Open dependabot[bot] opened 2 months ago
Bumps body-parser to 1.20.3 and updates ancestor dependencies body-parser, express, @nestjs/core, @nestjs/microservices, @nestjs/platform-express, @nestjs/swagger and @nestjs/testing. These dependencies need to be updated together.
Updates body-parser from 1.20.2 to 1.20.3
body-parser
Sourced from body-parser's releases.
1.20.3 What's Changed Important deps: qs@6.13.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation Other changes chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522 ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523 fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527 deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521 Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531 Linter by @UlisesGascon in expressjs/body-parser#534 Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535 New Contributors @inigomarquinez made their first contribution in expressjs/body-parser#522 @melikhov-dev made their first contribution in expressjs/body-parser#521 @bjohansebas made their first contribution in expressjs/body-parser#531 @UlisesGascon made their first contribution in expressjs/body-parser#534 Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
depth
32
Infinity
@inigomarquinez
@wesleytodd
@melikhov-dev
@bjohansebas
@UlisesGascon
Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
Sourced from body-parser's changelog.
1.20.3 / 2024-09-10 deps: qs@6.13.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
1752951
39744cf
b2695c4
ade0f3f
99a1bd6
9478591
83db46a
9d4e212
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates express from 4.18.2 to 4.21.0
express
Sourced from express's releases.
4.21.0 What's Changed Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935 finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954 fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951 Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946 New Contributors @agadzinski93 made their first contribution in expressjs/express#5946 Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0 4.20.0 What's Changed Important IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity) Remove link renderization in html while using res.redirect Other Changes 4.19.2 Staging by @wesleytodd in expressjs/express#5561 remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562 feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565 Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564 Add a Threat Model by @UlisesGascon in expressjs/express#5526 Assign captain of encodeurl by @blakeembrey in expressjs/express#5579 Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587 docs: update Security.md by @inigomarquinez in expressjs/express#5590 docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600 Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433 docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605 deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569 skip QUERY method test by @jonchurch in expressjs/express#5628 ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639 add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627 doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619 List and sort all projects, add captains by @blakeembrey in expressjs/express#5653 docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666 ✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690 [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672 skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695 📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683 remove minor version pinning from ci by @jonchurch in expressjs/express#5722 Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762 Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599 Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436 update scorecard link by @bjohansebas in expressjs/express#5814 Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836 deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603
"back"
@blakeembrey
@agadzinski93
Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
res.redirect
@marco-ippolito
@jonchurch
http-errors
expressjs.com
morgan
cors
@mertcanaltin
@ctcpip
res.clearCookie
options.maxAge
options.expires
@IamLizu
... (truncated)
Sourced from express's changelog.
4.21.0 / 2024-09-11 Deprecate res.location("back") and res.redirect("back") magic string deps: serve-static@1.16.2 includes send@0.19.0 deps: finalhandler@1.3.1 deps: qs@6.13.0 4.20.0 / 2024-09-10 deps: serve-static@0.16.0 Remove link renderization in html while redirecting deps: send@0.19.0 Remove link renderization in html while redirecting deps: body-parser@0.6.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity) Remove link renderization in html while using res.redirect deps: path-to-regexp@0.1.10 Adds support for named matching groups in the routes using a regex Adds backtracking protection to parameters without regexes defined deps: encodeurl@~2.0.0 Removes encoding of \, |, and ^ to align better with URL spec Deprecate passing options.maxAge and options.expires to res.clearCookie Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie 4.19.2 / 2024-03-25 Improved fix for open redirect allow list bypass 4.19.1 / 2024-03-20 Allow passing non-strings to res.location with new encoding handling checks 4.19.0 / 2024-03-20 Prevent open redirect allow list bypass due to encodeurl deps: cookie@0.6.0 4.18.3 / 2024-02-29 Fix routing requests without method deps: body-parser@1.20.2 Fix strict json error message on Node.js 19+ deps: content-type@~1.0.5
res.location("back")
res.redirect("back")
\
|
^
7e562c6
1bcde96
7d36477
40d2d8f
77ada90
21df421
4c9ddc1
9ebe5d5
ec4a01b
54271f6
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates @nestjs/core from 9.4.0 to 10.4.2
@nestjs/core
Sourced from @nestjs/core's releases.
