Skip to content

v29 is for Angie Zapata#3469

Draft
RobinTail wants to merge 36 commits into
masterfrom
make-v29
Draft

v29 is for Angie Zapata#3469
RobinTail wants to merge 36 commits into
masterfrom
make-v29

Conversation

@RobinTail

@RobinTail RobinTail commented Jun 16, 2026

Copy link
Copy Markdown
Owner
Angie Zapata

Angie Zapata was an 18-year-young transgender woman living in Greeley, Colorado. Those who knew her described her as a vibrant, kind-hearted teenager with a passion for beauty and fashion. She dreamed of attending cosmetology school and living her life authentically. Like many transgender youth, Angie faced severe systemic hurdles, including financial strain and intense loneliness. Despite these vulnerabilities, she remained determined to build a bright future for herself.

In July 2008, Angie met a man named Allen Andrade online. After spending several days together, he discovered that Angie was transgender. Rather than walking away, he chose brutal violence. He attacked Angie, beating her to death with a fire extinguisher inside her own apartment. He later showed a complete lack of remorse. He used derogatory slurs to describe her and proudly told investigators that he thought he had "killed it."

Angie's murder highlights the extreme vulnerability faced by transgender individuals, who are disproportionately targeted by severe violence.

  • Targeting the Vulnerable: Perpetrators frequently prey on young transgender women because societal marginalization often leaves them with fewer safety networks.
  • Dehumanization: The killer's defense attempted to use the "trans panic" defense, trying to excuse a brutal murder by blaming the victim's identity.
  • A Stolen Future: An innocent teenager lost her life simply for existing as her authentic self.

Angie’s family refused to let her story be silenced. They fought for her dignity in a historic trial. In 2009, a Colorado jury convicted the killer of first-degree murder and a hate crime. This marked the very first time in United States history that a prosecutor secured a hate-crime conviction involving a transgender victim. While the verdict brought legal justice, it remains a solemn reminder of the urgent need to protect transgender individuals from senseless prejudice.


@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 45c7d56f-b19d-4450-9179-0aa8248121ed

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch make-v29

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coveralls-official

coveralls-official Bot commented Jun 16, 2026

Copy link
Copy Markdown

Coverage Status

coverage: 100.0%. remained the same — make-v29 into master

@RobinTail RobinTail added this to the v29 milestone Jun 16, 2026
@RobinTail RobinTail added dependencies Pull requests that update a dependency file CI/CD breaking Backward incompatible changes patched Some dependency is patched labels Jun 16, 2026
Thanks to #3465 
This should simplify daily routines for beginners.

## Tradeoffs 

- Removed `Promise` from `ServerHook` type => `beforeRouting` and
`afterRouting` become sync
- No further async features to `createServer`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Updated code examples to show synchronous server initialization
without `await`

* **Refactor**
* Server creation function is now fully synchronous; remove `await` when
invoking it
  * Server lifecycle hooks execute synchronously during initialization

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@RobinTail RobinTail added documentation Improvements or additions to documentation enhancement New feature or request labels Jun 16, 2026
@RobinTail RobinTail mentioned this pull request Jun 20, 2026
# Supporting HTTP QUERY Method in express-zod-api

## Background: What Is HTTP QUERY?

The HTTP QUERY method is defined in **RFC 10008** (published June 2026,
Standards Track). In essence, QUERY is like GET but with a body. It is a
**safe and idempotent** request method that can carry request content —
a combination of properties that no existing standard HTTP method fully
satisfies.

QUERY requests that the target resource process the enclosed content
(the query) and respond with the result, without changing resource
state. The server uses the `Content-Type` to determine how to interpret
the body, and clients can discover QUERY support via the `Accept-Query`
response header.

**Key properties:**

| Property | QUERY | GET | POST |
|---|---|---|---|
| Safe | Yes | Yes | No |
| Idempotent | Yes | Yes | No |
| Can have body | Yes | No | Yes |
| Cacheable | Yes | Yes | With care |
| Request content in URI | Not required | Required | Not required |

## Why Use QUERY When GET and POST Already Exist?

### Problems with GET for queries

GET encodes the entire query in the URI. This has several drawbacks:

- **URI size limits** — many implementations (servers, proxies, CDNs)
cap URIs at ~8 KB, making complex queries impossible.
- **Encoding overhead** — binary data, complex filters, or structured
query languages must be URI-encoded, inflating size and reducing
readability.
- **Exposure** — URIs are more likely to be logged by intermediaries and
bookmarked by users, potentially leaking query details.

### Problems with POST for queries

POST is neither safe nor idempotent. Using it for queries means:

- **No safe retries** — intermediaries and clients cannot automatically
retry a POST on network failure, because the request might have mutated
state.
- **No caching** — POST responses are not cacheable by default, so
repeated identical queries cannot be served from a cache.
- **Semantic mismatch** — POST implies creation or mutation; using it
for read-only queries confuses tooling, monitoring, and human readers.

### How QUERY bridges the gap

QUERY is semantically a read operation (safe, idempotent, cacheable) but
with body support like POST. This makes it the natural choice for:

- Complex search/filter APIs (GraphQL, Elasticsearch, SQL-over-HTTP)
- APIs with large or structured query payloads
- Any read operation where the query exceeds URI size limits
- Safe operations that need content negotiation via `Content-Type`

## What Would It Take to Add QUERY Support?

### Current state

- **Node.js** (22.19+, 24.x, 26.x) already has `QUERY` in `http.METHODS`
— the parser accepts it.
- **Express 5.1.x** at runtime handles QUERY correctly via its
Layer-based routing — Express does not restrict which methods can be
routed.
- **Express types** (`@types/express-serve-static-core`) do not list
`query` on `IRouter`. This is a deliberate policy: Express adds type
entries only when the IETF method reaches sufficient maturity. (For
reference, Express also does not type `"query"` despite it being the
`?key=val` part of a URL — the name collision is coincidental.)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added support for the HTTP **QUERY** method (RFC 10008), including
typed client/endpoints and default input handling (query, body, and path
params).
* Documentation improvements for OpenAPI **3.2.0** (including SSE schema
handling) and enhanced security depiction (OAuth2 device authorization).
* **Bug Fixes**
* Improved routing initialization to validate **QUERY** registration and
raise clearer errors when unsupported.
* **Documentation**
* Updated generated docs/snapshots and example payload structure
(`value` → `dataValue`), and adjusted documentation constructor inputs
to `info` + `server`.
* **Tests**
* Expanded coverage for **QUERY** routing, extraction, typing, and
documentation output.
* **Chores**
* Updated server startup lifecycle to treat hooks as synchronous, and
removed the deprecated `Integration.create()` factory.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
RobinTail and others added 11 commits July 1, 2026 07:54
1. Related to #3479 
2. Restores #1733 
3. Partially reverts #1741 to support both JSON and more conventional
URL-encoded body types for QUERY method
4. Splits CORS to maintain handling for the issue #2706 
5. Changes the type of the `cors` config option (breaking) to support
RequestHandler, such as a middleware provided by the well-known `cors`
library
6. Featuring `beforeParsers` hook, while `beforeRouting` remains exactly
before calling `initRouting()`

---------

Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com>
# Conflicts:
#	.pnpmfile.mjs
#	pnpm-lock.yaml
@RobinTail RobinTail changed the title Next: v29 v29 is for Angie Zapata Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

breaking Backward incompatible changes CI/CD dedication dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation enhancement New feature or request patched Some dependency is patched

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant