versions in CI by
\r\n@alex
in sfackler/rust-openssl#2228- Make X509_VAL opaque for LibreSSL 4.0.0 by
\r\n@botovq
in sfackler/rust-openssl#2227- Use the newer names for STACK_OF(T) functions with BoringSSL by
\r\n@davidben
in sfackler/rust-openssl#2231- Only declare OpensslCallbacks in bindgen builds by
\r\n@alex
in sfackler/rust-openssl#2234- Fix building with latest BoringSSL by
\r\n@davidben
in sfackler/rust-openssl#2230- Emit rustc-check-cfg for nightly by
\r\n@alex
in sfackler/rust-openssl#2235- Configure OpenSSL data dir on vendored builds. by
\r\n@DanielSidhion
\r\nin sfackler/rust-openssl#2122- Add boringssl keylog callback support by
\r\n@mspublic
in sfackler/rust-openssl#2237- Correct the name of the
\r\npkgconf
package on some distros\r\nby@JonathanBrouwer
\r\nin sfackler/rust-openssl#2253- Add some OpenSSL 3 QUIC raw bindings by
\r\n@bdbai
in sfackler/rust-openssl#2257- Initialize OpenSSL in MD constructors by
\r\n@sfackler
in sfackler/rust-openssl#2258- Switch Pkey::from_ to use set1 functions by
\r\n@alex
in sfackler/rust-openssl#2262- Release openssl v0.10.65 and openssl-sys v0.9.103 by
\r\n@alex
in sfackler/rust-openssl#2265New Contributors
\r\n\r\n
\r\n- \r\n
@paolobarbolini
\r\nmade their first contribution in sfackler/rust-openssl#2211- \r\n
@pieterdd
\r\nmade their first contribution in sfackler/rust-openssl#2212- \r\n
@DanielSidhion
\r\nmade their first contribution in sfackler/rust-openssl#2122- \r\n
@mspublic
\r\nmade their first contribution in sfackler/rust-openssl#2237- \r\n
@JonathanBrouwer
\r\nmade their first contribution in sfackler/rust-openssl#2253- \r\n
@bdbai
made\r\ntheir first contribution in sfackler/rust-openssl#2257Full Changelog: https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.65
\r\n
ad70a0b
\r\nMerge pull request #2267\r\nfrom alex/bump-for-release5ce473b
\r\nRelease openssl v0.10.66aef36e0
\r\nMerge pull request #2266\r\nfrom alex/mem-bio-invariant142deef
\r\nFixed invariant violation in MemBio::get_buf
with empty\r\nresults32f150b
\r\nMerge pull request #2265\r\nfrom alex/bump-for-release98addd2
\r\nRelease openssl v0.10.65 and openssl-sys v0.9.1037c7958d
\r\nMerge pull request #2262\r\nfrom alex/pkey-apid7b12cc
\r\nSwitch Pkey::from_ to use set1 functions22ffa9a
\r\nMerge pull request #2258\r\nfrom sfackler/init-md9de3794
\r\nInitialize OpenSSL in MD constructorsSourced from micromatch's\r\nreleases.
\r\n\r\n\r\n4.0.8
\r\nUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We\r\nconsider the issues low-priority, so even if you see automated scanners\r\nsaying otherwise, don't be scared.
\r\n
Sourced from micromatch's\r\nchangelog.
\r\n\r\n\r\n[4.0.8] - 2024-08-22
\r\n\r\n
\r\n- backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch
\r\n[4.0.7] - 2024-05-22
\r\n\r\n
\r\n- this is basically v4.0.5, with some README updates
\r\n- it is vulnerable to CVE-2024-4067
\r\n- Updated braces to v3.0.3 to avoid CVE-2024-4068
\r\n- does NOT break API compatibility
\r\n[4.0.6] - 2024-05-21
\r\n\r\n
\r\n- Added
\r\nhasBraces
to check if a pattern contains\r\nbraces.- Fixes CVE-2024-4067
\r\n- BREAKS API COMPATIBILITY
\r\n- Should be labeled as a major release, but it's not.
