build(deps): bump express from 4.21.2 to 4.22.1 by dependabot[bot] · Pull Request #879 · radiorabe/rabe-backstage

dependabot · 2025-12-02T05:10:21Z

Bumps express from 4.21.2 to 4.22.1.

Release notes

v4.22.1

What's Changed

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
express	[>= 5.a, < 6]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [express](https://github.com/expressjs/express) from 4.21.2 to 4.22.1. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 2, 2025

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.1 branch 6 times, most recently from aad4a29 to bdfe006 Compare December 9, 2025 08:38

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.1 branch 4 times, most recently from e11bf11 to 8cdb898 Compare December 22, 2025 11:41

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.1 branch from 8cdb898 to a484713 Compare December 23, 2025 18:18

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.1 branch from a484713 to 8fad033 Compare December 24, 2025 11:05

hairmare enabled auto-merge (squash) December 25, 2025 00:24

hairmare merged commit 9f82c71 into main Dec 25, 2025
7 of 8 checks passed

hairmare deleted the dependabot/npm_and_yarn/express-4.22.1 branch December 25, 2025 00:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump express from 4.21.2 to 4.22.1#879

build(deps): bump express from 4.21.2 to 4.22.1#879
hairmare merged 1 commit into
mainfrom
dependabot/npm_and_yarn/express-4.22.1

dependabot Bot commented on behalf of github Dec 2, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Dec 2, 2025 •

edited

Loading