From 31bb9351c753bd977ec0c78b0d9488faa459a238 Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Sun, 4 Feb 2024 12:13:49 +0100 Subject: [PATCH] Merge tag '4.18.2' --- .github/workflows/ci.yml | 26 +- Charter.md | 4 +- History.md | 65 +- Readme.md | 74 +- Security.md | 3 +- appveyor.yml | 23 +- benchmarks/Makefile | 20 +- benchmarks/middleware.js | 2 +- benchmarks/run | 8 +- examples/auth/views/login.ejs | 8 +- examples/params/index.js | 13 +- .../route-separation/views/users/edit.ejs | 2 +- examples/search/public/index.html | 4 +- lib/application.js | 19 +- lib/response.js | 82 +- lib/utils.js | 1 + lib/view.js | 2 +- package.json | 25 +- test/Route.js | 65 +- test/Router.js | 52 + test/app.locals.js | 32 +- test/config.js | 44 + test/exports.js | 13 +- test/express.json.js | 339 +++-- test/express.raw.js | 203 ++- test/express.text.js | 221 ++- test/express.urlencoded.js | 263 +++- test/mocha.opts | 2 - test/res.append.js | 71 +- test/res.cookie.js | 102 ++ test/res.download.js | 315 +++- test/res.format.js | 29 +- test/res.redirect.js | 33 +- test/res.send.js | 50 +- test/res.sendFile.js | 1297 +++++++++++++++-- test/res.status.js | 205 ++- test/support/utils.js | 14 + 37 files changed, 3106 insertions(+), 625 deletions(-) delete mode 100644 test/mocha.opts diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6dba5c2d9f..2057a210d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,6 +23,10 @@ jobs: - Node.js 12.x - Node.js 13.x - Node.js 14.x + - Node.js 15.x + - Node.js 16.x + - Node.js 17.x + - Node.js 18.x include: - name: Node.js 4.0 @@ -39,7 +43,7 @@ jobs: - name: Node.js 6.x node-version: "6.17" - npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6 + npm-i: mocha@6.2.2 nyc@14.1.1 supertest@3.4.2 - name: Node.js 7.x node-version: "7.10" @@ -63,12 +67,26 @@ jobs: - name: Node.js 12.x node-version: "12.22" + npm-i: mocha@9.2.2 - name: Node.js 13.x node-version: "13.14" + npm-i: mocha@9.2.2 - name: Node.js 14.x - node-version: "14.19" + node-version: "14.20" + + - name: Node.js 15.x + node-version: "15.14" + + - name: Node.js 16.x + node-version: "16.17" + + - name: Node.js 17.x + node-version: "17.9" + + - name: Node.js 18.x + node-version: "18.10" steps: - uses: actions/checkout@v2 @@ -95,8 +113,8 @@ jobs: shell: bash run: | # eslint for linting - # - remove on Node.js < 10 - if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then + # - remove on Node.js < 12 + if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ grep -E '^eslint(-|$)' | \ sort -r | \ diff --git a/Charter.md b/Charter.md index f9647cb734..a906e52909 100644 --- a/Charter.md +++ b/Charter.md @@ -9,7 +9,7 @@ also easily visible to outsiders. ## Section 1: Scope -Express is a http web server framework with a simple and expressive API +Express is a HTTP web server framework with a simple and expressive API which is highly aligned with Node.js core. We aim to be the best in class for writing performant, spec compliant, and powerful web servers in Node.js. As one of the oldest and most popular web frameworks in @@ -24,7 +24,7 @@ Express is made of many modules spread between three GitHub Orgs: libraries - [pillarjs](http://github.com/pillarjs/): Components which make up Express but can also be used for other web frameworks -- [jshttp](http://github.com/jshttp/): Low level http libraries +- [jshttp](http://github.com/jshttp/): Low level HTTP libraries ### 1.2: Out-of-Scope diff --git a/History.md b/History.md index 5380daf09c..9a44f8bd20 100644 --- a/History.md +++ b/History.md @@ -1,7 +1,7 @@ 5.x === -This incorporates all changes after 4.17.2 up to 4.17.3. +This incorporates all changes after 4.17.2 up to 4.18.2. 5.0.0-beta.1 / 2022-02-14 ========================= @@ -162,6 +162,69 @@ This is the first Express 5.0 alpha release, based off 4.10.1. * add: - `app.router` is a reference to the base router +4.18.2 / 2022-10-08 +=================== + + * Fix regression routing a large stack in a single route + * deps: body-parser@1.20.1 + - deps: qs@6.11.0 + - perf: remove unnecessary object clone + * deps: qs@6.11.0 + +4.18.1 / 2022-04-29 +=================== + + * Fix hanging on large stack of sync routes + +4.18.0 / 2022-04-25 +=================== + + * Add "root" option to `res.download` + * Allow `options` without `filename` in `res.download` + * Deprecate string and non-integer arguments to `res.status` + * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` + * Fix handling very large stacks of sync middleware + * Ignore `Object.prototype` values in settings through `app.set`/`app.get` + * Invoke `default` with same arguments as types in `res.format` + * Support proper 205 responses using `res.send` + * Use `http-errors` for `res.format` error + * deps: body-parser@1.20.0 + - Fix error message for json parse whitespace in `strict` + - Fix internal error when inflated body exceeds limit + - Prevent loss of async hooks context + - Prevent hanging when request already read + - deps: depd@2.0.0 + - deps: http-errors@2.0.0 + - deps: on-finished@2.4.1 + - deps: qs@6.10.3 + - deps: raw-body@2.5.1 + * deps: cookie@0.5.0 + - Add `priority` option + - Fix `expires` option to reject invalid dates + * deps: depd@2.0.0 + - Replace internal `eval` usage with `Function` constructor + - Use instance methods on `process` to check for listeners + * deps: finalhandler@1.2.0 + - Remove set content headers that break response + - deps: on-finished@2.4.1 + - deps: statuses@2.0.1 + * deps: on-finished@2.4.1 + - Prevent loss of async hooks context + * deps: qs@6.10.3 + * deps: send@0.18.0 + - Fix emitted 416 error missing headers property + - Limit the headers removed for 304 response + - deps: depd@2.0.0 + - deps: destroy@1.2.0 + - deps: http-errors@2.0.0 + - deps: on-finished@2.4.1 + - deps: statuses@2.0.1 + * deps: serve-static@1.15.0 + - deps: send@0.18.0 + * deps: statuses@2.0.1 + - Remove code 306 + - Rename `425 Unordered Collection` to standard `425 Too Early` + 4.17.3 / 2022-02-16 =================== diff --git a/Readme.md b/Readme.md index b60d588c41..0936816bed 100644 --- a/Readme.md +++ b/Readme.md @@ -1,12 +1,10 @@ [![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/) - Fast, unopinionated, minimalist web framework for [node](http://nodejs.org). + Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org). - [![NPM Version][npm-image]][npm-url] - [![NPM Downloads][downloads-image]][downloads-url] - [![Linux Build][ci-image]][ci-url] - [![Windows Build][appveyor-image]][appveyor-url] - [![Test Coverage][coveralls-image]][coveralls-url] + [![NPM Version][npm-version-image]][npm-url] + [![NPM Install Size][npm-install-size-image]][npm-install-size-url] + [![NPM Downloads][npm-downloads-image]][npm-downloads-url] ```js const express = require('express') @@ -33,7 +31,7 @@ the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file). Installation is done using the [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): -```bash +```console $ npm install express ``` @@ -53,7 +51,7 @@ for more information. ## Docs & Community * [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)] - * [#express](https://webchat.freenode.net/?channels=express) on freenode IRC + * [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC * [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules * Visit the [Wiki](https://github.com/expressjs/express/wiki) * [Google Group](https://groups.google.com/group/express-js) for discussion @@ -61,35 +59,31 @@ for more information. **PROTIP** Be sure to read [Migrating from 3.x to 4.x](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) as well as [New features in 4.x](https://github.com/expressjs/express/wiki/New-features-in-4.x). -### Security Issues - -If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md). - ## Quick Start The quickest way to get started with express is to utilize the executable [`express(1)`](https://github.com/expressjs/generator) to generate an application as shown below: Install the executable. The executable's major version will match Express's: -```bash +```console $ npm install -g express-generator@4 ``` Create the app: -```bash +```console $ express /tmp/foo && cd /tmp/foo ``` Install dependencies: -```bash +```console $ npm install ``` Start the server: -```bash +```console $ npm start ``` @@ -109,7 +103,7 @@ $ npm start To view the examples, clone the Express repo and install the dependencies: -```bash +```console $ git clone git://github.com/expressjs/express.git --depth 1 $ cd express $ npm install @@ -117,23 +111,35 @@ $ npm install Then run whichever example you want: -```bash +```console $ node examples/content-negotiation ``` -## Tests +## Contributing + + [![Linux Build][github-actions-ci-image]][github-actions-ci-url] + [![Windows Build][appveyor-image]][appveyor-url] + [![Test Coverage][coveralls-image]][coveralls-url] + +The Express.js project welcomes all constructive contributions. Contributions take many forms, +from code for bug fixes and enhancements, to additions and fixes to documentation, additional +tests, triaging incoming pull requests and issues, and more! - To run the test suite, first install the dependencies, then run `npm test`: +See the [Contributing Guide](Contributing.md) for more technical details on contributing. -```bash +### Security Issues + +If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md). + +### Running Tests + +To run the test suite, first install the dependencies, then run `npm test`: + +```console $ npm install $ npm test ``` -## Contributing - -[Contributing Guide](Contributing.md) - ## People The original author of Express is [TJ Holowaychuk](https://github.com/tj) @@ -146,13 +152,15 @@ The current lead maintainer is [Douglas Christopher Wilson](https://github.com/d [MIT](LICENSE) -[ci-image]: https://img.shields.io/github/workflow/status/expressjs/express/ci/master.svg?label=linux -[ci-url]: https://github.com/expressjs/express/actions?query=workflow%3Aci -[npm-image]: https://img.shields.io/npm/v/express.svg -[npm-url]: https://npmjs.org/package/express -[downloads-image]: https://img.shields.io/npm/dm/express.svg -[downloads-url]: https://npmcharts.com/compare/express?minimal=true -[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows +[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows [appveyor-url]: https://ci.appveyor.com/project/dougwilson/express -[coveralls-image]: https://img.shields.io/coveralls/expressjs/express/master.svg +[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master [coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master +[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux +[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml +[npm-downloads-image]: https://badgen.net/npm/dm/express +[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true +[npm-install-size-image]: https://badgen.net/packagephobia/install/express +[npm-install-size-url]: https://packagephobia.com/result?p=express +[npm-url]: https://npmjs.org/package/express +[npm-version-image]: https://badgen.net/npm/v/express diff --git a/Security.md b/Security.md index 858dfffc5b..cdcd7a6e0a 100644 --- a/Security.md +++ b/Security.md @@ -27,8 +27,7 @@ endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. Report security bugs in third-party modules to the person or team maintaining -the module. You can also report a vulnerability through the -[Node Security Project](https://nodesecurity.io/report). +the module. ## Disclosure Policy diff --git a/appveyor.yml b/appveyor.yml index 7f7a3717e7..e98b4c19ac 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -10,14 +10,18 @@ environment: - nodejs_version: "11.15" - nodejs_version: "12.22" - nodejs_version: "13.14" - - nodejs_version: "14.19" + - nodejs_version: "14.20" + - nodejs_version: "15.14" + - nodejs_version: "16.17" + - nodejs_version: "17.9" + - nodejs_version: "18.10" cache: - node_modules install: # Install Node.js - ps: >- try { Install-Product node $env:nodejs_version -ErrorAction Stop } - catch { Update-NodeJsInstallation (Get-NodeJsLatestBuild $env:nodejs_version) } + catch { Update-NodeJsInstallation (Get-NodeJsLatestBuild $env:nodejs_version) x64 } # Configure npm - ps: | npm config set loglevel error @@ -37,7 +41,10 @@ install: # - use 6.x for Node.js < 8 # - use 7.x for Node.js < 10 # - use 8.x for Node.js < 12 - if ([int]$env:nodejs_version.split(".")[0] -lt 6) { + # - use 9.x for Node.js < 14 + if ([int]$env:nodejs_version.split(".")[0] -lt 4) { + npm install --silent --save-dev mocha@3.5.3 + } elseif ([int]$env:nodejs_version.split(".")[0] -lt 6) { npm install --silent --save-dev mocha@5.2.0 } elseif ([int]$env:nodejs_version.split(".")