Bump the npm_and_yarn group across 1 directory with 22 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
mysql2	3.3.2	3.9.7
semver	7.3.8	7.5.4
@nrwl/angular	15.9.2	15.9.7
@angular-devkit/build-angular	15.2.8	15.2.11
@angular/cli	15.2.1	15.2.11
@nrwl/eslint-plugin-nx	15.9.2	15.9.7
@nrwl/jest	15.9.2	15.9.7
@nrwl/nest	15.9.2	15.9.7
@nrwl/node	15.9.2	15.9.7
@cypress/request	2.88.12	3.0.1
cypress	8.7.0	13.8.1
express	4.18.1	4.19.2
@nestjs/core	9.0.5	10.3.8
@nestjs/platform-express	9.0.0	10.3.8
@nestjs/serve-static	3.0.1	4.0.2
@nestjs/typeorm	9.0.1	10.0.2
@nestjs/testing	9.0.0	10.3.8
follow-redirects	1.15.5	1.15.6
ip	2.0.0	2.0.1
tar	6.1.15	6.2.1
webpack-dev-middleware	5.3.3	5.3.4

Updates mysql2 from 3.3.2 to 3.9.7

Release notes

Sourced from mysql2's releases.

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

• SSL: separate each certificate into an individual item #2542 (63f1055)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
  • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• security: improve results object creation (#2574) (4a964a3)
  • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

Bug Fixes

• security: improve cache key formation (#2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#2131) (d9dccfd)

v3.9.2

3.9.2 (2024-02-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

• docs: improve the contribution guidelines (#2552) (8a818ce)
• security: improve results object creation (#2574) (4a964a3)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

• security: improve cache key formation (#2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

Bug Fixes

• stream: premature close when it is paused (#2416) (7c6bc64)
• types: expose TypeCast types (#2425) (336a7f1)

3.9.1 (2024-01-29)

... (truncated)

Commits

• 2d3cad8 chore(master): release 3.9.7 (#2609)
• 7d4b098 fix(security): sanitize timezone parameter value to prevent code injection (#...
• 2efd6ab build(deps): bump lucide-react from 0.371.0 to 0.372.0 in /website (#2606)
• e3391ed build(deps): bump lucide-react from 0.368.0 to 0.371.0 in /website (#2604)
• 4f58caa chore(master): release 3.9.6 (#2603)
• 705835d fix: binary parser sometimes reads out of packet bounds when results contain ...
• 2129818 chore(master): release 3.9.5 (#2600)
• f7c60d0 fix: revert breaking change in results creation (#2591)
• 7f5b395 build(deps-dev): bump @​typescript-eslint/eslint-plugin in /website (#2596)
• a770052 build(deps-dev): bump @​typescript-eslint/parser in /website (#2595)
• Additional commits viewable in compare view

Updates semver from 7.3.8 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates @nrwl/angular from 15.9.2 to 15.9.7

Commits

• See full diff in compare view

Updates @angular-devkit/build-angular from 15.2.8 to 15.2.11

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v15.2.11

15.2.11 (2024-03-25)

@​angular-devkit/build-angular

Commit	Description
	update webpack-dev-middleware to 6.1.2

v15.2.10

15.2.10 (2023-10-05)

@​angular-devkit/build-angular

Commit	Description
	update dependency postcss to v8.4.31

v15.2.9

15.2.9 (2023-06-28)

@​angular/cli

Commit	Description
	update direct semver dependencies to 7.5.3

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

15.2.11 (2024-03-25)

@​angular-devkit/build-angular

Commit	Type	Description
c6feb0bb0	fix	update webpack-dev-middleware to 6.1.2

18.0.0-next.0 (2024-03-21)

Breaking Changes

@​angular/cli

• Node.js support for versions <18.19.1 and <20.11.1 has been removed.

@​angular-devkit/build-angular

• The support for the legacy Sass build pipeline, previously accessible via NG_BUILD_LEGACY_SASS when utilizing webpack-based builders, has been removed.

Deprecations

@​angular-devkit/schematics

• NodePackageLinkTask in @angular-devkit/schematics. A custom task should be created instead.

@​angular/cli

Commit	Type	Description
ac3019570	feat	add ng dev alias to ng serve
c7b208555	refactor	remove support for Node.js versions <18.19.1 and <20.11.1

@​schematics/angular

Commit	Type	Description
f452589e2	feat	use TypeScript bundler module resolution for new projects

@​angular-devkit/build-angular

Commit	Type	Description
ee9ec2301	fix	Internal server error: Invalid URL when using a non localhost IP
8a54875cb	fix	handle wrapping of class expressions emitted by esbuild
97973059e	refactor	remove Sass legacy implementation

... (truncated)

Commits

• 69c4624 release: cut the v15.2.11 release
• 61f92fd build: update ng-dev config to work with Node.js 18.19
• a398d2f test: disable failing test
• c6feb0b fix(@​angular-devkit/build-angular): update webpack-dev-middleware to 6.1.2
• b479063 release: cut the v15.2.10 release
• bfc1f0f test: install specific npm version in npm version E2E test
• 05213c9 fix(@​angular-devkit/build-angular): update dependency postcss to v8.4.31
• 00d9708 release: cut the v15.2.9 release
• f36e38a fix(@​angular/cli): update direct semver dependencies to 7.5.3
• See full diff in compare view

Updates @angular/cli from 15.2.1 to 15.2.11

Release notes

Sourced from @​angular/cli's releases.

v15.2.11

15.2.11 (2024-03-25)

@​angular-devkit/build-angular

Commit	Description
	update webpack-dev-middleware to 6.1.2

v15.2.10

15.2.10 (2023-10-05)

@​angular-devkit/build-angular

Commit	Description
	update dependency postcss to v8.4.31

v15.2.9

15.2.9 (2023-06-28)

@​angular/cli

Commit	Description
	update direct semver dependencies to 7.5.3

Changelog

Sourced from @​angular/cli's changelog.

Commits

• 69c4624 release: cut the v15.2.11 release
• 61f92fd build: update ng-dev config to work with Node.js 18.19
• a398d2f test: disable failing test
• c6feb0b fix(@​angular-devkit/build-angular): update webpack-dev-middleware to 6.1.2
• b479063 release: cut the v15.2.10 release
• bfc1f0f test: install specific npm version in npm version E2E test
• 05213c9 fix(@​angular-devkit/build-angular): update dependency postcss to v8.4.31
• 00d9708 release: cut the v15.2.9 release
• f36e38a fix(@​angular/cli): update direct semver dependencies to 7.5.3
• cdb34b5 release: cut the v15.2.8 release
• Additional commits viewable in compare view

Updates @nrwl/eslint-plugin-nx from 15.9.2 to 15.9.7

Commits

• See full diff in compare view

Updates @nrwl/jest from 15.9.2 to 15.9.7

Commits

• See full diff in compare view

Updates @nrwl/nest from 15.9.2 to 15.9.7

Commits

• See full diff in compare view

Updates @nrwl/node from 15.9.2 to 15.9.7

Commits

• See full diff in compare view

Updates @cypress/request from 2.88.12 to 3.0.1

Release notes

Sourced from @​cypress/request's releases.

v3.0.1

3.0.1 (2023-09-06)

Bug Fixes

• deps: peg qs to 6.10.4 (fb9f625)

v3.0.0

3.0.0 (2023-08-08)

Features

• Add allowInsecureRedirect option (c5bcf21)

BREAKING CHANGES

• The allowInsecureRedirect is false by default, which may cause issues if your usage relies on insecure redirects. For the former behavior, you can opt in to insecure redirects by setting the option to true, but it is not recommended.

Co-authored-by: Szymon Drosdzol szymon@doyensec.com

Changelog

Sourced from @​cypress/request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

v2.81.0 (2017/03/09)

• #2584 Security issue: Upgrade qs to version 6.4.0 (@​sergejmueller)
• #2578 safe-buffer doesn't zero-fill by default, its just a polyfill. (#2578) (@​mikeal)
• #2566 Timings: Tracks 'lookup', adds 'wait' time, fixes connection re-use (#2566) (@​nicjansma)
• #2574 Migrating to safe-buffer for improved security. (@​mikeal)
• #2573 fixes #2572 (@​ahmadnassri)

v2.80.0 (2017/03/04)

... (truncated)

Commits

• ca62f3a Merge pull request #44 from MikeMcC399/peg/qs
• fb9f625 fix(deps): peg qs to 6.10.4
• 99338c8 chore: updates related to release process (#41)
• c5bcf21 feat: Add allowInsecureRedirect option
• See full diff in compare view

Updates cypress from 8.7.0 to 13.8.1

Release notes

Sourced from cypress's releases.

v13.8.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-1

v13.8.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-0

v13.7.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-3

v13.7.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-2

v13.7.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-1

v13.7.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-0

v13.6.6

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-6

v13.6.5

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-5

v13.6.4

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-4

v13.6.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-3

v13.6.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-2

v13.6.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-1

v13.6.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-0

v13.5.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-5-1

v.13.5.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-5-0

v13.4.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-4-0

v13.3.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-3-3

... (truncated)

Commits

• 52347d6 chore: release 13.8.1 (#29390)
• 867a973 perf: support activated service worker that is not handling requests (#29349)
• b188ad3 chore: standardize having authors removed from package.json (#29380)
• 45cff01 misc: ensure 'its' function type excludes null and undefined (#28872) (#28904)
• 8db1b23 chore(deps): update dependency filesize to v10 (#29379)
• c5fa260 fix: added validation for timeout for query operations (#29327)
• 05ff7df chore: Update v8 snapshot cache (#29382)
• 4e7e3a2 fix: websocket closed (tentative) (#29347)
• 734968a chore: Add experimentalMemoryManagement flag to our cy-in-cy App tests (#29359)
• e23460c dependency: update dependency zod to ^3.22.5 (#29367)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by atofstryker, a new releaser for cypress since your current version.

Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates @nestjs/core from 9.0.5 to 10.3.8

Release notes

Sourced ... _Description has been truncated_

[dependabot[bot]]

Superseded by #21.