chore(deps): Bump express and @types/express by dependabot[bot] · Pull Request #659 · cheqd/studio

dependabot · 2025-04-07T07:40:31Z

Bumps express and @types/express. These dependencies needed to be updated together.
Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

Update captains by @UlisesGascon in expressjs/express#6027

build: Node.js 23.0 by @bjohansebas in expressjs/express#6075

Add funding field (v5) by @bjohansebas in expressjs/express#6064

✅ add discarded middleware test by @ctcpip in expressjs/express#5819

update homepage link http to https by @bjohansebas in expressjs/express#5920

Improve readme by @bjohansebas in expressjs/express#5994

Add bjohansebas as repo captain for expressjs.com by @crandmck in expressjs/express#6058

Remove Object.setPrototypeOf polyfill by @Phillip9587 in expressjs/express#6081

fix(buffer): use node:buffer instead of safe-buffer by @bhavya3024 in expressjs/express#6071

docs: Add DCO by @UlisesGascon in expressjs/express#6048

cleanup: remove promise support check from tests by @Phillip9587 in expressjs/express#6148

Use loop for acceptParams by @blakeembrey in expressjs/express#6066

Improve documentation step in release process by @bjohansebas in expressjs/express#6150

cleanup: remove unnecessary require for global Buffer by @Phillip9587 in expressjs/express#6146

cleanup: remove AsyncLocalStorage check by @Phillip9587 in expressjs/express#6147

update history.md for acceptParams change by @jonchurch in expressjs/express#6177

docs: add @rxmarbles to the triage team by @UlisesGascon in expressjs/express#6151

refactor: improve readability by @sazk07 in expressjs/express#6173

docs: clarify the security process in the triage role by @bjohansebas in expressjs/express#6217

chore: replace methods dependency with standard library by @jonkoops in expressjs/express#6196

Remove utils-merge dependency - use spread syntax instead by @Phillip9587 in expressjs/express#6091

fix(securite): fix vulnerabilities by @Abdel-Monaam-Aouini in expressjs/express#6211

refactor: prefix built-in node module imports by @slagiewka in expressjs/express#6236

fix: remove download size badges by @wesleytodd in expressjs/express#6266

Remove unused depd dependency by @jonkoops in expressjs/express#6197

fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @hamirmahal in expressjs/express#6256

Add support for OSSF scorecard reporting by @UlisesGascon in expressjs/express#5431

docs: add @Phillip9587 to the triage team by @bjohansebas in expressjs/express#6276

fix: added a missing semicolon in css styles in examples/auth by @pr4j3sh in expressjs/express#6297

docs: include team email in the security policy by @UlisesGascon in expressjs/express#6278

refactor: simplify normalizeTypes function by @Ayoub-Mabrouk in expressjs/express#6097

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6314

ci: fix npm install --include typo by @Phillip9587 in expressjs/express#6324

ci: updated scorecard actions by @Phillip9587 in expressjs/express#6322

build(deps): use carat notation for dependency versions by @dpopp07 in expressjs/express#6317

chore(deps): update debug to ^4.4.0 by @Phillip9587 in expressjs/express#6313

docs: retroactively note 5.0.0-beta.1 api change in history file by @dpopp07 in expressjs/express#6333

feat(deps): body-parser@^2.1.0 by @wesleytodd in expressjs/express#6332

feat(deps): router@^2.1.0 by @wesleytodd in expressjs/express#6331

Update repo captains by @UlisesGascon in expressjs/express#6234

deps: upgrade nyc by @agungjati in expressjs/express#6122

fix (deps): update deps by @wesleytodd in expressjs/express#6337

response: add support for ETag option in res.sendFile by @juanarbol in expressjs/express#6073

Update multiple links to use https instead of http by @Phillip9587 in expressjs/express#6338

Extend res.links() to allow adding multiple links with the same rel #2729 by @andvea in expressjs/express#4885

docs: update emeritus triagers by @UlisesGascon in expressjs/express#6345

docs: update guidance for triager nominations by @bjohansebas in expressjs/express#6349

docs: clarify guidelines for becoming a committer by @bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: server-static@2.2.0

deps: type-is@2.0.1

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

change:

res.clearCookie will ignore user provided maxAge and expires options

deps: cookie-signature@^1.2.1

deps: debug@4.3.6

deps: merge-descriptors@^2.0.0

deps: serve-static@^2.1.0

deps: qs@6.13.0

deps: accepts@^2.0.0

deps: mime-types@^3.0.0

application/javascript => text/javascript

deps: type-is@^2.0.0

deps: content-disposition@^1.0.0

... (truncated)

Commits

cd7d439 5.1.0
4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
cb4c56e fix(docs): remove @mertcanaltin from Triagers (#6408)
7b44e1d ci: use full SHAs for github action versions
eb6d125 deps: router@^2.2.0 (#6417)
f1a2dc8 deps: type-is@^2.0.1 (#6420)
6b51e8e deps: body-parser@^2.2.0 (#6419)
1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
9e97144 feat(deps): finalhandler@2.1.0 (#6373)
29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
Additional commits viewable in compare view

Updates @types/express from 4.17.21 to 5.0.1

Commits

See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
@types/express	[>= 5.a, < 6]

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Zzocker · 2026-02-16T18:09:25Z

@dependabot recreate

sownak · 2026-02-20T07:46:57Z

@dependabot recreate

Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 4.21.2 to 5.1.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `@types/express` from 4.17.21 to 5.0.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: express dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: "@types/express" dependency-version: 5.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

* updated lockfile Signed-off-by: Sownak Roy <sownak@cheqd.io> * chore(deps): Bump express and @types/express (#659) Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 4.21.2 to 5.1.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `@types/express` from 4.17.21 to 5.0.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: express dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: "@types/express" dependency-version: 5.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: updates to use express 5 Signed-off-by: Sownak Roy <sownak@cheqd.io> * build(deps): bump github/codeql-action from 3 to 4 (#791) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump semantic-release from 24.2.9 to 25.0.3 (#793) Bumps [semantic-release](https://github.com/semantic-release/semantic-release) from 24.2.9 to 25.0.3. - [Release notes](https://github.com/semantic-release/semantic-release/releases) - [Commits](semantic-release/semantic-release@v24.2.9...v25.0.3) --- updated-dependencies: - dependency-name: semantic-release dependency-version: 25.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): Bump super-linter/super-linter from 5 to 8 (#708) Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 5 to 8. - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@v5...v8) --- updated-dependencies: - dependency-name: super-linter/super-linter dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * updated lock file Signed-off-by: Sownak Roy <sownak@cheqd.io> * build(deps-dev): bump @types/bs58 from 4.0.4 to 5.0.0 (#792) Bumps [@types/bs58](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/bs58) from 4.0.4 to 5.0.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/bs58) --- updated-dependencies: - dependency-name: "@types/bs58" dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump stripe from 14.25.0 to 20.3.1 (#794) Bumps [stripe](https://github.com/stripe/stripe-node) from 14.25.0 to 20.3.1. - [Release notes](https://github.com/stripe/stripe-node/releases) - [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-node@v14.25.0...v20.3.1) --- updated-dependencies: - dependency-name: stripe dependency-version: 20.3.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "build(deps): bump stripe from 14.25.0 to 20.3.1" (#796) Revert "build(deps): bump stripe from 14.25.0 to 20.3.1 (#794)" This reverts commit f94a61d. * build(deps-dev): bump eslint from 9.39.2 to 10.0.1 (#795) Bumps [eslint](https://github.com/eslint/eslint) from 9.39.2 to 10.0.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v9.39.2...v10.0.1) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "build(deps-dev): bump eslint from 9.39.2 to 10.0.1 (#795)" (#797) This reverts commit 368af0e. * updated lock file Signed-off-by: Sownak Roy <sownak@cheqd.io> * revert v8 linter Signed-off-by: Sownak Roy <sownak@cheqd.io> * revert to v5 linter Signed-off-by: Sownak Roy <sownak@cheqd.io> --------- Signed-off-by: Sownak Roy <sownak@cheqd.io> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 7, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/develop/multi-3b838d39d3 branch from a5cf041 to 9e25fd6 Compare May 2, 2025 09:30

DaevMithran force-pushed the develop branch from a23e897 to d518cce Compare September 23, 2025 08:15

dependabot bot force-pushed the dependabot/npm_and_yarn/develop/multi-3b838d39d3 branch from 25ded6e to ea402f3 Compare February 16, 2026 18:10

dependabot bot force-pushed the dependabot/npm_and_yarn/develop/multi-3b838d39d3 branch from ea402f3 to 074eb43 Compare February 20, 2026 07:48

sownak changed the base branch from develop to package-updates February 24, 2026 10:34

sownak merged commit 9546a71 into package-updates Feb 24, 2026
4 of 6 checks passed

sownak deleted the dependabot/npm_and_yarn/develop/multi-3b838d39d3 branch February 24, 2026 10:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump express and @types/express#659

chore(deps): Bump express and @types/express#659
sownak merged 1 commit intopackage-updatesfrom
dependabot/npm_and_yarn/develop/multi-3b838d39d3

dependabot bot commented on behalf of github Apr 7, 2025 •

edited

Loading

Uh oh!

Zzocker commented Feb 16, 2026

Uh oh!

sownak commented Feb 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Apr 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.1.0

What's Changed

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

Uh oh!

Zzocker commented Feb 16, 2026

Uh oh!

sownak commented Feb 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Apr 7, 2025 •

edited

Loading