fix(deps): update npm non-major dependencies

This PR contains the following updates:

Package	Change	Type	Update
express (source)	`~4.13.3` -> `~4.18.0`	dependencies	minor
mustache	`~2.2.1` -> `~2.3.0`	dependencies	minor
node	`~4.1.1` -> `~4.9.0`	engines	minor
socket.io	`~2.4.0` -> `~2.5.0`	dependencies	minor

Release Notes

expressjs/express

### [`v4.18.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4182--2022-10-08) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.1...4.18.2) \=================== - Fix regression routing a large stack in a single route - deps: body-parser@1.20.1 - deps: qs@6.11.0 - perf: remove unnecessary object clone - deps: qs@6.11.0 ### [`v4.18.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4181--2022-04-29) [Compare Source](https://togithub.com/expressjs/express/compare/4.18.0...4.18.1) \=================== - Fix hanging on large stack of sync routes ### [`v4.18.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4180--2022-04-25) [Compare Source](https://togithub.com/expressjs/express/compare/4.17.3...4.18.0) \=================== - Add "root" option to `res.download` - Allow `options` without `filename` in `res.download` - Deprecate string and non-integer arguments to `res.status` - Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` - Fix handling very large stacks of sync middleware - Ignore `Object.prototype` values in settings through `app.set`/`app.get` - Invoke `default` with same arguments as types in `res.format` - Support proper 205 responses using `res.send` - Use `http-errors` for `res.format` error - deps: body-parser@1.20.0 - Fix error message for json parse whitespace in `strict` - Fix internal error when inflated body exceeds limit - Prevent loss of async hooks context - Prevent hanging when request already read - deps: depd@2.0.0 - deps: http-errors@2.0.0 - deps: on-finished@2.4.1 - deps: qs@6.10.3 - deps: raw-body@2.5.1 - deps: cookie@0.5.0 - Add `priority` option - Fix `expires` option to reject invalid dates - deps: depd@2.0.0 - Replace internal `eval` usage with `Function` constructor - Use instance methods on `process` to check for listeners - deps: finalhandler@1.2.0 - Remove set content headers that break response - deps: on-finished@2.4.1 - deps: statuses@2.0.1 - deps: on-finished@2.4.1 - Prevent loss of async hooks context - deps: qs@6.10.3 - deps: send@0.18.0 - Fix emitted 416 error missing headers property - Limit the headers removed for 304 response - deps: depd@2.0.0 - deps: destroy@1.2.0 - deps: http-errors@2.0.0 - deps: on-finished@2.4.1 - deps: statuses@2.0.1 - deps: serve-static@1.15.0 - deps: send@0.18.0 - deps: statuses@2.0.1 - Remove code 306 - Rename `425 Unordered Collection` to standard `425 Too Early` ### [`v4.17.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4173--2022-02-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.17.2...4.17.3) \=================== - deps: accepts@~1.3.8 - deps: mime-types@~2.1.34 - deps: negotiator@0.6.3 - deps: body-parser@1.19.2 - deps: bytes@3.1.2 - deps: qs@6.9.7 - deps: raw-body@2.4.3 - deps: cookie@0.4.2 - deps: qs@6.9.7 - Fix handling of `__proto__` keys - pref: remove unnecessary regexp for trust proxy ### [`v4.17.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4172--2021-12-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.17.1...4.17.2) \=================== - Fix handling of `undefined` in `res.jsonp` - Fix handling of `undefined` when `"json escape"` is enabled - Fix incorrect middleware execution with unanchored `RegExp`s - Fix `res.jsonp(obj, status)` deprecation message - Fix typo in `res.is` JSDoc - deps: body-parser@1.19.1 - deps: bytes@3.1.1 - deps: http-errors@1.8.1 - deps: qs@6.9.6 - deps: raw-body@2.4.2 - deps: safe-buffer@5.2.1 - deps: type-is@~1.6.18 - deps: content-disposition@0.5.4 - deps: safe-buffer@5.2.1 - deps: cookie@0.4.1 - Fix `maxAge` option to reject invalid values - deps: proxy-addr@~2.0.7 - Use `req.socket` over deprecated `req.connection` - deps: forwarded@0.2.0 - deps: ipaddr.js@1.9.1 - deps: qs@6.9.6 - deps: safe-buffer@5.2.1 - deps: send@0.17.2 - deps: http-errors@1.8.1 - deps: ms@2.1.3 - pref: ignore empty http tokens - deps: serve-static@1.14.2 - deps: send@0.17.2 - deps: setprototypeof@1.2.0 ### [`v4.17.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4171--2019-05-25) [Compare Source](https://togithub.com/expressjs/express/compare/4.17.0...4.17.1) \=================== - Revert "Improve error message for `null`/`undefined` to `res.status`" ### [`v4.17.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4170--2019-05-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.16.4...4.17.0) \=================== - Add `express.raw` to parse bodies into `Buffer` - Add `express.text` to parse bodies into string - Improve error message for non-strings to `res.sendFile` - Improve error message for `null`/`undefined` to `res.status` - Support multiple hosts in `X-Forwarded-Host` - deps: accepts@~1.3.7 - deps: body-parser@1.19.0 - Add encoding MIK - Add petabyte (`pb`) support - Fix parsing array brackets after index - deps: bytes@3.1.0 - deps: http-errors@1.7.2 - deps: iconv-lite@0.4.24 - deps: qs@6.7.0 - deps: raw-body@2.4.0 - deps: type-is@~1.6.17 - deps: content-disposition@0.5.3 - deps: cookie@0.4.0 - Add `SameSite=None` support - deps: finalhandler@~1.1.2 - Set stricter `Content-Security-Policy` header - deps: parseurl@~1.3.3 - deps: statuses@~1.5.0 - deps: parseurl@~1.3.3 - deps: proxy-addr@~2.0.5 - deps: ipaddr.js@1.9.0 - deps: qs@6.7.0 - Fix parsing array brackets after index - deps: range-parser@~1.2.1 - deps: send@0.17.1 - Set stricter CSP header in redirect & error responses - deps: http-errors@~1.7.2 - deps: mime@1.6.0 - deps: ms@2.1.1 - deps: range-parser@~1.2.1 - deps: statuses@~1.5.0 - perf: remove redundant `path.normalize` call - deps: serve-static@1.14.1 - Set stricter CSP header in redirect response - deps: parseurl@~1.3.3 - deps: send@0.17.1 - deps: setprototypeof@1.1.1 - deps: statuses@~1.5.0 - Add `103 Early Hints` - deps: type-is@~1.6.18 - deps: mime-types@~2.1.24 - perf: prevent internal `throw` on invalid type ### [`v4.16.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4164--2018-10-10) [Compare Source](https://togithub.com/expressjs/express/compare/4.16.3...4.16.4) \=================== - Fix issue where `"Request aborted"` may be logged in `res.sendfile` - Fix JSDoc for `Router` constructor - deps: body-parser@1.18.3 - Fix deprecation warnings on Node.js 10+ - Fix stack trace for strict json parse error - deps: depd@~1.1.2 - deps: http-errors@~1.6.3 - deps: iconv-lite@0.4.23 - deps: qs@6.5.2 - deps: raw-body@2.3.3 - deps: type-is@~1.6.16 - deps: proxy-addr@~2.0.4 - deps: ipaddr.js@1.8.0 - deps: qs@6.5.2 - deps: safe-buffer@5.1.2 ### [`v4.16.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4163--2018-03-12) [Compare Source](https://togithub.com/expressjs/express/compare/4.16.2...4.16.3) \=================== - deps: accepts@~1.3.5 - deps: mime-types@~2.1.18 - deps: depd@~1.1.2 - perf: remove argument reassignment - deps: encodeurl@~1.0.2 - Fix encoding `%` as last character - deps: finalhandler@1.1.1 - Fix 404 output for bad / missing pathnames - deps: encodeurl@~1.0.2 - deps: statuses@~1.4.0 - deps: proxy-addr@~2.0.3 - deps: ipaddr.js@1.6.0 - deps: send@0.16.2 - Fix incorrect end tag in default error & redirects - deps: depd@~1.1.2 - deps: encodeurl@~1.0.2 - deps: statuses@~1.4.0 - deps: serve-static@1.13.2 - Fix incorrect end tag in redirects - deps: encodeurl@~1.0.2 - deps: send@0.16.2 - deps: statuses@~1.4.0 - deps: type-is@~1.6.16 - deps: mime-types@~2.1.18 ### [`v4.16.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4162--2017-10-09) [Compare Source](https://togithub.com/expressjs/express/compare/4.16.1...4.16.2) \=================== - Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set - perf: skip parsing of entire `X-Forwarded-Proto` header ### [`v4.16.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4161--2017-09-29) [Compare Source](https://togithub.com/expressjs/express/compare/4.16.0...4.16.1) \=================== - deps: send@0.16.1 - deps: serve-static@1.13.1 - Fix regression when `root` is incorrectly set to a file - deps: send@0.16.1 ### [`v4.16.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4160--2017-09-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.5...4.16.0) \=================== - Add `"json escape"` setting for `res.json` and `res.jsonp` - Add `express.json` and `express.urlencoded` to parse bodies - Add `options` argument to `res.download` - Improve error message when autoloading invalid view engine - Improve error messages when non-function provided as middleware - Skip `Buffer` encoding when not generating ETag for small response - Use `safe-buffer` for improved Buffer API - deps: accepts@~1.3.4 - deps: mime-types@~2.1.16 - deps: content-type@~1.0.4 - perf: remove argument reassignment - perf: skip parameter parsing when no parameters - deps: etag@~1.8.1 - perf: replace regular expression with substring - deps: finalhandler@1.1.0 - Use `res.headersSent` when available - deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` - deps: proxy-addr@~2.0.2 - Fix trimming leading / trailing OWS in `X-Forwarded-For` - deps: forwarded@~0.1.2 - deps: ipaddr.js@1.5.2 - perf: reduce overhead when no `X-Forwarded-For` header - deps: qs@6.5.1 - Fix parsing & compacting very deep objects - deps: send@0.16.0 - Add 70 new types for file extensions - Add `immutable` option - Fix missing `` in default error & redirects - Set charset as "UTF-8" for .js and .json - Use instance methods on steam to check for listeners - deps: mime@1.4.1 - perf: improve path validation speed - deps: serve-static@1.13.0 - Add 70 new types for file extensions - Add `immutable` option - Set charset as "UTF-8" for .js and .json - deps: send@0.16.0 - deps: setprototypeof@1.1.0 - deps: utils-merge@1.0.1 - deps: vary@~1.1.2 - perf: improve header token parsing speed - perf: re-use options object when generating ETags - perf: remove dead `.charset` set in `res.jsonp` ### [`v4.15.5`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4155--2017-09-24) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.4...4.15.5) \=================== - deps: debug@2.6.9 - deps: finalhandler@~1.0.6 - deps: debug@2.6.9 - deps: parseurl@~1.3.2 - deps: fresh@0.5.2 - Fix handling of modified headers with invalid dates - perf: improve ETag match loop - perf: improve `If-None-Match` token parsing - deps: send@0.15.6 - Fix handling of modified headers with invalid dates - deps: debug@2.6.9 - deps: etag@~1.8.1 - deps: fresh@0.5.2 - perf: improve `If-Match` token parsing - deps: serve-static@1.12.6 - deps: parseurl@~1.3.2 - deps: send@0.15.6 - perf: improve slash collapsing ### [`v4.15.4`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4154--2017-08-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.3...4.15.4) \=================== - deps: debug@2.6.8 - deps: depd@~1.1.1 - Remove unnecessary `Buffer` loading - deps: finalhandler@~1.0.4 - deps: debug@2.6.8 - deps: proxy-addr@~1.1.5 - Fix array argument being altered - deps: ipaddr.js@1.4.0 - deps: qs@6.5.0 - deps: send@0.15.4 - deps: debug@2.6.8 - deps: depd@~1.1.1 - deps: http-errors@~1.6.2 - deps: serve-static@1.12.4 - deps: send@0.15.4 ### [`v4.15.3`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4153--2017-05-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.2...4.15.3) \=================== - Fix error when `res.set` cannot add charset to `Content-Type` - deps: debug@2.6.7 - Fix `DEBUG_MAX_ARRAY_LENGTH` - deps: ms@2.0.0 - deps: finalhandler@~1.0.3 - Fix missing `` in HTML document - deps: debug@2.6.7 - deps: proxy-addr@~1.1.4 - deps: ipaddr.js@1.3.0 - deps: send@0.15.3 - deps: debug@2.6.7 - deps: ms@2.0.0 - deps: serve-static@1.12.3 - deps: send@0.15.3 - deps: type-is@~1.6.15 - deps: mime-types@~2.1.15 - deps: vary@~1.1.1 - perf: hoist regular expression ### [`v4.15.2`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4152--2017-03-06) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.1...4.15.2) \=================== - deps: qs@6.4.0 - Fix regression parsing keys starting with `[` ### [`v4.15.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4151--2017-03-05) [Compare Source](https://togithub.com/expressjs/express/compare/4.15.0...4.15.1) \=================== - deps: send@0.15.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - Fix strict violation in broken environments - deps: serve-static@1.12.1 - Fix issue when `Date.parse` does not return `NaN` on invalid date - deps: send@0.15.1 ### [`v4.15.