Skip to content

fix(deps): update dependency express to v5 #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update dependency express to v5 #68

wants to merge 1 commit into from
+6 −6

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 1, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
express (source) ^4.21.1 -> ^5.0.0 age confidence

Release Notes

expressjs/express (express)

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: [email protected]
  • deps: [email protected]

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@​1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@​4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@​6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Apr 1, 2025
@renovate renovate bot force-pushed the renovate/express-5.x branch from 68b30d7 to 55a53e3 Compare April 30, 2025 15:25
@renovate renovate bot force-pushed the renovate/express-5.x branch from 55a53e3 to 92b3b52 Compare June 6, 2025 12:51
@renovate renovate bot force-pushed the renovate/express-5.x branch 2 times, most recently from 5690d9f to a0b3a04 Compare July 25, 2025 08:19
@renovate renovate bot force-pushed the renovate/express-5.x branch from a0b3a04 to 392d49a Compare July 30, 2025 11:36
@renovate renovate bot force-pushed the renovate/express-5.x branch 2 times, most recently from d2408f5 to 19d73e8 Compare August 13, 2025 11:54
cursor[bot]
cursor bot reviewed Aug 13, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment @cursor review or bugbot run to trigger another review on this PR

services/file-retriever/package.json
"cpu-features": "^0.0.10",
"dotenv": "^16.4.7",
"express": "^4.21.1",
"express": "^5.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Express v5 Incompatibility with express-async-errors

Upgrading Express to v5 while keeping express-async-errors causes a startup crash. express-async-errors patches Express 4 internals that no longer exist in v5, resulting in a runtime error when the package is imported. This prevents the service from booting.

Additional Locations (1)
Fix in Cursor Fix in Web

@renovate renovate bot force-pushed the renovate/express-5.x branch from 19d73e8 to 8aa3ba4 Compare August 19, 2025 19:43
@socket-security
Copy link

socket-security bot commented Aug 19, 2025
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

@renovate renovate bot force-pushed the renovate/express-5.x branch from 8aa3ba4 to 561cba3 Compare September 25, 2025 14:48
@renovate renovate bot force-pushed the renovate/express-5.x branch from 561cba3 to 399c11e Compare October 21, 2025 09:52
@renovate renovate bot force-pushed the renovate/express-5.x branch from 399c11e to ab2a2fa Compare October 23, 2025 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant