chore(deps): bump express from 4.21.2 to 4.22.2 by dependabot[bot] · Pull Request #404 · radix-ng/primitives

dependabot · 2026-06-03T09:43:41Z

Bumps express from 4.21.2 to 4.22.2.

Release notes

v4.22.2

What's Changed

fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)

This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.

deps: qs@~6.15.1

deps: body-parser@~1.20.5

New Contributors

@suuuuuuminnnnnn made their first contribution in expressjs/express#7021

@SAY-5 made their first contribution in expressjs/express#7181

Full Changelog: expressjs/express@v4.22.1...v4.22.2

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)

This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.

deps: qs@~6.15.1

deps: body-parser@~1.20.5

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

Commits

df0abc9 4.22.2
836d366 4.x update qs to 6.15.1, body-parser 1.20.5 (#7224)
8d09bfe fix: restore array parsing for req.query repeated keys (#7181)
d39e8ad deps: body-parser@~1.20.4 (#7021)
efe85d9 deps: qs@^6.14.1 (#6972)
f62378e 📝 add note to history
12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
Additional commits viewable in compare view

vercel · 2026-06-03T09:43:45Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
primitives-storybook	Ready	Preview, Comment	Jun 4, 2026 7:37pm
radix-astro-doc	Ready	Preview, Comment	Jun 4, 2026 7:37pm

Bumps [express](https://github.com/expressjs/express) from 4.21.2 to 4.22.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@4.21.2...v4.22.2) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026

dependabot Bot requested review from artembelik and pimenovoleg as code owners June 3, 2026 09:43

dependabot Bot mentioned this pull request Jun 3, 2026

chore(deps): bump express from 4.21.2 to 4.22.1 #390

Closed

vercel Bot had a problem deploying to Preview – primitives-storybook June 3, 2026 09:43 Failure

vercel Bot deployed to Preview – radix-astro-doc June 3, 2026 09:44 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.2 branch from ef7f29f to b00a390 Compare June 3, 2026 10:02

vercel Bot had a problem deploying to Preview – primitives-storybook June 3, 2026 10:02 Failure

vercel Bot deployed to Preview – radix-astro-doc June 3, 2026 10:03 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.2 branch from b00a390 to 8664736 Compare June 3, 2026 14:33

vercel Bot had a problem deploying to Preview – primitives-storybook June 3, 2026 14:33 Failure

vercel Bot had a problem deploying to Preview – radix-astro-doc June 3, 2026 14:33 Failure

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.2 branch from 8664736 to 9fca340 Compare June 3, 2026 14:41

vercel Bot deployed to Preview – primitives-storybook June 3, 2026 14:42 View deployment

vercel Bot deployed to Preview – radix-astro-doc June 3, 2026 14:43 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.2 branch from 9fca340 to 616bbc2 Compare June 4, 2026 15:18

vercel Bot had a problem deploying to Preview – radix-astro-doc June 4, 2026 15:20 Failure

vercel Bot deployed to Preview – primitives-storybook June 4, 2026 15:20 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/express-4.22.2 branch from 616bbc2 to afb9e8f Compare June 4, 2026 19:36

vercel Bot deployed to Preview – primitives-storybook June 4, 2026 19:37 View deployment

vercel Bot deployed to Preview – radix-astro-doc June 4, 2026 19:37 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump express from 4.21.2 to 4.22.2#404

chore(deps): bump express from 4.21.2 to 4.22.2#404
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/express-4.22.2

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Jun 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.22.2

What's Changed

New Contributors

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.2 / 2026-05-011

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Uh oh!

vercel Bot commented Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

vercel Bot commented Jun 3, 2026 •

edited

Loading