Skip to content

feat: add deprecation warnings for invalid sendStatus parameters to prepare for Express v6 #6774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add deprecation warnings for invalid sendStatus parameters to prepare for Express v6 #6774

wants to merge 1 commit into from

Conversation

Vedant224
Copy link

Summary

Implements deprecation warnings for invalid status codes passed to res.sendStatus(), as recommended by maintainers. This provides a smooth migration path from the current throwing behavior to stricter validation planned for Express 6.

Background

Previously, res.sendStatus() threw a TypeError for non-number inputs. This PR introduces deprecation warnings for such inputs in Express 5, maintaining backward compatibility while preparing for Express 6, where these inputs will throw errors.

Changes Made

  • Deprecation Warning: Emits warnings for non-number status codes using Express's depd module
  • Graceful Fallback: Invalid inputs now return status 500 instead of throwing
  • Express 6 Migration Path: Warning messages clearly state that errors will be thrown in Express 6
  • Comprehensive Tests: Added test cases for undefined, BigInt, and string inputs
  • Safe Serialization: Uses String() to safely convert invalid values in warnings

Backward Compatibility

  • No breaking changes; existing valid code continues to work seamlessly
  • Invalid inputs warn instead of causing immediate crashes
  • Provides clear, actionable warnings to help developers fix issues before migrating to Express 6

Test Results

All 1,242 tests pass, including the new comprehensive sendStatus test coverage validating fallback behavior and deprecation logic.

Implementation Details

  • Uses Express's standard depd deprecation system consistent with other Express warnings
  • Follows established Express patterns and error messaging
  • Provides clear, actionable warning messages for maintainers and users

@Vedant224
feat: add deprecation warnings for invalid sendStatus parameters
e9ff09f 
- Add deprecation warning for non-number status codes in res.sendStatus()
- Fallback to status 500 for invalid inputs to maintain backward compatibility
- Prepare for stricter validation in Express 6
- Add comprehensive tests for deprecation behavior
- Support for undefined, BigInt, and string inputs with graceful fallback

Fixes issue with uncaught TypeError when BigInt values are passed to sendStatus()
while maintaining backward compatibility through deprecation warnings.

Signed-off-by: vedant <[email protected]>
@Vedant224 Vedant224 changed the base branch from master to 5.x September 18, 2025 12:15
@Vedant224 Vedant224 closed this Sep 18, 2025
@Vedant224 Vedant224 reopened this Sep 18, 2025
@Vedant224 Vedant224 changed the base branch from 5.x to master September 18, 2025 12:21
@socket-security Socket Security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedmorgan@​1.10.0 ⏵ 1.10.19910010081 -2100
Updatedcookie-session@​2.1.0 ⏵ 2.1.1100100100 +184 -1100

View full report

@Vedant224 Vedant224 changed the base branch from master to 5.x September 18, 2025 12:33
@Vedant224 Vedant224 changed the base branch from 5.x to master September 18, 2025 12:33
shivarm
shivarm reviewed Sep 18, 2025
View reviewed changes
lib/response.js

// Emit deprecation warning for invalid status codes
if (typeof statusCode !== 'number') {
deprecate('Invalid status code: ' + String(statusCode) + '. Status code must be a number. This will throw an error in Express 6.');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
deprecate('Invalid status code: ' + String(statusCode) + '. Status code must be a number. This will throw an error in Express 6.');
deprecate('statusCode must be a valid number to res.sendStatus.');

I think keep it simple and only idea is just show deprecation warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@shivarm shivarm shivarm left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Vedant224 @shivarm