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4150--2017-03-01) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.1...4.15.0) \=================== - Add debug message when loading view engine - Add `next("router")` to exit from router - Fix case where `router.use` skipped requests routes did not - Remove usage of `res._headers` private field - Improves compatibility with Node.js 8 nightly - Skip routing when `req.url` is not set - Use `%o` in path debug to tell types apart - Use `Object.create` to setup request & response prototypes - Use `setprototypeof` module to replace `__proto__` setting - Use `statuses` instead of `http` module for status messages - deps: debug@2.6.1 - Allow colors in workers - Deprecated `DEBUG_FD` environment variable set to `3` or higher - Fix error when running under React Native - Use same color for same namespace - deps: ms@0.7.2 - deps: etag@~1.8.0 - Use SHA1 instead of MD5 for ETag hashing - Works with FIPS 140-2 OpenSSL configuration - deps: finalhandler@~1.0.0 - Fix exception when `err` cannot be converted to a string - Fully URL-encode the pathname in the 404 - Only include the pathname in the 404 message - Send complete HTML document - Set `Content-Security-Policy: default-src 'self'` header - deps: debug@2.6.1 - deps: fresh@0.5.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - perf: delay reading header values until needed - perf: enable strict mode - perf: hoist regular expressions - perf: remove duplicate conditional - perf: remove unnecessary boolean coercions - perf: skip checking modified time if ETag check failed - perf: skip parsing `If-None-Match` when no `ETag` header - perf: use `Date.parse` instead of `new Date` - deps: qs@6.3.1 - Fix array parsing from skipping empty values - Fix compacting nested arrays - deps: send@0.15.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: debug@2.6.1 - deps: etag@~1.8.0 - deps: fresh@0.5.0 - deps: http-errors@~1.6.1 - deps: serve-static@1.12.0 - Fix false detection of `no-cache` request directive - Fix incorrect result when `If-None-Match` has both `*` and ETags - Fix weak `ETag` matching to match spec - Remove usage of `res._headers` private field - Send complete HTML document in redirect response - Set default CSP header in redirect response - Support `If-Match` and `If-Unmodified-Since` headers - Use `res.getHeaderNames()` when available - Use `res.headersSent` when available - deps: send@0.15.0 - perf: add fast match path for `*` route - perf: improve `req.ips` performance ### [`v4.14.1`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4141--2017-01-28) [Compare Source](https://togithub.com/expressjs/express/compare/4.14.0...4.14.1) \=================== - deps: content-disposition@0.5.2 - deps: finalhandler@0.5.1 - Fix exception when `err.headers` is not an object - deps: statuses@~1.3.1 - perf: hoist regular expressions - perf: remove duplicate validation path - deps: proxy-addr@~1.1.3 - deps: ipaddr.js@1.2.0 - deps: send@0.14.2 - deps: http-errors@~1.5.1 - deps: ms@0.7.2 - deps: statuses@~1.3.1 - deps: serve-static@~1.11.2 - deps: send@0.14.2 - deps: type-is@~1.6.14 - deps: mime-types@~2.1.13 ### [`v4.14.0`](https://togithub.com/expressjs/express/blob/HEAD/History.md#4140--2016-06-16) [Compare Source](https://togithub.com/expressjs/express/compare/4.13.4...4.14.0) \=================== - Add `acceptRanges` option to `res.sendFile`/`res.sendfile` - Add `cacheControl` option to `res.sendFile`/`res.sendfile` - Add `options` argument to `req.range` - Includes the `combine` option - Encode URL in `res.location`/`res.redirect` if not already encoded - Fix some redirect handling in `res.sendFile`/`res.sendfile` - Fix Windows absolute path check using forward slashes - Improve error with invalid arguments to `req.get()` - Improve performance for `res.json`/`res.jsonp` in most cases - Improve `Range` header handling in `res.sendFile`/`res.sendfile` - deps: accepts@~1.3.3 - Fix including type extensions in parameters in `Accept` parsing - Fix parsing `Accept` parameters with quoted equals - Fix parsing `Accept` parameters with quoted semicolons - Many performance improvements - deps: mime-types@~2.1.11 - deps: negotiator@0.6.1 - deps: content-type@~1.0.2 - perf: enable strict mode - deps: cookie@0.3.1 - Add `sameSite` option - Fix cookie `Max-Age` to never be a floating point number - Improve error message when `encode` is not a function - Improve error message when `expires` is not a `Date` - Throw better error for invalid argument to parse - Throw on invalid values provided to `serialize` - perf: enable strict mode - perf: hoist regular expression - perf: use for loop in parse - perf: use string concatenation for serialization - deps: finalhandler@0.5.0 - Change invalid or non-numeric status code to 500 - Overwrite status message to match set status code - Prefer `err.statusCode` if `err.status` is invalid - Set response headers from `err.headers` object - Use `statuses` instead of `http` module for status messages - deps: proxy-addr@~1.1.2 - Fix accepting various invalid netmasks - Fix IPv6-mapped IPv4 validation edge cases - IPv4 netmasks must be contiguous - IPv6 addresses cannot be used as a netmask - deps: ipaddr.js@1.1.1 - deps: qs@6.2.0 - Add `decoder` option in `parse` function - deps: range-parser@~1.2.0 - Add `combine` option to combine overlapping ranges - Fix incorrectly returning -1 when there is at least one valid range - perf: remove internal function - deps: send@0.14.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Correctly inherit from `Stream` class - Fix `Content-Range` header in 416 responses when using `start`/`end` options - Fix `Content-Range` header missing from default 416 responses - Fix redirect error when `path` contains raw non-URL characters - Fix redirect when `path` starts with multiple forward slashes - Ignore non-byte `Range` headers - deps: http-errors@~1.5.0 - deps: range-parser@~1.2.0 - deps: statuses@~1.3.0 - perf: remove argument reassignment - deps: serve-static@~1.11.1 - Add `acceptRanges` option - Add `cacheControl` option - Attempt to combine multiple ranges into single range - Fix redirect error when `req.url` contains raw non-URL characters - Ignore non-byte `Range` headers - Use status code 301 for redirects - deps: send@0.14.1 - deps: type-is@~1.6.13 - Fix type error when given invalid type to match against - deps: mime-types@~2.1.11 - deps: vary@~1.1.0 - Only accept valid field names in the `field` argument - perf: use strict equality when possible

janl/mustache.js

### [`v2.3.2`](https://togithub.com/janl/mustache.js/blob/HEAD/CHANGELOG.md#232--17-August-2018) [Compare Source](https://togithub.com/janl/mustache.js/compare/v2.3.1...v2.3.2) This release is made to revert changes introduced in \[2.3.1] that caused unexpected behaviour for several users. ##### Minor - \[[#670](https://togithub.com/janl/mustache.js/issues/670)]: Rollback template cache causing unexpected behaviour, by \[[@raymond-lam](https://togithub.com/raymond-lam)]. ### [`v2.3.1`](https://togithub.com/janl/mustache.js/blob/HEAD/CHANGELOG.md#231--7-August-2018) [Compare Source](https://togithub.com/janl/mustache.js/compare/v2.3.0...v2.3.1) ##### Minor - \[[#643](https://togithub.com/janl/mustache.js/issues/643)]: `Writer.prototype.parse` to cache by tags in addition to template string, by \[[@raymond-lam](https://togithub.com/raymond-lam)]. - \[[#664](https://togithub.com/janl/mustache.js/issues/664)]: Fix `Writer.prototype.parse` cache, by \[[@seminaoki](https://togithub.com/seminaoki)]. ##### Dev - \[[#666](https://togithub.com/janl/mustache.js/issues/666)]: Install release tools with npm rather than pre-commit hook & `Rakefile`, by \[[@phillipj](https://togithub.com/phillipj)]. - \[[#667](https://togithub.com/janl/mustache.js/issues/667)], \[[#668](https://togithub.com/janl/mustache.js/issues/668)]: Stabilize browser test suite, by \[[@phillipj](https://togithub.com/phillipj)]. ##### Docs - \[[#644](https://togithub.com/janl/mustache.js/issues/644)]: Document global Mustache.escape overriding capacity, by \[[@paultopia](https://togithub.com/paultopia)]. - \[[#657](https://togithub.com/janl/mustache.js/issues/657)]: Correct `Mustache.parse()` return type documentation, by \[[@bbrooks](https://togithub.com/bbrooks)]. ### [`v2.3.0`](https://togithub.com/janl/mustache.js/blob/HEAD/CHANGELOG.md#230--8-November-2016) [Compare Source](https://togithub.com/janl/mustache.js/compare/v2.2.1...v2.3.0) ##### Minor - \[[#540](https://togithub.com/janl/mustache.js/issues/540)]: Add optional `output` argument to mustache CLI, by \[[@wizawu](https://togithub.com/wizawu)]. - \[[#597](https://togithub.com/janl/mustache.js/issues/597)]: Add compatibility with amdclean, by \[[@mightyplow](https://togithub.com/mightyplow)]. ##### Dev - \[[#553](https://togithub.com/janl/mustache.js/issues/553)]: Assert `null` lookup when rendering an unescaped value, by \[[@dasilvacontin](https://togithub.com/dasilvacontin)]. - \[[#580](https://togithub.com/janl/mustache.js/issues/580)], \[[#610](https://togithub.com/janl/mustache.js/issues/610)]: Ignore eslint for greenkeeper updates, by \[[@phillipj](https://togithub.com/phillipj)]. - \[[#560](https://togithub.com/janl/mustache.js/issues/560)]: Fix CLI tests for Windows, by \[[@kookookchoozeus](https://togithub.com/kookookchoozeus)]. - Run browser tests w/node v4, by \[[@phillipj](https://togithub.com/phillipj)]. ##### Docs - \[[#542](https://togithub.com/janl/mustache.js/issues/542)]: Add API documentation to README, by \[[@tomekwi](https://togithub.com/tomekwi)]. - \[[#546](https://togithub.com/janl/mustache.js/issues/546)]: Add missing syntax highlighting to README code blocks, by \[[@pra85](https://togithub.com/pra85)]. - \[[#569](https://togithub.com/janl/mustache.js/issues/569)]: Update Ctemplate links in README, by \[[@mortonfox](https://togithub.com/mortonfox)]. - \[[#592](https://togithub.com/janl/mustache.js/issues/592)]: Change "loadUser" to "loadUser()" in README, by \[[@Flaque](https://togithub.com/Flaque)]. - \[[#593](https://togithub.com/janl/mustache.js/issues/593)]: Adding doctype to HTML code example in README, by \[[@calvinf](https://togithub.com/calvinf)]. ##### Dependencies - eslint -> 2.2.0. Breaking changes fix by \[[@phillipj](https://togithub.com/phillipj)]. \[[#548](https://togithub.com/janl/mustache.js/issues/548)] - eslint -> 2.5.1. - mocha -> 3.0.2. - zuul -> 3.11.0.

nodejs/node

### [`v4.9.1`](https://togithub.com/nodejs/node/releases/tag/v4.9.1): 2018-03-29, Version 4.9.1 'Argon' (Maintenance), @MylesBorins [Compare Source](https://togithub.com/nodejs/node/compare/v4.9.0...v4.9.1) ##### Notable Changes No additional commits. Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the latest releases for PPC little endian were built using GCC 4.9.X instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based environments. This has been fixed in our infrastructure and we are doing this release to ensure that the hosted binaries are adhering to our platform support contract. ### [`v4.9.0`](https://togithub.com/nodejs/node/releases/tag/v4.9.0): 2018-03-28, Version 4.9.0 'Argon' (Maintenance), @MylesBorins [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.7...v4.9.0) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: - CVE-2018-7158 - CVE-2018-7159 ##### Notable Changes - **Upgrade to OpenSSL 1.0.2o**: Does not contain any security fixes that are known to impact Node.js. - **Fix for `'path'` module regular expression denial of service (CVE-2018-7158)**: A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted `'path'` module functions. - **Reject spaces in HTTP `Content-Length` header values (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside `Content-Length` header values. Such values now lead to rejected connections in the same way as non-numeric values. - **Update root certificates**: 5 additional root certificates have been added to the Node.js binary and 30 have been removed. ##### Commits - \[[`497ff3cd4f`](https://togithub.com/nodejs/node/commit/497ff3cd4f)] - **crypto**: update root certificates (Ben Noordhuis) [#19322](https://togithub.com/nodejs/node/pull/19322) - \[[`514709e41f`](https://togithub.com/nodejs/node/commit/514709e41f)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://togithub.com/nodejs/io.js/pull/1836) - \[[`5108108606`](https://togithub.com/nodejs/node/commit/5108108606)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`d67d0a63d9`](https://togithub.com/nodejs/node/commit/d67d0a63d9)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`6af057ecc8`](https://togithub.com/nodejs/node/commit/6af057ecc8)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#19638](https://togithub.com/nodejs/node/pull/19638) - \[[`b50cd3359d`](https://togithub.com/nodejs/node/commit/b50cd3359d)] - **deps**: upgrade openssl sources to 1.0.2o (Shigeki Ohtsu) [#19638](https://togithub.com/nodejs/node/pull/19638) - \[[`da6e24c8d6`](https://togithub.com/nodejs/node/commit/da6e24c8d6)] - **deps**: reject interior blanks in Content-Length (Ben Noordhuis) [nodejs-private/http-parser-private#1](https://togithub.com/nodejs-private/http-parser-private/pull/1) - \[[`7ebc9981e0`](https://togithub.com/nodejs/node/commit/7ebc9981e0)] - **deps**: upgrade http-parser to v2.8.0 (Ben Noordhuis) [nodejs-private/http-parser-private#1](https://togithub.com/nodejs-private/http-parser-private/pull/1) - \[[`6fd2cc93a6`](https://togithub.com/nodejs/node/commit/6fd2cc93a6)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`bf00665af6`](https://togithub.com/nodejs/node/commit/bf00665af6)] - **path**: unwind regular expressions in Windows (Myles Borins) - \[[`4196fcf23e`](https://togithub.com/nodejs/node/commit/4196fcf23e)] - **path**: unwind regular expressions in POSIX (Myles Borins) - \[[`625986b699`](https://togithub.com/nodejs/node/commit/625986b699)] - **src**: drop CNNIC+StartCom certificate whitelisting (Ben Noordhuis) [#19322](https://togithub.com/nodejs/node/pull/19322) - \[[`ebc46448a4`](https://togithub.com/nodejs/node/commit/ebc46448a4)] - **tools**: update certdata.txt (Ben Noordhuis) [#19322](https://togithub.com/nodejs/node/pull/19322) ### [`v4.8.7`](https://togithub.com/nodejs/node/releases/tag/v4.8.7): 2017-12-08, Version 4.8.7 'Argon' (Maintenance), @MylesBorins [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.6...v4.8.7) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: - CVE-2017-15896 - CVE-2017-3738 (from the openssl project) ##### Notable Changes - **deps**: - openssl updated to 1.0.2n (Shigeki Ohtsu) [#17526](https://togithub.com/nodejs/node/pull/17526) ##### Commits - \[[`4f8fae3493`](https://togithub.com/nodejs/node/commit/4f8fae3493)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#17526](https://togithub.com/nodejs/node/pull/17526) - \[[`eacd090e7b`](https://togithub.com/nodejs/node/commit/eacd090e7b)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://togithub.com/nodejs/io.js/pull/1836) - \[[`3e6b0b0d13`](https://togithub.com/nodejs/node/commit/3e6b0b0d13)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`b0ed4c52af`](https://togithub.com/nodejs/node/commit/b0ed4c52af)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`dd6a2dff1e`](https://togithub.com/nodejs/node/commit/dd6a2dff1e)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#17526](https://togithub.com/nodejs/node/pull/17526) - \[[`b3afedfbe9`](https://togithub.com/nodejs/node/commit/b3afedfbe9)] - **deps**: upgrade openssl sources to 1.0.2n (Shigeki Ohtsu) [#17526](https://togithub.com/nodejs/node/pull/17526) - \[[`f7eb162d0d`](https://togithub.com/nodejs/node/commit/f7eb162d0d)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) ### [`v4.8.6`](https://togithub.com/nodejs/node/releases/tag/v4.8.6): 2017-11-07, Version 4.8.6 'Argon' (Maintenance), @MylesBorins [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.5...v4.8.6) This Maintenance release comes with 47 commits. This includes 26 commits which are updates to dependencies, 8 which are build / tool related, 4 which are doc related, and 2 which are test related. This release includes a security update to openssl that has been deemed low severity for the Node.js project. ##### Notable Changes - **crypto**: - update root certificates (Ben Noordhuis) [#13279](https://togithub.com/nodejs/node/pull/13279) - update root certificates (Ben Noordhuis) [#12402](https://togithub.com/nodejs/node/pull/12402) - **deps**: - add support for more modern versions of INTL (Bruno Pagani) [#13040](https://togithub.com/nodejs/node/pull/13040) - upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://togithub.com/nodejs/node/pull/16691) - upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) ##### Commits - \[[`e064ae62e4`](https://togithub.com/nodejs/node/commit/e064ae62e4)] - **build**: fix make test-v8 (Ben Noordhuis) [#15562](https://togithub.com/nodejs/node/pull/15562) - \[[`a7f7a87a1b`](https://togithub.com/nodejs/node/commit/a7f7a87a1b)] - **build**: run test-hash-seed at the end of test-v8 (Michaël Zasso) [#14219](https://togithub.com/nodejs/node/pull/14219) - \[[`05e8b1b7d9`](https://togithub.com/nodejs/node/commit/05e8b1b7d9)] - **build**: codesign tarball binary on macOS (Evan Lucas) [#14179](https://togithub.com/nodejs/node/pull/14179) - \[[`e2b6fdf93e`](https://togithub.com/nodejs/node/commit/e2b6fdf93e)] - **build**: avoid /docs/api and /docs/doc/api upload (Rod Vagg) [#12957](https://togithub.com/nodejs/node/pull/12957) - \[[`59d35c0775`](https://togithub.com/nodejs/node/commit/59d35c0775)] - **build,tools**: do not force codesign prefix (Evan Lucas) [#14179](https://togithub.com/nodejs/node/pull/14179) - \[[`210fa72e9e`](https://togithub.com/nodejs/node/commit/210fa72e9e)] - **crypto**: update root certificates (Ben Noordhuis) [#13279](https://togithub.com/nodejs/node/pull/13279) - \[[`752b46a259`](https://togithub.com/nodejs/node/commit/752b46a259)] - **crypto**: update root certificates (Ben Noordhuis) [#12402](https://togithub.com/nodejs/node/pull/12402) - \[[`3640ba4acb`](https://togithub.com/nodejs/node/commit/3640ba4acb)] - **crypto**: clear err stack after ECDH::BufferToPoint (Ryan Kelly) [#13275](https://togithub.com/nodejs/node/pull/13275) - \[[`545235fc4b`](https://togithub.com/nodejs/node/commit/545235fc4b)] - **deps**: add missing #include "unicode/normlzr.h" (Bruno Pagani) [#13040](https://togithub.com/nodejs/node/pull/13040) - \[[`ea09a1c3e6`](https://togithub.com/nodejs/node/commit/ea09a1c3e6)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#16691](https://togithub.com/nodejs/node/pull/16691) - \[[`68661a95b5`](https://togithub.com/nodejs/node/commit/68661a95b5)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://togithub.com/nodejs/io.js/pull/1836) - \[[`bdcb2525fb`](https://togithub.com/nodejs/node/commit/bdcb2525fb)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`3f93ffee89`](https://togithub.com/nodejs/node/commit/3f93ffee89)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`16fbd9da0d`](https://togithub.com/nodejs/node/commit/16fbd9da0d)] - **deps**: copy all openssl header files to include dir (Shigeki Ohtsu) [#16691](https://togithub.com/nodejs/node/pull/16691) - \[[`55e15ec820`](https://togithub.com/nodejs/node/commit/55e15ec820)] - **deps**: upgrade openssl sources to 1.0.2m (Shigeki Ohtsu) [#16691](https://togithub.com/nodejs/node/pull/16691) - \[[`9c3e246ffe`](https://togithub.com/nodejs/node/commit/9c3e246ffe)] - **deps**: backport [`4e18190`](https://togithub.com/nodejs/node/commit/4e18190) from V8 upstream (jshin) [#15562](https://togithub.com/nodejs/node/pull/15562) - \[[`43d1ac3a62`](https://togithub.com/nodejs/node/commit/43d1ac3a62)] - **deps**: backport [`bff3074`](https://togithub.com/nodejs/node/commit/bff3074) from V8 upstream (Myles Borins) [#15562](https://togithub.com/nodejs/node/pull/15562) - \[[`b259fd3bd5`](https://togithub.com/nodejs/node/commit/b259fd3bd5)] - **deps**: cherry pick [`d7f813b`](https://togithub.com/nodejs/node/commit/d7f813b4) from V8 upstream (akos.palfi) [#15562](https://togithub.com/nodejs/node/pull/15562) - \[[`85800c4ba4`](https://togithub.com/nodejs/node/commit/85800c4ba4)] - **deps**: backport [`e28183b`](https://togithub.com/nodejs/node/commit/e28183b5) from upstream V8 (karl) [#15562](https://togithub.com/nodejs/node/pull/15562) - \[[`06eb181916`](https://togithub.com/nodejs/node/commit/06eb181916)] - **deps**: update openssl asm and asm_obsolete files (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) - \[[`c0fe1fccc3`](https://togithub.com/nodejs/node/commit/c0fe1fccc3)] - **deps**: update openssl config files (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) - \[[`523eb60424`](https://togithub.com/nodejs/node/commit/523eb60424)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://togithub.com/nodejs/io.js/pull/1836) - \[[`0aacd5a8cd`](https://togithub.com/nodejs/node/commit/0aacd5a8cd)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`80c48c0720`](https://togithub.com/nodejs/node/commit/80c48c0720)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`bbd92b4676`](https://togithub.com/nodejs/node/commit/bbd92b4676)] - **deps**: copy all openssl header files to include dir (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) - \[[`8507f0fb5d`](https://togithub.com/nodejs/node/commit/8507f0fb5d)] - **deps**: upgrade openssl sources to 1.0.2l (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) - \[[`9bfada8f0c`](https://togithub.com/nodejs/node/commit/9bfada8f0c)] - **deps**: add example of comparing OpenSSL changes (Daniel Bevenius) [#13234](https://togithub.com/nodejs/node/pull/13234) - \[[`71f9cdf241`](https://togithub.com/nodejs/node/commit/71f9cdf241)] - **deps**: cherry-pick [`09db540`](https://togithub.com/nodejs/node/commit/09db540),686558d from V8 upstream (Jesse Rosenberger) [#14829](https://togithub.com/nodejs/node/pull/14829) - \[[`751f1ac08e`](https://togithub.com/nodejs/node/commit/751f1ac08e)] - ***Revert*** "**deps**: backport [`e093a04`](https://togithub.com/nodejs/node/commit/e093a04), [`09db540`](https://togithub.com/nodejs/node/commit/09db540) from upstream V8" (Jesse Rosenberger) [#14829](https://togithub.com/nodejs/node/pull/14829) - \[[`ed6298c7de`](https://togithub.com/nodejs/node/commit/ed6298c7de)] - **deps**: cherry-pick [`18ea996`](https://togithub.com/nodejs/node/commit/18ea996) from c-ares upstream (Anna Henningsen) [#13883](https://togithub.com/nodejs/node/pull/13883) - \[[`639180adfa`](https://togithub.com/nodejs/node/commit/639180adfa)] - **deps**: update openssl asm and asm_obsolete files (Shigeki Ohtsu) [#12913](https://togithub.com/nodejs/node/pull/12913) - \[[`9ba73e1797`](https://togithub.com/nodejs/node/commit/9ba73e1797)] - **deps**: cherry-pick [`4ae5993`](https://togithub.com/nodejs/node/commit/4ae5993) from upstream OpenSSL (Shigeki Ohtsu) [#12913](https://togithub.com/nodejs/node/pull/12913) - \[[`f8e282e51c`](https://togithub.com/nodejs/node/commit/f8e282e51c)] - **doc**: fix typo in zlib.md (Luigi Pinca) [#16480](https://togithub.com/nodejs/node/pull/16480) - \[[`532a2941cb`](https://togithub.com/nodejs/node/commit/532a2941cb)] - **doc**: add missing make command to UPGRADING.md (Daniel Bevenius) [#13233](https://togithub.com/nodejs/node/pull/13233) - \[[`1db33296cb`](https://togithub.com/nodejs/node/commit/1db33296cb)] - **doc**: add entry for subprocess.killed property (Rich Trott) [#14578](https://togithub.com/nodejs/node/pull/14578) - \[[`0fa09dfd77`](https://togithub.com/nodejs/node/commit/0fa09dfd77)] - **doc**: change `child` to `subprocess` (Rich Trott) [#14578](https://togithub.com/nodejs/node/pull/14578) - \[[`43bbfafaef`](https://togithub.com/nodejs/node/commit/43bbfafaef)] - **docs**: Fix broken links in crypto.md (Zuzana Svetlikova) [#15182](https://togithub.com/nodejs/node/pull/15182) - \[[`1bde7f5cef`](https://togithub.com/nodejs/node/commit/1bde7f5cef)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`e69f47b686`](https://togithub.com/nodejs/node/commit/e69f47b686)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://togithub.com/iojs/io.js/pull/1389) - \[[`cb92f93cd5`](https://togithub.com/nodejs/node/commit/cb92f93cd5)] - **test**: remove internal headers from addons (Gibson Fahnestock) [#7947](https://togithub.com/nodejs/node/pull/7947) - \[[`5d9164c315`](https://togithub.com/nodejs/node/commit/5d9164c315)] - **test**: move test-cluster-debug-port to sequential (Oleksandr Kushchak) [#16292](https://togithub.com/nodejs/node/pull/16292) - \[[`07c912e849`](https://togithub.com/nodejs/node/commit/07c912e849)] - **tools**: update certdata.txt (Ben Noordhuis) [#13279](https://togithub.com/nodejs/node/pull/13279) - \[[`c40bffcb88`](https://togithub.com/nodejs/node/commit/c40bffcb88)] - **tools**: update certdata.txt (Ben Noordhuis) [#12402](https://togithub.com/nodejs/node/pull/12402) - \[[`161162713f`](https://togithub.com/nodejs/node/commit/161162713f)] - **tools**: be explicit about including key-id (Myles Borins) [#13309](https://togithub.com/nodejs/node/pull/13309) - \[[`0c820c092b`](https://togithub.com/nodejs/node/commit/0c820c092b)] - **v8**: fix stack overflow in recursive method (Ben Noordhuis) [#12460](https://togithub.com/nodejs/node/pull/12460) - \[[`a1f992975f`](https://togithub.com/nodejs/node/commit/a1f992975f)] - **zlib**: fix crash when initializing failed (Anna Henningsen) [#14666](https://togithub.com/nodejs/node/pull/14666) - \[[`31bf595b94`](https://togithub.com/nodejs/node/commit/31bf595b94)] - **zlib**: fix node crashing on invalid options (Alexey Orlenko) [#13098](https://togithub.com/nodejs/node/pull/13098) ### [`v4.8.5`](https://togithub.com/nodejs/node/releases/tag/v4.8.5): Version 4.8.5 'Argon' (Maintenance), @MylesBorins [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.4...v4.8.5) This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities. ##### Notable Changes - **zlib**: - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector. [nodejs-private/node-private#95](https://togithub.com/nodejs-private/node-private/pull/95) ##### Commits - \[[`f5defa2a7c`](https://togithub.com/nodejs/node/commit/733578bb2e)] - **zlib**: gracefully set windowBits from 8 to 9 (Myles Borins) [nodejs-private/node-private#95](https://togithub.com/nodejs-private/node-private/pull/95) ### [`v4.8.4`](https://togithub.com/nodejs/node/compare/v4.8.3...v4.8.4) [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.3...v4.8.4) ### [`v4.8.3`](https://togithub.com/nodejs/node/compare/v4.8.2...v4.8.3) [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.2...v4.8.3) ### [`v4.8.2`](https://togithub.com/nodejs/node/compare/v4.8.1...v4.8.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.1...v4.8.2) ### [`v4.8.1`](https://togithub.com/nodejs/node/compare/v4.8.0...v4.8.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.8.0...v4.8.1) ### [`v4.8.0`](https://togithub.com/nodejs/node/compare/v4.7.3...v4.8.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.7.3...v4.8.0) ### [`v4.7.3`](https://togithub.com/nodejs/node/compare/v4.7.2...v4.7.3) [Compare Source](https://togithub.com/nodejs/node/compare/v4.7.2...v4.7.3) ### [`v4.7.2`](https://togithub.com/nodejs/node/compare/v4.7.1...v4.7.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.7.1...v4.7.2) ### [`v4.7.1`](https://togithub.com/nodejs/node/compare/v4.7.0...v4.7.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.7.0...v4.7.1) ### [`v4.7.0`](https://togithub.com/nodejs/node/compare/v4.6.2...v4.7.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.6.2...v4.7.0) ### [`v4.6.2`](https://togithub.com/nodejs/node/compare/v4.6.1...v4.6.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.6.1...v4.6.2) ### [`v4.6.1`](https://togithub.com/nodejs/node/compare/v4.6.0...v4.6.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.6.0...v4.6.1) ### [`v4.6.0`](https://togithub.com/nodejs/node/compare/v4.5.0...v4.6.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.5.0...v4.6.0) ### [`v4.5.0`](https://togithub.com/nodejs/node/compare/v4.4.7...v4.5.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.7...v4.5.0) ### [`v4.4.7`](https://togithub.com/nodejs/node/compare/v4.4.6...v4.4.7) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.6...v4.4.7) ### [`v4.4.6`](https://togithub.com/nodejs/node/compare/v4.4.5...v4.4.6) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.5...v4.4.6) ### [`v4.4.5`](https://togithub.com/nodejs/node/compare/v4.4.4...v4.4.5) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.4...v4.4.5) ### [`v4.4.4`](https://togithub.com/nodejs/node/compare/v4.4.3...v4.4.4) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.3...v4.4.4) ### [`v4.4.3`](https://togithub.com/nodejs/node/compare/v4.4.2...v4.4.3) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.2...v4.4.3) ### [`v4.4.2`](https://togithub.com/nodejs/node/compare/v4.4.1...v4.4.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.1...v4.4.2) ### [`v4.4.1`](https://togithub.com/nodejs/node/compare/v4.4.0...v4.4.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.4.0...v4.4.1) ### [`v4.4.0`](https://togithub.com/nodejs/node/compare/v4.3.2...v4.4.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.3.2...v4.4.0) ### [`v4.3.2`](https://togithub.com/nodejs/node/compare/v4.3.1...v4.3.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.3.1...v4.3.2) ### [`v4.3.1`](https://togithub.com/nodejs/node/compare/v4.3.0...v4.3.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.3.0...v4.3.1) ### [`v4.3.0`](https://togithub.com/nodejs/node/compare/v4.2.6...v4.3.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.6...v4.3.0) ### [`v4.2.6`](https://togithub.com/nodejs/node/compare/v4.2.5...v4.2.6) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.5...v4.2.6) ### [`v4.2.5`](https://togithub.com/nodejs/node/compare/v4.2.4...v4.2.5) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.4...v4.2.5) ### [`v4.2.4`](https://togithub.com/nodejs/node/compare/v4.2.3...v4.2.4) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.3...v4.2.4) ### [`v4.2.3`](https://togithub.com/nodejs/node/compare/v4.2.2...v4.2.3) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.2...v4.2.3) ### [`v4.2.2`](https://togithub.com/nodejs/node/compare/v4.2.1...v4.2.2) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.1...v4.2.2) ### [`v4.2.1`](https://togithub.com/nodejs/node/compare/v4.2.0...v4.2.1) [Compare Source](https://togithub.com/nodejs/node/compare/v4.2.0...v4.2.1) ### [`v4.2.0`](https://togithub.com/nodejs/node/compare/v4.1.2...v4.2.0) [Compare Source](https://togithub.com/nodejs/node/compare/v4.1.2...v4.2.0)

