build(deps): bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
dustjs-linkedin	2.5.0	3.0.0
express	4.12.4	4.19.2
express-fileupload	0.0.5	1.4.0
jquery	2.2.4	3.5.0
lodash	4.17.4	4.17.21
ms	0.7.3	2.0.0
typeorm	0.2.25	0.3.0
snyk	1.278.1	1.1064.0
qs	6.5.2	6.11.0
body-parser	1.9.0	1.20.2
handlebars	4.0.11	4.7.7
hbs	4.0.4	4.2.0
minimist	0.0.8	1.2.8
tap	11.1.5	18.7.1

Updates dustjs-linkedin from 2.5.0 to 3.0.0

Release notes

Sourced from dustjs-linkedin's releases.

v3.0.0

What's Changed

• Bump deps by @​sethkinast in linkedin/dustjs#734
• Prioritize resolution of .then by @​brianmhunt in linkedin/dustjs#736
• Don't use instanceof to determine if a Context is a Context by @​sethkinast in linkedin/dustjs#744
• place location provided by peg 0.9 onto the AST by @​jimmyhchan in linkedin/dustjs#706
• {?exists} and {^exists} now supports values from a promise by @​samuelms1 in linkedin/dustjs#753
• Decrease security vulnerabilities by upgrading cli dependency (#754 #748) by @​danactive in linkedin/dustjs#756
• fix: Security bug about prototype pollution by @​sumeetkakkar in linkedin/dustjs#805

New Contributors

• @​brianmhunt made their first contribution in linkedin/dustjs#736
• @​samuelms1 made their first contribution in linkedin/dustjs#753
• @​danactive made their first contribution in linkedin/dustjs#756
• @​sumeetkakkar made their first contribution in linkedin/dustjs#805

Full Changelog: https://github.com/linkedin/dustjs/compare/v2.7.2...v3.0.0

v2.7.2

Notable Changes

Filters

Dust filter functions previously took one argument, the string to filter. They now accept a second argument, which is the current context.

Helpers

Dust helpers can now return primitives.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@return value="" filters="|s" /} 
{@return value=""}{.} World{/return}

v2.7.1

Notable Changes

dust.config.cache

In previous versions, setting dust.config.cache to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used. Setting it back to true means that previously-cached templates will be ready to use.

dust.onLoad

We have added a callback(null, compiledTemplate) signature to dust.onLoad.

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

You can still call the callback with uncompiled template source and Dust will compile and store it, while respecting your dust.config.cache setting.

... (truncated)

Changelog

Sourced from dustjs-linkedin's changelog.

v3.0.0 (2021/10/20 22:56 +00:00)

• #805 fix: Security bug about prototype pollution (@​sumeetkakkar)

list (2016/12/08 20:15 +00:00)

• #756 Decrease security vulnerabilities by upgrading cli dependency (#754 #748) (@​danactive)
• #753 {?exists} and {^exists} resolve Promises and check if the result exists (#753) (@​samuelms1)

v2.7.4 (2016/09/13 02:52 +00:00)

• #744 Don't use instanceof to determine if a Context is a Context. Instead use a flag on the instance itself so it can survive object merges. (@​sethkinast)

v2.6.3 (2016/07/26 18:03 +00:00)

• #736 Prioritize resolution of .then (@​brianmhunt)
• #735 Prioritize .then on thenable functios (#735) (@​brianmhunt)
• #734 Bump deps (@​sethkinast)
• #703 Upgrade to peg.js 0.9 (@​sethkinast)
• #705 When rendering with a Context object, use the templateName provided by the template (@​sethkinast)
• #701 Fix stacktrace logging for IE8 (@​sethkinast)
• #700 At DEBUG loglevel, log the full stack trace on errors (@​r1b)
• #690 Update deps (@​sethkinast)
• #689 Make the AMD loader pass the template directly rather than communicating via the cache (@​aredridel)

v2.7.2 (2015/06/08 20:41 +00:00)

• #673 Pass the current context to filters (@​sethkinast)
• #676 If a Promise is resolved with an array, iterate over it instead of rendering the whole array at once.

Closes #674 (@​sethkinast)

• #647 Allow helpers to return primitives

Previously returning a primitive would crash rendering with no way to recover. You can still return a Chunk and do more complex work if you need to.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@​return value="" filters="|s" /} {@​return value=""}{.} World{/return}

Closes #645 (@​sethkinast)

• #664 Be slightly pickier about what Dust thinks a Stream is.

