refactor: Upgrade express from 4.21.2 to 5.1.0

[parseplatformorg]

Snyk has created this PR to upgrade express from 4.21.2 to 5.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: express

• 5.1.0 - 2025-03-31
  

  What's Changed

  • Update captains by @ UlisesGascon in #6027
  • build: Node.js 23.0 by @ bjohansebas in #6075
  • Add funding field (v5) by @ bjohansebas in #6064
  • ✅ add discarded middleware test by @ ctcpip in #5819
  • update homepage link http to https by @ bjohansebas in #5920
  • Improve readme by @ bjohansebas in #5994
  • Add bjohansebas as repo captain for expressjs.com by @ crandmck in #6058
  • Remove Object.setPrototypeOf polyfill by @ Phillip9587 in #6081
  • fix(buffer): use node:buffer instead of safe-buffer by @ bhavya3024 in #6071
  • docs: Add DCO by @ UlisesGascon in #6048
  • cleanup: remove promise support check from tests by @ Phillip9587 in #6148
  • Use loop for acceptParams by @ blakeembrey in #6066
  • Improve documentation step in release process by @ bjohansebas in #6150
  • cleanup: remove unnecessary require for global Buffer by @ Phillip9587 in #6146
  • cleanup: remove AsyncLocalStorage check by @ Phillip9587 in #6147
  • update history.md for acceptParams change by @ jonchurch in #6177
  • docs: add @ rxmarbles to the triage team by @ UlisesGascon in #6151
  • refactor: improve readability by @ sazk07 in #6173
  • docs: clarify the security process in the triage role by @ bjohansebas in #6217
  • chore: replace methods dependency with standard library by @ jonkoops in #6196
  • Remove utils-merge dependency - use spread syntax instead by @ Phillip9587 in #6091
  • fix(securite): fix vulnerabilities by @ Abdel-Monaam-Aouini in #6211
  • refactor: prefix built-in node module imports by @ slagiewka in #6236
  • fix: remove download size badges by @ wesleytodd in #6266
  • Remove unused depd dependency by @ jonkoops in #6197
  • fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @ hamirmahal in #6256
  • Add support for OSSF scorecard reporting by @ UlisesGascon in #5431
  • docs: add @ Phillip9587 to the triage team by @ bjohansebas in #6276
  • fix: added a missing semicolon in css styles in examples/auth by @ pr4j3sh in #6297
  • docs: include team email in the security policy by @ UlisesGascon in #6278
  • refactor: simplify normalizeTypes function by @ Ayoub-Mabrouk in #6097
  • ci: updated github actions ci workflow by @ Phillip9587 in #6314
  • ci: fix npm install --include typo by @ Phillip9587 in #6324
  • ci: updated scorecard actions by @ Phillip9587 in #6322
  • build(deps): use carat notation for dependency versions by @ dpopp07 in #6317
  • chore(deps): update debug to ^4.4.0 by @ Phillip9587 in #6313
  • docs: retroactively note 5.0.0-beta.1 api change in history file by @ dpopp07 in #6333
  • feat(deps): body-parser@^2.1.0 by @ wesleytodd in #6332
  • feat(deps): router@^2.1.0 by @ wesleytodd in #6331
  • Update repo captains by @ UlisesGascon in #6234
  • deps: upgrade nyc by @ agungjati in #6122
  • fix (deps): update deps by @ wesleytodd in #6337
  • response: add support for ETag option in res.sendFile by @ juanarbol in #6073
  • Update multiple links to use https instead of http by @ Phillip9587 in #6338
  • Extend res.links() to allow adding multiple links with the same rel #2729 by @ andvea in #4885
  • docs: update emeritus triagers by @ UlisesGascon in #6345
  • docs: update guidance for triager nominations by @ bjohansebas in #6349
  • docs: clarify guidelines for becoming a committer by @ bjohansebas in #6364
  • Nominate @ dpopp07 to the triage team by @ UlisesGascon in #6352
  • fix(deps): qs@^6.14.0 by @ wesleytodd in #6374
  • Add dependabot by @ UlisesGascon in #5435
  • fix dependabot config by @ bjohansebas in #6392
  • build(deps): bump github/codeql-action from 3.24.7 to 3.28.11 by @ dependabot in #6398
  • build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @ dependabot in #6397
  • feat(deps): [email protected] by @ wesleytodd in #6373
  • build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 by @ dependabot in #6399
  • deps: body-parser@^2.2.0 by @ UlisesGascon in #6419
  • deps: type-is@^2.0.1 by @ UlisesGascon in #6420
  • deps: router@^2.2.0 by @ UlisesGascon in #6417
  • ci: use full SHAs for github action versions by @ Phillip9587 in #6415
  • doc: remove @ mertcanaltin from Triagers by @ mertcanaltin in #6408
  • deps: serve-static@^2.2.0 by @ UlisesGascon in #6418
  • 5.1.0 by @ wesleytodd in #6425

