Skip to content

build(deps-dev): bump express from 4.18.2 to 4.22.0#720

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/express-4.22.0
Open

build(deps-dev): bump express from 4.18.2 to 4.22.0#720
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/express-4.22.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 1, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps express from 4.18.2 to 4.22.0.

Release notes

Sourced from express's releases.

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 1, 2025
Copilot AI reviewed Feb 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s development-time Express dependency to a patched release that includes security fixes, aligning the lockfile with the new dependency tree.

Changes:

  • Bump express devDependency from 4.18.2 to 4.22.0.
  • Regenerate yarn.lock to capture updated Express transitive dependencies (e.g., body-parser, cookie, send, serve-static, qs, etc.).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Updates the express devDependency version to 4.22.0.
yarn.lock Updates the resolved dependency graph for Express 4.22.0 and related transitive packages.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

PeterDaveHello
PeterDaveHello requested changes Feb 8, 2026
View reviewed changes

@PeterDaveHello PeterDaveHello left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should use express v4.22.1 instead.

@PeterDaveHello

PeterDaveHello commented Apr 10, 2026

Copy link
Copy Markdown
Member

@dependabot ignore this minor version

@dependabot dependabot Bot closed this Apr 10, 2026
@dependabot @github

dependabot Bot commented on behalf of github Apr 10, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you about version 4.22.x again, unless you re-open this PR.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/express-4.22.0 branch April 10, 2026 19:39
@PeterDaveHello PeterDaveHello restored the dependabot/npm_and_yarn/express-4.22.0 branch April 10, 2026 19:43
@PeterDaveHello

PeterDaveHello commented Apr 10, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot
build(deps-dev): bump express from 4.18.2 to 4.22.0
427aeff 
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.22.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md)
- [Commits](expressjs/express@4.18.2...4.22.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 4.22.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.0 branch from d349600 to 427aeff Compare April 10, 2026 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@PeterDaveHello PeterDaveHello PeterDaveHello requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PeterDaveHello