chore(deps): bump the npm_and_yarn group with 20 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 20 updates:

Package	From	To
vm2	3.9.15	3.9.19
@babel/traverse	7.21.4	7.25.6
braces	3.0.2	3.0.3
gulp	4.0.2	5.0.0
jsonata	1.8.3	2.0.5
@types/node-red__util	1.3.0	1.3.8
node-red	3.0.2	3.1.12
axios	0.27.2	1.7.7
body-parser	1.20.0	1.20.3
node-red-node-test-helper	0.3.0	0.3.4
express	4.18.1	4.21.0
follow-redirects	1.15.2	1.15.9
jsrsasign	10.8.1	11.1.0
node-opcua	2.81.0	2.132.0
moment-timezone	0.5.34	0.5.43
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
tough-cookie	4.0.0	4.1.3
ws	7.5.6	7.5.10
xml2js	0.4.23	0.6.2

Updates vm2 from 3.9.15 to 3.9.19

Release notes

Sourced from vm2's releases.

3.9.19

Fixes

https://github.com/patriksimek/vm2/commit/cfa3fc6f81be05ce9ed08a79a406ebe3b61ead3e: Fix resolver issue.

3.9.18

New Features

https://github.com/patriksimek/vm2/commit/dd81ff616ff528de5dc7a1cf2939de3d3701539d: Add resolver API to create a shared resolver for multiple NodeVM instances allowing to cache scripts and increase sandbox startup times. https://github.com/patriksimek/vm2/commit/4d662e34d369b920943eee139ef60fb557666a43: Allow to pass a function to require.context which is called with the filename allowing to specify the context pre file. (Thanks to @​blakebyrnes)

Fixes

https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf: Fix issue leaking host array through Proxy. (Thanks to @​arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.) https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238: Fix issue with inspect being writeable. (Thanks to @​arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.)

3.9.17

Fixes

https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049: Fix issue in catch block protection. (Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab.) https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5: Fix issue with host exceptions thrown in async functions leaking though the Promise.

3.9.16

Fixes

https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7: Fix issue in transformer issue by reworking replacement logic. (Thanky to Xion (SeungHyun Lee) of KAIST Hacking Lab.)

Changelog

Sourced from vm2's changelog.

v3.9.19 (2023-05-16)

[fix] Fix resolver issue.

v3.9.18 (2023-05-15)

[fix] Multiple security fixes. [new] Add resolver API to create a shared resolver for multiple NodeVM instances allowing to cache scripts and increase sandbox startup times. [new] Allow to pass a function to require.context which is called with the filename allowing to specify the context pre file.

v3.9.17 (2023-04-17)

[fix] Multiple security fixes.

v3.9.16 (2023-04-11)

[fix] Security fix (see patriksimek/vm2#516).

Commits

• 1663f23 Release 3.9.19
• cfa3fc6 Fix resolver issue
• 2f446e5 Release 3.9.18
• 587bb13 Add tests for past vulnerabilities
• f5a129a Merge branch 'master' of https://github.com/patriksimek/vm2
• dd81ff6 Merge pull request #519 from XmiliaH/resolver-api
• af983a8 Merge remote-tracking branch 'upstream/master' into resolver-api
• 5206ba2 Inspect method should be readonly
• d88105f Ensure host array does not leak through proxy
• 4d662e3 Merge pull request #521 from ulixee/pathContext
• Additional commits viewable in compare view

Updates @babel/traverse from 7.21.4 to 7.25.6

Release notes

Sourced from @​babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @​j4k0xb for your first PR!

:bug: Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

:house: Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​j4k0xb
• @​liuxingbaoyu

v7.25.5 (2024-08-23)

:bug: Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate sequence expression parentheses correctly (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

Committers: 2

• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.6 (2024-08-29)

:bug: Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

:house: Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

v7.25.5 (2024-08-23)

:bug: Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate parentheses correctly (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

v7.25.4 (2024-08-22)

:bug: Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)

... (truncated)

Commits

• 2f72b97 v7.25.6
• faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
• 46ee612 Remove some NodePath methods (#16655)
• 2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
• cbf124c v7.25.4
• 2b289fb fix: skip computed key when renaming (#16756)
• 575863c Avoid unnecessary parens around sequence expressions (#16722)
• 5174ad1 Clean all always enabled parser plugins (#16572)
• 52718ab Discontinue babel-eslint-config-internal (#16718)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