Closes #663 (@​sethkinast)

• #661 Add saucelabs integration (@​sethkinast)
• #658 Refactor testing frameworks

Closes #649 Closes #602 Closes #642 (@​sethkinast)

• #660 Grammar: s/char/character/ to avoid using a reserved name

Closes #659 (@​sethkinast)

v2.7.1 (2015/04/30 20:32 +00:00)

• #655 Update CommonJS example to make use of new onLoad behavior (@​sethkinast)
• #653 Fix array iteration when context is undefined (@​sethkinast)
• #641 Add a cb(null, compiledTemplate) signature to dust.onLoad

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

dust.cache behavior has been changed slightly. Before, setting it to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used, but if it's set to true again previously-cached templates will be ready to use. (@​sethkinast)

• #650 Pin jasmine@2.2.x for grunt-jasmine-nodejs (@​sethkinast)
• #646 Update AMD and CommonJS examples (@​sethkinast)
• #637 CommonJS example (@​sethkinast)
• #638 Preserve compiler backwards compatibility with pre-2.7 versions (@​sethkinast)
• #639 Fix failing test on Windows (@​sethkinast)

v2.7.0 (2015/04/17 23:23 +00:00)

• #636 Fix failing tests in IE8 (@​sethkinast)
• #633 Drop Node 0.8 (@​sethkinast)
• #635 Resolve dynamic partial names via original context (@​sethkinast)
• #631 Try to avoid creating Stacks with no content when possible (@​sethkinast)
• #613 Refactor template compilation

• dust.render and dust.stream now accept a compiled template function in addition to a template name.
• dust.compile no longer requires a template name, and will compile an anonymous template without one (so --name is no longer required for dustc either)
• dust.load is removed from the public API
• dust.renderSource is moved to the compiler, so it's only included in dust-full now (Fixes #412)
• dust.compileFn is moved to the compiler, so it's only included in dust-full now
• add dust.isTemplateFn
• add dust.config.cache = true, set to false to disable caching and load templates again every time (Fixes #451)
• add dust.config.cjs = false, set to true to compile templates as CommonJS modules
• add --cjs flag to dustc
• Move a bunch of exposed compiler stuff under dust.compiler (but leave it exposed until 2.8) (@​sethkinast)

• #624 dustc always creates templates with forward slashes (@​sethkinast)
• #617 Add chunk.stream to allow streamables in context (@​sethkinast)
• #610 clean up PEG grammar a little bit (@​sethkinast)
• #622 Fix behavior of Context#resolve when resolving a context function that returns a Chunk (@​sethkinast)

... (truncated)

Commits

• 2e8795c Release v3.0.0
• 6f98371 merge from 2.7
• db6d8b9 Merge pull request #805 from sumeetkakkar/fix/proto-pollution
• ddb6523 fix for prototype pollution vulnerability
• 822222e Release v2.7.5
• d0f955d Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
• e0e25f7 Merge pull request #756 from danactive/master
• eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
• d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (#753)
• 9a08207 Release v2.7.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by krakenjs, a new releaser for dustjs-linkedin since your current version.

Updates express from 4.12.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates express-fileupload from 0.0.5 to 1.4.0

Release notes

Sourced from express-fileupload's releases.

v1.4.0

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in richardgirges/express-fileupload#310
• Upgrade busboy version by @​duterte in richardgirges/express-fileupload#315

New Contributors

• @​dependabot made their first contribution in richardgirges/express-fileupload#310
• @​duterte made their first contribution in richardgirges/express-fileupload#315

Full Changelog: https://github.com/richardgirges/express-fileupload/compare/v1.3.1...v1.4.0

1.3.1

Updates

• Have promiseCallback make callbacks and promises behave the same (#302)
• Fix prototype pollution in utilities.js (#301)
• Switch to CircleCI (ddf553060a1041c1f36a696b1ae8b52d24083140)
• End support for Node versions < 12 (ab3d252a28c8eb1c003528fecc5e1ef38f8954c3)

1.2.1

Updates:

• (Fix) Stopped additional responses from being sent if a limit handler exists (#264)
• Unhandled promise rejection warning (#257)
• Changed example (#255)
• Passing a Buffer body will pollute req.body when used along with processNested (#291)

1.2.0

Bug Fixes

#241 Cleanup temporary files - @​nusu

1.1.10

Updates:

Additional prototype-pollution security fix when using processNested (#239)

1.1.9

Updates:

Second prototype pollution security vulnerability fix when using processNested (#236)

1.1.8

Updates:

Fixed prototype pollution security vulnerability when using processNested (#236)

1.1.7-alpha.4

Updates:

• Updated README.md thanks to @​tycrek , @​eartharoid, @​Code42Cate
• Some code refactoring to make it lighter and more readable.
• Updated dependencies.

Fixes:

• Fix empty file issue(#226)
• Fix temp file write timing issue(#184). Thanks to @​somewind

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by richardgirges, a new releaser for express-fileupload since your current version.

Updates jquery from 2.2.4 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates ms from 0.7.3 to 2.0.0

Release notes

Sourced from ms's releases.

2.0.0

Major Changes

• Limit str to 100 to avoid ReDoS of 0.3s: #89

Patches

• Ignored logs coming from npm: b1eaab752203e978492a4d540a7ae1d26e6306b1
• Bumped dependencies to the latest version: bcf57157678fd5afc691383145a35e116f9704d0
• Invalidated cache for slack badge: 94b995c1d6d5d13ec976a0c6849a3cca9b277e6b

Credits

Huge thanks to @​karenyavine for their help!