  New Contributors

  • @ bhavya3024 made their first contribution in #6071
  • @ jonkoops made their first contribution in #6196
  • @ Abdel-Monaam-Aouini made their first contribution in #6211
  • @ slagiewka made their first contribution in #6236
  • @ hamirmahal made their first contribution in #6256
  • @ pr4j3sh made their first contribution in #6297
  • @ Ayoub-Mabrouk made their first contribution in #6097
  • @ dpopp07 made their first contribution in #6317
  • @ agungjati made their first contribution in #6122
  • @ andvea made their first contribution in #4885
  • @ dependabot made their first contribution in #6398

  Full Changelog: 5.0.1...v5.1.0

• 5.0.1 - 2024-10-08
  

  What's Changed

  • remove --bail from test script by @ jonchurch in #5962
  • Nominate @ bjohansebas to the triage team by @ UlisesGascon in #6009
  • Link and update captains by @ blakeembrey in #6013
  • Update cookie semver lock to address CVE-2024-47764 by @ joshbuker in #6017
  • Release: 5.0.1 by @ UlisesGascon in #6032

  Full Changelog: v5.0.0...5.0.1

• 5.0.0 - 2024-09-10
  

  Express v5.0.0

  🎉 Express v5 is finally here! 🎉

  After years of development, the long-awaited Express v5 has been officially released. This version focuses on simplifying the codebase, improving security, and dropping support for older Node.js versions to enable better performance and maintainability.

  For detailed information, please check out the official Express v5 release blog post.

  Most relevant details

  Major Changes in v5

  • Node.js version support: Dropped support for Node.js versions before v18.
  • Routing changes: Updated to [email protected], removing sub-expression regex patterns for security reasons (ReDoS mitigation).
  • Promise support: Middleware can now return rejected promises, caught by the router as errors.
  • body-parser changes: Several improvements including the ability to customize urlencoded body depth and defaulting extended to false.
  • Deprecated API methods removed: Removed old, deprecated API method signatures from Express v3/v4.

  For a complete list of breaking changes and API deprecations, see the migration guide.

  Security Updates

  This release includes important security fixes, including improvements to prevent ReDoS attacks and mitigation for CVE-2024-45590. Full details can be found in the security release notes.

  Migration

  Be sure to check out our migration guide for instructions on how to update your applications from Express v4 to v5.

  Security Guidance

  For best practices, we recommend reviewing the Threat Model which outlines Express' approach to securing your applications, including tips for user input validation and other critical aspects.

  What's Changed

  • 4.19.2 Staging by @ wesleytodd in #5561
  • remove duplicate location test for data uri by @ wesleytodd in #5562
  • feat: document beta releases expectations by @ marco-ippolito in #5565
  • Cut down on duplicated CI runs by @ jonchurch in #5564
  • Add a Threat Model by @ UlisesGascon in #5526
  • Assign captain of encodeurl by @ blakeembrey in #5579
  • Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @ jonchurch in #5587
  • docs: update Security.md by @ inigomarquinez in #5590
  • docs: update triage nomination policy by @ UlisesGascon in #5600
  • Add CodeQL (SAST) by @ UlisesGascon in

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[parseplatformorg]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)