Created by: renovate[bot]
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
connect | dependencies | minor | ~2.11.0 -> ~2.30.0 |
sse | devDependencies | patch | 0.0.6 -> 0.0.8 |
sse | dependencies | patch | 0.0.6 -> 0.0.8 |
Release Notes
senchalabs/connect
v2.30.2
===================
- deps: body-parser@~1.13.3
- deps: type-is@~1.6.6
- deps: compression@~1.5.2
- deps: accepts@~1.2.12
- deps: compressible@~2.0.5
- deps: vary@~1.0.1
- deps: errorhandler@~1.4.2
- deps: accepts@~1.2.12
- deps: method-override@~2.3.5
- deps: vary@~1.0.1
- perf: enable strict mode
- deps: serve-index@~1.7.2
- deps: accepts@~1.2.12
- deps: mime-types@~2.1.4
- deps: type-is@~1.6.6
- deps: mime-types@~2.1.4
- deps: vhost@~3.0.1
- perf: enable strict mode
v2.30.1
===================
- deps: body-parser@~1.13.2
- deps: iconv-lite@0.4.11
- deps: qs@4.0.0
- deps: raw-body@~2.1.2
- deps: type-is@~1.6.4
- deps: compression@~1.5.1
- deps: accepts@~1.2.10
- deps: compressible@~2.0.4
- deps: errorhandler@~1.4.1
- deps: accepts@~1.2.10
- deps: qs@4.0.0
- Fix dropping parameters like
hasOwnProperty
- Fix various parsing edge cases
- Fix dropping parameters like
- deps: morgan@~1.6.1
- deps: basic-auth@~1.0.3
- deps: pause@0.1.0
- Re-emit events with all original arguments
- Refactor internals
- perf: enable strict mode
- deps: serve-index@~1.7.1
- deps: accepts@~1.2.10
- deps: mime-types@~2.1.2
- deps: type-is@~1.6.4
- deps: mime-types@~2.1.2
- perf: enable strict mode
- perf: remove argument reassignment
v2.30.0
===================
- deps: body-parser@~1.13.1
- Add
statusCode
property onError
s, in addition tostatus
- Change
type
default toapplication/json
for JSON parser - Change
type
default toapplication/x-www-form-urlencoded
for urlencoded parser - Provide static
require
analysis - Use the
http-errors
module to generate errors - deps: bytes@2.1.0
- deps: iconv-lite@0.4.10
- deps: on-finished@~2.3.0
- deps: raw-body@~2.1.1
- deps: type-is@~1.6.3
- perf: enable strict mode
- perf: remove argument reassignment
- perf: remove delete call
- Add
- deps: bytes@2.1.0
- Slight optimizations
- Units no longer case sensitive when parsing
- deps: compression@~1.5.0
- Fix return value from
.end
and.write
after end - Improve detection of zero-length body without
Content-Length
- deps: accepts@~1.2.9
- deps: bytes@2.1.0
- deps: compressible@~2.0.3
- perf: enable strict mode
- perf: remove flush reassignment
- perf: simplify threshold detection
- Fix return value from
- deps: cookie@0.1.3
- Slight optimizations
- deps: cookie-parser@~1.3.5
- deps: cookie@0.1.3
- deps: csurf@~1.8.3
- Add
sessionKey
option - deps: cookie@0.1.3
- deps: csrf@~3.0.0
- Add
- deps: errorhandler@~1.4.0
- Add charset to the
Content-Type
header - Support
statusCode
property onError
objects - deps: accepts@~1.2.9
- deps: escape-html@1.0.2
- Add charset to the
- deps: express-session@~1.11.3
- Support an array in
secret
option for key rotation - deps: cookie@0.1.3
- deps: crc@3.3.0
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: uid-safe@~2.0.0
- Support an array in
- deps: finalhandler@0.4.0
- Fix a false-positive when unpiping in Node.js 0.8
- Support
statusCode
property onError
objects - Use
unpipe
module for unpiping requests - deps: escape-html@1.0.2
- deps: on-finished@~2.3.0
- perf: enable strict mode
- perf: remove argument reassignment
- deps: fresh@0.3.0
- Add weak
ETag
matching support
- Add weak
- deps: morgan@~1.6.0
- Add
morgan.compile(format)
export - Do not color 1xx status codes in
dev
format - Fix
response-time
token to not include response latency - Fix
status
token incorrectly displaying before response indev
format - Fix token return values to be
undefined
or a string - Improve representation of multiple headers in
req
andres
tokens - Use
res.getHeader
inres
token - deps: basic-auth@~1.0.2
- deps: on-finished@~2.3.0
- pref: enable strict mode
- pref: reduce function closure scopes
- pref: remove dynamic compile on every request for
dev
format - pref: remove an argument reassignment
- pref: skip function call without
skip
option
- Add
- deps: serve-favicon@~2.3.0
- Send non-chunked response for
OPTIONS
- deps: etag@~1.7.0
- deps: fresh@0.3.0
- perf: enable strict mode
- perf: remove argument reassignment
- perf: remove bitwise operations
- Send non-chunked response for
- deps: serve-index@~1.7.0
- Accept
function
value fortemplate
option - Send non-chunked response for
OPTIONS
- Stat parent directory when necessary
- Use
Date.prototype.toLocaleDateString
to format date - deps: accepts@~1.2.9
- deps: escape-html@1.0.2
- deps: mime-types@~2.1.1
- perf: enable strict mode
- perf: remove argument reassignment
- Accept
- deps: serve-static@~1.10.0
- Add
fallthrough
option - Fix reading options from options prototype
- Improve the default redirect response headers
- Malformed URLs now
next()
instead of 400 - deps: escape-html@1.0.2
- deps: send@0.13.0
- perf: enable strict mode
- perf: remove argument reassignment
- Add
- deps: type-is@~1.6.3
- deps: mime-types@~2.1.1
- perf: reduce try block size
- perf: remove bitwise operations
v2.29.2
===================
- deps: body-parser@~1.12.4
- Slight efficiency improvement when not debugging
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: iconv-lite@0.4.8
- deps: on-finished@~2.2.1
- deps: qs@2.4.2
- deps: raw-body@~2.0.1
- deps: type-is@~1.6.2
- deps: compression@~1.4.4
- deps: accepts@~1.2.7
- deps: debug@~2.2.0
- deps: connect-timeout@~1.6.2
- deps: debug@~2.2.0
- deps: ms@0.7.1
- deps: debug@~2.2.0
- deps: ms@0.7.1
- deps: depd@~1.0.1
- deps: errorhandler@~1.3.6
- deps: accepts@~1.2.7
- deps: finalhandler@0.3.6
- deps: debug@~2.2.0
- deps: on-finished@~2.2.1
- deps: method-override@~2.3.3
- deps: debug@~2.2.0
- deps: morgan@~1.5.3
- deps: basic-auth@~1.0.1
- deps: debug@~2.2.0
- deps: depd@~1.0.1
- deps: on-finished@~2.2.1
- deps: qs@2.4.2
- Fix allowing parameters like
constructor
- Fix allowing parameters like
- deps: response-time@~2.3.1
- deps: depd@~1.0.1
- deps: serve-favicon@~2.2.1
- deps: etag@~1.6.0
- deps: ms@0.7.1
- deps: serve-index@~1.6.4
- deps: accepts@~1.2.7
- deps: debug@~2.2.0
- deps: mime-types@~2.0.11
- deps: serve-static@~1.9.3
- deps: send@0.12.3
- deps: type-is@~1.6.2
- deps: mime-types@~2.0.11
v2.29.1
===================
- deps: body-parser@~1.12.2
- deps: debug@~2.1.3
- deps: qs@2.4.1
- deps: type-is@~1.6.1
- deps: compression@~1.4.3
- Fix error when code calls
res.end(str, encoding)
- deps: accepts@~1.2.5
- deps: debug@~2.1.3
- Fix error when code calls
- deps: connect-timeout@~1.6.1
- deps: debug@~2.1.3
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
- deps: errorhandler@~1.3.5
- deps: accepts@~1.2.5
- deps: express-session@~1.10.4
- deps: debug@~2.1.3
- deps: finalhandler@0.3.4
- deps: debug@~2.1.3
- deps: method-override@~2.3.2
- deps: debug@~2.1.3
- deps: morgan@~1.5.2
- deps: debug@~2.1.3
- deps: qs@2.4.1
- Fix error when parameter
hasOwnProperty
is present
- Fix error when parameter
- deps: serve-index@~1.6.3
- Properly escape file names in HTML
- deps: accepts@~1.2.5
- deps: debug@~2.1.3
- deps: escape-html@1.0.1
- deps: mime-types@~2.0.10
- deps: serve-static@~1.9.2
- deps: send@0.12.2
- deps: type-is@~1.6.1
- deps: mime-types@~2.0.10
v2.29.0
===================
- Use
content-type
to parseContent-Type
headers - deps: body-parser@~1.12.0
- add
debug
messages - accept a function for the
type
option - make internal
extended: true
depth limit infinity - use
content-type
to parseContent-Type
headers - deps: iconv-lite@0.4.7
- deps: raw-body@1.3.3
- deps: type-is@~1.6.0
- add
- deps: compression@~1.4.1
- Prefer
gzip
overdeflate
on the server - deps: accepts@~1.2.4
- Prefer
- deps: connect-timeout@~1.6.0
- deps: http-errors@~1.3.1
- deps: cookie-parser@~1.3.4
- deps: cookie-signature@1.0.6
- deps: cookie-signature@1.0.6
- deps: csurf@~1.7.0
- Accept
CSRF-Token
andXSRF-Token
request headers - Default
cookie.path
to'/'
, if using cookies - deps: cookie-signature@1.0.6
- deps: csrf@~2.0.6
- deps: http-errors@~1.3.1
- Accept
- deps: errorhandler@~1.3.4
- deps: accepts@~1.2.4
- deps: express-session@~1.10.3
- deps: cookie-signature@1.0.6
- deps: uid-safe@1.1.0
- deps: http-errors@~1.3.1
- Construct errors using defined constructors from
createError
- Fix error names that are not identifiers
- Set a meaningful
name
property on constructed errors
- Construct errors using defined constructors from
- deps: response-time@~2.3.0
- Add function argument to support recording of response time
- deps: serve-index@~1.6.2
- deps: accepts@~1.2.4
- deps: http-errors@~1.3.1
- deps: mime-types@~2.0.9
- deps: serve-static@~1.9.1
- deps: send@0.12.1
- deps: type-is@~1.6.0
- fix argument reassignment
- fix false-positives in
hasBody
Transfer-Encoding
check - support wildcard for both type and subtype (
*/*
) - deps: mime-types@~2.0.9
v2.28.3
===================
- deps: compression@~1.3.1
- deps: accepts@~1.2.3
- deps: compressible@~2.0.2
- deps: csurf@~1.6.6
- deps: csrf@~2.0.5
- deps: errorhandler@~1.3.3
- deps: accepts@~1.2.3
- deps: express-session@~1.10.2
- deps: uid-safe@1.0.3
- deps: serve-index@~1.6.1
- deps: accepts@~1.2.3
- deps: mime-types@~2.0.8
- deps: type-is@~1.5.6
- deps: mime-types@~2.0.8
v2.28.2
===================
- deps: body-parser@~1.10.2
- deps: iconv-lite@0.4.6
- deps: raw-body@1.3.2
- deps: serve-static@~1.8.1
- Fix redirect loop in Node.js 0.11.14
- Fix root path disclosure
- deps: send@0.11.1
v2.28.1
===================
- deps: csurf@~1.6.5
- deps: csrf@~2.0.4
- deps: express-session@~1.10.1
- deps: uid-safe@~1.0.2
v2.28.0
===================
- deps: body-parser@~1.10.1
- Make internal
extended: true
array limit dynamic - deps: on-finished@~2.2.0
- deps: type-is@~1.5.5
- Make internal
- deps: compression@~1.3.0
- Export the default
filter
function for wrapping - deps: accepts@~1.2.2
- deps: debug@~2.1.1
- Export the default
- deps: connect-timeout@~1.5.0
- deps: debug@~2.1.1
- deps: http-errors@~1.2.8
- deps: ms@0.7.0
- deps: csurf@~1.6.4
- deps: csrf@~2.0.3
- deps: http-errors@~1.2.8
- deps: debug@~2.1.1
- deps: errorhandler@~1.3.2
- Add
log
option - Fix heading content to not include stack
- deps: accepts@~1.2.2
- Add
- deps: express-session@~1.10.0
- Add
store.touch
interface for session stores - Fix
MemoryStore
expiration withresave: false
- deps: debug@~2.1.1
- Add
- deps: finalhandler@0.3.3
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
- deps: method-override@~2.3.1
- deps: debug@~2.1.1
- deps: methods@~1.1.1
- deps: morgan@~1.5.1
- Add multiple date formats
clf
,iso
, andweb
- Deprecate
buffer
option - Fix date format in
common
andcombined
formats - Fix token arguments to accept values with
"
- deps: debug@~2.1.1
- deps: on-finished@~2.2.0
- Add multiple date formats
- deps: serve-favicon@~2.2.0
- Support query string in the URL
- deps: etag@~1.5.1
- deps: ms@0.7.0
- deps: serve-index@~1.6.0
- Add link to root directory
- deps: accepts@~1.2.2
- deps: batch@0.5.2
- deps: debug@~2.1.1
- deps: mime-types@~2.0.7
- deps: serve-static@~1.8.0
- Fix potential open redirect when mounted at root
- deps: send@0.11.0
- deps: type-is@~1.5.5
- deps: mime-types@~2.0.7
v2.27.6
===================
- deps: serve-index@~1.5.3
- deps: accepts@~1.1.4
- deps: http-errors@~1.2.8
- deps: mime-types@~2.0.4
v2.27.5
===================
- deps: compression@~1.2.2
- Fix
.end
to only proxy to.end
- deps: accepts@~1.1.4
- Fix
- deps: express-session@~1.9.3
- Fix error when
req.sessionID
contains a non-string value
- Fix error when
- deps: http-errors@~1.2.8
- Fix stack trace from exported function
- Remove
arguments.callee
usage
- deps: serve-index@~1.5.2
- Fix icon name background alignment on mobile view
- deps: type-is@~1.5.4
- deps: mime-types@~2.0.4
v2.27.4
===================
- deps: body-parser@~1.9.3
- deps: iconv-lite@0.4.5
- deps: qs@2.3.3
- deps: raw-body@1.3.1
- deps: type-is@~1.5.3
- deps: compression@~1.2.1
- deps: accepts@~1.1.3
- deps: errorhandler@~1.2.3
- deps: accepts@~1.1.3
- deps: express-session@~1.9.2
- deps: crc@3.2.1
- deps: qs@2.3.3
- Fix
arrayLimit
behavior
- Fix
- deps: serve-favicon@~2.1.7
- Avoid errors from enumerables on
Object.prototype
- Avoid errors from enumerables on
- deps: serve-index@~1.5.1
- deps: accepts@~1.1.3
- deps: mime-types@~2.0.3
- deps: type-is@~1.5.3
- deps: mime-types@~2.0.3
v2.27.3
===================
- Correctly invoke async callback asynchronously
- deps: csurf@~1.6.3
- bump csrf
- bump http-errors
v2.27.2
===================
- Fix handling of URLs containing
://
in the path - deps: body-parser@~1.9.2
- deps: qs@2.3.2
- deps: qs@2.3.2
- Fix parsing of mixed objects and values
v2.27.1
===================
- deps: body-parser@~1.9.1
- deps: on-finished@~2.1.1
- deps: qs@2.3.0
- deps: type-is@~1.5.2
- deps: express-session@~1.9.1
- Remove unnecessary empty write call
- deps: finalhandler@0.3.2
- deps: on-finished@~2.1.1
- deps: morgan@~1.4.1
- deps: on-finished@~2.1.1
- deps: qs@2.3.0
- Fix parsing of mixed implicit and explicit arrays
- deps: serve-static@~1.7.1
- deps: send@0.10.1
v2.27.0
===================
- Use
http-errors
module for creating errors - Use
utils-merge
module for merging objects - deps: body-parser@~1.9.0
- include the charset in "unsupported charset" error message
- include the encoding in "unsupported content encoding" error message
- deps: depd@~1.0.0
- deps: compression@~1.2.0
- deps: debug@~2.1.0
- deps: connect-timeout@~1.4.0
- Create errors with
http-errors
- deps: debug@~2.1.0
- Create errors with
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- Implement
- deps: depd@~1.0.0
- deps: express-session@~1.9.0
- deps: debug@~2.1.0
- deps: depd@~1.0.0
- deps: finalhandler@0.3.1
- Terminate in progress response only on error
- Use
on-finished
to determine request status - deps: debug@~2.1.0
- deps: method-override@~2.3.0
- deps: debug@~2.1.0
- deps: morgan@~1.4.0
- Add
debug
messages - deps: depd@~1.0.0
- Add
- deps: response-time@~2.2.0
- Add
header
option for custom header name - Add
suffix
option - Change
digits
argument to anoptions
argument - deps: depd@~1.0.0
- Add
- deps: serve-favicon@~2.1.6
- deps: etag@~1.5.0
- deps: serve-index@~1.5.0
- Add
dir
argument tofilter
function - Add icon for mkv files
- Create errors with
http-errors
- Fix incorrect 403 on Windows and Node.js 0.11
- Lookup icon by mime type for greater icon support
- Support using tokens multiple times
- deps: accepts@~1.1.2
- deps: debug@~2.1.0
- deps: mime-types@~2.0.2
- Add
- deps: serve-static@~1.7.0
- deps: send@0.10.0
v2.26.6
===================
- deps: compression@~1.1.2
- deps: accepts@~1.1.2
- deps: compressible@~2.0.1
- deps: csurf@~1.6.2
- bump http-errors
- fix cookie name when using
cookie: true
- deps: errorhandler@~1.2.2
- deps: accepts@~1.1.2
v2.26.5
===================
- Fix accepting non-object arguments to
logger
- deps: serve-static@~1.6.4
- Fix redirect loop when index file serving disabled
v2.26.4
===================
- deps: morgan@~1.3.2
- Fix
req.ip
integration whenimmediate: false
- Fix
- deps: type-is@~1.5.2
- deps: mime-types@~2.0.2
v2.26.3
===================
- deps: body-parser@~1.8.4
- fix content encoding to be case-insensitive
- deps: serve-favicon@~2.1.5
- deps: etag@~1.4.0
- deps: serve-static@~1.6.3
- deps: send@0.9.3
v2.26.2
===================
- deps: body-parser@~1.8.3
- deps: qs@2.2.4
- deps: qs@2.2.4
- Fix issue with object keys starting with numbers truncated
v2.26.1
===================
- deps: body-parser@~1.8.2
- deps: depd@0.4.5
- deps: depd@0.4.5
- deps: express-session@~1.8.2
- Use
crc
instead ofbuffer-crc32
for speed - deps: depd@0.4.5
- Use
- deps: morgan@~1.3.1
- Remove un-used
bytes
dependency - deps: depd@0.4.5
- Remove un-used
- deps: serve-favicon@~2.1.4
- Fix content headers being sent in 304 response
- deps: etag@~1.3.1
- deps: serve-static@~1.6.2
- deps: send@0.9.2
v2.26.0
===================
- deps: body-parser@~1.8.1
- add
parameterLimit
option tourlencoded
parser - change
urlencoded
extended array limit to 100 - make empty-body-handling consistent between chunked requests
- respond with 415 when over
parameterLimit
inurlencoded
- deps: media-typer@0.3.0
- deps: qs@2.2.3
- deps: type-is@~1.5.1
- add
- deps: compression@~1.1.0
- deps: accepts@~1.1.0
- deps: compressible@~2.0.0
- deps: debug@~2.0.0
- deps: connect-timeout@~1.3.0
- deps: debug@~2.0.0
- deps: cookie-parser@~1.3.3
- deps: cookie-signature@1.0.5
- deps: cookie-signature@1.0.5
- deps: csurf@~1.6.1
- add
ignoreMethods
option - bump cookie-signature
- csrf-tokens -> csrf
- set
code
property on CSRF token errors
- add
- deps: debug@~2.0.0
- deps: errorhandler@~1.2.0
- Display error using
util.inspect
if no other representation - deps: accepts@~1.1.0
- Display error using
- deps: express-session@~1.8.1
- Do not resave already-saved session at end of request
- Prevent session prototype methods from being overwritten
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
- deps: finalhandler@0.2.0
- Set
X-Content-Type-Options: nosniff
header - deps: debug@~2.0.0
- Set
- deps: fresh@0.2.4
- deps: media-typer@0.3.0
- Throw error when parameter format invalid on parse
- deps: method-override@~2.2.0
- deps: debug@~2.0.0
- deps: morgan@~1.3.0
- Assert if
format
is not a function or string
- Assert if
- deps: qs@2.2.3
- Fix issue where first empty value in array is discarded
- deps: serve-favicon@~2.1.3
- Accept string for
maxAge
(converted byms
) - Use
etag
to generateETag
header - deps: fresh@0.2.4
- Accept string for
- deps: serve-index@~1.2.1
- Add
debug
messages - Resolve relative paths at middleware setup
- deps: accepts@~1.1.0
- Add
- deps: serve-static@~1.6.1
- Add
lastModified
option - deps: send@0.9.1
- Add
- deps: type-is@~1.5.1
- fix
hasbody
to be true forcontent-length: 0
- deps: media-typer@0.3.0
- deps: mime-types@~2.0.1
- fix
- deps: vhost@~3.0.0
v2.25.10
====================
- deps: serve-static@~1.5.4
- deps: send@0.8.5
v2.25.9
===================
- deps: body-parser@~1.6.7
- deps: qs@2.2.2
- deps: qs@2.2.2
v2.25.8
===================
- deps: body-parser@~1.6.6
- deps: qs@2.2.0
- deps: csurf@~1.4.1
- deps: qs@2.2.0
- Array parsing fix
- Performance improvements
v2.25.7
===================
- deps: body-parser@~1.6.5
- deps: on-finished@2.1.0
- deps: express-session@~1.7.6
- Fix exception on
res.end(null)
calls
- Fix exception on
- deps: morgan@~1.2.3
- deps: on-finished@2.1.0
- deps: serve-static@~1.5.3
- deps: send@0.8.3
v2.25.6
===================
- deps: body-parser@~1.6.4
- deps: qs@1.2.2
- deps: qs@1.2.2
- deps: serve-static@~1.5.2
- deps: send@0.8.2
v2.25.5
===================
- Fix backwards compatibility in
logger
v2.25.4
===================
- Fix
query
middleware breaking with argument- It never really took one in the first place
- deps: body-parser@~1.6.3
- deps: qs@1.2.1
- deps: compression@~1.0.11
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: connect-timeout@~1.2.2
- deps: on-headers@~1.0.0
- deps: express-session@~1.7.5
- Fix parsing original URL
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: method-override@~2.1.3
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- deps: qs@1.2.1
- deps: response-time@~2.0.1
- deps: on-headers@~1.0.0
- deps: serve-index@~1.1.6
- Fix URL parsing
- deps: serve-static@~1.5.1
- Fix parsing of weird
req.originalUrl
values - deps: parseurl@~1.3.0 = deps: utils-merge@1.0.0
- Fix parsing of weird
v2.25.3
===================
- deps: multiparty@3.3.2
- Fix potential double-callback
v2.25.2
===================
- deps: body-parser@~1.6.2
- deps: qs@1.2.0
- deps: qs@1.2.0
- Fix parsing array of objects
v2.25.1
====================
- deps: serve-static@~1.5.4
- deps: send@0.8.5
v2.25.0
===================
- deps: body-parser@~1.6.0
- deps: qs@1.0.2
- deps: compression@~1.0.10
- Fix upper-case Content-Type characters prevent compression
- deps: compressible@~1.1.1
- deps: csurf@~1.4.0
- Support changing
req.session
aftercsurf
middleware - Calling
res.csrfToken()
afterreq.session.destroy()
will now work
- Support changing
- deps: express-session@~1.7.4
- Fix
res.end
patch to call correct upstreamres.write
- Fix response end delay for non-chunked responses
- Fix
- deps: qs@1.0.2
- Complete rewrite
- Limits array length to 20
- Limits object depth to 5
- Limits parameters to 1,000
- deps: serve-static@~1.5.0
- Add
extensions
option - deps: send@0.8.1
- Add
v2.24.3
===================
- deps: serve-index@~1.1.5
- Fix Content-Length calculation for multi-byte file names
- deps: accepts@~1.0.7
- deps: serve-static@~1.4.4
- Fix incorrect 403 on Windows and Node.js 0.11
- deps: send@0.7.4
v2.24.2
===================
- deps: body-parser@~1.5.2
- deps: depd@0.4.4
- Work-around v8 generating empty stack traces
- deps: express-session@~1.7.2
- deps: morgan@~1.2.2
- deps: serve-static@~1.4.2
v2.24.1
===================
- deps: body-parser@~1.5.1
- deps: depd@0.4.3
- Fix exception when global
Error.stackTraceLimit
is too low
- Fix exception when global
- deps: express-session@~1.7.1
- deps: morgan@~1.2.1
- deps: serve-index@~1.1.4