1.0.0

Major Changes

• Removed component specification: 1fbbe974cdcad96e592dcb65a7b2a8649f690420

Patches

• Test on LTS version of Node: c9b1fd319f0f9198d85ecf4ba83e46cc1216be04
• Removed XO: 94068ea6d518387670df277f740b1abada80ed48
• Use prettier and eslint: 57b3ef8e3423cae6254f94c5564a11b4492cff43
• Badge for XO removed: 389840b329436117741b2ef13a172725082695b9
• Removed browser testing: e818c3581aca3119c00d81901bfe8fe653bcfda4
• More suitable name for file containing tests: ee91f307a8dc3581ebdad614ec0533ddb3d8bf56

Commits

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s (#89)
• b83b36d chore(package): update eslint to version 3.19.0 (#88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 (#86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• Additional commits viewable in compare view

Updates typeorm from 0.2.25 to 0.3.0

Release notes

Sourced from typeorm's releases.

0.3.0

Changes in the version includes changes from the next branch and typeorm@next version. They were pending their migration from 2018. Finally, they are in the master branch and master version.

Features

• compilation target now is es2020. This requires Node.JS version 14+

• TypeORM now properly works when installed within different node_modules contexts (often happen if TypeORM is a dependency of another library or TypeORM is heavily used in monorepo projects)

• Connection was renamed to DataSource. Old Connection is still there, but now it's deprecated. It will be completely removed in next version. New API:

export const dataSource = new DataSource({
    // ... options ...
})
// load entities, establish db connection, sync schema, etc.
await dataSource.connect()

Previously, you could use new Connection(), createConnection(), getConnectionManager().create(), etc. They all deprecated in favour of new syntax you can see above.

New way gives you more flexibility and simplicity in usage.

• new custom repositories syntax:

export const UserRepository = myDataSource.getRepository(UserEntity).extend({
    findUsersWithPhotos() {
        return this.find({
            relations: {
                photos: true
            }
        })
    }
})

Old ways of custom repository creation were dropped.

• added new option on relation load strategy called relationLoadStrategy. Relation load strategy is used on entity load and determines how relations must be loaded when you query entities and their relations from the database. Used on find* methods and QueryBuilder. Value can be set to join or query.

  • join - loads relations using SQL JOIN expression

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.0 (2022-03-17)

Changes in the version includes changes from the next branch and typeorm@next version. They were pending their migration from 2018. Finally, they are in the master branch and master version.

Features

• compilation target now is es2020. This requires Node.JS version 14+

• TypeORM now properly works when installed within different node_modules contexts (often happen if TypeORM is a dependency of another library or TypeORM is heavily used in monorepo projects)

• Connection was renamed to DataSource. Old Connection is still there, but now it's deprecated. It will be completely removed in next version. New API:

export const dataSource = new DataSource({
    // ... options ...
})
// load entities, establish db connection, sync schema, etc.
await dataSource.connect()

Previously, you could use new Connection(), createConnection(), getConnectionManager().create(), etc. They all deprecated in favour of new syntax you can see above.

New way gives you more flexibility and simplicity in usage.

• new custom repositories syntax:

export const UserRepository = myDataSource.getRepository(UserEntity).extend({
    findUsersWithPhotos() {
        return this.find({
            relations: {
                photos: true,
            },
        })
    },
})

Old ways of custom repository creation were dropped.

• added new option on relation load strategy called relationLoadStrategy. Relation load strategy is used on entity load and determines how relations must be loaded when you query entities and their relations from the database. Used on find* methods and QueryBuilder. Value can be set to join or query.

... (truncated)

Commits

• 941b584 version bump
• 3b8a031 0.3.0 (#8616)
• 5608956 refactor: remove spaces for consistency (#8751)
• 486f8c5 version bump
• 0fc093d fix: discard duplicated columns on update (#8724)
• f3cfdd2 fix: allow clearing database inside a transaction (#8712)
• 96ac8f7 feat: add transformer to ViewColumnOptions (#8717)
• 32549fe refactor: DefaultNamingStrategy#getTableName should be protected, not private...
• 411fa54 fix: force web bundlers to ignore index.mjs and use the browser ESM version d...
• 10f46d9 fixing failing test
• Additional commits viewable in compare view

Updates snyk from 1.278.1 to 1.1064.0

Commits

• bd96e74 Merge pull request #4221 from snyk/fix/quote-args
• 80d97a9 fix: escape child process arguments
• c028b50 Merge pull request #4216 from snyk/feat/unmanaged-deps-severity-threshold
• cc329fd feat: support sev.threshold for unm.-deps
• 3daf5c7 Merge pull request #4214 from snyk/feat/base64-default
• 2df2037 Merge pull request #4219 from snyk/fix/gradle-use-lenient-config
• afc1ccb fix: use lenient config in gradle plugin
• 85bb57f Merge pull request #4215 from snyk/feat/upgrade-policy-engine-v0.12.2
• ef864be feat: upgrade snyk-iac-test to v0.37.0
• 369fe11 feat: base64 default for sast analysis
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by snyk-admin, a new releaser for snyk since your current version.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates xml2js from 0.4.19 to 0.4.23

Commits

• See full diff in compare view

Updates qs from 6.5.2 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
• [readme] fix version badge

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#399)
• Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits

• 56763c1 v6.11.0