The pull request This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [express](http://expressjs.com/) ([source](https://redirect.github.com/expressjs/express)) | dependencies | minor | [`4.18.2` -> `4.20.0`](https://renovatebot.com/diffs/npm/express/4.18.2/4.20.0) | By merging this PR, the below vulnerabilities will be automatically resolved: | Severity | <a href='#'><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width='19' height='20'></a> CVSS Score |CVE | |---|---|---| |  Medium | 6.1 | [CVE-2024-29041](https://www.mend.io/vulnerability-database/CVE-2024-29041) | |  Medium | 5.0 | [CVE-2024-43796](https://www.mend.io/vulnerability-database/CVE-2024-43796) | <!--[REMEDIATE_ANALITICS]{"libraryData":{"libraryName":"express","libraryVersion":"4.18.2","libraryFixVersion":"4.20.0","libraryArtifactId":"express","language":"javascript/Node.js"},"vulnerabilityData":[{"severity":"Medium","score":"6.1","vulnerabilityId":"CVE-2024-29041"},{"severity":"Medium","score":"5.0","vulnerabilityId":"CVE-2024-43796"}]}[/REMEDIATE_ANALITICS]--> --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0) \========== - deps: [email protected] - Remove link renderization in html while redirecting - deps: [email protected] - Remove link renderization in html while redirecting - deps: [email protected] - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - Remove link renderization in html while using `res.redirect` - deps: [email protected] - Adds support for named matching groups in the routes using a regex - Adds backtracking protection to parameters without regexes defined - deps: encodeurl@~2.0.0 - Removes encoding of `\`, `|`, and `^` to align better with URL spec - Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie` - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie ### [`v4.19.2`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4192--2024-03-25) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.1...4.19.2) \========== - Improved fix for open redirect allow list bypass ### [`v4.19.1`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4191--2024-03-20) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.0...4.19.1) \========== - Allow passing non-strings to res.location with new encoding handling checks ### [`v4.19.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4190--2024-03-20) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.3...4.19.0) \========== - Prevent open redirect allow list bypass due to encodeurl - deps: [email protected] ### [`v4.18.3`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4183--2024-02-29) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.18.2...4.18.3) \========== - Fix routing requests without method - deps: [email protected] - Fix strict json error message on Node.js 19+ - deps: content-type@~1.0.5 - deps: [email protected] - deps: [email protected] - Add `partitioned` option </details> --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzkuMCIsInVwZGF0ZWRJblZlciI6IjM4LjExNS4xIiwidGFyZ2V0QnJhbmNoIjoiYW5kcm9pZHgtbWFpbiJ9--> does not match one of the following checks ["(.*)?

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636