Bump the npm_and_yarn group across 1 directory with 46 updates

[dependabot]

Bumps the npm_and_yarn group with 14 updates in the /client directory:

Package	From	To
bootstrap	4.5.2	5.3.3
startbootstrap-agency	6.0.2	7.0.12
chart.js	2.9.3	2.9.4
moment	2.29.0	2.30.1
node-sass	4.14.1	9.0.0
@babel/traverse	7.11.5	7.26.4
json5	1.0.1	1.0.2
loader-utils	1.2.3	2.0.4
react-scripts	3.4.3	5.0.1
decode-uri-component	0.2.0	0.2.2
hosted-git-info	2.8.8	2.8.9
lodash-es	4.17.15	4.17.21
minimatch	3.0.4	3.0.8
path-parse	1.0.6	1.0.7

Updates bootstrap from 4.5.2 to 5.3.3

Release notes

Sourced from bootstrap's releases.

v5.3.3

Highlights

• Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
• Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

Color modes

• Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
• Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
• Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

Miscellaneous

• Allowed <dl>, <dt> and <dd> in the sanitizer.
• Dropped evenly items distribution for modal and offcanvas headers.
• Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
• Fixed the focus box-shadow for the validation stated form controls.
• Fixed the focus ring on focused checked buttons.
• Fixed the product example mobile navbar toggler.
• Changed the RTL processing of carousel control icons.

---

🎨 CSS

• #37508: Use child combinators to avoid inheriting parent accordion's flush styles
• #38719: Fix focus box-shadow for validation stated form-controls
• #38884: fix border-radius on radio-switch
• #39294: Tests: update navbar in visual modal test
• #39373: refactor css: modal and offcanvas header spacing
• #39380: Fix Sass compilation breaking change in v5.3
• #39387: docs: fix typo
• #39411: Optimize the accordion icon
• #39497: Fix a typo
• #39536: Changed RTL processing of carousel control icons
• #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
• #39595: CSS: Fix the focus ring on focused checked buttons

☕️ JavaScript

• #39201: Selector Engine: fix multiple IDs
• #39224: Fix edge case in color-mode.js
• #39376: Allow dl, dt and dd in sanitizer

📖 Docs

• #39200: Typo Fix
• #39214: Doc: use .text-bg-{color} for all badges
• #39246: Docs: fix for example code blocks have unnecessary 30px right-margin

... (truncated)

Commits

• 6e1f75f Release v5.3.3 (#39524)
• 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
• 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
• c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
• c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
• 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
• 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
• 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
• 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
• f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
• Additional commits viewable in compare view

Updates startbootstrap-agency from 6.0.2 to 7.0.12

Commits

• See full diff in compare view

Updates chart.js from 2.9.3 to 2.9.4

Release notes

Sourced from chart.js's releases.

v2.9.4

This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

Bugs Fixed

• #7404 - Preserve prototypes when cloning. Thanks @​iddings
• #7587 - Fix docs for external moment.js. Thanks @​mojoaxel
• #7853 - Fix box recursion when dimensions are NaN. Thanks @​alessandroasm
• #7883 - Fix call stack exception when computing label sizes. Thanks @​silentmatt
• #7918 - Prevent global prototype pollution via the merge helper
• #7920 - Use Object.create(null) as merge target, to prevent prototype pollution

Commits

• 9bd4cf8 Release v2.9.4
• 1d92605 Use Object.create(null) as merge target (#7920)
• dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
• d919188 Bump verison number to v2.9.4
• 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
• 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
• 2493cb5 Use node v12.18.2 on Travis CI (#7864)
• 679ec4a docs: fix rollup external moment (#7587)
• 484f0d1 Preserve object prototypes when cloning (#7404)
• 2df6986 Look for any branch starting with release (#7087) (#7089)
• See full diff in compare view

Updates moment from 2.29.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

• Release Dec 27, 2023
• Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

• Release Dec 26, 2023

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

Commits

• 485d9a7 Build 2.30.1
• e048b09 Bump version to 2.30.1
• f9f2d58 Update changelog for 2.30.1
• a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
• ddd6809 Build 2.30.0
• be64d00 Bump version to 2.30.0
• ad41179 Update changelog for 2.30.0
• 63fe479 [misc] Make code ES6 compatible
• 0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
• 15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
• Additional commits viewable in compare view

