Sourced from esbuild's releases.

v0.25.4

• Add simple support for CORS to esbuild's development server (#4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {
        origin: 'https://example.com',
      },
    })
    

  • Go:

    ctx, _ := api.Context(api.BuildOptions{})
    ctx.Serve(api.ServeOptions{
      Servedir: ".",
      CORS: api.CORSOptions{
        Origin: []string{"https://example.com"},
      },
    })
    

  The special origin * can be used to allow any origin to access esbuild's development server. Note that this means any website you visit will be able to read everything served by esbuild.

• Pass through invalid URLs in source maps unmodified (#4169)

  This fixes a regression in version 0.25.0 where sources in source maps that form invalid URLs were not being passed through to the output. Version 0.25.0 changed the interpretation of sources from file paths to URLs, which means that URL parsing can now fail. Previously URLs that couldn't be parsed were replaced with the empty string. With this release, invalid URLs in sources should now be passed through unmodified.

• Handle exports named __proto__ in ES modules (#4162, #4163)

  In JavaScript, the special property name __proto__ sets the prototype when used inside an object literal. Previously esbuild's ESM-to-CommonJS conversion didn't special-case the property name of exports named __proto__ so the exported getter accidentally became the prototype of the object literal. It's unclear what this affects, if anything, but it's better practice to avoid this by using a computed property name in this case.

  This fix was contributed by @​magic-akari.

... (truncated)

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })
    

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })
    

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }
  

... (truncated)

• 218d29e publish 0.25.4 to npm
• e66cd0b dev server: simple support for CORS requests (#4171)
• 8bf3368 js api: validate some options as arrays of strings
• 1e7375a js api: simplify comma-separated array validation
• 5f5964d release notes for #4163
• adb5284 fix: handle __proto__ as a computed property in exports and add tests for s...
• 0aa9f7b fix #4169: keep invalid source map URLs unmodified
• 5959289 add additional guards for #4114 when using :is()
• 677910b publish 0.25.3 to npm
• a41040e fix #4110: support custom non-IP host values
• Additional commits viewable in compare view

Sourced from @​size-limit/preset-small-lib's releases.

11.2.0

• Added --config argument (by @​EvgenyWas).
• Added top-level await support to config (by @​aryaemami59).
• Added time option to config (by @​EvgenyWas).
• Added message option to config (by @​dartess).
• Updated esbuild.

11.1.6

• Updated chokidar.
• Updated esbuild.
• Updated jiti.

11.1.5

• Reduced dependencies (by @​ziebam).
• Updated esbuild.

11.1.4

• Fixed types (by @​aryaemami59).

11.1.3

• Updated esbuild.
• Updated CSS loaders for webpack.

11.1.2

• Fixed CSS support in esbuild plugin (by @​just-boris).

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by @​aryaemami59).
• Updated esbuild.

Sourced from @​size-limit/preset-small-lib's changelog.

11.2.0

• Added --config argument (by @​EvgenyWas).
• Added top-level await support to config (by @​aryaemami59).
• Added time option to config (by @​EvgenyWas).
• Added message option to config (by @​dartess).
• Updated esbuild.

11.1.6

• Updated chokidar.
• Updated esbuild.
• Updated jiti.

11.1.5

• Reduced dependencies (by @​ziebam).
• Updated esbuild.

11.1.4

• Fixed types (by @​aryaemami59).

11.1.3

• Updated esbuild.
• Updated CSS loaders for webpack.

11.1.2

• Fixed CSS support in esbuild plugin (by @​just-boris).

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by Arya Emami).
• Updated esbuild.

11.0.2

• Fixed require is not defined regression.
• Updated esbuild-visualizer.

11.0.1

• Updated estimo.
• Updated lilconfig.

11.0

• Moved to Brotli as default compression. Use gzip: true for old behavior.

10.0.3

• Fixed third-party plugins support (by @​JounQin).

... (truncated)

• 896eee2 Release 11.2.0 version
• 69fab9c Update Vitest
• 15a4c46 Update dependencies
• edda423 feat: add time options to set loading network speed, latency and message (#384)
• 6f44d9b Avoid patterns in simple example
• 549350a feat: implement new --config arg to specify a custom path to configuration fi...
• 3542c73 fix: remove extra blank line in terminal when output is empty (#383)
• 5b831e1 Fix pnpm version
• 7b56b53 Update dependencies
• 7a0c618 Bump cross-spawn from 7.0.3 to 7.0.5 (#381)
• Additional commits viewable in compare view

Sourced from @​web/dev-server-esbuild's releases.

@​web/dev-server-esbuild@​1.0.4

Patch Changes

• d826727: upgrade esbuild to 0.25.x

@​web/dev-server-esbuild@​1.0.3

Patch Changes

• f506af31: Upgrade esbuild to 0.24.x
• Updated dependencies [fb33d75c]
  • @​web/dev-server-core@​0.7.4

Sourced from @​web/dev-server-esbuild's changelog.

1.0.4

Patch Changes

• d826727: upgrade esbuild to 0.25.x

1.0.3

Patch Changes

• f506af31: Upgrade esbuild to 0.24.x
• Updated dependencies [fb33d75c]
  • @​web/dev-server-core@​0.7.4

1.0.2

Patch Changes

• fix: update @​web/dev-server-core

1.0.1

Patch Changes

• e31de569: Update @web/dev-server-rollup to latest version

1.0.0

Major Changes

• 8218a0a5: Update ESBuild to latest version.

