Skip to content

Update nano v11 #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cesine merged 13 commits into from
Dec 9, 2025
Merged

Update nano v11 #134

cesine merged 13 commits into from
Dec 9, 2025

Conversation

@cesine
Copy link
Member

@cesine cesine commented Dec 8, 2025
edited
Loading

fixes #135

Bumps the default group with 2 updates: express and nano.

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

... (truncated)

Commits

Updates nano from 10.1.4 to 11.0.3

Release notes

Sourced from nano's releases.

11.0.3

  • add missing TypeScript definition for findAsStream

11.0.2

Added headers to TypeScript definition of the object that can be supplied when instantiating Nano.

11.0.1

Fix up response object so that Bun (and Node) users get sensible error messages. Thanks @​digitalextremist

11.0.0

  • Replaces axios with the Node.js's built-in fetch for HTTP requests. 🕸️
  • Replaces nock and jest with Node.js's build in testing framework. 🧪
  • Removes support for callbacks. 📞
  • Nano becomes a zero-dependency library. 👏
  • Desiged for Node.js 20 and above (if you are still running older versions of Node then stick with Nano 10)

The vast majority of the API stays the same but there are some breaking changes. See Nano v10 to v11 Migration Guide.

Some background.

fetch

Originally Nano was built on top of the request library which was later deprecated. At this point I reworked it to use axios instead. This PR eliminates axios and other axios-related dependencies and instead uses the new kid on the block: the fetch API.

The fetch feature has found widespread adoption in web browsers as a means of handling outbound HTTP requests. It has found its way into Node.js as a global function and is marked as an experimental feature in Node 18/19 and is mainstream in Node 20 and beyond.

Node.js's fetch capability is powered by the undici package which is bundled with Node.js and in turn uses Node's low-level network libraries instead of being based on the higher-level http/https built-in modules. It purports to be significantly faster (according to its own benchmarks) than traffic routed through http/https modules, as is the case with other HTTP libraries like axios & request.

Commits

cesine added 8 commits December 8, 2025 15:16
@cesine
update nano
8b67ff8
@cesine
use agentOptions
688da49 
https://github.com/apache/couchdb-nano/blob/main/migration_guide_v10_to_v11.md
@cesine
use options on any path
936545d 
PathError [TypeError]: Missing parameter name at index 1
node_modules/path-to-regexp/dist/index.js:96:19)
@cesine
Revert "use agentOptions"
cd5099a 
This reverts commit 688da49.
@cesine
add indent and trailing spaces
74a4a71
@cesine
fix lint
0d737cc
@cesine
_security update failures using nano
8517cce 
Error: Attachment name '_security' starts with prohibited character '_'
@cesine
fix lint
50b4838
@cesine cesine changed the title Update nano Update nano v11 Dec 9, 2025
@cesine cesine enabled auto-merge December 9, 2025 21:53
@cesine cesine merged commit 4244a73 into main Dec 9, 2025
5 of 7 checks passed
@cesine cesine deleted the update_nano branch December 9, 2025 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cesine