- deps: serve-static@~1.4.1
v2.24.0
===================
- deps: body-parser@~1.5.0
- deps: depd@0.4.2
- deps: iconv-lite@0.4.4
- deps: raw-body@1.3.0
- deps: type-is@~1.3.2
- deps: compression@~1.0.9
- Add
debug
messages - deps: accepts@~1.0.7
- Add
- deps: connect-timeout@~1.2.1
- Accept string for
time
(converted byms
) - deps: debug@1.0.4
- Accept string for
- deps: debug@1.0.4
- deps: depd@0.4.2
- Add
TRACE_DEPRECATION
environment variable - Remove non-standard grey color from color output
- Support
--no-deprecation
argument - Support
--trace-deprecation
argument
- Add
- deps: express-session@~1.7.0
- Improve session-ending error handling
- deps: debug@1.0.4
- deps: depd@0.4.2
- deps: finalhandler@0.1.0
- Respond after request fully read
- deps: debug@1.0.4
- deps: method-override@~2.1.2
- deps: debug@1.0.4
- deps: parseurl@~1.2.0
- deps: morgan@~1.2.0
- Add
:remote-user
token - Add
combined
log format - Add
common
log format - Remove non-standard grey color from
dev
format
- Add
- deps: multiparty@3.3.1
- deps: parseurl@~1.2.0
- Cache URLs based on original value
- Remove no-longer-needed URL mis-parse work-around
- Simplify the "fast-path"
RegExp
- deps: serve-static@~1.4.0
- Add
dotfiles
option - deps: parseurl@~1.2.0
- deps: send@0.7.0
- Add
v2.23.0
===================
- deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
- deps: express-session@~1.6.4
- deps: method-override@~2.1.0
- add simple debug output
- deps: methods@1.1.0
- deps: parseurl@~1.1.3
- deps: parseurl@~1.1.3
- faster parsing of href-only URLs
- deps: serve-static@~1.3.1
- deps: parseurl@~1.1.3
v2.22.0
===================
- deps: csurf@~1.3.0
- Fix
cookie.signed
option to actually sign cookie
- Fix
- deps: express-session@~1.6.1
- Fix
res.end
patch to return correct value - Fix
res.end
patch to handle multipleres.end
calls - Reject cookies with missing signatures
- Fix
- deps: multiparty@3.3.0
- Always emit close after all parts ended
- Fix callback hang in node.js 0.8 on errors
- deps: serve-static@~1.3.0
- Accept string for
maxAge
(converted byms
) - Add
setHeaders
option - Include HTML link in redirect response
- deps: send@0.5.0
- Accept string for
v2.21.1
===================
- deps: cookie-parser@1.3.2
- deps: cookie-signature@1.0.4
- deps: cookie-signature@1.0.4
- fix for timing attacks
- deps: express-session@~1.5.2
- deps: cookie-signature@1.0.4
- deps: type-is@~1.3.2
- more mime types
v2.21.0
===================
- deprecate
connect(middleware)
-- useapp.use(middleware)
instead - deprecate
connect.createServer()
-- useconnect()
instead - fix
res.setHeader()
patch to work with get -> append -> set pattern - deps: compression@~1.0.8
- deps: errorhandler@~1.1.1
- deps: express-session@~1.5.0
- Deprecate integration with
cookie-parser
middleware - Deprecate looking for secret in
req.secret
- Directly read cookies;
cookie-parser
no longer required - Directly set cookies;
res.cookie
no longer required - Generate session IDs with
uid-safe
, faster and even less collisions
- Deprecate integration with
- deps: serve-index@~1.1.3
v2.20.2
===================
- deps: body-parser@1.4.3
- deps: type-is@1.3.1
v2.20.1
===================
- deps: type-is@1.3.1
- fix global variable leak
v2.20.0
===================
- deprecate
verify
option tojson
-- usebody-parser
npm module instead - deprecate
verify
option tourlencoded
-- usebody-parser
npm module instead - deprecate things with
depd
module - use
finalhandler
for final response handling - use
media-typer
to parsecontent-type
for charset - deps: body-parser@1.4.2
- check accepted charset in content-type (accepts utf-8)
- check accepted encoding in content-encoding (accepts identity)
- deprecate
urlencoded()
without providedextended
option - lazy-load urlencoded parsers
- support gzip and deflate bodies
- set
inflate: false
to turn off - deps: raw-body@1.2.2
- deps: type-is@1.3.0
- Support all encodings from
iconv-lite
- deps: connect-timeout@1.1.1
- deps: debug@1.0.2
- deps: cookie-parser@1.3.1
- export parsing functions
-
req.cookies
andreq.signedCookies
are now plain objects - slightly faster parsing of many cookies
- deps: csurf@1.2.2
- deps: errorhandler@1.1.0
- Display error on console formatted like
throw
- Escape HTML in stack trace
- Escape HTML in title
- Fix up edge cases with error sent in response
- Set
X-Content-Type-Options: nosniff
header - Use accepts for negotiation
- Display error on console formatted like
- deps: express-session@1.4.0
- Add
genid
option to generate custom session IDs - Add
saveUninitialized
option to control saving uninitialized sessions - Add
unset
option to control unsettingreq.session
- Generate session IDs with
rand-token
by default; reduce collisions - Integrate with express "trust proxy" by default
- deps: buffer-crc32@0.2.3
- deps: debug@1.0.2
- Add
- deps: multiparty@3.2.9
- deps: serve-index@1.1.2
- deps: batch@0.5.1
- deps: type-is@1.3.0
- improve type parsing
- deps: vhost@2.0.0
- Accept
RegExp
object forhostname
- Provide
req.vhost
object - Support IPv6 literal in
Host
header
- Accept
v2.19.6
===================
- deps: body-parser@1.3.1
- deps: type-is@1.2.1
- deps: compression@1.0.7
- use vary module for better
Vary
behavior - deps: accepts@1.0.3
- deps: compressible@1.1.0
- use vary module for better
- deps: debug@1.0.2
- deps: serve-index@1.1.1
- deps: accepts@1.0.3
- deps: serve-static@1.2.3
- Do not throw un-catchable error on file open race condition
- deps: send@0.4.3
v2.19.5
===================
- deps: csurf@1.2.1
- refactor to use csrf-tokens@~1.0.2
- deps: debug@1.0.1
- deps: serve-static@1.2.2
- fix "event emitter leak" warnings
- deps: send@0.4.2
- deps: type-is@1.2.1
- Switch dependency from
mime
tomime-types@1.0.0
- Switch dependency from
v2.19.4
===================
- deps: errorhandler@1.0.2
- Pass on errors from reading error files
- deps: method-override@2.0.2
- use vary module for better
Vary
behavior
- use vary module for better
- deps: serve-favicon@2.0.1
- Reduce byte size of
ETag
header
- Reduce byte size of
v2.19.3
===================
- deps: compression@1.0.6
- fix listeners for delayed stream creation
- fix regression for certain
stream.pipe(res)
situations - fix regression when negotiation fails
v2.19.2
===================
- deps: compression@1.0.4
- fix adding
Vary
when value stored as array - fix back-pressure behavior
- fix length check for
res.end
- fix adding
v2.19.1
===================
- fix deprecated
utils.escape
v2.19.0
===================
- deprecate
methodOverride()
-- usemethod-override
npm module instead - deps: body-parser@1.3.0
- add
extended
option to urlencoded parser
- add
- deps: method-override@2.0.1
- set
Vary
header - deps: methods@1.0.1
- set
- deps: multiparty@3.2.8
- deps: response-time@2.0.0
- add
digits
argument - do not override existing
X-Response-Time
header - timer not subject to clock drift
- timer resolution down to nanoseconds
- add
- deps: serve-static@1.2.1
- send max-age in Cache-Control in correct format
- use
escape-html
for escaping - deps: send@0.4.1
v2.18.0
===================
- deps: compression@1.0.3
- deps: serve-index@1.1.0
- Fix content negotiation when no
Accept
header - Properly support all HTTP methods
- Support vanilla node.js http servers
- Treat
ENAMETOOLONG
as code 414 - Use accepts for negotiation
- Fix content negotiation when no
- deps: serve-static@1.2.0
- Calculate ETag with md5 for reduced collisions
- Fix wrong behavior when index file matches directory
- Ignore stream errors after request ends
- Skip directories in index file search
- deps: send@0.4.0
v2.17.3
===================
- deps: express-session@1.2.1
- Fix
resave
such thatresave: true
works
- Fix
v2.17.2
===================
- deps: body-parser@1.2.2
- invoke
next(err)
after request fully read - deps: raw-body@1.1.6
- invoke
- deps: method-override@1.0.2
- Handle
req.body
key referencing array or object - Handle multiple HTTP headers
- Handle
v2.17.1
===================
- fix
res.charset
appending charset whencontent-type
has one
v2.17.0
===================
- deps: express-session@1.2.0
- Add
resave
option to control saving unmodified sessions
- Add
- deps: morgan@1.1.1
- "dev" format will use same tokens as other formats
-
:response-time
token is now empty when immediate used -
:response-time
token is now monotonic -
:response-time
token has precision to 1 μs - fix
:status
+ immediate output in node.js 0.8 - improve
