express
Advanced tools
Comparing version 5.0.0-alpha.8 to 5.0.0-beta.1
@@ -24,3 +24,3 @@ /*! | ||
var compileTrust = require('./utils').compileTrust; | ||
var flatten = require('array-flatten'); | ||
var flatten = require('array-flatten').flatten | ||
var merge = require('utils-merge'); | ||
@@ -93,3 +93,3 @@ var resolve = require('path').resolve; | ||
this.set('env', env); | ||
this.set('query parser', 'extended'); | ||
this.set('query parser', 'simple') | ||
this.set('subdomain offset', 2); | ||
@@ -277,3 +277,3 @@ this.set('trust proxy', false); | ||
* though note that it aliases this method as `ejs.__express` internally | ||
* so if you're using ".ejs" extensions you dont need to do anything. | ||
* so if you're using ".ejs" extensions you don't need to do anything. | ||
* | ||
@@ -280,0 +280,0 @@ * Some template engines do not follow this convention, the |
@@ -233,3 +233,3 @@ /*! | ||
* Check if the incoming request contains the "Content-Type" | ||
* header field, and it contains the give mime `type`. | ||
* header field, and it contains the given mime `type`. | ||
* | ||
@@ -236,0 +236,0 @@ * Examples: |
@@ -21,2 +21,3 @@ /*! | ||
var onFinished = require('on-finished'); | ||
var mime = require('mime-types') | ||
var path = require('path'); | ||
@@ -33,3 +34,2 @@ var pathIsAbsolute = require('path-is-absolute'); | ||
var extname = path.extname; | ||
var mime = send.mime; | ||
var resolve = path.resolve; | ||
@@ -53,9 +53,2 @@ var vary = require('vary'); | ||
/** | ||
* Module variables. | ||
* @private | ||
*/ | ||
var charsetRegExp = /;\s*charset\s*=/; | ||
/** | ||
* Set status `code`. | ||
@@ -272,6 +265,11 @@ * | ||
// replace chars not allowed in JavaScript that are in JSON | ||
body = body | ||
.replace(/\u2028/g, '\\u2028') | ||
.replace(/\u2029/g, '\\u2029'); | ||
if (body === undefined) { | ||
// empty argument | ||
body = '' | ||
} else if (typeof body === 'string') { | ||
// replace chars not allowed in JavaScript that are in JSON | ||
body = body | ||
.replace(/\u2028/g, '\\u2028') | ||
.replace(/\u2029/g, '\\u2029') | ||
} | ||
@@ -315,3 +313,3 @@ // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse" | ||
* The callback `callback(err)` is invoked when the transfer is complete | ||
* or when an error occurs. Be sure to check `res.sentHeader` | ||
* or when an error occurs. Be sure to check `res.headersSent` | ||
* if you wish to attempt responding, as the header and some data | ||
@@ -454,4 +452,6 @@ * may have already been transferred. | ||
/** | ||
* Set _Content-Type_ response header with `type` through `mime.lookup()` | ||
* Set _Content-Type_ response header with `type` through `mime.contentType()` | ||
* when it does not contain "/", or set the Content-Type to `type` otherwise. | ||
* When no mapping is found though `mime.contentType()`, the type is set to | ||
* "application/octet-stream". | ||
* | ||
@@ -474,3 +474,3 @@ * Examples: | ||
var ct = type.indexOf('/') === -1 | ||
? mime.lookup(type) | ||
? (mime.contentType(type) || 'application/octet-stream') | ||
: type; | ||
@@ -505,3 +505,3 @@ | ||
* | ||
* 'appliation/json': function(){ | ||
* 'application/json': function () { | ||
* res.send({ message: 'hey' }); | ||
@@ -609,3 +609,3 @@ * } | ||
: Array.isArray(val) ? [prev].concat(val) | ||
: [prev, val]; | ||
: [prev, val] | ||
} | ||
@@ -628,2 +628,5 @@ | ||
* | ||
* When the set header is "Content-Type", the type is expanded to include | ||
* the charset if not present using `mime.contentType()`. | ||
* | ||
* @param {String|Object} field | ||
@@ -647,6 +650,3 @@ * @param {String|Array} val | ||
