Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
axios	0.21.2	1.7.7
start-server-and-test	1.14.0	2.0.7
express	4.18.2	4.19.2
webpack-dev-middleware	3.7.3	5.3.4
@babel/traverse	7.17.3	7.25.6
@cypress/request	2.88.11	3.0.5
cypress	12.17.1	13.14.2
braces	3.0.2	3.0.3
webpack	4.46.0	5.94.0
webpack-cli	3.3.12	5.1.4
d3-color	1.0.3	3.1.0
@visx/scale	1.14.0	3.5.0
d3	4.13.0	7.9.0
minimist	1.1.3	1.2.8
sass-lint	1.12.1	1.13.0

Updates axios from 0.21.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates start-server-and-test from 1.14.0 to 2.0.7

Release notes

Sourced from start-server-and-test's releases.

v2.0.7

2.0.7 (2024-09-09)

Bug Fixes

• deps: update dependency wait-on to v8 (#386) (d814a72)

v2.0.6

2.0.6 (2024-09-08)

Bug Fixes

• deps: update dependency debug to v4.3.7 (78c6f53)

v2.0.5

2.0.5 (2024-07-29)

Bug Fixes

• deps: update dependency debug to v4.3.6 (8ebb70b)

v2.0.4

2.0.4 (2024-06-05)

Bug Fixes

• deps: update dependency debug to v4.3.5 (dd8a2d7)

v2.0.3

2.0.3 (2023-11-16)

Bug Fixes

• deps: update dependency wait-on to v7.2.0 (#374) (ad35c2e)

v2.0.2

2.0.2 (2023-11-05)

Bug Fixes

• deps: update dependency wait-on to v7.1.0 (efe7384)

v2.0.1

2.0.1 (2023-09-21)

... (truncated)

Commits

• d814a72 fix(deps): update dependency wait-on to v8 (#386)
• 78c6f53 fix(deps): update dependency debug to v4.3.7
• 8ebb70b fix(deps): update dependency debug to v4.3.6
• dd8a2d7 fix(deps): update dependency debug to v4.3.5
• ad35c2e fix(deps): update dependency wait-on to v7.2.0 (#374)
• efe7384 fix(deps): update dependency wait-on to v7.1.0
• 2fc1f98 fix: bump minimum Node to v16, closes #351
• 2d1decf add note about localhost http (#372)
• 04b33b3 Fix: fix the interactive shell in the test process (#369)
• a9e395c feat: making the default host 127.0.0.1 (#359)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates webpack-dev-middleware from 3.7.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)
• compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

v5.3.0

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

v5.2.2

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

• internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• f3c62b8 chore(release): 5.3.3
• eeb8aa8 fix: types for Request and Response (#1271)
• 1a45388 chore(release): 5.3.2
• b8fb945 chore(deps): memfs force update (#1269)
• f88067d chore: update deps and ci (#1260)
• 7186318 chore(deps-dev): bump @​commitlint/cli
• 57c50ef ci: update checkout, setup-node, and codecov actions (#1267)
• 840146a chore(deps-dev): bump @​babel/preset-env
• Additional commits viewable in compare view

Updates @babel/traverse from 7.17.3 to 7.25.6

Release notes

Sourced from @​babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @​j4k0xb for your first PR!

:bug: Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

:house: Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​j4k0xb
• @​liuxingbaoyu

v7.25.5 (2024-08-23)

:bug: Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate sequence expression parentheses correctly (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

Committers: 2

• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.6 (2024-08-29)

:bug: Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

:house: Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

v7.25.5 (2024-08-23)

:bug: Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate parentheses correctly (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

v7.25.4 (2024-08-22)

:bug: Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

:nail_care: Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)

... (truncated)

Commits

• 2f72b97 v7.25.6
• faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
• 46ee612 Remove some NodePath methods (#16655)
• 2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
• cbf124c v7.25.4
• 2b289fb fix: skip computed key when renaming (#16756)
• 575863c Avoid unnecessary parens around sequence expressions (#16722)
• 5174ad1 Clean all always enabled parser plugins (#16572)
• 52718ab Discontinue babel-eslint-config-internal (#16718)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• Additional commits viewable in compare view

Updates @cypress/request from 2.88.11 to 3.0.5

Release notes

Sourced from @​cypress/request's releases.

v3.0.5

3.0.5 (2024-09-09)

Bug Fixes

• deps: update dependency form-data to v4 (6b90580)

v3.0.4

3.0.4 (2024-09-05)

Bug Fixes

• deps: update dependency form-data to ~2.5.0 (87b5e92)

v3.0.3

3.0.3 (2024-09-05)

Bug Fixes

• deps: update dependency qs to v6.13.0 (15e0900)

v3.0.2

3.0.2 (2024-09-05)

Bug Fixes

• deps: update dependency http-signature to ~1.4.0 (675d849)

v3.0.1

3.0.1 (2023-09-06)

Bug Fixes

• deps: peg qs to 6.10.4 (fb9f625)

v3.0.0

3.0.0 (2023-08-08)

Features

• Add allowInsecureRedirect option (c5bcf21)

BREAKING CHANGES

... (truncated)

Commits

• 6acc813 Merge pull request #69 from cypress-io/renovate/form-data-4.x
• 6b90580 fix(deps): update dependency form-data to v4
• 411a5f4 Merge pull request #67 from cypress-io/renovate/circleci-node-17.x
• 4cafea9 chore(deps): update node.js to v17
• d348a03 Merge pull request #53 from cypress-io/renovate/form-data-2.x
• 0d77178 Merge pull request #56 from cypress-io/renovate/qs-6.x
• e54f9e3 Merge pull request #58 from cypress-io/renovate/cimg-node-22.x
• cdcc481 chore(deps): update node.js to v22
• 15e0900 fix(deps): update dependency qs to v6.13.0
• fe3d630 Merge pull request #52 from cypress-io/renovate/cimg-node-18.x
• Additional commits viewable in compare view

Updates cypress from 12.17.1 to 13.14.2

Release notes

Sourced from cypress's releases.

v13.14.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-14-2

v13.14.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-14-1

v13.14.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-14-0

v13.13.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-3

v13.13.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-2

v13.13.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-1

v13.13.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-13-0

v13.12.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-12-0

v13.11.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-11-0

v13.10.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-10-0

v13.9.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-9-0

v13.8.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-1

v13.8.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-0

v13.7.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-3

v13.7.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-2

v13.7.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-1

v13.7.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-0

... (truncated)

Commits

• 12d8e0b chore: release 13.14.2 (#30182)
• 770a502 fix: revert HiDPI for Wayland users to resolve unknown issues with GLib-GIO-E...
• c1b95b5 chore(deps): update dependency mini-css-extract-plugin to v2.9.1 (#30151)
• bbe5328 fix: WebSocket Connection Closed crashing from BrowserCriClient (#30174)
• 57d7b63 chore: Update Chrome (stable) to 128.0.6613.119 (#30171)
• b83548a chore(deps): update dependency eslint-plugin-cypress to v3 (#30136)
• 1f5fcf6 chore: fix local node version mismatch issue with better sqlite3 (#30158)
• 195cdb1 chore(deps): remove deprecated @​types/strip-ansi (#30139)
• 6903db8 chore: Update Chrome (beta) to 129.0.6668.22 (#30149)
• b2a694f chore: sync changelog with what is on docs.cypress.io and fix broken relative...
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates webpack from 4.46.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public ... _Description has been truncated_