@nestjs/core
v10.4.2 (2024-09-16) Dependencies common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@dependabot[bot]) platform-fastify #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@dependabot[bot]) Other #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@dependabot[bot]) #13946 chore(deps): bump webpack and @nestjs/cli in /sample/02-gateways (@dependabot[bot]) #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@dependabot[bot]) #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot]) #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@dependabot[bot]) #13968 chore(deps-dev): bump @commitlint/cli from 19.4.0 to 19.5.0 (@dependabot[bot]) #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@dependabot[bot]) #13973 chore(deps-dev): bump @types/node from 22.5.1 to 22.5.5 (@dependabot[bot]) #13922 chore(deps): bump @apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot]) #13921 chore(deps): bump @apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot]) #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@dependabot[bot]) #13928 chore(deps-dev): bump @types/node from 22.5.0 to 22.5.1 (@dependabot[bot]) #13929 chore(deps-dev): bump @commitlint/config-angular from 19.3.0 to 19.4.1 (@dependabot[bot]) #13893 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@dependabot[bot]) #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@dependabot[bot]) #13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@dependabot[bot]) #13901 chore(deps-dev): bump @types/node from 22.3.0 to 22.5.0 (@dependabot[bot]) #13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@dependabot[bot]) #13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@dependabot[bot]) #13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@dependabot[bot]) #13890 chore(deps-dev): bump @types/node from 22.2.0 to 22.3.0 (@dependabot[bot]) Committers: 3 Kamil Mysliwiec (@kamilmysliwiec) Micael Levi L. Cavalcante (@micalevisk) @haouvw v10.3.10 (2024-07-01) Bug fixes core #13712 fix(core): when using forward references on exports array (@micalevisk) Enhancements platform-fastify #13734 feat(fastify-adapter): support for skipping middie registration (@ancyrweb) Dependencies Other #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@dependabot[bot]) #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@dependabot[bot]) #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@dependabot[bot])
common
core
microservices
platform-express
platform-fastify
platform-socket.io
platform-ws
testing
websockets
@dependabot[bot]
@nestjs/cli
@commitlint/cli
@types/node
@apollo/gateway
@apollo/query-planner
@commitlint/config-angular
@typescript-eslint/eslint-plugin
@kamilmysliwiec
@micalevisk
@haouvw
exports
@ancyrweb
696b441
@nestjs
fff4b96
e0d2ba6
8b4af57
67f32e8
6f624d1
5bcd024
821b080
b59d5ac
284f437
Updates @nestjs/microservices from 9.4.0 to 10.4.2
@nestjs/microservices
Sourced from @nestjs/microservices's releases.
@nestjs/microservices
0c84c7e
1b8e328
ccfa23e
Updates @nestjs/platform-express from 9.4.0 to 10.4.2
@nestjs/platform-express
Sourced from @nestjs/platform-express's releases.
@nestjs/platform-express
99d31e3
013dbd3
Updates @nestjs/swagger from 6.3.0 to 7.4.1
@nestjs/swagger
Sourced from @nestjs/swagger's releases.
@nestjs/swagger
Release 7.4.1 Merge pull request #3071 from nestjs/renovate/npm-path-to-regexp-vulnerability (057e560) chore(deps): update dependency @types/jest to v29.5.13 (7721ad5) chore(deps): update dependency husky to v9.1.6 (ba963e1) fix(deps): update dependency path-to-regexp to v3.3.0 [security] (0c1e756) chore(deps): update commitlint monorepo to v19.5.0 (4e13bb0) chore(deps): update dependency express to v4.20.0 (df76aa1) chore(deps): update typescript-eslint monorepo to v8.5.0 (f5f1b02) chore(deps): update dependency @types/node to v20.16.5 (d1a3da6) chore(deps): update dependency @types/node to v20.16.4 (f7098ce) chore(deps): update dependency eslint-plugin-import to v2.30.0 (bdbbeb9) chore(deps): update typescript-eslint monorepo to v8.4.0 (e3976b5) chore(deps): update dependency lint-staged to v15.2.10 (2ef9f9e) chore(deps): update dependency @types/node to v20.16.3 (526801f) chore(deps): update commitlint monorepo to v19.4.1 (375e3ac) chore(deps): update dependency @types/node to v20.16.2 (7f0b3a9) chore(deps): update typescript-eslint monorepo to v8.3.0 (84cfcd2) chore(deps): update dependency ts-jest to v29.2.5 (1374005) chore(deps): update dependency husky to v9.1.5 (39a5a15) chore(deps): update typescript-eslint monorepo to v8.2.0 (c3f98b2) chore(deps): update dependency @types/node to v20.16.1 (ca5f7a5) chore(deps): update dependency @types/node to v20.16.0 (5d4436f) chore(deps): update dependency @types/node to v20.15.0 (986351f) chore(deps): update nest monorepo to v10.4.1 (2e11b2d) chore(deps): update dependency lint-staged to v15.2.9 (2e4b4dd) chore(deps): update typescript-eslint monorepo to v8.1.0 (f499e54) chore(deps): update nest monorepo to v10.4.0 (15ad2b6) chore(deps): update dependency @types/node to v20.14.15 (ea25697) chore(deps): update dependency @commitlint/cli to v19.4.0 (51d7f50) chore(deps): update typescript-eslint monorepo to v8.0.1 (341918a) chore(deps): update dependency lint-staged to v15.2.8 (02e0341) chore(deps): update dependency @types/node to v20.14.14 (9cb4742) chore(deps): update dependency ts-jest to v29.2.4 (ab74629) chore(deps): update typescript-eslint monorepo to v8 (c5964c0) chore(deps): update typescript-eslint monorepo to v7.18.0 (13f99fe) chore(deps): update dependency husky to v9.1.4 (6715367) chore(deps): update dependency @types/node to v20.14.13 (b122574) chore(deps): update dependency husky to v9.1.3 (68b9814) chore(deps): update dependency husky to v9.1.2 (6f83cd0) chore(deps): update dependency @types/node to v20.14.12 (8323c3b) chore(deps): update typescript-eslint monorepo to v7.17.0 (5f40531) chore(deps): update dependency ts-jest to v29.2.3 (def2f77) chore(deps): update dependency husky to v9.1.1 (7c175bb) chore(deps): update dependency husky to v9.1.0 (0637912) chore(deps): update dependency @types/node to v20.14.11 (28424c9) chore(deps): update dependency @types/lodash to v4.17.7 (976d5c5) chore(deps): update typescript-eslint monorepo to v7.16.1 (29f59e9) chore(deps): update dependency release-it to v17.6.0 (f42c75f) chore(deps): update dependency ts-jest to v29.2.2 (05db366) chore(deps): update dependency ts-jest to v29.2.1 (b4e4f91)
@types/jest
@types/lodash
14f6521
057e560
7721ad5
ba963e1
0c1e756
4e13bb0
df76aa1
f5f1b02
d1a3da6
f7098ce
Updates @nestjs/testing from 9.4.0 to 10.4.2
@nestjs/testing
Sourced from @nestjs/testing's releases.
@nestjs/testing
fcd2c58
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
@dependabot rebase
[//]: # (dependabot-au...
Description has been truncated
Bumps body-parser to 1.20.3 and updates ancestor dependencies body-parser, express, @nestjs/core, @nestjs/microservices, @nestjs/platform-express, @nestjs/swagger and @nestjs/testing. These dependencies need to be updated together.
Updates
body-parserfrom 1.20.2 to 1.20.3Release notes
Sourced from body-parser's releases.
Changelog
Sourced from body-parser's changelog.
