chore(deps): bump the npm_and_yarn group across 1 directory with 32 updates #4

dependabot · 2025-02-14T19:02:10Z

Bumps the npm_and_yarn group with 25 updates in the / directory:

Package	From	To
dompurify	`2.3.1`	`3.2.4`
got	`11.8.2`	`11.8.5`
@babel/traverse	`7.12.10`	`7.26.9`
async	`2.6.3`	`2.6.4`
body-parser	`1.19.0`	`1.20.3`
express	`4.17.1`	`4.21.2`
browserify-sign	`4.2.1`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
eventsource	`1.0.7`	`1.1.2`
follow-redirects	`1.14.8`	`1.15.9`
ini	`1.3.5`	`1.3.8`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
minimist	`1.2.5`	`1.2.8`
node-forge	`0.10.0`	`1.3.1`
webpack-dev-server	`3.11.0`	`5.2.0`
postcss	`7.0.36`	`8.5.2`
css-loader	`3.6.0`	`7.1.2`
optimize-css-assets-webpack-plugin	`5.0.4`	`6.0.1`
qs	`6.5.2`	`6.13.0`
socket.io	`4.4.1`	`4.8.1`
taffydb	`2.6.2`	`removed`
jsdoc	`3.6.6`	`4.0.4`
webpack-dev-middleware	`3.7.3`	`removed`
karma-webpack	`4.0.2`	`5.0.1`

Updates dompurify from 2.3.1 to 3.2.4

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.4

Fixed a conditional and config dependent mXSS-style bypass reported by @nsysean

Added a new feature to allow specific hook removal, thanks @davecardwell

Added purify.js and purify.min.js to exports, thanks @Aetherinox

Added better logic in case no window object is president, thanks @yehuya

Updated some dependencies called out by dependabot

Updated license files etc to show the correct year

DOMPurify 3.2.3

Fixed two conditional sanitizer bypasses discovered by @parrot409 and @Slonser

Updated the attribute clobbering checks to prevent future bypasses, thanks @parrot409

DOMPurify 3.2.2

Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @yaniv-git

Fixed several minor issues with the type definitions, thanks again @reduckted

Fixed a minor issue with the types reference for trusted types, thanks @reduckted

Fixed a minor problem with the template detection regex on some systems, thanks @svdb99

DOMPurify 3.2.1

Fixed several minor issues with the type definitions, thanks @reduckted @ghiscoding @asamuzaK @MiniDigger

Fixed an issue with non-minified dist files and order of imports, thanks @reduckted

DOMPurify 3.2.0

Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others

Fixed a minor issue with the handling of hooks, thanks @kevin-mizu

DOMPurify 3.1.7

Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa

Fixed several smaller typos in documentation and test & build files, thanks @christianhg

Added better support for Angular compiler, thanks @jeroen1602

Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua

Removed the foreignObject element from the list of HTML entry-points, thanks @masatokinugawa

Bumped several dependencies to be more up to date

DOMPurify 3.1.6

Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu

Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar

Fixed a minor problem with the bower file pointing to the wrong dist path

Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua

Updated several development dependencies

DOMPurify 3.1.5

Fixed a minor issue with the dist paths in bower.js, thanks @HakumenNC

Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho

DOMPurify 3.1.4

Fixed an issue with the recently implemented isNaN checks, thanks @tulach

Added several new popover attributes to allow-list, thanks @Gigabyte5671

Fixed the tests and adjusted the test runner to cover all branches

... (truncated)

Commits

ec29e65 Merge pull request #1062 from cure53/main
1c1b183 chore: Preparing 3.2.4 release
d18ffcb fix: Changed the template literal regex to avoid a config-dependent bypass
0d64d2b Merge pull request #1060 from yehuya/initializeTestImprovements
9ad7933 tests: DOMPurify custom window tests improvements
72760ca Merge pull request #1059 from yehuya/fixMissingWindowElement
bc72d44 Fix tests
363a89d fix: handle undefined Element in DOMPurify initialization
f41b45d Update LICENSE
b25bf26 Update README.md
Additional commits viewable in compare view

Updates got from 11.8.2 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

Backport security fix sindresorhus/got@861ccd9

CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

Bump cacheable-request dependency (#1921) 9463bb6

Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

Commits

5e17bb7 11.8.5
bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
8ced192 Fix build
670eb04 11.8.4
20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
0da732f 11.8.3
9463bb6 Bump cacheable-request dependency (#1921)
0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
See full diff in compare view

Updates @babel/traverse from 7.12.10 to 7.26.9

Release notes

Sourced from @babel/traverse's releases.

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types

#17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)

babel-core

#17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jamie Kyle (@jamiebuilds-signal)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.26.8 (2025-02-08)

🏠 Internal

babel-preset-env

#17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7 (2025-01-24)

Thanks @branchseer and @tquetano-netflix for your first PRs!

