Compare Versions - express

npm / express / Compare Versions

View on npm

→ Compare

5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 5.2.1 by @UlisesGascon in https://github.com/expressjs/express/pull/6933

Full Changelog: https://github.com/expressjs/express/compare/v5.2.0...v5.2.1

5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in https://github.com/expressjs/express/pull/6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in https://github.com/expressjs/express/pull/6137
• increased code coverage of utils.js file by @ashish3011 in https://github.com/expressjs/express/pull/6386
• chore: remove duplicate word by @dufucun in https://github.com/expressjs/express/pull/6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in https://github.com/expressjs/express/pull/6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6496
• ci: add node.js 24 to test matrix by @Phillip9587 in https://github.com/expressjs/express/pull/6504
• ci: update codeql config by @Phillip9587 in https://github.com/expressjs/express/pull/6488
• chore: wider range for query test skip by @jonchurch in https://github.com/expressjs/express/pull/6512
• chore: fix typos in test by @noritaka1166 in https://github.com/expressjs/express/pull/6535
• ci: disable credential persistence for checkout actions by @mertssmnoglu in https://github.com/expressjs/express/pull/6522
• ci: allow manual triggering of workflow by @shivarm in https://github.com/expressjs/express/pull/6515
• test: add coverage for app.listen() variants by @kgarg1 in https://github.com/expressjs/express/pull/6476
• docs: move documentation and charters to the discussions and .github … by @bjohansebas in https://github.com/expressjs/express/pull/6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in https://github.com/expressjs/express/pull/6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in https://github.com/expressjs/express/pull/6548
• chore: enforce explicit Buffer import and add lint rule by @shivarm in https://github.com/expressjs/express/pull/6525
• chore: use node protocol for querystring by @shivarm in https://github.com/expressjs/express/pull/6520
• chore: fix typo by @mountdisk in https://github.com/expressjs/express/pull/6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in https://github.com/expressjs/express/pull/6618
• add deprecation warnings for redirect arguments undefined by @bjohansebas in https://github.com/expressjs/express/pull/6405
• ci: run CI when the markdown changes by @bjohansebas in https://github.com/expressjs/express/pull/6632
• doc: fix CONTRIBUTING link by @jonchurch in https://github.com/expressjs/express/pull/6653
• doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in https://github.com/expressjs/express/pull/6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in https://github.com/expressjs/express/pull/6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in https://github.com/expressjs/express/pull/6678
• lint: add --fix flag to automatic fix linting issue by @shivarm in https://github.com/expressjs/express/pull/6644
• chore: ignore yarn.lock file and update example by @shivarm in https://github.com/expressjs/express/pull/6588
• lib: use req.socket over deprecated req.connection by @bjohansebas in https://github.com/expressjs/express/pull/6705
• doc: update express app example by @shivarm in https://github.com/expressjs/express/pull/6718
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in https://github.com/expressjs/express/pull/6675
• Remove history.md from being packaged on publish by @sheplu in https://github.com/expressjs/express/pull/6780
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6797
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in https://github.com/expressjs/express/pull/6796
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in https://github.com/expressjs/express/pull/6795
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6794
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6793
• ci: add node.js 25 to test matrix by @Phillip9587 in https://github.com/expressjs/express/pull/6843
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6871
• build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6870
• build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in https://github.com/expressjs/express/pull/6869
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6868
• chore: switch badges from badgen.net to shields.io by @Phillip9587 in https://github.com/expressjs/express/pull/6900
• refactor: use cached slice in app.listen by @Tacit1 in https://github.com/expressjs/express/pull/6897
• Nominate to @efekrskl for triage team by @bjohansebas in https://github.com/expressjs/express/pull/6888
• docs: update emeritus triagers by @bjohansebas in https://github.com/expressjs/express/pull/6890
• fix: upgrade body-parser to 2.2.1 to address CVE-2025-13466 by @shivarm in https://github.com/expressjs/express/pull/6922
• build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 by @dependabot[bot] in https://github.com/expressjs/express/pull/6930
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 by @dependabot[bot] in https://github.com/expressjs/express/pull/6929
• build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in https://github.com/expressjs/express/pull/6928
• Release: 5.2.0 by @UlisesGascon in https://github.com/expressjs/express/pull/6920

