Bump the npm_and_yarn group across 1 directory with 27 updates#2
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 27 updates#2dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [crypto-js](https://github.com/brix/crypto-js) | `4.1.1` | `4.2.0` | | [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.11` | `7.29.7` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.1` | `1.20.5` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` | | [flatted](https://github.com/WebReflection/flatted) | `3.2.7` | `3.4.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` | | [launch-editor](https://github.com/vitejs/launch-editor) | `2.6.0` | `2.14.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` | | [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.107.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [ws](https://github.com/websockets/ws) | `8.14.1` | `8.21.0` | | [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.11` | Updates `crypto-js` from 4.1.1 to 4.2.0 - [Commits](brix/crypto-js@4.1.1...4.2.0) Updates `@babel/plugin-transform-modules-systemjs` from 7.22.11 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) Updates `@babel/traverse` from 7.22.17 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-traverse) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `body-parser` from 1.20.1 to 1.20.5 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.5) Updates `express` from 4.18.2 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@4.18.2...v4.22.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.5.0 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.5.0...v0.7.2) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Changelog](https://github.com/mde/ejs/blob/main/RELEASE_NOTES_v5.md) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `express` from 4.18.2 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@4.18.2...v4.22.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 5.1.6 to 5.1.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.2.7 to 3.4.2 - [Commits](WebReflection/flatted@v3.2.7...v3.4.2) Updates `follow-redirects` from 1.15.2 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.16.0) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `jsonpath` from 1.1.1 to 1.3.0 - [Commits](https://github.com/dchester/jsonpath/commits) Updates `launch-editor` from 2.6.0 to 2.14.1 - [Commits](vitejs/launch-editor@v2.6.0...v2.14.1) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `node-forge` from 1.3.1 to 1.4.0 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.4.0) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `picomatch` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.1...2.3.2) Updates `qs` from 6.11.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.15.2) Updates `rollup` from 2.79.1 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.80.0) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `webpack` from 5.88.2 to 5.107.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.88.2...v5.107.2) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `ws` from 8.14.1 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.1...8.21.0) Updates `ws` from 7.5.9 to 7.5.11 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.14.1...8.21.0) --- updated-dependencies: - dependency-name: crypto-js dependency-version: 4.2.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 5.1.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonpath dependency-version: 1.3.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: launch-editor dependency-version: 2.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.107.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 22 updates in the / directory:
4.1.14.2.07.22.117.29.73.14.13.14.21.20.11.20.54.18.24.22.23.0.23.0.33.1.93.1.103.1.23.1.55.1.65.1.93.2.73.4.21.15.21.16.03.0.13.0.42.0.62.0.91.1.11.3.02.6.02.14.14.17.214.18.11.3.11.4.01.0.21.1.02.3.12.3.22.79.12.80.05.88.25.107.25.3.35.3.48.14.18.21.07.5.97.5.11Updates
crypto-jsfrom 4.1.1 to 4.2.0Commits
808f499Merge branch 'release/4.2.0'd5af3aeUpdate release notes.9496e07Bump version.421dd53Change default hash algorithm and iteration's for PBKDF2 to prevent weak secu...d1f4f4dUpdate grunt.c755289Discontinued1da3dabDiscontinued4dcaa7aMerge pull request #380 from Alanscut/dev762feb2chore: rename BF to Blowfishfb81418feat: blowfish supportUpdates
@babel/plugin-transform-modules-systemjsfrom 7.22.11 to 7.29.7Release notes
Sourced from @babel/plugin-transform-modules-systemjs's releases.
... (truncated)
Commits
4fba754v7.29.7a458f66v7.29.432ebd5a[7.x backport]fix(systemjs): improve module string name support (#17974)aa8394ev7.29.00053db6Update polyfill packages (#17727)61647aev7.28.5a177d55[Babel 8] Uset.traverseFastto replace somepath.traverse(#17518)eebd3a0v7.27.1317e332Enforce node protocol import (#17207)fdc0fb5[Babel 8] Bump nodejs requirements to^20.19.0 || >= 22.12.0(#17204)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/plugin-transform-modules-systemjssince your current version.Updates
@babel/traversefrom 7.22.17 to 7.29.7Release notes
Sourced from @babel/traverse's releases.
... (truncated)
Commits
4fba754v7.29.7aa8394ev7.29.084366a8fix(traverse): provide a hub when traversing a File or Program and no parentP...229eb45[7.x backport] fix: Rename switch discriminant references when body creates s...d7f4008v7.28.6905bc22fix: lint errors in main branch (#17612)a03e2b6fix:path.evaluatecorrectly returnsconfident(#17584)aac2c37chore: Use Gulpfile.mts (#17579)65c4a6b[Babel 8] fix: Improvetraversetypes (#17574)99dcba5chore: enable some ts-eslint rules (#17592)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/traversesince your current version.Updates
js-yamlfrom 3.14.1 to 3.14.2Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)Updates
body-parserfrom 1.20.1 to 1.20.5Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
Commits
0defdberelease(patch): 1.20.5cd0e7a0deps(qs): bump qs to 6.15.16f24d7efix: correct off-by-one error in parameterCount (#716)b849bd5deps: qs@~6.14.1 (#690)2c55e2frefactor(json): simplify strict mode error string construction (#692)7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.
Updates
expressfrom 4.18.2 to 4.22.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
df0abc94.22.2836d3664.xupdate qs to 6.15.1, body-parser 1.20.5 (#7224)8d09bfefix: restore array parsing for req.query repeated keys (#7181)d39e8addeps: body-parser@~1.20.4 (#7021)efe85d9deps: qs@^6.14.1 (#6972)f62378e📝 add note to history12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-51999Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
cookiefrom 0.5.0 to 0.7.2Release notes
Sourced from cookie's releases.
Commits
d19eaa10.7.2bc38ffdFix object assignment ofhasOwnProperty(#177)cf4658f0.7.16a8b8f5Allow leading dot for domain (#174)58015c0Remove more code and perf wins (#172)ab057d60.7.05f02ca8Migrate history to GitHub releasesa5d591cMigrate history to GitHub releases51968f9Skip isNaN9e7ca51perf(parse): cache length, return early (#144)Maintainer changes
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Updates
ejsfrom 3.1.9 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807dVersion 3.1.109ee26ddMocha TDDe469741Basic pollution protection715e950Merge pull request #756 from Jeffrey-mu/maincabe314Include advanced usage examples29b076cAdded header11503c7Merge branch 'main' of github.com:mde/ejs into main7690404Added security banner to READMEf47d7aeUpdate SECURITY.md828cea1Update SECURITY.mdUpdates
expressfrom 4.18.2 to 4.22.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
df0abc94.22.2836d3664.xupdate qs to 6.15.1, body-parser 1.20.5 (#7224)8d09bfefix: restore array parsing for req.query repeated keys (#7181)d39e8addeps: body-parser@~1.20.4 (#7021)efe85d9deps: qs@^6.14.1 (#6972)f62378e📝 add note to history12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-51999Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
minimatchfrom 5.1.6 to 5.1.9Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
flattedfrom 3.2.7 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updates