buffer
option to prevent indefinite event loop holding - simplify method to get remote address
- deps: bytes@1.0.0
- deps: serve-index@1.0.3
- Fix error from non-statable files in HTML view
v2.16.2
===================
- fix edge-case in
res.appendHeader
that would append in wrong order - deps: method-override@1.0.1
v2.16.1
===================
- remove usages of
res.headerSent
from core
v2.16.0
===================
- deprecate
res.headerSent
-- useres.headersSent
- deprecate
res.on("header")
-- use on-headers module instead - fix
connect.version
to reflect the actual version - json: use body-parser
- add
type
option - fix repeated limit parsing with every request
- improve parser speed
- add
- urlencoded: use body-parser
- add
type
option - fix repeated limit parsing with every request
- add
- dep: bytes@1.0.0
- add negative support
- dep: cookie-parser@1.1.0
- deps: cookie@0.1.2
- dep: csurf@1.2.0
- add support for double-submit cookie
- dep: express-session@1.1.0
- Add
name
option; replacement forkey
option - Use
setImmediate
in MemoryStore for node.js >= 0.10
- Add
v2.15.0
===================
- Add simple
res.cookie
support - Add
res.appendHeader
- Call error stack even when response has been sent
- Patch
res.headerSent
to return Boolean - Patch
res.headersSent
for node.js 0.8 - Prevent default 404 handler after response sent
- dep: compression@1.0.2
- support headers given to
res.writeHead
- deps: bytes@0.3.0
- deps: negotiator@0.4.3
- support headers given to
- dep: connect-timeout@1.1.0
- Add
req.timedout
property - Add
respond
option to constructor - Clear timer on socket destroy
- deps: debug@0.8.1
- Add
- dep: debug@^0.8.0
- add
enable()
method - change from stderr to stdout
- add
- dep: errorhandler@1.0.1
- Clean up error CSS
- Do not respond after headers sent
- dep: express-session@1.0.4
- Remove import of
setImmediate
- Use
res.cookie()
instead ofres.setHeader()
- deps: cookie@0.1.2
- deps: debug@0.8.1
- Remove import of
- dep: morgan@1.0.1
- Make buffer unique per morgan instance
- deps: bytes@0.3.0
- dep: serve-favicon@2.0.0
- Accept
Buffer
of icon as first argument - Non-GET and HEAD requests are denied
- Send valid max-age value
- Support conditional requests
- Support max-age=0
- Support OPTIONS method
- Throw if
path
argument is directory
- Accept
- dep: serve-index@1.0.2
- Add stylesheet option
- deps: negotiator@0.4.3
v2.14.5
===================
- dep: raw-body@1.1.4
- allow true as an option
- deps: bytes@0.3.0
- dep: serve-static@1.1.0
- Accept options directly to
send
module - deps: send@0.3.0
- Accept options directly to
v2.14.4
===================
- dep: bytes@0.3.0
- added terabyte support
- dep: csurf@1.1.0
- add constant-time string compare
- dep: serve-static@1.0.4
- Resolve relative paths at middleware setup
- Use parseurl to parse the URL from request
- fix node.js 0.8 compatibility with memory session
v2.14.3
===================
- dep: static-favicon@1.0.2
- Fixed content of default icon
v2.14.2
===================
- dep: static-favicon@1.0.1
- Fixed path to default icon
v2.14.1
===================
- dep: fresh@0.2.2
- no real changes
- dep: serve-index@1.0.1
- deps: negotiator@0.4.2
- dep: serve-static@1.0.2
- deps: send@0.2.0
v2.14.0
===================
- basicAuth: use basic-auth-connect
- cookieParser: use cookie-parser
- compress: use compression
- csrf: use csurf
- dep: cookie-signature@1.0.3
- directory: use serve-index
- errorHandler: use errorhandler
- favicon: use static-favicon
- logger: use morgan
- methodOverride: use method-override
- responseTime: use response-time
- session: use express-session
- static: use serve-static
- timeout: use connect-timeout
- vhost: use vhost
v2.13.1
===================
- cookieSession: compare full value rather than crc32
- deps: raw-body@1.1.3
v2.13.0
===================
- fix typo in memory store warning #974 @rvagg
- compress: use compressible
- directory: add template option #990 @gottaloveit @Earl-Brown
- csrf: prevent deprecated warning with old sessions
v2.12.0
===================
Renovate configuration
rebase!
".
-
If you want to rebase/retry this PR, check this box
This PR has been generated by Renovate Bot. View repository job log here.