[0] -lt 8) { npm install --silent --save-dev mocha@6.2.2 @@ -45,6 +52,8 @@ install: npm install --silent --save-dev mocha@7.2.0 } elseif ([int]$env:nodejs_version.split(".")[0] -lt 12) { npm install --silent --save-dev mocha@8.4.0 + } elseif ([int]$env:nodejs_version.split(".")[0] -lt 14) { + npm install --silent --save-dev mocha@9.2.2 } - ps: | # nyc for test coverage @@ -60,8 +69,12 @@ install: } - ps: | # supertest for http calls - # - use 3.4.2 for Node.js < 6 - if ([int]$env:nodejs_version.split(".")[0] -lt 6) { + # - use 2.0.0 for Node.js < 4 + # - use 3.4.2 for Node.js < 7 + # - use 6.1.6 for Node.js < 8 + if ([int]$env:nodejs_version.split(".")[0] -lt 4) { + npm install --silent --save-dev supertest@2.0.0 + } elseif ([int]$env:nodejs_version.split(".")[0] -lt 7) { npm install --silent --save-dev supertest@3.4.2 } elseif ([int]$env:nodejs_version.split(".")[0] -lt 8) { npm install --silent --save-dev supertest@6.1.6 diff --git a/benchmarks/Makefile b/benchmarks/Makefile index baf0d6fce9..ed1ddfc4f3 100644 --- a/benchmarks/Makefile +++ b/benchmarks/Makefile @@ -1,13 +1,17 @@ all: - @./run 1 middleware - @./run 5 middleware - @./run 10 middleware - @./run 15 middleware - @./run 20 middleware - @./run 30 middleware - @./run 50 middleware - @./run 100 middleware + @./run 1 middleware 50 + @./run 5 middleware 50 + @./run 10 middleware 50 + @./run 15 middleware 50 + @./run 20 middleware 50 + @./run 30 middleware 50 + @./run 50 middleware 50 + @./run 100 middleware 50 + @./run 10 middleware 100 + @./run 10 middleware 250 + @./run 10 middleware 500 + @./run 10 middleware 1000 @echo .PHONY: all diff --git a/benchmarks/middleware.js b/benchmarks/middleware.js index df4df2c5ac..fed97ba8ce 100644 --- a/benchmarks/middleware.js +++ b/benchmarks/middleware.js @@ -13,7 +13,7 @@ while (n--) { }); } -app.use(function(req, res, next){ +app.use(function(req, res){ res.send('Hello World') }); diff --git a/benchmarks/run b/benchmarks/run index 93b5bc52ff..ec8f55d564 100755 --- a/benchmarks/run +++ b/benchmarks/run @@ -4,13 +4,15 @@ echo MW=$1 node $2 & pid=$! +echo " $3 connections" + sleep 2 wrk 'http://localhost:3333/?foo[bar]=baz' \ -d 3 \ - -c 50 \ + -c $3 \ -t 8 \ - | grep 'Requests/sec' \ - | awk '{ print " " $2 }' + | grep 'Requests/sec\|Latency' \ + | awk '{ print " " $2 }' kill $pid diff --git a/examples/auth/views/login.ejs b/examples/auth/views/login.ejs index 8a20411a2c..181c36caf7 100644 --- a/examples/auth/views/login.ejs +++ b/examples/auth/views/login.ejs @@ -6,12 +6,12 @@ Try accessing /restricted, then authenticate with "tj" and "foobar".

- - + +

- - + +

diff --git a/examples/params/index.js b/examples/params/index.js index b153b93b98..f3cd8457eb 100644 --- a/examples/params/index.js +++ b/examples/params/index.js @@ -4,6 +4,7 @@ * Module dependencies. */ +var createError = require('http-errors') var express = require('../../'); var app = module.exports = express(); @@ -17,14 +18,6 @@ var users = [ , { name: 'bandit' } ]; -// Create HTTP error - -function createError(status, message) { - var err = new Error(message); - err.status = status; - return err; -} - // Convert :to and :from to integers app.param(['to', 'from'], function(req, res, next, num, name){ @@ -58,7 +51,7 @@ app.get('/', function(req, res){ * GET :user. */ -app.get('/user/:user', function(req, res, next){ +app.get('/user/:user', function (req, res) { res.send('user ' + req.user.name); }); @@ -66,7 +59,7 @@ app.get('/user/:user', function(req, res, next){ * GET users :from - :to. */ -app.get('/users/:from-:to', function(req, res, next){ +app.get('/users/:from-:to', function (req, res) { var from = req.params.from; var to = req.params.to; var names = users.map(function(user){ return user.name; }); diff --git a/examples/route-separation/views/users/edit.ejs b/examples/route-separation/views/users/edit.ejs index 0ca2df7652..6df78a953a 100644 --- a/examples/route-separation/views/users/edit.ejs +++ b/examples/route-separation/views/users/edit.ejs @@ -3,7 +3,7 @@

Editing <%= user.name %>

- +

Name: diff --git a/examples/search/public/index.html b/examples/search/public/index.html index f67063c502..7353644ba6 100644 --- a/examples/search/public/index.html +++ b/examples/search/public/index.html @@ -4,7 +4,7 @@ Search example -