Sam Tucker-Davis
6c4249feec
docs: replace dummy with placeholder in example comments ( #7064 )
...
* docs: replace 'dummy' with 'placeholder' in example comments
Use more inclusive language in code comments across example files.
The term 'dummy' can be replaced with the clearer, more neutral
term 'placeholder' without any change in meaning.
Files changed:
- examples/ejs/index.js
- examples/route-middleware/index.js
- examples/auth/index.js
* ci: re-trigger coverage after transient coveralls.io error
---------
Co-authored-by: stuckvgn <stuckvgn@users.noreply.github.com >
2026-03-01 08:55:02 -05:00
dependabot[bot]
06e2367f91
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ( #7074 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaasupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-01 11:24:13 +01:00
dependabot[bot]
e3b962c558
build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 ( #7073 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](37930b1c2a...70fc10c6e5support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-01 11:23:27 +01:00
dependabot[bot]
411061d94e
build(deps): bump github/codeql-action from 4.32.0 to 4.32.4 ( #7072 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.0 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b20883b0cd...89a39a4e59support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-01 11:21:45 +01:00
Ishita Singh
b4ab7d65d7
test: include edge case tests for res.type() ( #7037 )
2026-02-23 10:58:26 +01:00
Pavan Shinde
c4cc78bdf5
docs: fix README security policy link ( #7029 )
2026-02-21 22:15:11 -05:00
Dave Tashner
925a1dff1e
fix: bump qs minimum to ^6.14.2 for CVE-2026-2391 ( #7057 )
...
qs versions before 6.14.2 have an arrayLimit bypass in comma parsing
that allows denial of service (GHSA-w7fw-mjwx-w883).
While the existing ^6.14.1 semver range allows 6.14.2 on fresh
installs, bumping the minimum ensures the vulnerable version cannot
be resolved.
Signed-off-by: davetashner <5702882+davetashner@users.noreply.github.com >
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-02-21 22:11:08 -05:00
Murat Kirazkaya
9c85a25c02
Remove duplicate tests in res.location and res.jsonp ( #6996 )
...
* test: remove duplicated tests
* test: fix typo in data URI encoding test description
2026-02-14 12:25:36 -05:00
dependabot[bot]
1140301f6a
build(deps): bump github/codeql-action from 4.31.9 to 4.32.0 ( #7013 )
...
* build(deps): bump github/codeql-action from 4.31.9 to 4.32.0
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.9 to 4.32.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5d4e8d1aca...b20883b0cdsupport@github.com >
* chore: fix version tag comments
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Phillip Barta <barta.phillip@gmail.com >
2026-02-10 00:10:13 +01:00
dependabot[bot]
c76ed5ae05
build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 ( #7012 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](395ad32622...6044e13b5dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-10 00:05:17 +01:00
dependabot[bot]
2d4192ebb3
build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ( #7011 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-10 00:04:00 +01:00
Sebastian Beltran
66404b347a
docs: Add @GroophyLifefor to the triage team ( #6995 )
2026-02-01 13:04:08 +01:00
Viny Brun Kriesang
d12772393c
fix: search example to support Redis v4+ and Express 4/5 ( #6274 )
...
* Fix Redis example to support Redis v4+ and Express 4/5
* update optional route syntax to /{:query} and refactor Redis initialization into dedicated function to guarantee that it is complete before server starts
---------
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com >
2026-01-31 22:12:23 -05:00
Ayoub Mabrouk
6b7ccfcf12
test: add test for normalizeType fallback when mime lookup fails ( #6894 )
...
Add test to verify that utils.normalizeType correctly defaults to
'application/octet-stream' when mime.lookup() returns null/undefined
for unknown file extensions. This covers the fallback behavior on
line 64 of lib/utils.js and ensures proper handling of unrecognized
MIME types.
Co-authored-by: bjohansebas <103585995+bjohansebas@users.noreply.github.com >
2026-01-31 21:53:38 -05:00
AkaHarshit
c9ecf7b658
feat: Allow passing null or undefined as the value for options in app.render ( #6903 )
...
* fix: allow null options in app.render
* fix: ensure options are initialized to an empty object in app.render
* docs: add history entry
---------
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com >
2026-01-31 21:51:17 -05:00
Sebastian Beltran
a479419b16
feat: do not modify the Content-Type twice when sending strings ( #6991 )
...
* fix: improve content-type handling in res.send method
* fix: ensure content-type is a string before setting charset in res.send
* fix: refactor content-type handling in res.send to use const and improve clarity
* Apply suggestion from @bjohansebas
* docs: update History.md
2026-01-19 09:56:53 -05:00
Sebastian Beltran
5a4568abfe
chore: remove benchmarks directory ( #6992 )
2026-01-17 17:36:22 -05:00
sukdev24
912893c07c
test: added unit tests for utils.compileETag to cover valid and invalid inputs ( #6534 )
...
* Added unit tests for utils.compileETag to cover valid and invalid inputs
* test: enhance compileETag tests for various input types
---------
Co-authored-by: sucem029 <sucem029@vippan-118.ad.liu.se >
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com >
2026-01-16 21:27:22 -05:00
Marcos Molina
ae265a90c7
docs: fix JSDoc for req.accepts() return value and parameter format ( #6936 )
...
* fixed request accept jsdoc
* reverted format
* reverted format
* updated jsdoc
* updated the rest of the documentation
2026-01-16 16:19:39 -05:00
Bernice Wu
9a3f7ff412
Polish HTML structure of the response in the res.redirect() function ( #5167 )
...
* structure the DOM body
* structure the DOM body
* test: add html title to redirect test
* fix: update HTML structure for include body and head tags
* docs: improve HTML structure in res.redirect() responses for better browser compatibility
---------
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com >
2026-01-16 10:29:01 -05:00
Sebastian Beltran
2cd372e34c
docs: add @krzysdz to the triage team ( #6482 )
2026-01-12 10:28:54 +01:00
dependabot[bot]
04d3a49976
build(deps): bump actions/setup-node from 6.0.0 to 6.1.0 ( #6962 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](2028fbc5c2...395ad32622support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-07 09:48:47 -05:00
dependabot[bot]
bc7d155f53
build(deps): bump actions/checkout from 6.0.0 to 6.0.1 ( #6963 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-07 09:47:41 -05:00
Gabriel Alves
00bb633ca6
deps: qs@^6.14.1
2026-01-07 15:46:37 +01:00
dependabot[bot]
3c0ad4e8dc
build(deps): bump github/codeql-action from 4.31.6 to 4.31.9 ( #6964 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fe4161a26a...5d4e8d1acasupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-07 09:46:20 -05:00
dependabot[bot]
4ae96bdf5e
build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 ( #6965 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-07 09:45:47 -05:00
AbdelMonaam Aouini
6cd404eb28
fix: enhance req.acceptsCharsets method ( #6088 )
...
* fix: enhance req.acceptsCharsets method
* Update req.acceptsCharsets.js
---------
Co-authored-by: Monaam Aouini <abdelmonaem.aouini@mispay.co >
Co-authored-by: Sebastian Beltran <bjohansebas@gmail.com >
2026-01-07 09:41:34 -05:00
dependabot[bot]
3e81873b52
build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 ( #6961 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](018cc2cf5b...37930b1c2asupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-07 09:38:53 -05:00
Jon Church
b5aae87594
doc: fix security.md link to point to security tab
2026-01-05 17:54:09 -05:00
Ulises Gascon
b8fc000f31
docs: use global Security policy
...
We should inherit https://github.com/expressjs/.github/blob/master/SECURITY.md directly.
2026-01-05 17:46:28 -05:00
Rick Markins
c2fb76e99f
docs: add @rxmarbles to triagers ( #6953 )
2025-12-19 10:44:49 +01:00
ctcpip
9eb700151b
📝 add note to history
2025-12-09 09:32:11 -06:00
Ulises Gascon
dbac741a49
5.2.1
2025-12-01 15:27:35 -05:00
Ulises Gascon
697547cde6
Revert "sec: security patch for CVE-2024-51999"
...
This reverts commit 2f64f68c37
2025-12-01 15:27:35 -05:00
Ulises Gascón
4007ad103b
Release: 5.2.0 ( #6920 )
2025-12-01 17:17:31 +01:00
Chris de Almeida
2f64f68c37
sec: security patch for CVE-2024-51999
2025-12-01 17:15:17 +01:00
dependabot[bot]
ed0ba3f1dc
build(deps): bump actions/checkout from 5.0.0 to 6.0.0 ( #6928 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 13:13:45 +01:00
dependabot[bot]
8eace4603c
build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 ( #6929 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...fe4161a26asupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 13:12:52 +01:00
dependabot[bot]
30bae81027
build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 ( #6930 )
...
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action ) from 2.3.6 to 2.3.7.
- [Release notes](https://github.com/coverallsapp/github-action/releases )
- [Commits](648a8eb78e...5cbfd81b66support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 13:12:08 +01:00
Shivam Sharma
758d4355d4
deps: body-parser@^2.2.1 ( #6922 )
...
Includes the security patch for CVE-2025-13466
2025-11-26 15:19:57 +01:00
Sebastian Beltran
77bcd5274a
docs: update emeritus triagers ( #6890 )
...
* docs: update emeritus triagers
---------
Co-authored-by: Ulises Gascón <ulisesgascongonzalez@gmail.com >
2025-11-25 11:32:32 +01:00
Sebastian Beltran
f33caf1f89
Nominate to @efekrskl for triage team ( #6888 )
...
* Nominate to @efekrskl for triage team
* Update Readme.md
2025-11-24 22:32:28 -05:00
TheMysterious
54af593b73
refactor: use cached slice in app.listen ( #6897 )
...
Signed-off-by: Tacit1 <tacitim5@gmail.com >
2025-11-23 18:52:16 -05:00
Phillip Barta
2551a7d8af
docs: switch badges from badgen.net to shields.io ( #6900 )
2025-11-18 10:42:56 +01:00
dependabot[bot]
4453d83cca
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 ( #6868 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-01 10:46:37 +01:00
dependabot[bot]
db507669ca
build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 ( #6869 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-01 10:45:51 +01:00
dependabot[bot]
374fc1a0f9
build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 ( #6870 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-01 10:45:07 +01:00
dependabot[bot]
1b196c8b82
build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 ( #6871 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-01 10:44:12 +01:00
Phillip Barta
64e7373d69
ci: add node.js 25 to test matrix ( #6843 )
2025-10-16 13:51:39 +02:00
dependabot[bot]
e4fb370ad8
build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 ( #6793 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](d3f86a106a...634f93cb29support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-03 14:44:02 +02:00
