Comparing express@4.21.2...express@4.22.0 • npm-diff.app 📦🔃

Comparing
`express@4.21.2`

...

express@4.22.0

Options

files: **/!(*.map|*.min.js)

Bundlephobia

Size

Gzip

Dependencies

Packagephobia

216.0 kB

2.1 MB

Publish

Install

216.3 kB (+299 B)

2.2 MB (+161.1 kB)

Packagephobia

Publish

Install

Showing 3 changed files with 24 additions and 18 deletions

+++0---0

Showing 3 changed files with 24 additions and 18 deletions

Split Unified

lib/utils.js +++1---1

View file

package.json +++17---17

View file

History.md +++6---0

View file

@@ -287,7 +287,7 @@
287		287
288	function parseExtendedQueryString(str) {	288	function parseExtendedQueryString(str) {
289	return qs.parse(str, {	289	return qs.parse(str, {
290	allowPrototypes: true	290	plainObjects: true
291	});	291	});
292	}	292	}
293		293

@@ -1,7 +1,7 @@
1	{	1	{
2	"name": "express",	2	"name": "express",
3	"description": "Fast, unopinionated, minimalist web framework",	3	"description": "Fast, unopinionated, minimalist web framework",
4	"version": "4.21.2",	4	"version": "4.22.0",
5	"author": "TJ Holowaychuk <tj@vision-media.ca>",	5	"author": "TJ Holowaychuk <tj@vision-media.ca>",
6	"contributors": [	6	"contributors": [
7	"Aaron Heckmann <aaron.heckmann+github@gmail.com>",	7	"Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -34,32 +34,32 @@
34	"dependencies": {	34	"dependencies": {
35	"accepts": "~1.3.8",	35	"accepts": "~1.3.8",
36	"array-flatten": "1.1.1",	36	"array-flatten": "1.1.1",
37	"body-parser": "1.20.3",
38	"content-disposition": "0.5.4",	37	"body-parser": "~1.20.3",
		38	"content-disposition": "~0.5.4",
39	"content-type": "~1.0.4",	39	"content-type": "~1.0.4",
40	"cookie": "0.7.1",
41	"cookie-signature": "1.0.6",	40	"cookie": "~0.7.1",
		41	"cookie-signature": "~1.0.6",
42	"debug": "2.6.9",	42	"debug": "2.6.9",
43	"depd": "2.0.0",	43	"depd": "2.0.0",
44	"encodeurl": "~2.0.0",	44	"encodeurl": "~2.0.0",
45	"escape-html": "~1.0.3",	45	"escape-html": "~1.0.3",
46	"etag": "~1.8.1",	46	"etag": "~1.8.1",
47	"finalhandler": "1.3.1",
48	"fresh": "0.5.2",
49	"http-errors": "2.0.0",	47	"finalhandler": "~1.3.1",
		48	"fresh": "~0.5.2",
		49	"http-errors": "~2.0.0",
50	"merge-descriptors": "1.0.3",	50	"merge-descriptors": "1.0.3",
51	"methods": "~1.1.2",	51	"methods": "~1.1.2",
52	"on-finished": "2.4.1",	52	"on-finished": "~2.4.1",
53	"parseurl": "~1.3.3",	53	"parseurl": "~1.3.3",
54	"path-to-regexp": "0.1.12",	54	"path-to-regexp": "~0.1.12",
55	"proxy-addr": "~2.0.7",	55	"proxy-addr": "~2.0.7",
56	"qs": "6.13.0",	56	"qs": "~6.14.0",
57	"range-parser": "~1.2.1",	57	"range-parser": "~1.2.1",
58	"safe-buffer": "5.2.1",	58	"safe-buffer": "5.2.1",
59	"send": "0.19.0",
60	"serve-static": "1.16.2",	59	"send": "~0.19.0",
		60	"serve-static": "~1.16.2",
61	"setprototypeof": "1.2.0",	61	"setprototypeof": "1.2.0",
62	"statuses": "2.0.1",	62	"statuses": "~2.0.1",
63	"type-is": "~1.6.18",	63	"type-is": "~1.6.18",
64	"utils-merge": "1.0.1",	64	"utils-merge": "1.0.1",
65	"vary": "~1.1.2"	65	"vary": "~1.1.2"
@@ -75,11 +75,11 @@
75	"hbs": "4.2.0",	75	"hbs": "4.2.0",
76	"marked": "0.7.0",	76	"marked": "0.7.0",
77	"method-override": "3.0.0",	77	"method-override": "3.0.0",
78	"mocha": "10.2.0",	78	"mocha": "^6.2.2",
79	"morgan": "1.10.0",	79	"morgan": "1.10.0",
80	"nyc": "15.1.0",	80	"nyc": "^14.1.1",
81	"pbkdf2-password": "1.2.1",	81	"pbkdf2-password": "1.2.1",
82	"supertest": "6.3.0",	82	"supertest": "^6.1.6",
83	"vhost": "~3.0.2"	83	"vhost": "~3.0.2"
84	},	84	},
85	"engines": {	85	"engines": {

+.22.0 / 2025-12-01
+==========
+  * Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
+  * deps: use tilde notation for dependencies
+  * deps: qs@6.14.0
 .21.2 / 2024-11-06
 ==========