\r\n
8bd704e
\r\n4.0.8a0e6841
\r\nrun verb to generate README documentation4ec2884
\r\nMerge branch 'v4' into hauserkristof-feature/v4.0.803aa805
\r\nMerge pull request #266\r\nfrom hauserkristof/feature/v4.0.8814f5f7
\r\nlint67fcce6
\r\nfix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
\r\nfix: CVE numbers in CHANGELOGd9dbd9a
\r\nfeat: updated CHANGELOG2ab1315
\r\nfix: use actions/setup-node@v41406ea3
\r\nfeat: rework test to work on macos with node 10,12 and 14Sourced from micromatch's\r\nreleases.
\r\n\r\n\r\n4.0.8
\r\nUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We\r\nconsider the issues low-priority, so even if you see automated scanners\r\nsaying otherwise, don't be scared.
\r\n
Sourced from micromatch's\r\nchangelog.
\r\n\r\n\r\n[4.0.8] - 2024-08-22
\r\n\r\n
\r\n- backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch
\r\n[4.0.7] - 2024-05-22
\r\n\r\n
\r\n- this is basically v4.0.5, with some README updates
\r\n- it is vulnerable to CVE-2024-4067
\r\n- Updated braces to v3.0.3 to avoid CVE-2024-4068
\r\n- does NOT break API compatibility
\r\n[4.0.6] - 2024-05-21
\r\n\r\n
\r\n- Added
\r\nhasBraces
to check if a pattern contains\r\nbraces.- Fixes CVE-2024-4067
\r\n- BREAKS API COMPATIBILITY
\r\n- Should be labeled as a major release, but it's not.
\r\n
8bd704e
\r\n4.0.8a0e6841
\r\nrun verb to generate README documentation4ec2884
\r\nMerge branch 'v4' into hauserkristof-feature/v4.0.803aa805
\r\nMerge pull request #266\r\nfrom hauserkristof/feature/v4.0.8814f5f7
\r\nlint67fcce6
\r\nfix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
\r\nfix: CVE numbers in CHANGELOGd9dbd9a
\r\nfeat: updated CHANGELOG2ab1315
\r\nfix: use actions/setup-node@v41406ea3
\r\nfeat: rework test to work on macos with node 10,12 and 14Sourced from webpack's\r\nreleases.
\r\n\r\n\r\nv5.94.0
\r\nBug Fixes
\r\n\r\n
\r\n- Added runtime condition for harmony reexport checked
\r\n- Handle properly\r\n
\r\ndata
/http
/https
protocols in\r\nsource maps- Make
\r\nbigint
optimistic when browserslist not found- Move
\r\n@types/eslint-scope
to dev deps- Related in asset stats is now always an array when no related\r\nfound
\r\n- Handle ASI for export declarations
\r\n- Mangle destruction incorrect with export named default properly
\r\n- Fixed unexpected asi generation with sequence expression
\r\n- Fixed a lot of types
\r\nNew Features
\r\n\r\n
\r\n- Added new external type "module-import"
\r\n- Support
\r\nwebpackIgnore
fornew URL()
\r\nconstruction- [CSS]
\r\n@import
pathinfo supportSecurity
\r\n\r\n
\r\n- Fixed DOM clobbering in auto public path
\r\nv5.93.0
\r\nBug Fixes
\r\n\r\n
\r\n- Generate correct relative path to runtime chunks
\r\n- Makes
\r\nDefinePlugin
quieter under default log level- Fixed mangle destructuring default in namespace import
\r\n- Fixed consumption of eager shared modules for module federation
\r\n- Strip slash for pretty regexp
\r\n- Calculate correct contenthash for CSS generator options
\r\nNew Features
\r\n\r\n
\r\n- Added the
\r\nbinary
generator option for asset modules to\r\nexplicitly keep source maps produced by loaders- Added the
\r\nmodern-module
library value for tree shakable\r\noutput- Added the
\r\noverrideStrict
option to override strict or\r\nnon-strict mode for javascript modulesv5.92.1
\r\nBug Fixes
\r\n\r\n
\r\n- Doesn't crash with an error when the css experiment is enabled and\r\ncontenthash is used
\r\nv5.92.0
\r\nBug Fixes
\r\n\r\n
\r\n\r\n- Correct tidle range's comutation for module federation
\r\n- Consider runtime for pure expression dependency update hash
\r\n- Return value in the
\r\nsubtractRuntime
function for\r\nruntime logic
... (truncated)
\r\neabf85d
\r\nchore(release): 5.94.0955e057
\r\nsecurity: fix DOM clobbering in auto public path9822387
\r\ntest: fixcbb86ed
\r\ntest: fix5ac3d7f
\r\nfix: unexpected asi generation with sequence expression2411661
\r\nsecurity: fix DOM clobbering in auto public pathb8c03d4
\r\nfix: unexpected asi generation with sequence expressionf46a03c
\r\nrevert: do not use heuristic fallback for "module-import"60f1898
\r\nfix: do not use heuristic fallback for "module-import"66306aa
\r\nRevert "fix: module-import get fallback from\r\nexternalsPresets"Sourced from webpack's\r\nreleases.
