chore(deps): bump express and @types/express in /backend by dependabot[bot] · Pull Request #800 · Haroldwonder/SwiftRemit

dependabot · 2026-06-02T10:20:00Z

Bumps express and @types/express. These dependencies needed to be updated together.
Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: server-static@2.2.0

deps: type-is@2.0.1

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

... (truncated)

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates @types/express from 4.17.25 to 5.0.6

Commits

See full diff in compare view

dependabot · 2026-06-02T10:20:01Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

vercel · 2026-06-02T10:20:03Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
swift-remit	Error		Jun 2, 2026 11:30am

Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 4.22.1 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v4.22.1...v5.2.1) Updates `@types/express` from 4.17.25 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

vercel Bot deployed to Preview June 2, 2026 10:24 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/multi-b251156d90 branch from 3cf4448 to 8066646 Compare June 2, 2026 10:32

vercel Bot had a problem deploying to Preview June 2, 2026 10:32 Failure

dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/multi-b251156d90 branch from 8066646 to 463a47b Compare June 2, 2026 11:30

vercel Bot had a problem deploying to Preview June 2, 2026 11:30 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump express and @types/express in /backend#800

chore(deps): bump express and @types/express in /backend#800
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/multi-b251156d90

dependabot Bot commented on behalf of github Jun 2, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 2, 2026

Uh oh!

vercel Bot commented Jun 2, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

Uh oh!

dependabot Bot commented on behalf of github Jun 2, 2026

Labels

Uh oh!

vercel Bot commented Jun 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 2, 2026 •

edited

Loading

vercel Bot commented Jun 2, 2026 •

edited

Loading