@@ -287,7 +287,7 @@
287		287
288	function parseExtendedQueryString(str) {	288	function parseExtendedQueryString(str) {
289	return qs.parse(str, {	289	return qs.parse(str, {
290	allowPrototypes: true	290	plainObjects: true
291	});	291	});
292	}	292	}
293		293

@@ -1,7 +1,7 @@
1	{	1	{
2	"name": "express",	2	"name": "express",
3	"description": "Fast, unopinionated, minimalist web framework",	3	"description": "Fast, unopinionated, minimalist web framework",
4	"version": "4.21.2",	4	"version": "4.22.0",
5	"author": "TJ Holowaychuk <tj@vision-media.ca>",	5	"author": "TJ Holowaychuk <tj@vision-media.ca>",
6	"contributors": [	6	"contributors": [
7	"Aaron Heckmann <aaron.heckmann+github@gmail.com>",	7	"Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -34,32 +34,32 @@
34	"dependencies": {	34	"dependencies": {
35	"accepts": "~1.3.8",	35	"accepts": "~1.3.8",
36	"array-flatten": "1.1.1",	36	"array-flatten": "1.1.1",
37	"body-parser": "1.20.3",
38	"content-disposition": "0.5.4",	37	"body-parser": "~1.20.3",
		38	"content-disposition": "~0.5.4",
39	"content-type": "~1.0.4",	39	"content-type": "~1.0.4",
40	"cookie": "0.7.1",
41	"cookie-signature": "1.0.6",	40	"cookie": "~0.7.1",
		41	"cookie-signature": "~1.0.6",
42	"debug": "2.6.9",	42	"debug": "2.6.9",
43	"depd": "2.0.0",	43	"depd": "2.0.0",
44	"encodeurl": "~2.0.0",	44	"encodeurl": "~2.0.0",
45	"escape-html": "~1.0.3",	45	"escape-html": "~1.0.3",
46	"etag": "~1.8.1",	46	"etag": "~1.8.1",
47	"finalhandler": "1.3.1",
48	"fresh": "0.5.2",
49	"http-errors": "2.0.0",	47	"finalhandler": "~1.3.1",
		48	"fresh": "~0.5.2",
		49	"http-errors": "~2.0.0",
50	"merge-descriptors": "1.0.3",	50	"merge-descriptors": "1.0.3",
51	"methods": "~1.1.2",	51	"methods": "~1.1.2",
52	"on-finished": "2.4.1",	52	"on-finished": "~2.4.1",
53	"parseurl": "~1.3.3",	53	"parseurl": "~1.3.3",
54	"path-to-regexp": "0.1.12",	54	"path-to-regexp": "~0.1.12",
55	"proxy-addr": "~2.0.7",	55	"proxy-addr": "~2.0.7",
56	"qs": "6.13.0",	56	"qs": "~6.14.0",
57	"range-parser": "~1.2.1",	57	"range-parser": "~1.2.1",
58	"safe-buffer": "5.2.1",	58	"safe-buffer": "5.2.1",
59	"send": "0.19.0",
60	"serve-static": "1.16.2",	59	"send": "~0.19.0",
		60	"serve-static": "~1.16.2",
61	"setprototypeof": "1.2.0",	61	"setprototypeof": "1.2.0",
62	"statuses": "2.0.1",	62	"statuses": "~2.0.1",
63	"type-is": "~1.6.18",	63	"type-is": "~1.6.18",
64	"utils-merge": "1.0.1",	64	"utils-merge": "1.0.1",
65	"vary": "~1.1.2"	65	"vary": "~1.1.2"
@@ -75,11 +75,11 @@
75	"hbs": "4.2.0",	75	"hbs": "4.2.0",
76	"marked": "0.7.0",	76	"marked": "0.7.0",
77	"method-override": "3.0.0",	77	"method-override": "3.0.0",
78	"mocha": "10.2.0",	78	"mocha": "^6.2.2",
79	"morgan": "1.10.0",	79	"morgan": "1.10.0",
80	"nyc": "15.1.0",	80	"nyc": "^14.1.1",
81	"pbkdf2-password": "1.2.1",	81	"pbkdf2-password": "1.2.1",
82	"supertest": "6.3.0",	82	"supertest": "^6.1.6",
83	"vhost": "~3.0.2"	83	"vhost": "~3.0.2"
84	},	84	},
85	"engines": {	85	"engines": {

Comparing
`express@4.21.2`

Comparing
`express@4.21.2`

Source

npm diff

Options

Bundlephobia

Packagephobia

Packagephobia

lib/utils.js +++1---1

package.json +++17---17

History.md +++6---0

+++0---0

Packagephobia

lib/utils.js +++1---1

package.json +++17---17

History.md +++6---0

Source

Comparingexpress@4.21.2

Comparingexpress@4.21.2

Source

npm diff

Options

Bundlephobia

Packagephobia

Packagephobia

lib/utils.js +++1---1

package.json +++17---17

History.md +++6---0

+++0---0

Packagephobia

lib/utils.js +++1---1

package.json +++17---17

History.md +++6---0

Source

Comparing
`express@4.21.2`

Comparing
`express@4.21.2`