Add Express 4.18.0 changelog

Author: dougwilson

_data/express.yml

@@ -1 +1 @@
-current_version: "4.17.3"
+current_version: "4.18.0"

_includes/api/en/4x/res-cookie.md

@@ -12,6 +12,7 @@ The `options` parameter is an object that can have the following properties.
 | `httpOnly`  | Boolean | Flags the cookie to be accessible only by the web server.
 | `maxAge`    | Number | Convenient option for setting the expiry time relative to the current time in milliseconds.
 | `path`      | String | Path for the cookie. Defaults to "/".
+| `priority`  | String | Value of the "Priority" **Set-Cookie** attribute.
 | `secure`    | Boolean | Marks the cookie to be used with HTTPS only.
 | `signed`    | Boolean | Indicates if the cookie should be signed.
 | `sameSite`  | Boolean or String | Value of the "SameSite" **Set-Cookie** attribute. More information at [https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1).

_includes/api/en/4x/res-download.md

@@ -2,7 +2,17 @@
 
 Transfers the file at `path` as an "attachment". Typically, browsers will prompt the user for download.
 By default, the `Content-Disposition` header "filename=" parameter is derrived from the `path` argument, but can be overridden with the `filename` parameter.
-If `path` is relative, then it will be based on the current working directory of the process.
+If `path` is relative, then it will be based on the current working directory of the process or
+the `root` option, if provided.
+
+<div class="doc-box doc-warn" markdown="1">
+This API provides access to data on the running file system. Ensure that either (a) the way in
+which the `path` argument was constructed is secure if it contains user input or (b) set the `root`
+option to the absolute path of a directory to contain access within.
+
+When the `root` option is provided, Express will validate that the relative path provided as
+`path` will resolve within the given `root` option.
+</div>
 
 The following table provides details on the `options` parameter.
 
@@ -15,6 +25,7 @@ The optional `options` argument is supported by Express v4.16.0 onwards.
 | Property        | Description                                     | Default     | Availability |
 |-----------------|-------------------------------------------------|-------------|--------------|
 | `maxAge`        | Sets the max-age property of the `Cache-Control` header in milliseconds or a string in [ms format](https://www.npmjs.org/package/ms)| 0 | 4.16+ |
+| `root`          | Root directory for relative filenames.|  | 4.18+ |
 | `lastModified`  | Sets the `Last-Modified` header to the last modified date of the file on the OS. Set `false` to disable it.| Enabled | 4.16+ |
 | `headers`       | Object containing HTTP headers to serve with the file. The header `Content-Disposition` will be overriden by the `filename` argument.|  | 4.16+ |
 | `dotfiles`      | Option for serving dotfiles. Possible values are "allow", "deny", "ignore".| "ignore" | 4.16+ |

en/changelog/4x.md

@@ -8,6 +8,59 @@ redirect_from: "/changelog/4x.html"
 
 # Release Change Log
 
+## 4.18.0 - Release date: 2022-04-25
+{: id="4.18.0"}
+
+The 4.18.0 minor release includes bug fixes and some new features, including:
+
+<ul>
+  <li markdown="1" class="changelog-item">
+  The [`app.get()` method](/{{ page.lang }}/4x/api.html#app.get) and the [`app.set()` method](/{{ page.lang }}/4x/api.html#app.set) now ignores properties directly on `Object.prototype` when getting a setting value.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now accepts a "priority" option to set the Priority attribute on the Set-Cookie response header.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now rejects an Invalid Date object provided as the "expires" option.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now works when `null` or `undefined` is explicitly provided as the "maxAge" argument.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  Starting with this version, Express supports Node.js 18.x.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.download()` method](/{{ page.lang }}/4x/api.html#res.download) now accepts a "root" option to match [`res.sendFile()`](/{{ page.lang }}/4x/api.html#res.sendFile).
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.download()` method](/{{ page.lang }}/4x/api.html#res.download) can be supplied with an `options` object without providing a `filename` argument, simplifying calls when the default `filename` is desired.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.format()` method](/{{ page.lang }}/4x/api.html#res.format) now invokes the provided "default" handler with the same arguments as the type handlers (`req`, `res`, and `next`).
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The [`res.send()` method](/{{ page.lang }}/4x/api.html#res.send) will not attempt to send a response body when the response code is set to 205.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The default error handler will now remove certain response headers that will break the error response rendering, if they were set previously.
+  </li>
+
+  <li markdown="1" class="changelog-item">
+  The status code 425 is now represented as the standard "Too Early" instead of "Unordered Collection".
+  </li>
+</ul>
+
+For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4180--2022-04-25).
+
 ## 4.17.3 - Release date: 2022-02-16
 {: id="4.17.3"}