Skip to content

Commit

Permalink
Merge tag '4.19.0' into 5.x
Browse files Browse the repository at this point in the history
4.19.0
  • Loading branch information
wesleytodd committed Mar 21, 2024
2 parents 318fd4b + 084e365 commit e9f9aae
Show file tree
Hide file tree
Showing 53 changed files with 2,818 additions and 769 deletions.
91 changes: 74 additions & 17 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,13 @@ jobs:
- Node.js 12.x
- Node.js 13.x
- Node.js 14.x
- Node.js 15.x
- Node.js 16.x
- Node.js 17.x
- Node.js 18.x
- Node.js 19.x
- Node.js 20.x
- Node.js 21.x

include:
- name: Node.js 4.0
Expand All @@ -39,19 +46,19 @@ jobs:

- name: Node.js 6.x
node-version: "6.17"
npm-i: [email protected] [email protected] supertest@6.1.6
npm-i: [email protected] [email protected] supertest@3.4.2

- name: Node.js 7.x
node-version: "7.10"
npm-i: [email protected] [email protected] [email protected]

- name: Node.js 8.x
node-version: "8.17"
npm-i: [email protected]
npm-i: [email protected] [email protected]

- name: Node.js 9.x
node-version: "9.11"
npm-i: [email protected]
npm-i: [email protected] [email protected]

- name: Node.js 10.x
node-version: "10.24"
Expand All @@ -63,15 +70,38 @@ jobs:

- name: Node.js 12.x
node-version: "12.22"
npm-i: [email protected]

- name: Node.js 13.x
node-version: "13.14"
npm-i: [email protected]

- name: Node.js 14.x
node-version: "14.19"
node-version: "14.20"

- name: Node.js 15.x
node-version: "15.14"

- name: Node.js 16.x
node-version: "16.20"

- name: Node.js 17.x
node-version: "17.9"

- name: Node.js 18.x
node-version: "18.19"

- name: Node.js 19.x
node-version: "19.9"

- name: Node.js 20.x
node-version: "20.11"

- name: Node.js 21.x
node-version: "21.6"

steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4

- name: Install Node.js ${{ matrix.node-version }}
shell: bash -eo pipefail -l {0}
Expand All @@ -82,7 +112,11 @@ jobs:
- name: Configure npm
run: |
npm config set loglevel error
npm config set shrinkwrap false
if [[ "$(npm config get package-lock)" == "true" ]]; then
npm config set package-lock false
else
npm config set shrinkwrap false
fi
- name: Install npm module(s) ${{ matrix.npm-i }}
run: npm install --save-dev ${{ matrix.npm-i }}
Expand All @@ -95,8 +129,8 @@ jobs:
shell: bash
run: |
# eslint for linting
# - remove on Node.js < 10
if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then
# - remove on Node.js < 12
if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then
node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \
grep -E '^eslint(-|$)' | \
sort -r | \
Expand All @@ -113,29 +147,52 @@ jobs:
echo "node@$(node -v)"
echo "npm@$(npm -v)"
npm -s ls ||:
(npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print "::set-output name=" $2 "::" $3 }'
(npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT"
- name: Run tests
shell: bash
run: npm run test-ci
run: |
npm run test-ci
cp coverage/lcov.info "coverage/${{ matrix.name }}.lcov"
- name: Lint code
if: steps.list_env.outputs.eslint != ''
run: npm run lint

- name: Collect code coverage
uses: coverallsapp/github-action@master
run: |
mv ./coverage "./${{ matrix.name }}"
mkdir ./coverage
mv "./${{ matrix.name }}" "./coverage/${{ matrix.name }}"
- name: Upload code coverage
uses: actions/upload-artifact@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: run-${{ matrix.test_number }}
parallel: true
name: coverage
path: ./coverage
retention-days: 1

coverage:
needs: test
runs-on: ubuntu-latest
steps:
- name: Upload code coverage
- uses: actions/checkout@v4

- name: Install lcov
shell: bash
run: sudo apt-get -y install lcov

- name: Collect coverage reports
uses: actions/download-artifact@v3
with:
name: coverage
path: ./coverage

- name: Merge coverage reports
shell: bash
run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./coverage/lcov.info

- name: Upload coverage report
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
parallel-finished: true
github-token: ${{ secrets.GITHUB_TOKEN }}
4 changes: 2 additions & 2 deletions Charter.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ also easily visible to outsiders.

## Section 1: Scope

Express is a http web server framework with a simple and expressive API
Express is a HTTP web server framework with a simple and expressive API
which is highly aligned with Node.js core. We aim to be the best in
class for writing performant, spec compliant, and powerful web servers
in Node.js. As one of the oldest and most popular web frameworks in
Expand All @@ -24,7 +24,7 @@ Express is made of many modules spread between three GitHub Orgs:
libraries
- [pillarjs](http://github.com/pillarjs/): Components which make up
Express but can also be used for other web frameworks
- [jshttp](http://github.com/jshttp/): Low level http libraries
- [jshttp](http://github.com/jshttp/): Low level HTTP libraries

### 1.2: Out-of-Scope

Expand Down
75 changes: 69 additions & 6 deletions Contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ contributors can be involved in decision making.

* A **Contributor** is any individual creating or commenting on an issue or pull request.
* A **Committer** is a subset of contributors who have been given write access to the repository.
* A **Project Captain** is the lead maintainer of a repository.
* A **TC (Technical Committee)** is a group of committers representing the required technical
expertise to resolve rare disputes.
* A **Triager** is a subset of contributors who have been given triage access to the repository.
Expand Down Expand Up @@ -102,12 +103,74 @@ If a consensus cannot be reached that has no objections then a majority wins vot
is called. It is also expected that the majority of decisions made by the TC are via
a consensus seeking process and that voting is only used as a last-resort.

Resolution may involve returning the issue to committers with suggestions on how to
move forward towards a consensus. It is not expected that a meeting of the TC
Resolution may involve returning the issue to project captains with suggestions on
how to move forward towards a consensus. It is not expected that a meeting of the TC
will resolve all issues on its agenda during that meeting and may prefer to continue
the discussion happening among the committers.
the discussion happening among the project captains.

Members can be added to the TC at any time. Any committer can nominate another committer
Members can be added to the TC at any time. Any TC member can nominate another committer
to the TC and the TC uses its standard consensus seeking process to evaluate whether or
not to add this new member. Members who do not participate consistently at the level of
a majority of the other members are expected to resign.
not to add this new member. The TC will consist of a minimum of 3 active members and a
maximum of 10. If the TC should drop below 5 members the active TC members should nominate
someone new. If a TC member is stepping down, they are encouraged (but not required) to
nominate someone to take their place.

TC members will be added as admin's on the Github orgs, npm orgs, and other resources as
necessary to be effective in the role.

To remain "active" a TC member should have participation within the last 12 months and miss
no more than six consecutive TC meetings. Our goal is to increase participation, not punish
people for any lack of participation, this guideline should be only be used as such
(replace an inactive member with a new active one, for example). Members who do not meet this
are expected to step down. If A TC member does not step down, an issue can be opened in the
discussions repo to move them to inactive status. TC members who step down or are removed due
to inactivity will be moved into inactive status.

Inactive status members can become active members by self nomination if the TC is not already
larger than the maximum of 10. They will also be given preference if, while at max size, an
active member steps down.

## Project Captains

The Express TC can designate captains for individual projects/repos in the
organizations. These captains are responsible for being the primary
day-to-day maintainers of the repo on a technical and community front.
Repo captains are empowered with repo ownership and package publication rights.
When there are conflicts, especially on topics that effect the Express project
at large, captains are responsible to raise it up to the TC and drive
those conflicts to resolution. Captains are also responsible for making sure
community members follow the community guidelines, maintaining the repo
and the published package, as well as in providing user support.

Like TC members, Repo captains are a subset of committers.

To become a captain for a project the candidate is expected to participate in that
project for at least 6 months as a committer prior to the request. They should have
helped with code contributions as well as triaging issues. They are also required to
have 2FA enabled on both their GitHub and npm accounts. Any TC member or existing
captain on the repo can nominate another committer to the captain role, submit a PR to
this doc, under `Current Project Captains` section (maintaining the sort order) with
the project, their GitHub handle and npm username (if different). The PR will require
at least 2 approvals from TC members and 2 weeks hold time to allow for comment and/or
dissent. When the PR is merged, a TC member will add them to the proper GitHub/npm groups.

### Current Project Captains

- `expressjs/express`: @wesleytodd
- `expressjs/discussions`: @wesleytodd
- `expressjs/expressjs.com`: @crandmck
- `expressjs/body-parser`: @wesleytodd
- `expressjs/multer`: @LinusU
- `expressjs/cookie-parser`: @wesleytodd
- `expressjs/generator`: @wesleytodd
- `expressjs/statusboard`: @wesleytodd
- `pillarjs/path-to-regexp`: @blakeembrey
- `pillarjs/router`: @dougwilson, @wesleytodd
- `pillarjs/finalhandler`: @wesleytodd
- `pillarjs/request`: @wesleytodd
- `jshttp/http-errors`: @wesleytodd
- `jshttp/cookie`: @wesleytodd
- `jshttp/on-finished`: @wesleytodd
- `jshttp/forwarded`: @wesleytodd
- `jshttp/proxy-addr`: @wesleytodd

90 changes: 85 additions & 5 deletions History.md
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,86 @@ This is the first Express 5.0 alpha release, based off 4.10.1.
* add:
- `app.router` is a reference to the base router

4.18.3 / 2024-03-20
==========

* Prevent open redirect allow list bypass due to encodeurl
* deps: [email protected]

4.18.3 / 2024-02-29
==========

* Fix routing requests without method
* deps: [email protected]
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: [email protected]
* deps: [email protected]
- Add `partitioned` option

4.18.2 / 2022-10-08
===================

* Fix regression routing a large stack in a single route
* deps: [email protected]
- deps: [email protected]
- perf: remove unnecessary object clone
* deps: [email protected]

4.18.1 / 2022-04-29
===================

* Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25
===================

* Add "root" option to `res.download`
* Allow `options` without `filename` in `res.download`
* Deprecate string and non-integer arguments to `res.status`
* Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie`
* Fix handling very large stacks of sync middleware
* Ignore `Object.prototype` values in settings through `app.set`/`app.get`
* Invoke `default` with same arguments as types in `res.format`
* Support proper 205 responses using `res.send`
* Use `http-errors` for `res.format` error
* deps: [email protected]
- Fix error message for json parse whitespace in `strict`
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
* deps: [email protected]
- Add `priority` option
- Fix `expires` option to reject invalid dates
* deps: [email protected]
- Replace internal `eval` usage with `Function` constructor
- Use instance methods on `process` to check for listeners
* deps: [email protected]
- Remove set content headers that break response
- deps: [email protected]
- deps: [email protected]
* deps: [email protected]
- Prevent loss of async hooks context
* deps: [email protected]
* deps: [email protected]
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
* deps: [email protected]
- deps: [email protected]
* deps: [email protected]
- Remove code 306
- Rename `425 Unordered Collection` to standard `425 Too Early`

4.17.3 / 2022-02-16
===================

Expand Down Expand Up @@ -2212,7 +2292,7 @@ This is the first Express 5.0 alpha release, based off 4.10.1.
* deps: [email protected]
- deprecate `connect(middleware)` -- use `app.use(middleware)` instead
- deprecate `connect.createServer()` -- use `connect()` instead
- fix `res.setHeader()` patch to work with with get -> append -> set pattern
- fix `res.setHeader()` patch to work with get -> append -> set pattern
- deps: compression@~1.0.8
- deps: errorhandler@~1.1.1
- deps: express-session@~1.5.0
Expand Down Expand Up @@ -3423,8 +3503,8 @@ Shaw]
* Added node v0.1.97 compatibility
* Added support for deleting cookies via Request#cookie('key', null)
* Updated haml submodule
* Fixed not-found page, now using using charset utf-8
* Fixed show-exceptions page, now using using charset utf-8
* Fixed not-found page, now using charset utf-8
* Fixed show-exceptions page, now using charset utf-8
* Fixed view support due to fs.readFile Buffers
* Changed; mime.type() no longer accepts ".type" due to node extname() changes

Expand Down Expand Up @@ -3459,7 +3539,7 @@ Shaw]
==================

* Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s
encoding is set to 'utf8' or 'utf-8'.
encoding is set to 'utf8' or 'utf-8').
* Added "encoding" option to Request#render(). Closes #299
* Added "dump exceptions" setting, which is enabled by default.
* Added simple ejs template engine support
Expand Down Expand Up @@ -3498,7 +3578,7 @@ Shaw]
* Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js
* Added callback function support to Request#halt() as 3rd/4th arg
* Added preprocessing of route param wildcards using param(). Closes #251
* Added view partial support (with collections etc)
* Added view partial support (with collections etc.)
* Fixed bug preventing falsey params (such as ?page=0). Closes #286
* Fixed setting of multiple cookies. Closes #199
* Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml)
Expand Down
Loading

0 comments on commit e9f9aae

Please sign in to comment.