New Contributors

• @ashish3011 made their first contribution in https://github.com/expressjs/express/pull/6386
• @dufucun made their first contribution in https://github.com/expressjs/express/pull/6456
• @noritaka1166 made their first contribution in https://github.com/expressjs/express/pull/6535
• @mertssmnoglu made their first contribution in https://github.com/expressjs/express/pull/6522
• @shivarm made their first contribution in https://github.com/expressjs/express/pull/6515
• @kgarg1 made their first contribution in https://github.com/expressjs/express/pull/6476
• @mountdisk made their first contribution in https://github.com/expressjs/express/pull/6609
• @ShubhamOulkar made their first contribution in https://github.com/expressjs/express/pull/6601
• @sheplu made their first contribution in https://github.com/expressjs/express/pull/6780
• @Tacit1 made their first contribution in https://github.com/expressjs/express/pull/6897

Full Changelog: https://github.com/expressjs/express/compare/v5.1.0...v5.2.0

5.1.0

What's Changed

• Update captains by @UlisesGascon in https://github.com/expressjs/express/pull/6027
• build: Node.js 23.0 by @bjohansebas in https://github.com/expressjs/express/pull/6075
• Add funding field (v5) by @bjohansebas in https://github.com/expressjs/express/pull/6064
• ✅ add discarded middleware test by @ctcpip in https://github.com/expressjs/express/pull/5819
• update homepage link http to https by @bjohansebas in https://github.com/expressjs/express/pull/5920
• Improve readme by @bjohansebas in https://github.com/expressjs/express/pull/5994
• Add bjohansebas as repo captain for expressjs.com by @crandmck in https://github.com/expressjs/express/pull/6058
• Remove Object.setPrototypeOf polyfill by @Phillip9587 in https://github.com/expressjs/express/pull/6081
• fix(buffer): use node:buffer instead of safe-buffer by @bhavya3024 in https://github.com/expressjs/express/pull/6071
• docs: Add DCO by @UlisesGascon in https://github.com/expressjs/express/pull/6048
• cleanup: remove promise support check from tests by @Phillip9587 in https://github.com/expressjs/express/pull/6148
• Use loop for acceptParams by @blakeembrey in https://github.com/expressjs/express/pull/6066
• Improve documentation step in release process by @bjohansebas in https://github.com/expressjs/express/pull/6150
• cleanup: remove unnecessary require for global Buffer by @Phillip9587 in https://github.com/expressjs/express/pull/6146
• cleanup: remove AsyncLocalStorage check by @Phillip9587 in https://github.com/expressjs/express/pull/6147
• update history.md for acceptParams change by @jonchurch in https://github.com/expressjs/express/pull/6177
• docs: add @rxmarbles to the triage team by @UlisesGascon in https://github.com/expressjs/express/pull/6151
• refactor: improve readability by @sazk07 in https://github.com/expressjs/express/pull/6173
• docs: clarify the security process in the triage role by @bjohansebas in https://github.com/expressjs/express/pull/6217
• chore: replace methods dependency with standard library by @jonkoops in https://github.com/expressjs/express/pull/6196
• Remove utils-merge dependency - use spread syntax instead by @Phillip9587 in https://github.com/expressjs/express/pull/6091
• fix(securite): fix vulnerabilities by @Abdel-Monaam-Aouini in https://github.com/expressjs/express/pull/6211
• refactor: prefix built-in node module imports by @slagiewka in https://github.com/expressjs/express/pull/6236
• fix: remove download size badges by @wesleytodd in https://github.com/expressjs/express/pull/6266
• Remove unused depd dependency by @jonkoops in https://github.com/expressjs/express/pull/6197
• fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @hamirmahal in https://github.com/expressjs/express/pull/6256
• Add support for OSSF scorecard reporting by @UlisesGascon in https://github.com/expressjs/express/pull/5431
• docs: add @Phillip9587 to the triage team by @bjohansebas in https://github.com/expressjs/express/pull/6276
• fix: added a missing semicolon in css styles in examples/auth by @pr4j3sh in https://github.com/expressjs/express/pull/6297
• docs: include team email in the security policy by @UlisesGascon in https://github.com/expressjs/express/pull/6278
• refactor: simplify normalizeTypes function by @Ayoub-Mabrouk in https://github.com/expressjs/express/pull/6097
• ci: updated github actions ci workflow by @Phillip9587 in https://github.com/expressjs/express/pull/6314
• ci: fix npm install --include typo by @Phillip9587 in https://github.com/expressjs/express/pull/6324
• ci: updated scorecard actions by @Phillip9587 in https://github.com/expressjs/express/pull/6322
• build(deps): use carat notation for dependency versions by @dpopp07 in https://github.com/expressjs/express/pull/6317
• chore(deps): update debug to ^4.4.0 by @Phillip9587 in https://github.com/expressjs/express/pull/6313
• docs: retroactively note 5.0.0-beta.1 api change in history file by @dpopp07 in https://github.com/expressjs/express/pull/6333
• feat(deps): body-parser@^2.1.0 by @wesleytodd in https://github.com/expressjs/express/pull/6332
• feat(deps): router@^2.1.0 by @wesleytodd in https://github.com/expressjs/express/pull/6331
• Update repo captains by @UlisesGascon in https://github.com/expressjs/express/pull/6234
• deps: upgrade nyc by @agungjati in https://github.com/expressjs/express/pull/6122
• fix (deps): update deps by @wesleytodd in https://github.com/expressjs/express/pull/6337
• response: add support for ETag option in res.sendFile by @juanarbol in https://github.com/expressjs/express/pull/6073
• Update multiple links to use https instead of http by @Phillip9587 in https://github.com/expressjs/express/pull/6338
• Extend res.links() to allow adding multiple links with the same rel #2729 by @andvea in https://github.com/expressjs/express/pull/4885
• docs: update emeritus triagers by @UlisesGascon in https://github.com/expressjs/express/pull/6345
• docs: update guidance for triager nominations by @bjohansebas in https://github.com/expressjs/express/pull/6349
• docs: clarify guidelines for becoming a committer by @bjohansebas in https://github.com/expressjs/express/pull/6364
• Nominate @dpopp07 to the triage team by @UlisesGascon in https://github.com/expressjs/express/pull/6352
• fix(deps): qs@^6.14.0 by @wesleytodd in https://github.com/expressjs/express/pull/6374
• Add dependabot by @UlisesGascon in https://github.com/expressjs/express/pull/5435
• fix dependabot config by @bjohansebas in https://github.com/expressjs/express/pull/6392
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.11 by @dependabot in https://github.com/expressjs/express/pull/6398
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot in https://github.com/expressjs/express/pull/6397
• feat(deps): finalhandler@2.1.0 by @wesleytodd in https://github.com/expressjs/express/pull/6373
• build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 by @dependabot in https://github.com/expressjs/express/pull/6399
• deps: body-parser@^2.2.0 by @UlisesGascon in https://github.com/expressjs/express/pull/6419
• deps: type-is@^2.0.1 by @UlisesGascon in https://github.com/expressjs/express/pull/6420
• deps: router@^2.2.0 by @UlisesGascon in https://github.com/expressjs/express/pull/6417
• ci: use full SHAs for github action versions by @Phillip9587 in https://github.com/expressjs/express/pull/6415
• doc: remove @mertcanaltin from Triagers by @mertcanaltin in https://github.com/expressjs/express/pull/6408
• deps: serve-static@^2.2.0 by @UlisesGascon in https://github.com/expressjs/express/pull/6418
• 5.1.0 by @wesleytodd in https://github.com/expressjs/express/pull/6425

New Contributors

• @bhavya3024 made their first contribution in https://github.com/expressjs/express/pull/6071
• @jonkoops made their first contribution in https://github.com/expressjs/express/pull/6196
• @Abdel-Monaam-Aouini made their first contribution in https://github.com/expressjs/express/pull/6211
• @slagiewka made their first contribution in https://github.com/expressjs/express/pull/6236
• @hamirmahal made their first contribution in https://github.com/expressjs/express/pull/6256
• @pr4j3sh made their first contribution in https://github.com/expressjs/express/pull/6297
• @Ayoub-Mabrouk made their first contribution in https://github.com/expressjs/express/pull/6097
• @dpopp07 made their first contribution in https://github.com/expressjs/express/pull/6317
• @agungjati made their first contribution in https://github.com/expressjs/express/pull/6122
• @andvea made their first contribution in https://github.com/expressjs/express/pull/4885
• @dependabot made their first contribution in https://github.com/expressjs/express/pull/6398

Full Changelog: https://github.com/expressjs/express/compare/5.0.1...v5.1.0

5.0.1

What's Changed

• remove --bail from test script by @jonchurch in https://github.com/expressjs/express/pull/5962
• Nominate @bjohansebas to the triage team by @UlisesGascon in https://github.com/expressjs/express/pull/6009
• Link and update captains by @blakeembrey in https://github.com/expressjs/express/pull/6013
• Update cookie semver lock to address CVE-2024-47764 by @joshbuker in https://github.com/expressjs/express/pull/6017
• Release: 5.0.1 by @UlisesGascon in https://github.com/expressjs/express/pull/6032

Full Changelog: https://github.com/expressjs/express/compare/v5.0.0...5.0.1

5.0.0

Express v5.0.0

🎉 Express v5 is finally here! 🎉

After years of development, the long-awaited Express v5 has been officially released. This version focuses on simplifying the codebase, improving security, and dropping support for older Node.js versions to enable better performance and maintainability.

For detailed information, please check out the official Express v5 release blog post.

Most relevant details

Major Changes in v5

• Node.js version support: Dropped support for Node.js versions before v18.
• Routing changes: Updated to path-to-regexp@8.x, removing sub-expression regex patterns for security reasons (ReDoS mitigation).
• Promise support: Middleware can now return rejected promises, caught by the router as errors.
• body-parser changes: Several improvements including the ability to customize urlencoded body depth and defaulting extended to false.
• Deprecated API methods removed: Removed old, deprecated API method signatures from Express v3/v4.

For a complete list of breaking changes and API deprecations, see the migration guide.

Security Updates

This release includes important security fixes, including improvements to prevent ReDoS attacks and mitigation for CVE-2024-45590. Full details can be found in the security release notes.

Migration

Be sure to check out our migration guide for instructions on how to update your applications from Express v4 to v5.

Security Guidance

For best practices, we recommend reviewing the Threat Model which outlines Express' approach to securing your applications, including tips for user input validation and other critical aspects.