Updates node-sass from 4.14.1 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

• Node 20 support by @​nschonni in sass/node-sass#3355

Breaking changes

• Drop support for Node 14 (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

• Fix binaries being partially downloaded by @​xzyfer in sass/node-sass#3313
• Bump node-gyp and nan for node 19 support by @​xzyfer in sass/node-sass#3314
• feat: Node 18 and 19 support and drop Node 17 by @​nschonni in sass/node-sass#3257

Breaking changes

• Drop support for Node 12 (@​nschonni)
• Drop support for Node 17 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 18 (@​nschonni)
• Add support for Node 19 (@​nschonni)
• Replace request with make-fetch-happen (@​CamilleDrapier @​xzyfer, #3193, #3313)

Dependencies

• Bump true-case-path@2.2.1
• Bump node-gyp @​9.0.0
• Bump nan@^2.17.0
• Bump sass-graph@^4.0.1

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

... (truncated)

Commits

• 87f3899 feat: Node 20 support (#3355)
• 06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
• e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
• c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
• ee13eb9 8.0.0
• 98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
• e9bb866 Bump node-gyp and nan for node 19 support (#3314)
• ab7840b Fix binaries being partially downloaded (#3313)
• d595abf 7.0.3
• 3b556c1 7.0.2
• Additional commits viewable in compare view

Updates @babel/traverse from 7.11.5 to 7.26.4

Release notes

Sourced from @​babel/traverse's releases.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

Committers: 6

• Babel Bot (@​babel-bot)
• Dylan Piercey (@​DylanPiercey)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

v7.26.1 (2024-10-25)

🐛 Bug Fix

• babel-parser
  • #16936 fix(parser): offset internal index locations by startIndex (@​DylanPiercey)

v7.26.0 (2024-10-25)

🚀 New Feature

• babel-core, babel-generator, babel-parser, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-preset-env, babel-standalone, babel-types
  • #16850 Enable import attributes parsing by default (@​nicolo-ribaudo)
• babel-core
  • #16862 feat: support async plugin's pre/post (@​timofei-iatsenko)
• babel-compat-data, babel-plugin-proposal-regexp-modifiers, babel-plugin-transform-regexp-modifiers, babel-preset-env, babel-standalone
  • #16692 Add transform-regexp-modifiers to preset-env (@​JLHwung)
• babel-parser
  • #16849 feat: add startIndex parser option (@​DylanPiercey)
• babel-generator, babel-parser, babel-plugin-syntax-flow
  • #16841 Always enable parsing of Flow enums (@​nicolo-ribaudo)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs3

... (truncated)

Commits

• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• ded1571 perf: Improve scope information collection performance (#16923)
• 943bdfe perf: Avoid repeated traversal when creating scope (#16964)
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
• 506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 1.2.3 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

... (truncated)

Commits

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• 5fb5562 chore(release): 2.0.1
• 1069f61 fix: md4 support on Node.js v17 (#193)
• d9f4e23 chore(release): 2.0.0
• 865dc03 refactor: switch to md4 by default (#168)
• Additional commits viewable in compare view

Updates react-scripts from 3.4.3 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Commits

• 19fa58d Publish
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 createRoot (#12220)
• 221e511 Publish
• 5614c87 Add support for Tailwind (#11717)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• c7627ce Update webpack and dev server (#11646)
• 544befe Update package.json (#11597)
• Additional commits viewable in compare view

Updates ansi-html from 0.0.7 to 0.0.9

Commits

• See full diff in compare view

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

• Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
• Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

• Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

v3.2.0

• Fix a bug in Safari related to overwriting func.name
• Remove built-in browserify configuration (#1653)
• Varios doc fixes (#1688, #1703, #1704)

v3.1.1

• Allow redefining name property on wrapped functions.

v3.1.0

• Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
• Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
• Fixed a parsing bug in autoInject with complicated function bodies (#1663)
• Added ES6+ configuration for Browserify bundlers (#1653)
• Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

• Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
• Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table> 

... (truncated)

Commits

• 85fb18f Version 3.2.6
• 8c0c941 Update built files
• 5f756b4 Fix ReDoS (#1980)
• 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
• 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
• 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
• afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
• 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
• 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
• f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
• Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2