Bump the npm_and_yarn group across 1 directory with 6 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
express	4.18.2	4.19.2
@appium/base-driver	9.5.2	9.6.0
braces	3.0.2	3.0.3
ip	1.1.9	removed
pac-resolver	7.0.0	7.0.1
socks	2.7.1	2.8.3

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates @appium/base-driver from 9.5.2 to 9.6.0

Changelog

Sourced from @​appium/base-driver's changelog.

9.6.0 (2024-04-21)

Features

• base-driver: Add onDownload handler to the configureApp helper (#20015) (8cf3efd)

9.5.4 (2024-04-16)

Bug Fixes

• do not print deprecation errors for non-provided caps (#19986) (9f655f6)

9.5.3 (2024-04-08)

Bug Fixes

• base-driver: update dependency express to v4.18.3 (917084c)
• base-driver: update dependency express to v4.19.1 (a74132c)
• base-driver: update dependency express to v4.19.2 (7cb1621)
• base-driver: update dependency path-to-regexp to v6.2.2 (#19979) (b8368bb)
• docutils: update dependency typescript to v5.4.2 (#19876) (2448fa0)
• driver-test-support: update definitelytyped (4776574)
• support: update dependency axios to v1.6.8 (bd6ab81)

Commits

• 6344d14 chore: publish
• 77d2ef7 chore(bass-driver): Improve capability deprecation warning (#20019)
• 8cf3efd feat(base-driver): Add onDownload handler to the configureApp helper (#20015)
• 407706c chore: publish
• 9f655f6 fix: do not print deprecation errors for non-provided caps (#19986)
• d44e669 chore: publish
• b8368bb fix(base-driver): update dependency path-to-regexp to v6.2.2 (#19979)
• d5af68e chore(base-driver): Drop the obsolete es6-error import (#19974)
• 7cb1621 fix(base-driver): update dependency express to v4.19.2
• a74132c fix(base-driver): update dependency express to v4.19.1
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Removes ip

Updates pac-resolver from 7.0.0 to 7.0.1

Release notes

Sourced from pac-resolver's releases.

pac-resolver@7.0.1

Patch Changes

• a954da3: fix GHSA-78xj-cgh5-2h22 vulnerability

Changelog

Sourced from pac-resolver's changelog.

7.0.1

Patch Changes

• a954da3: fix GHSA-78xj-cgh5-2h22 vulnerability

Commits

• d4d3cd0 Version Packages (#271)
• a954da3 [pac-resolver] Remove ip dependency (#281)
• aaebfa4 Prettier
• 5923589 Moved licenses to separate files (#251)
• See full diff in compare view

Updates socks from 2.7.1 to 2.8.3

Release notes

Sourced from socks's releases.

2.8.3

No release notes provided.

2.8.2

No release notes provided.

2.8.1

Fixes issue with lock file in 2.7.3 and 2.8.0

2.7.3

Removed ip package dependency.

Commits

• a2a06d9 2.8.3
• 992b002 Fix bug with ipv6 conversion in ipToBuffer (#101)
• 99633ae v280 (#98)
• 89d8c07 Fix package lock for 2.7.x (#97)
• 66b7f73 remove ip package (#94)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/doc-detective/doc-detective-core/network/alerts).

[CLAassistant]

All committers have signed the CLA.

[dependabot[bot]]

Looks like these dependencies are no longer updatable, so this is no longer needed.

[hawkeyexl]

@dependabot recreate

[dependabot[bot]]

Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use @dependabot reopen if the branch has been deleted).

[hawkeyexl]

@dependabot reopen

[hawkeyexl]

@dependabot recreate

[dependabot[bot]]

Looks like these dependencies are no longer updatable, so this is no longer needed.