• Drop support for Node.js <10.13
• Default stream encoding to UTF-8
• Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
• Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
• All globs and paths are normalized to unix-like filepaths
• Only allow JS variants for .gulp.* config files
• Removed support for alpha releases of v4 from gulp-cli
• Removed the --verify flag
• Renamed the --require flag to --preload to avoid conflicting with Node.js flags
• Removed many legacy and deprecated loaders
• Upgrade to chokidar v3
• Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
• Stop using process.umask() to make directories, instead falling back to Node's default mode
• Throw on non-function, non-string option coercers
• Drop support of Node.js snake_case flags
• Use a Symbol for attaching the gulplog namespace to the store
• Use a Symbol for attaching the gulplog store to the global
• Use sha256 to hash the v8flags cache into a filename

Features

• Streamlined the dependency tree
• Switch all streams implementation to Streamx
• Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
• Implement translation support for all CLI messages and all messages passing through gulplog
• Allow users to customize or remove the timestamp from their logs
• Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
• Added support for gulpile.cjs and gulpfile.mjs
• Add support for swc, esbuild, sucrase, and mdx loaders
• Provide an ESM export (#2760) (b00de68)
• Support sourcemap handling on streaming Vinyl contents
• Support extends syntax for .gulp.* config file
• Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

• Resolve bugs related to symlinks on various platforms
• Resolved some reported ReDoS CVEs and improved performance in glob-parent
• Rework errors surfaced when encountering files or symlinks when trying to create directories
• Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

• Drop support for Node.js <10.13
• Default stream encoding to UTF-8
• Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
• Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
• All globs and paths are normalized to unix-like filepaths
• Only allow JS variants for .gulp.* config files
• Removed support for alpha releases of v4 from gulp-cli
• Removed the --verify flag
• Renamed the --require flag to --preload to avoid conflicting with Node.js flags
• Removed many legacy and deprecated loaders
• Upgrade to chokidar v3
• Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
• Stop using process.umask() to make directories, instead falling back to Node's default mode
• Throw on non-function, non-string option coercers
• Drop support of Node.js snake_case flags
• Use a Symbol for attaching the gulplog namespace to the store
• Use a Symbol for attaching the gulplog store to the global
• Use sha256 to hash the v8flags cache into a filename

Features

• Streamlined the dependency tree
• Switch all streams implementation to Streamx
• Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
• Implement translation support for all CLI messages and all messages passing through gulplog
• Allow users to customize or remove the timestamp from their logs
• Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
• Added support for gulpile.cjs and gulpfile.mjs
• Add support for swc, esbuild, sucrase, and mdx loaders
• Provide an ESM export (#2760) (b00de68)
• Support sourcemap handling on streaming Vinyl contents
• Support extends syntax for .gulp.* config file
• Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

• Resolve bugs related to symlinks on various platforms
• Resolved some reported ReDoS CVEs and improved performance in glob-parent
• Rework errors surfaced when encountering files or symlinks when trying to create directories
• Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits

• 5c4c547 chore: Release 5.0.0 (#2762)
• bf72116 chore: Add index.mjs to files list
• b00de68 feat: Provide an ESM export (#2760)
• 72668c6 chore!: Normalize repository, dropping node <10.13 support (#2758)
• 85896d4 chore(docs): Update stream handbook link (#2711)
• 818bd73 Docs: Remove gulp-sourcemaps because it is built-in (#2592)
• 598f971 Docs: Fix broken link in recipe (#2571)
• 9877de0 Docs: Guide CustomRegistries to maintain properties on tasks (fixes #2561) (#...
• f91c388 Docs: Remove typo in custom registry docs (#2543)
• df25250 Docs: Fix typo in task docs (#2524)
• Additional commits viewable in compare view

Updates jsonata from 1.8.3 to 2.0.5

Release notes

Sourced from jsonata's releases.

2.0.5 Maintenance Release

• Fix leaking internal references in expressions when using lambdas (issue #691)

2.0.4 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#676)
• Add upper/lower presentation format for am/pm in fromMillis (PR jsonata-js/jsonata#644)
• Various documentation additions and corrections

2.0.3 Maintenance Release

• Fix regex termination lexer (PR jsonata-js/jsonata#623)
• Fix TypeScript definition (PR jsonata-js/jsonata#633)

2.0.2 Maintenance Release

• Typescript definition: fix return type of evaluate method (PR #615)

2.0.1 Maintenance Release

• Small update to pick up README changes with 2.0.0 changes

2.0.0 Major Release

Version 2.0.0 contains a breaking change to the Javascript API as a result of reimplementing the evaluator to use async functions instead of generators. This provides a performance boost. No breaking changes have been made to the JSONata language itself.