Commits
17529511.20.339744cfchore: linter (#534)b2695c4Merge commit from forkade0f3fadd scorecard to readme (#531)99a1bd6deps: qs@6.12.3 (#521)9478591fix: pin to node@22.4.183db46aci: fix errors in ci github action for node 8 and 9 (#523)9d4e212chore: add support for OSSF scorecard reporting (#522)Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates
expressfrom 4.18.2 to 4.21.0Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
7e562c64.21.01bcde96fix(deps): qs@6.13.0 (#5946)7d36477fix(deps): serve-static@1.16.2 (#5951)40d2d8ffix(deps): finalhandler@1.3.177ada90Deprecate"back"magic string in redirects (#5935)21df4214.20.04c9ddc1feat: upgrade to serve-static@0.16.09ebe5d5feat: upgrade to send@0.19.0 (#5928)ec4a01bfeat: upgrade to body-parser@1.20.3 (#5926)54271f6fix: don't render redirect values in anchor hrefMaintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
@nestjs/corefrom 9.4.0 to 10.4.2Release notes
Sourced from
@nestjs/core's releases.... (truncated)
Commits
696b441chore(@nestjs) publish v10.4.2 releasefff4b96chore(deps): bump tslib from 2.6.3 to 2.7.0e0d2ba6chore(core,express,fastify): fix deps with security issues8b4af57chore: fix some comments67f32e8chore(@nestjs) publish v10.4.1 release6f624d1chore: update readme5bcd024chore(@nestjs) publish v10.4.0 release821b080fix(core): unhandled promise rejection in interceptors consumerb59d5acchore(@nestjs) publish v10.3.10 release284f437docs: update readmeUpdates
@nestjs/microservicesfrom 9.4.0 to 10.4.2Release notes
Sourced from
@nestjs/microservices's releases.... (truncated)
Commits
696b441chore(@nestjs) publish v10.4.2 releasefff4b96chore(deps): bump tslib from 2.6.3 to 2.7.067f32e8chore(@nestjs) publish v10.4.1 release6f624d1chore: update readme0c84c7etest: update client unit tests, add cleanup1b8e328fix(microservices): hold nats client connection promise ref #138805bcd024chore(@nestjs) publish v10.4.0 releaseccfa23eMerge pull request #13731 from JadenKim-dev/grpc-package-nameb59d5acchore(@nestjs) publish v10.3.10 release284f437docs: update readmeUpdates
@nestjs/platform-expressfrom 9.4.0 to 10.4.2Release notes
Sourced from
@nestjs/platform-express's releases.... (truncated)
Commits
696b441chore(@nestjs) publish v10.4.2 releasefff4b96chore(deps): bump tslib from 2.6.3 to 2.7.0e0d2ba6chore(core,express,fastify): fix deps with security issues67f32e8chore(@nestjs) publish v10.4.1 release6f624d1chore: update readme5bcd024chore(@nestjs) publish v10.4.0 releaseb59d5acchore(@nestjs) publish v10.3.10 release284f437docs: update readme99d31e3chore(deps): bump tslib from 2.6.2 to 2.6.3013dbd3chore: update readmesUpdates
@nestjs/swaggerfrom 6.3.0 to 7.4.1Release notes
Sourced from
@nestjs/swagger's releases.... (truncated)
Commits
14f6521chore(): release v7.4.1057e560Merge pull request #3071 from nestjs/renovate/npm-path-to-regexp-vulnerability7721ad5chore(deps): update dependency@types/jestto v29.5.13ba963e1chore(deps): update dependency husky to v9.1.60c1e756fix(deps): update dependency path-to-regexp to v3.3.0 [security]4e13bb0chore(deps): update commitlint monorepo to v19.5.0df76aa1chore(deps): update dependency express to v4.20.0f5f1b02chore(deps): update typescript-eslint monorepo to v8.5.0d1a3da6chore(deps): update dependency@types/nodeto v20.16.5f7098cechore(deps): update dependency@types/nodeto v20.16.4Updates
@nestjs/testingfrom 9.4.0 to 10.4.2Release notes
Sourced from
@nestjs/testing's releases.... (truncated)
Commits
696b441chore(@nestjs) publish v10.4.2 releasefff4b96chore(deps): bump tslib from 2.6.3 to 2.7.067f32e8chore(@nestjs) publish v10.4.1 release6f624d1chore: update readme5bcd024chore(@nestjs) publish v10.4.0 releaseb59d5acchore(@nestjs) publish v10.3.10 release284f437docs: update readme99d31e3chore(deps): bump tslib from 2.6.2 to 2.6.3013dbd3chore: update readmesfcd2c58chore(@nestjs) publish v10.3.9 releaseDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.[//]: # (dependabot-au...
Description has been truncated