🐛 Bug Fix

babel-helpers, babel-preset-env, babel-runtime-corejs3

#17086 Make "object without properties" helpers ES6-compatible (@tquetano-netflix)

babel-plugin-transform-typeof-symbol

#17085 fix: Correctly handle typeof in arrow functions (@liuxingbaoyu)

babel-parser

#17079 Respect ranges option in estree method value (@JLHwung)

babel-core

#17052 Do not try to parse .ts configs as JSON if natively supported (@nicolo-ribaudo)

babel-plugin-transform-typescript

#17050 fix: correctly resolve references to non-constant enum members (@branchseer)

babel-plugin-transform-typescript, babel-traverse, babel-types

#17025 fix: Remove type-only import x = y.z (@liuxingbaoyu)

Committers: 6

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Tony Quetano (@tquetano-netflix)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types

#17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)

babel-core

#17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

babel-helpers, babel-preset-env, babel-runtime-corejs3

#17086 Make "object without properties" helpers ES6-compatible (@tquetano-netflix)

babel-plugin-transform-typeof-symbol

#17085 fix: Correctly handle typeof in arrow functions (@liuxingbaoyu)

babel-parser

#17079 Respect ranges option in estree method value (@JLHwung)

babel-core

#17052 Do not try to parse .ts configs as JSON if natively supported (@nicolo-ribaudo)

babel-plugin-transform-typescript

#17050 fix: correctly resolve references to non-constant enum members (@branchseer)

babel-plugin-transform-typescript, babel-traverse, babel-types

#17025 fix: Remove type-only import x = y.z (@liuxingbaoyu)

v7.26.6 (2025-01-13)

🐛 Bug Fix

babel-plugin-transform-nullish-coalescing-operator

#17061 fix: Chaining nullish coalescing operators output size regression (@liuxingbaoyu)

v7.26.5 (2025-01-10)

👓 Spec Compliance

babel-parser

#17011 Allow the dynamic import.defer() form of import defer (@babel-bot)

🐛 Bug Fix

babel-plugin-transform-block-scoped-functions

#17024 chore: Avoid calling isInStrictMode in Babel 7 (@liuxingbaoyu)

babel-plugin-transform-typescript

#17026 fix: Correctly generate exported const enums in namespace (@liuxingbaoyu)

babel-parser

#17045 [estree] Unify method type parameters handling (@JLHwung)

#17013 fix: Correctly set position for @(a.b)() (@liuxingbaoyu)

#16996 [estree] Adjust the start loc of class methods with type params (@nicolo-ribaudo)

babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types

... (truncated)

Commits

64bca7b v7.26.9
4cf5c9e [babel 8] Use @babel/types for parser's return type (#17117)
5315446 [babel 8] Remove babel 7-specific imports (#17111)
0593941 v7.26.8
e02b0ff [Babel 8] Create TSTemplateLiteralType (#17066)
2d95140 v7.26.7
ad572fd fix: Remove type-only import x = y.z (#17025)
74181cf v7.26.5
d35794e [Babel 8] Create TSEnumBody for TSEnumDeclaration (#16979)
cd24cc0 chore: Update TS 5.7 (#17053)
Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1

deps: [email protected]

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1 / 2022-10-06

deps: [email protected]

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.19.2 / 2022-02-15

deps: [email protected]

deps: [email protected]

Fix handling of __proto__ keys

deps: [email protected]

deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cookie from 0.4.0 to 0.4.2

Release notes

Sourced from cookie's releases.

0.4.2

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

0.4.1

Fix maxAge option to reject invalid values

Changelog

Sourced from cookie's changelog.

0.4.2 / 2022-02-02

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

0.4.1 / 2020-04-21

Fix maxAge option to reject invalid values

Commits

55bac40 0.4.2
519feb5 build: [email protected]
fadc4bc build: [email protected]
009b3cb pref: read value only when assigning in parse
04be428 lint: remove deprecated String.prototype.substr
2dc6662 bench: preserve decode behavior for top cookies
aa1a335 pref: remove unnecessary regexp in parse
2bcee5a bench: add cookies from top 20 sites
4f08c95 docs: update benchmark
f056356 build: [email protected]
Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
Additional commits viewable in compare view

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2 (2022-06-08)

Features

Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1 (2022-05-11)

Bug Fixes

Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0 (2021-03-18)

Features

Improve performance for large messages across many chunks (#130 Trent Willis)

Add createConnection option for http or https requests (#120 Vasily Lavrov)

Support HTTP 302 redirects (#116 Ryan Bonte)

Bug Fixes

Prevent sequential errors from attempting multiple reconnections (#125 David Patty)

Add new to correct test (#111 Stéphane Alnet)

Fix reconnections attempts now happen more than once (#136 Icy Fish)

Commits

0a8b85b 1.1.2
f99ae66 docs: update history for 1.1.2
06c9721 chore: rebuild polyfill
9494642 fix: inline origin resolution, drop original dependency (#281)
aa7a408 1.1.1
56d489e chore: rebuild polyfill
4a951e5 docs: update history for 1.1.1
f9f6416 fix: strip sensitive headers on redirect to different origin
9dd0687 1.1.0
49497ba Update history for 1.1.0 (#146)
Additional commits viewable in compare view

Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in

…pdates Bumps the npm_and_yarn group with 25 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `2.3.1` | `3.2.4` | | [got](https://github.com/sindresorhus/got) | `11.8.2` | `11.8.5` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.10` | `7.26.9` | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.2` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [eventsource](https://github.com/EventSource/eventsource) | `1.0.7` | `1.1.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.15.9` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.11.0` | `5.2.0` | | [postcss](https://github.com/postcss/postcss) | `7.0.36` | `8.5.2` | | [css-loader](https://github.com/webpack-contrib/css-loader) | `3.6.0` | `7.1.2` | | [optimize-css-assets-webpack-plugin](https://github.com/NMFR/optimize-css-assets-webpack-plugin) | `5.0.4` | `6.0.1` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.13.0` | | [socket.io](https://github.com/socketio/socket.io) | `4.4.1` | `4.8.1` | | [taffydb](https://github.com/typicaljoe/taffydb) | `2.6.2` | `removed` | | [jsdoc](https://github.com/jsdoc/jsdoc) | `3.6.6` | `4.0.4` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `3.7.3` | `removed` | | [karma-webpack](https://github.com/webpack-contrib/karma-webpack) | `4.0.2` | `5.0.1` | Updates `dompurify` from 2.3.1 to 3.2.4 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@2.3.1...3.2.4) Updates `got` from 11.8.2 to 11.8.5 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.2...v11.8.5) Updates `@babel/traverse` from 7.12.10 to 7.26.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.9/packages/babel-traverse) Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `express` from 4.17.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.17.1...4.21.2) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `cookie` from 0.4.0 to 0.4.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Changelog](https://github.com/jshttp/cookie/blob/v0.4.2/HISTORY.md) - [Commits](jshttp/cookie@v0.4.0...v0.4.2) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `eventsource` from 1.0.7 to 1.1.2 - [Release notes](https://github.com/EventSource/eventsource/releases) - [Changelog](https://github.com/EventSource/eventsource/blob/main/CHANGELOG.md) - [Commits](EventSource/eventsource@v1.0.7...v1.1.2) Updates `express` from 4.17.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.17.1...4.21.2) Updates `follow-redirects` from 1.14.8 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.9) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `node-forge` from 0.10.0 to 1.3.1 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@0.10.0...v1.3.1) Updates `webpack-dev-server` from 3.11.0 to 5.2.0 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v5.2.0) Updates `postcss` from 7.0.36 to 8.5.2 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.36...8.5.2) Updates `css-loader` from 3.6.0 to 7.1.2 - [Release notes](https://github.com/webpack-contrib/css-loader/releases) - [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md) - [Commits](webpack-contrib/css-loader@v3.6.0...v7.1.2) Updates `optimize-css-assets-webpack-plugin` from 5.0.4 to 6.0.1 - [Commits](NMFR/optimize-css-assets-webpack-plugin@v5.0.4...v6.0.1) Updates `qs` from 6.5.2 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.13.0) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `socket.io` from 4.4.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]) Updates `socket.io-parser` from 4.0.4 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.0.4...4.2.4) Removes `taffydb` Updates `jsdoc` from 3.6.6 to 4.0.4 - [Release notes](https://github.com/jsdoc/jsdoc/releases) - [Changelog](https://github.com/jsdoc/jsdoc/blob/4.0.4/CHANGES.md) - [Commits](jsdoc/jsdoc@3.6.6...4.0.4) Updates `underscore` from 1.10.2 to 1.13.7 - [Commits](jashkenas/underscore@1.10.2...1.13.7) Removes `webpack-dev-middleware` Updates `karma-webpack` from 4.0.2 to 5.0.1 - [Release notes](https://github.com/webpack-contrib/karma-webpack/releases) - [Changelog](https://github.com/codymikol/karma-webpack/blob/master/CHANGELOG.md) - [Commits](codymikol/karma-webpack@v4.0.2...v5.0.1) Updates `ws` from 6.2.2 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@6.2.2...8.17.1) --- updated-dependencies: - dependency-name: dompurify dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eventsource dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: css-loader dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: optimize-css-assets-webpack-plugin dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: taffydb dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsdoc dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: underscore dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: karma-webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 32 updates #4

chore(deps): bump the npm_and_yarn group across 1 directory with 32 updates #4

dependabot bot commented on behalf of github Feb 14, 2025

chore(deps): bump the npm_and_yarn group across 1 directory with 32 updates #4

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 32 updates #4

Conversation

dependabot bot commented on behalf of github Feb 14, 2025

DOMPurify 3.2.4

DOMPurify 3.2.3

DOMPurify 3.2.2

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

DOMPurify 3.1.6

DOMPurify 3.1.5

DOMPurify 3.1.4

v11.8.5

v11.8.3

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

Committers: 5

v7.26.8 (2025-02-08)

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

Committers: 6

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

v7.26.6 (2025-01-13)

🐛 Bug Fix

v7.26.5 (2025-01-10)

👓 Spec Compliance

🐛 Bug Fix

v2.6.4

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

0.4.2

0.4.1

0.4.2 / 2022-02-02

0.4.1 / 2020-04-21

v0.2.2

v0.2.1

1.1.2 (2022-06-08)

Features