Faster JSONata evaluation by switching from generators to async/await (PR #583) Add support for parsing binary, octal & hexadecimal numbers (PR #573)

1.8.7 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#681)

1.8.6 Maintenance Release

• Fix bug in date/time picture string. Width formatting is not respected without a separator (issue #546)
• Fix error when converting empty array to an object (issue #547)
• Fix Buffer deprecation warning (PR #560)

1.8.5 Maintenance Release

• Fix regression with singleton sequence of array type (issue #462)
• Correctly handle empty array input to group expression (issue #527)
• Fix bug with outer array when evaluating wildcard (issue #495)

1.8.4 Maintenance Release

• Fix bug in $eval when second arg is an empty array (issue #463)
• Fix bug in toMillis() parsing timezones (issue #477)

Changelog

Sourced from jsonata's changelog.

2.0.5 Maintenance Release

• Fix leaking internal references in expressions when using lambdas (issue #691)

2.0.4 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#676)
• Add upper/lower presentation format for am/pm in fromMillis (PR jsonata-js/jsonata#644)
• Various documentation additions and corrections

2.0.3 Maintenance Release

• Fix regex termination lexer (PR jsonata-js/jsonata#623)
• Fix TypeScript definition (PR jsonata-js/jsonata#633)

2.0.2 Maintenance Release

• Typescript definition: fix return type of evaluate method (PR jsonata-js/jsonata#615)

2.0.1 Maintenance Release

• Small update to pick up README changes with 2.0.0 changes

2.0.0 Major Release

Version 2.0.0 contains a breaking change to the Javascript API as a result of reimplementing the evaluator to use async functions instead of generators. This provides a performance boost. No breaking changes have been made to the JSONata language itself.

• Faster JSONata evaluation by switching from generators to async/await (PR #583)
• Add support for parsing binary, octal & hexadecimal numbers (PR #573)

1.8.6 Maintenance Release

• Fix bug in date/time picture string. Width formatting is not respected without a separator (issue #546)
• Fix error when converting empty array to an object (issue #547)
• Fix Buffer deprecation warning (PR #560)

1.8.5 Maintenance Release

• Fix regression with singleton sequence of array type (issue #462)
• Correctly handle empty array input to group expression (issue #527)
• Fix bug with outer array when evaluating wildcard (issue #495)

1.8.4 Maintenance Release

• Fix bug in $eval when second arg is an empty array (issue #463)
• Fix bug in toMillis() parsing timezones (issue #477)

Commits

• d0afd35 Update CHANGELOG.md
• 3fde233 Release v2.0.5
• 4446161 Prevent lookup of function object properties
• b2a637e Update workflow for Node.js 20 (#683)
• 948af5a Update workflow to support v1 branch (#679)
• ea8fb85 Release v2.0.4
• 335d38f Check for constructor property
• c907b5e Prevent access to proto
• d7790e8 Update numeric-operators.md
• 41d14fc Add new Rust implementation
• Additional commits viewable in compare view

Updates @types/node-red__util from 1.3.0 to 1.3.8

Commits

• See full diff in compare view

Updates node-red from 3.0.2 to 3.1.12

Release notes

Sourced from node-red's releases.

3.1.12

What's Changed

• Bump for 3.1.12 release by @​knolleary in node-red/node-red#4885
• Update express/body-parser dependencies

Full Changelog: https://github.com/node-red/node-red/compare/3.1.11...3.1.12

3.1.11

What's Changed

• Add/Update German Translations for delay node by @​dceejay in node-red/node-red#4762
• Bump for 3.1.11 release by @​knolleary in node-red/node-red#4772
• Update ws dependency

Full Changelog: https://github.com/node-red/node-red/compare/3.1.10...3.1.11

3.1.10

What's Changed

• docs: Add closing paragraph tag by @​ZJvandeWeg in node-red/node-red#4664
• Fix three error typos in monaco.js by @​JoshuaCWebDeveloper in node-red/node-red#4660
• Fix undo of subflow env property edits by @​knolleary in node-red/node-red#4667
• Avoid login loops when autoLogin enabled but login fails by @​knolleary in node-red/node-red#4684
• Replacing vm.createScript in favour of vm.Script by @​patlux in node-red/node-red#4534
• Pass full error object in Function node and copy over cause property by @​knolleary in node-red/node-red#4685
• Allow nodes to return additional history entries in onEditSave by @​knolleary in node-red/node-red#4710
• Add missing tooltips to Sidebar by @​GogoVega in node-red/node-red#4713
• Change the Config Node cursor to pointer by @​GogoVega in node-red/node-red#4711
• Deleting a grouped node should update the group by @​GogoVega in node-red/node-red#4714
• Fix a checkbox should return a Boolean value and not the string on by @​GogoVega in node-red/node-red#4715
• Translate the number of items selected in the options list by @​GogoVega in node-red/node-red#4730
• Add Japanese translation for sidebar tooltip by @​kazuhitoyokoi in node-red/node-red#4727
• Fix panning with middle mouse button on windows 10/11 by @​corentin-sodebo-voile in node-red/node-red#4716
• Fix checkboxes are not updated when calling typedInput("value", "") by @​GogoVega in node-red/node-red#4729
• Fix the Sidebar Config is not refreshed after a deploy by @​GogoVega in node-red/node-red#4734
• Ensure all CSS variables are in the output file by @​bonanitech in node-red/node-red#3743
• Fix losing links when importing a copy of links into a subflow by @​GogoVega in node-red/node-red#4750
• Fix clone of group env var properties by @​knolleary in node-red/node-red#4753
• Include rewired nodes when calculating Modified Flows stop list by @​knolleary in node-red/node-red#4754
• Bump for 3.1.10 release by @​knolleary in node-red/node-red#4755