} | ||
if (!charsetRegExp.test(value)) { | ||
var charset = mime.charsets.lookup(value.split(';')[0]); | ||
if (charset) value += '; charset=' + charset.toLowerCase(); | ||
} | ||
value = mime.contentType(value) | ||
} | ||
@@ -997,3 +997,3 @@ | ||
if (escape) { | ||
if (escape && typeof json === 'string') { | ||
json = json.replace(/[<>&]/g, function (c) { | ||
@@ -1000,0 +1000,0 @@ switch (c.charCodeAt(0)) { |
@@ -17,4 +17,4 @@ /*! | ||
var contentType = require('content-type'); | ||
var mime = require('send').mime; | ||
var etag = require('etag'); | ||
var mime = require('mime-types') | ||
var proxyaddr = require('proxy-addr'); | ||
@@ -57,3 +57,3 @@ var qs = require('qs'); | ||
? acceptParams(type) | ||
: { value: mime.lookup(type), params: {} }; | ||
: { value: (mime.lookup(type) || 'application/octet-stream'), params: {} } | ||
}; | ||
@@ -122,2 +122,3 @@ | ||
case true: | ||
case 'weak': | ||
fn = exports.wetag; | ||
@@ -130,5 +131,2 @@ break; | ||
break; | ||
case 'weak': | ||
fn = exports.wetag; | ||
break; | ||
default: | ||
@@ -158,2 +156,3 @@ throw new TypeError('unknown value for etag function: ' + val); | ||
case true: | ||
case 'simple': | ||
fn = querystring.parse; | ||
@@ -166,5 +165,2 @@ break; | ||
break; | ||
case 'simple': | ||
fn = querystring.parse; | ||
break; | ||
default: | ||
@@ -171,0 +167,0 @@ throw new TypeError('unknown value for query parser function: ' + val); |
{ | ||
"name": "express", | ||
"description": "Fast, unopinionated, minimalist web framework", | ||
"version": "5.0.0-alpha.8", | ||
"version": "5.0.0-beta.1", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -23,2 +23,3 @@ "contributors": [ | ||
"web", | ||
"http", | ||
"rest", | ||
@@ -32,7 +33,7 @@ "restful", | ||
"accepts": "~1.3.7", | ||
"array-flatten": "2.1.1", | ||
"body-parser": "1.19.0", | ||
"content-disposition": "0.5.3", | ||
"array-flatten": "3.0.0", | ||
"body-parser": "2.0.0-beta.1", | ||
"content-disposition": "0.5.4", | ||
"content-type": "~1.0.4", | ||
"cookie": "0.4.0", | ||
"cookie": "0.4.1", | ||
"cookie-signature": "1.0.6", | ||
@@ -48,13 +49,14 @@ "debug": "3.1.0", | ||
"methods": "~1.1.2", | ||
"mime-types": "~2.1.34", | ||
"on-finished": "~2.3.0", | ||
"parseurl": "~1.3.3", | ||
"path-is-absolute": "1.0.1", | ||
"proxy-addr": "~2.0.5", | ||
"qs": "6.7.0", | ||
"proxy-addr": "~2.0.7", | ||
"qs": "6.9.6", | ||
"range-parser": "~1.2.1", | ||
"router": "2.0.0-alpha.1", | ||
"safe-buffer": "5.1.2", | ||
"send": "0.17.1", | ||
"serve-static": "1.14.1", | ||
"setprototypeof": "1.1.1", | ||
"router": "2.0.0-beta.1", | ||
"safe-buffer": "5.2.1", | ||
"send": "1.0.0-beta.1", | ||
"serve-static": "2.0.0-beta.1", | ||
"setprototypeof": "1.2.0", | ||
"statuses": "~1.5.0", | ||
@@ -67,22 +69,22 @@ "type-is": "~1.6.18", | ||
"after": "0.8.2", | ||
"connect-redis": "3.4.1", | ||
"cookie-parser": "~1.4.4", | ||
"cookie-session": "1.3.3", | ||
"ejs": "2.6.1", | ||
"eslint": "2.13.1", | ||
"express-session": "1.16.1", | ||
"hbs": "4.0.4", | ||
"connect-redis": "3.4.2", | ||
"cookie-parser": "1.4.6", | ||
"cookie-session": "2.0.0", | ||
"ejs": "3.1.6", | ||
"eslint": "7.32.0", | ||
"express-session": "1.17.2", | ||
"hbs": "4.2.0", | ||
"istanbul": "0.4.5", | ||
"marked": "0.6.2", | ||
"marked": "0.7.0", | ||
"method-override": "3.0.0", | ||
"mocha": "5.2.0", | ||
"morgan": "1.9.1", | ||
"multiparty": "4.2.1", | ||
"mocha": "9.1.3", | ||
"morgan": "1.10.0", | ||
"multiparty": "4.2.2", | ||
"pbkdf2-password": "1.2.1", | ||
"should": "13.2.3", | ||
"supertest": "3.3.0", | ||
"supertest": "6.1.6", | ||
"vhost": "~3.0.2" | ||
}, | ||
"engines": { | ||
"node": ">= 0.10.0" | ||
"node": ">= 4" | ||
}, | ||
@@ -89,0 +91,0 @@ "files": [ |
@@ -7,3 +7,3 @@ [![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/) | ||
[![NPM Downloads][downloads-image]][downloads-url] | ||
[![Linux Build][travis-image]][travis-url] | ||
[![Linux Build][ci-image]][ci-url] | ||
[![Windows Build][appveyor-image]][appveyor-url] | ||
@@ -31,2 +31,5 @@ [![Test Coverage][coveralls-image]][coveralls-url] | ||
If this is a brand new project, make sure to create a `package.json` first with | ||
the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file). | ||
Installation is done using the | ||
@@ -100,3 +103,3 @@ [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): | ||
The Express philosophy is to provide small, robust tooling for HTTP servers, making | ||
it a great solution for single page applications, web sites, hybrids, or public | ||
it a great solution for single page applications, websites, hybrids, or public | ||
HTTP APIs. | ||
@@ -149,8 +152,8 @@ | ||
[ci-image]: https://img.shields.io/github/workflow/status/expressjs/express/ci/master.svg?label=linux | ||
[ci-url]: https://github.com/expressjs/express/actions?query=workflow%3Aci | ||
[npm-image]: https://img.shields.io/npm/v/express.svg | ||
[npm-url]: https://npmjs.org/package/express | ||
[downloads-image]: https://img.shields.io/npm/dm/express.svg | ||
[downloads-url]: https://npmjs.org/package/express | ||
[travis-image]: https://img.shields.io/travis/expressjs/express/master.svg?label=linux | ||
[travis-url]: https://travis-ci.org/expressjs/express | ||
[downloads-url]: https://npmcharts.com/compare/express?minimal=true | ||
[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows | ||
@@ -157,0 +160,0 @@ [appveyor-url]: https://ci.appveyor.com/project/dougwilson/express |
Sorry, the diff of this file is too big to display
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
184181
159
3
32
2281
+ Addedmime-types@~2.1.34
+ Addedarray-flatten@3.0.0(transitive)
+ Addedbody-parser@2.0.0-beta.1(transitive)
+ Addedbytes@3.1.1(transitive)
+ Addedcontent-disposition@0.5.4(transitive)
+ Addedcookie@0.4.1(transitive)
+ Addedhttp-errors@1.8.1(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedms@2.1.3(transitive)
+ Addedpath-to-regexp@3.2.0(transitive)
+ Addedqs@6.9.6(transitive)
+ Addedraw-body@2.4.2(transitive)
+ Addedrouter@2.0.0-beta.1(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsend@1.0.0-beta.1(transitive)
+ Addedserve-static@2.0.0-beta.1(transitive)
+ Addedsetprototypeof@1.2.0(transitive)
+ Addedtoidentifier@1.0.1(transitive)
- Removedarray-flatten@2.1.1(transitive)
- Removedbody-parser@1.19.0(transitive)
- Removedbytes@3.1.0(transitive)
- Removedcontent-disposition@0.5.3(transitive)
- Removedcookie@0.4.0(transitive)
- Removedhttp-errors@1.7.2(transitive)
- Removedinherits@2.0.3(transitive)
- Removedmime@1.6.0(transitive)
- Removedms@2.1.1(transitive)
- Removedpath-to-regexp@0.1.7(transitive)
- Removedqs@6.7.0(transitive)
- Removedraw-body@2.4.0(transitive)
- Removedrouter@2.0.0-alpha.1(transitive)
- Removedsafe-buffer@5.1.2(transitive)
- Removedsend@0.17.1(transitive)
- Removedserve-static@1.14.1(transitive)
- Removedsetprototypeof@1.1.01.1.1(transitive)
- Removedtoidentifier@1.0.0(transitive)
Updatedarray-flatten@3.0.0
Updatedbody-parser@2.0.0-beta.1
Updatedcontent-disposition@0.5.4
Updatedcookie@0.4.1
Updatedproxy-addr@~2.0.7
Updatedqs@6.9.6
Updatedrouter@2.0.0-beta.1
Updatedsafe-buffer@5.2.1
Updatedsend@1.0.0-beta.1
Updatedserve-static@2.0.0-beta.1
Updatedsetprototypeof@1.2.0