  ESBuild has changed how TypeScript decorators are enabled in preparation for JavaScript decorators to land in browsers. ESBuild now requires the experimentalDecorators key to be set to true in the tsconfig.json for TypeScript decorators to be enabled.

  If you are having issues with decorators after updating to this version, try setting the experimentalDecorators key in your tsconfig.json.

Minor Changes

• c185cbaa: Set minimum node version to 18

Patch Changes

• Updated dependencies [c185cbaa]
  • @​web/dev-server-core@​0.7.0

0.4.4

Patch Changes

• ef6b2543: Use split versions for all lit dependencies

... (truncated)

• 3a6bf8f Version Packages
• d826727 fix: upgrade esbuild to 0.25.x
• 5f4f351 Version Packages
• dc23517 chore: bump esbuild to 0.24.0
• f506af3 chore: upgrade esbuild to 0.20.x
• 03f3c6f Version Packages
• 54d65a4 ci: align reporters across all packages
• 90e4472 ci: use workspaces to run node tests
• 0780a22 Version Packages
• ce40a8f update @​web/dev-server-rollup in more places
• Additional commits viewable in compare view

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

0.4.1

• Fix maxAge option to reject invalid values

0.4.0

• Add SameSite=None support

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Sourced from @​lhci/cli's releases.

v0.14.0

v0.14.0 (2024-06-20)

• feat: upgrade to lighthouse 12.0.0 (#1035) (cc564a6), closes #1035
• feat: support .htm files in fallback server (#1033) (2ed3b31), closes #1033
• feat: increase column width for project name (#1006) (8fe7e8d), closes #1006
• feat: upgrade to lighthouse 12.1.0 (#1046) (8a0e3dc), closes #1046
• feat(cli): add --lhr to assert command to load LHRs from anywhere (#1024) (19c7ca6), closes #1024
• fix(cli): use ProxyAgent instead of HttpsProxyAgent (#1038) (cdf4605), closes #1038
• chore: bump lhci references to 0.13 (083d639)
• misc(release): remove hulk from release process (mostly) (36e629e)

BREAKING CHANGE

• upgrade to lighthouse 12.1.0

v0.13.0

v0.13.0 (2023-12-15)

• feat: sort projects by name (#976) (2bf36f4), closes #976
• feat: upgrade to lighthouse 11.4.0 (#991) (7cc4ba8), closes #991
• feat(cli): add static dir file discovery depth flag (#940) (de1614e), closes #940
• fix(docker): added extra environment variable to lhci-client Dockerfile for puppeteer executable (#9 (f28992b), closes #916
• docs: add *.cjs to supported config extensions (#975) (a706c54), closes #975
• docs: fix typo of puppeterScript to puppeteerScript (#979) (b16e48d), closes #979
• tests: use more random name for sql test file (#986) (72b79d8), closes #986
• chore: update docker images with latest version (9d710c1)
• chore: rebaseline snapshot images (#980) (7e75eed), closes #980
• chore: remove jest worker limit (#981) (91bfbf9), closes #981
• chore: set jest max workers to 1 (#985) (200b915), closes #985
• chore: bump to node 18 (#989) (c5bde95), closes #989
• chore(deps): run yarn audit fix to upgrade many deps (#992) (3ea9955), closes #992
• chore(deps): upgrade to storybook 7.6.4, preact 10.19.3, esbuild 0.19.9 (#990) (5d30e52), closes #990
• chore(deps): bump lodash from 4.17.11 to 4.17.21 (#956) (00b2c91), closes #956
• chore(deps): bump handlebars from 4.1.2 to 4.7.8 (#978) (c183f9f), closes #978
• chore(deps): bump @​babel/traverse from 7.4.3 to 7.23.6 (#987) (60693f0), closes #987
• chore(deps): bump browserify-sign from 4.0.4 to 4.2.2 (#957) (e40dec0), closes #957
• chore(deps): bump tree-kill from 1.2.1 to 1.2.2 (#952) (2bd2e9c), closes #952
• chores(deps): upgrade puppeteer to 21.6.1 (#988) (939ef03), closes #988
• chores(deps): upgrade umzug to 3.4.0 (#984) (a3ee284), closes #984
• chores(deps): upgrade typescript to 5.3.3 (#983) (29a67d9), closes #983
• chores(deps): upgrade sequelize to 6.35.2 (#982) (5b94d30), closes #982
• collect: use new headless mode (#907) (2cf4dc0), closes #907
• Readme: Update Heroku mentions (#931) (b124841), closes #931
• Instruct users to install Lighthouse CI 0.12 (#927) (72db595), closes #927
• catch localStorage exceptions in difftool (#938) (332888a), closes #938

... (truncated)

• bbaa624 misc(release): remove hulk from release process (mostly)
• cdf4605 fix(cli): use ProxyAgent instead of HttpsProxyAgent (#1038)
• 8a0e3dc feat: upgrade to lighthouse 12.1.0 (#1046)
• 8fe7e8d feat: increase column width for project name (#1006)
• 2ed3b31 feat: support .htm files in fallback server (#1033)
• cc564a6 feat: upgrade to lighthouse 12.0.0 (#1035)
• 19c7ca6 feat(cli): add --lhr to assert command to load LHRs from anywhere (#1024)
• 083d639 chore: bump lhci references to 0.13
• 7cc4ba8 feat: upgrade to lighthouse 11.4.0 (#991)
• 3ea9955 chore(deps): run yarn audit fix to upgrade many deps (#992)
• Additional commits viewable in compare view

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
<...

Description has been truncated