New Contributors

• @​JoshuaCWebDeveloper made their first contribution in node-red/node-red#4660
• @​patlux made their first contribution in node-red/node-red#4534
• @​corentin-sodebo-voile made their first contribution in node-red/node-red#4716

Full Changelog: https://github.com/node-red/node-red/compare/3.1.9...3.1.10

3.1.9

What's Changed

• Fix subflow module sending messages to debug sidebar by @​knolleary in node-red/node-red#4642
• Guard refresh of unknown subflow by @​knolleary in node-red/node-red#4640

... (truncated)

Changelog

Sourced from node-red's changelog.

3.1.12: Maintenance Release

• Update express/body-parser dependencies

3.1.11: Maintenance Release

• Add/Update German Translations for delay node (#4762) @​dceejay
• Update ws dependency

3.1.10: Maintenance Release

• Include rewired nodes when calculating Modified Flows stop list (#4754) @​knolleary
• Fix clone of group env var properties (#4753) @​knolleary
• Fix losing links when importing a copy of links into a subflow (#4750) @​GogoVega
• Ensure all CSS variables are in the output file (#3743) @​bonanitech
• Fix the Sidebar Config is not refreshed after a deploy (#4734) @​GogoVega
• Fix checkboxes are not updated when calling typedInput("value", "") (#4729) @​GogoVega
• Fix panning with middle mouse button on windows 10/11 (#4716) @​corentin-sodebo-voile
• Add Japanese translation for sidebar tooltip (#4727) @​kazuhitoyokoi
• Translate the number of items selected in the options list (#4730) @​GogoVega
• Fix a checkbox should return a Boolean value and not the string on (#4715) @​GogoVega
• Deleting a grouped node should update the group (#4714) @​GogoVega
• Change the Config Node cursor to pointer (#4711) @​GogoVega
• Add missing tooltips to Sidebar (#4713) @​GogoVega
• Allow nodes to return additional history entries in onEditSave (#4710) @​knolleary
• Pass full error object in Function node and copy over cause property (#4685) @​knolleary
• Replacing vm.createScript in favour of vm.Script (#4534) @​patlux
• Avoid login loops when autoLogin enabled but login fails (#4684) @​knolleary
• Fix undo of subflow env property edits (#4667) @​knolleary
• Fix three error typos in monaco.js (#4660) @​JoshuaCWebDeveloper
• docs: Add closing paragraph tag (#4664) @​ZJvandeWeg

3.1.9: Maintenance Release

• Prevent subflow being added to itself (#4654) @​knolleary
• Fix use of spawn on windows with cmd files (#4652) @​knolleary
• Guard refresh of unknown subflow (#4640) @​knolleary
• Fix subflow module sending messages to debug sidebar (#4642) @​knolleary

3.1.8: Maintenance Release

• Add validation and error handling on subflow instance properties (#4632) @​knolleary
• Hide import/export context menu if disabled in theme (#4633) @​knolleary
• Show change indicator on subflow tabs (#4631) @​knolleary
• Bump dependencies (#4630) @​knolleary
• Reset workspace index when clearing nodes (#4619) @​knolleary
• Remove typo in global config (#4613) @​kazuhitoyokoi

3.1.7: Maintenance Release

... (truncated)

Commits

• 7322cd0 Merge pull request #4885 from node-red/rel3112
• 3fe4c12 Bump for 3.1.12 release
• 2a4fb71 Merge pull request #4772 from node-red/rel3111
• 38a77d2 Bump for 3.1.11 release
• dc239db Merge pull request #4762 from node-red/Update-German-delay-node-translations
• 4ba3c93 Add/Update German Translations for delay node
• 02893d3 Merge pull request #4755 from node-red/rel3110
• 5124bc6 Bump for 3.1.10 release
• 1048b16 Merge pull request #4754 from node-red/4752-add-rewired-to-stoplist
• bbbbb1b Merge pull request #4753 from node-red/4751-fix-group-json
• Additional commits viewable in compare view

Updates axios from 0.27.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas