Update dependency express to v4.22.1 #29

Open

mars3142 wants to merge 1 commits from renovate/express-4.x-lockfile into main

pull from: renovate/express-4.x-lockfile

merge into: model-railway:main

model-railway:main

model-railway:renovate/axios-1.x-lockfile

model-railway:renovate/joi-18.x

model-railway:renovate/express-5.x

model-railway:renovate/actions-checkout-6.x

model-railway:renovate/canvas-3.x-lockfile

model-railway:renovate/zard-0.x

model-railway:renovate/nodemon-3.x-lockfile

model-railway:renovate/cors-2.x-lockfile

model-railway:renovate/google-cloud-profiler-6.x-lockfile

Conversation 0 Commits 1 Files Changed 1

+31 -16

mars3142 commented 2026-04-19 16:04:13 +00:00

Owner

Copy Link

Copy Source

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	4.21.2 → 4.22.1

---

Release Notes

expressjs/express (express)

v4.22.1

Compare Source

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in #​6934

Full Changelog: https://github.com/expressjs/express/compare/4.22.0...v4.22.1

v4.22.0

Compare Source

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in #​6190
• ci: add support for Node.js@​23.0 by @​UlisesGascon in #​6080
• Method functions with no path should error by @​wesleytodd in #​5957
• ci: updated github actions ci workflow by @​Phillip9587 in #​6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in #​6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in #​6506
• chore(4.x): wider range for query test skip by @​jonchurch in #​6513
• use tilde notation for certain dependencies by @​UlisesGascon in #​6905
• deps: qs@​6.14.0 by @​UlisesGascon in #​6909
• deps: use tilde notation for qs by @​Phillip9587 in #​6919
• Release: 4.22.0 by @​UlisesGascon in #​6921

Full Changelog: https://github.com/expressjs/express/compare/4.21.2...4.22.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [express](https://expressjs.com/) ([source](https://github.com/expressjs/express)) | dependencies | minor | [`4.21.2` → `4.22.1`](https://renovatebot.com/diffs/npm/express/4.21.2/4.22.1) | --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.22.1`](https://github.com/expressjs/express/releases/tag/v4.22.1) [Compare Source](https://github.com/expressjs/express/compare/4.22.0...v4.22.1) #### What's Changed > \[!IMPORTANT]\ > The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release. - Release: 4.22.1 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6934](https://github.com/expressjs/express/pull/6934) **Full Changelog**: <https://github.com/expressjs/express/compare/4.22.0...v4.22.1> ### [`v4.22.0`](https://github.com/expressjs/express/releases/tag/4.22.0) [Compare Source](https://github.com/expressjs/express/compare/4.21.2...4.22.0) #### Important: Security - Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6)) #### What's Changed - Refactor: improve readability by [@&#8203;sazk07](https://github.com/sazk07) in [#&#8203;6190](https://github.com/expressjs/express/pull/6190) - ci: add support for Node.js\@&#8203;23.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6080](https://github.com/expressjs/express/pull/6080) - Method functions with no path should error by [@&#8203;wesleytodd](https://github.com/wesleytodd) in [#&#8203;5957](https://github.com/expressjs/express/pull/5957) - ci: updated github actions ci workflow by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6323](https://github.com/expressjs/express/pull/6323) - ci: reorder `npm i` steps to fix ci for older node versions by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6336](https://github.com/expressjs/express/pull/6336) - Backport: ci: add node.js 24 to test matrix by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6506](https://github.com/expressjs/express/pull/6506) - chore(4.x): wider range for query test skip by [@&#8203;jonchurch](https://github.com/jonchurch) in [#&#8203;6513](https://github.com/expressjs/express/pull/6513) - use tilde notation for certain dependencies by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6905](https://github.com/expressjs/express/pull/6905) - deps: qs\@&#8203;6.14.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6909](https://github.com/expressjs/express/pull/6909) - deps: use tilde notation for `qs` by [@&#8203;Phillip9587](https://github.com/Phillip9587) in [#&#8203;6919](https://github.com/expressjs/express/pull/6919) - Release: 4.22.0 by [@&#8203;UlisesGascon](https://github.com/UlisesGascon) in [#&#8203;6921](https://github.com/expressjs/express/pull/6921) **Full Changelog**: <https://github.com/expressjs/express/compare/4.21.2...4.22.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

mars3142 added 1 commit 2026-04-19 16:04:14 +00:00

Update dependency express to v4.22.1 dc5df34ab8

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/express-4.x-lockfile:renovate/express-4.x-lockfile

git checkout renovate/express-4.x-lockfile

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

mars3142 (Peter Siegmund)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: model-railway/cinema-display#29