\r\n\r\n\r\nv5.94.0
\r\nBug Fixes
\r\n\r\n
\r\n- Added runtime condition for harmony reexport checked
\r\n- Handle properly\r\n
\r\ndata
/http
/https
protocols in\r\nsource maps- Make
\r\nbigint
optimistic when browserslist not found- Move
\r\n@types/eslint-scope
to dev deps- Related in asset stats is now always an array when no related\r\nfound
\r\n- Handle ASI for export declarations
\r\n- Mangle destruction incorrect with export named default properly
\r\n- Fixed unexpected asi generation with sequence expression
\r\n- Fixed a lot of types
\r\nNew Features
\r\n\r\n
\r\n- Added new external type "module-import"
\r\n- Support
\r\nwebpackIgnore
fornew URL()
\r\nconstruction- [CSS]
\r\n@import
pathinfo supportSecurity
\r\n\r\n
\r\n- Fixed DOM clobbering in auto public path
\r\nv5.93.0
\r\nBug Fixes
\r\n\r\n
\r\n- Generate correct relative path to runtime chunks
\r\n- Makes
\r\nDefinePlugin
quieter under default log level- Fixed mangle destructuring default in namespace import
\r\n- Fixed consumption of eager shared modules for module federation
\r\n- Strip slash for pretty regexp
\r\n- Calculate correct contenthash for CSS generator options
\r\nNew Features
\r\n\r\n
\r\n- Added the
\r\nbinary
generator option for asset modules to\r\nexplicitly keep source maps produced by loaders- Added the
\r\nmodern-module
library value for tree shakable\r\noutput- Added the
\r\noverrideStrict
option to override strict or\r\nnon-strict mode for javascript modulesv5.92.1
\r\nBug Fixes
\r\n\r\n
\r\n- Doesn't crash with an error when the css experiment is enabled and\r\ncontenthash is used
\r\nv5.92.0
\r\nBug Fixes
\r\n\r\n
\r\n\r\n- Correct tidle range's comutation for module federation
\r\n- Consider runtime for pure expression dependency update hash
\r\n- Return value in the
\r\nsubtractRuntime
function for\r\nruntime logic
... (truncated)
\r\neabf85d
\r\nchore(release): 5.94.0955e057
\r\nsecurity: fix DOM clobbering in auto public path9822387
\r\ntest: fixcbb86ed
\r\ntest: fix5ac3d7f
\r\nfix: unexpected asi generation with sequence expression2411661
\r\nsecurity: fix DOM clobbering in auto public pathb8c03d4
\r\nfix: unexpected asi generation with sequence expressionf46a03c
\r\nrevert: do not use heuristic fallback for "module-import"60f1898
\r\nfix: do not use heuristic fallback for "module-import"66306aa
\r\nRevert "fix: module-import get fallback from\r\nexternalsPresets"