What's Changed

• 4.19.2 Staging by @wesleytodd in https://github.com/expressjs/express/pull/5561
• remove duplicate location test for data uri by @wesleytodd in https://github.com/expressjs/express/pull/5562
• feat: document beta releases expectations by @marco-ippolito in https://github.com/expressjs/express/pull/5565
• Cut down on duplicated CI runs by @jonchurch in https://github.com/expressjs/express/pull/5564
• Add a Threat Model by @UlisesGascon in https://github.com/expressjs/express/pull/5526
• Assign captain of encodeurl by @blakeembrey in https://github.com/expressjs/express/pull/5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in https://github.com/expressjs/express/pull/5587
• docs: update Security.md by @inigomarquinez in https://github.com/expressjs/express/pull/5590
• docs: update triage nomination policy by @UlisesGascon in https://github.com/expressjs/express/pull/5600
• Add CodeQL (SAST) by @UlisesGascon in https://github.com/expressjs/express/pull/5433
• docs: add UlisesGascon as triage initiative captain by @UlisesGascon in https://github.com/expressjs/express/pull/5605
• Use object with null prototype for various app properties by @EvanHahn in https://github.com/expressjs/express/pull/4861
• deps: encodeurl@~2.0.0 by @blakeembrey in https://github.com/expressjs/express/pull/5569
• skip QUERY method test by @jonchurch in https://github.com/expressjs/express/pull/5628
• ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in https://github.com/expressjs/express/pull/5639
• add support Node.js@22 in the CI by @mertcanaltin in https://github.com/expressjs/express/pull/5627
• doc: add table of contents, tc/triager lists to readme by @mertcanaltin in https://github.com/expressjs/express/pull/5619
• List and sort all projects, add captains by @blakeembrey in https://github.com/expressjs/express/pull/5653
• Call callback once on listen error by @wesleytodd in https://github.com/expressjs/express/pull/3216
• docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in https://github.com/expressjs/express/pull/5666
• ✨ bring back query tests for node 21 by @ctcpip in https://github.com/expressjs/express/pull/5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in https://github.com/expressjs/express/pull/5672
• skip QUERY tests for Node 21 only, still not supported by @jonchurch in https://github.com/expressjs/express/pull/5695
• 📝 update people, add ctcpip to TC by @ctcpip in https://github.com/expressjs/express/pull/5683
• remove minor version pinning from ci by @jonchurch in https://github.com/expressjs/express/pull/5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in https://github.com/expressjs/express/pull/5762
• Replace Appveyor windows testing with GHA by @jonchurch in https://github.com/expressjs/express/pull/5599
• Add OSSF Scorecard badge by @UlisesGascon in https://github.com/expressjs/express/pull/5436
• Throw on invalid status codes by @jonchurch in https://github.com/expressjs/express/pull/4212
• Use Array.flat instead of array-flatten by @almic in https://github.com/expressjs/express/pull/5677
• Adopt Node@18 as the minimum supported version by @UlisesGascon in https://github.com/expressjs/express/pull/5803
• Ignore expires and maxAge in res.clearCookie() by @jonchurch in https://github.com/expressjs/express/pull/5792
• send@1.0.0 by @wesleytodd in https://github.com/expressjs/express/pull/5786
• chore: upgrade debug dep from 3.10 to 4.3.6 by @carpasse in https://github.com/expressjs/express/pull/5829
• refactor: replace 'path-is-absolute' dep with node:path isAbsolute method by @carpasse in https://github.com/expressjs/express/pull/5830
• update scorecard link by @bjohansebas in https://github.com/expressjs/express/pull/5814
• Nominate @IamLizu to the triage team by @UlisesGascon in https://github.com/expressjs/express/pull/5836
• deps: path-to-regexp@0.1.8 by @blakeembrey in https://github.com/expressjs/express/pull/5603
• docs: specify new instructions for question and discuss by @IamLizu in https://github.com/expressjs/express/pull/5835
• 5.x: Upgrading merge-descriptors with allowing minors by @RobinTail in https://github.com/expressjs/express/pull/5782
• 4.x: Upgrade merge-descriptors dependency by @RobinTail in https://github.com/expressjs/express/pull/5781
• WIP: serve-static@2 by @wesleytodd in https://github.com/expressjs/express/pull/5790
• chore: upgrade qs dp from 6.11.0 to 6.13.0 by @carpasse in https://github.com/expressjs/express/pull/5847
• Upgrade cookie signature by @IamLizu in https://github.com/expressjs/express/pull/5833
• accepts@2 by @wesleytodd in https://github.com/expressjs/express/pull/5881
• mime-types@3 by @wesleytodd in https://github.com/expressjs/express/pull/5882
• type-is@^2.0.0 by @wesleytodd in https://github.com/expressjs/express/pull/5883
• content-disposition@^1.0.0 by @wesleytodd in https://github.com/expressjs/express/pull/5884
• fix(deps): finalhandler@^2.0.0 by @wesleytodd in https://github.com/expressjs/express/pull/5899
• path-to-regexp@0.1.10 by @blakeembrey in https://github.com/expressjs/express/pull/5902
• update to fresh@^2.0.0 by @jonchurch in https://github.com/expressjs/express/pull/5916
• router@^2.0.0 by @wesleytodd in https://github.com/expressjs/express/pull/5885
• Adopt Node@18 as the minimum supported version by @UlisesGascon in https://github.com/expressjs/express/pull/5595
• master -> 5.0 by @ctcpip in https://github.com/expressjs/express/pull/5785
• 🔧 update CI, remove unsupported versions, clean up by @ctcpip in https://github.com/expressjs/express/pull/5931
• Delete back as a magic string by @blakeembrey in https://github.com/expressjs/express/pull/5933
• Release 5.0 by @dougwilson in https://github.com/expressjs/express/pull/2237

New Contributors

• @marco-ippolito made their first contribution in https://github.com/expressjs/express/pull/5565
• @inigomarquinez made their first contribution in https://github.com/expressjs/express/pull/5590
• @mertcanaltin made their first contribution in https://github.com/expressjs/express/pull/5627
• @ctcpip made their first contribution in https://github.com/expressjs/express/pull/5690
• @IamLizu made their first contribution in https://github.com/expressjs/express/pull/5762
• @almic made their first contribution in https://github.com/expressjs/express/pull/5677
• @carpasse made their first contribution in https://github.com/expressjs/express/pull/5829
• @bjohansebas made their first contribution in https://github.com/expressjs/express/pull/5814
• @RobinTail made their first contribution in https://github.com/expressjs/express/pull/5782

Full Changelog: https://github.com/expressjs/express/compare/v5.0.0-beta.3...v5.0.0

4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @UlisesGascon in https://github.com/expressjs/express/pull/6934

Full Changelog: https://github.com/expressjs/express/compare/4.22.0...v4.22.1