socketio/socket.io

### [`v2.5.0`](https://togithub.com/socketio/socket.io/blob/HEAD/CHANGELOG.md#250-httpsgithubcomsocketiosocketiocompare241250-2022-06-26) [Compare Source](https://togithub.com/socketio/socket.io/compare/2.4.1...2.5.0) ⚠️ WARNING ⚠️ The default value of the maxHttpBufferSize option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service. Security advisory: [GHSA-j4f2-536g-r55m](https://togithub.com/advisories/GHSA-j4f2-536g-r55m) ##### Bug Fixes - fix race condition in dynamic namespaces ([05e1278](https://togithub.com/socketio/socket.io/commit/05e1278cfa99f3ecf3f8f0531ffe57d850e9a05b)) - ignore packet received after disconnection ([22d4bdf](https://togithub.com/socketio/socket.io/commit/22d4bdf00d1a03885dc0171125faddfaef730066)) - only set 'connected' to true after middleware execution ([226cc16](https://togithub.com/socketio/socket.io/commit/226cc16165f9fe60f16ff4d295fb91c8971cde35)) - prevent the socket from joining a room after disconnection ([f223178](https://togithub.com/socketio/socket.io/commit/f223178eb655a7713303b21a78f9ef9e161d6458)) #### [4.5.1](https://togithub.com/socketio/socket.io/compare/4.5.0...4.5.1) (2022-05-17) ##### Bug Fixes - forward the local flag to the adapter when using fetchSockets() ([30430f0](https://togithub.com/socketio/socket.io/commit/30430f0985f8e7c49394543d4c84913b6a15df60)) - **typings:** add HTTPS server to accepted types ([#4351](https://togithub.com/socketio/socket.io/issues/4351)) ([9b43c91](https://togithub.com/socketio/socket.io/commit/9b43c9167cff817c60fa29dbda2ef7cd938aff51))

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Altinn / altinn-infoportal-hugo

fix(deps): update npm non-major dependencies #66

Release Notes

Configuration