Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
ajv	6.10.2	6.12.6
braces	3.0.2	3.0.3
dot-prop	4.2.0	4.2.1
flat	4.1.0	5.0.2
mocha	6.2.0	10.4.0
follow-redirects	1.15.2	1.15.6
ini	1.3.5	1.3.8
y18n	3.2.1	3.2.2
yargs-parser	7.0.0	13.1.2
npm-check	5.9.0	5.9.2
minimist	0.0.8	1.2.7
mkdirp	0.5.1	0.5.6
pathval	1.1.0	1.1.1
qs	6.7.0	6.11.0
body-parser	1.19.0	1.20.2
socket.io-parser	4.2.1	4.2.4

Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates dot-prop from 4.2.0 to 4.2.1

Release notes

Sourced from dot-prop's releases.

v4.2.1

• Backport https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 to the v4.x release line.

Commits

• c914124 feat: patch 4.2.0 with fixes for CVE-2020-8116
• See full diff in compare view

Updates flat from 4.1.0 to 5.0.2

Commits

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Updates mocha from 6.2.0 to 10.4.0

Release notes

Sourced from mocha's releases.

v10.4.0

10.4.0 / 2024-03-26

:tada: Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

:bug: Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

:nut_and_bolt: Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

• Fix deprecated warn gh actions by @​outsideris in mochajs/mocha#4962
• fix #4837 Update glob due to vulnerability in dep by @​jb2311 in mochajs/mocha#4970
• Add Node v19 to test matrix by @​juergba in mochajs/mocha#4974
• chore: fix the ci by @​Uzlopak in mochajs/mocha#5020
• update can-i-use by @​Uzlopak in mochajs/mocha#5021
• chore: remove uuid dev dependency by @​Uzlopak in mochajs/mocha#5022
• chore: remove nanoid as dependency by @​Uzlopak in mochajs/mocha#5024
• chore: remove touch as dev dependency by @​Uzlopak in mochajs/mocha#5023
• chore: remove stale workflow by @​JoshuaKGoldberg in mochajs/mocha#5029
• docs: fix fragment ID for yargs' "extends" documentation by @​Spencer-Doak in mochajs/mocha#4918
• docs: use mocha.js instead of mocha in the example run by @​nikolas in mochajs/mocha#4927
• docs: fix jsdoc return type of titlePath method by @​F3n67u in mochajs/mocha#4886
• docs: overhaul contributing and maintenance docs for end-of-year 2023 by @​JoshuaKGoldberg in mochajs/mocha#5038
• docs: touchups to labels and a template title post-revamp by @​JoshuaKGoldberg in mochajs/mocha#5050
• fix: add alt text to Built with Netlify badge by @​JoshuaKGoldberg in mochajs/mocha#5068
• chore: inline nyan reporter's write function by @​JoshuaKGoldberg in mochajs/mocha#5056
• chore: remove unnecessary canvas dependency by @​JoshuaKGoldberg in mochajs/mocha#5069

... (truncated)

Changelog

Sourced from mocha's changelog.

10.4.0 / 2024-03-26

:tada: Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

:bug: Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

:nut_and_bolt: Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

:nut_and_bolt: Other

• #5069: chore: remove unnecessary canvas dependency (@​JoshuaKGoldberg)
• #5068: fix: add alt text to Built with Netlify badge (@​JoshuaKGoldberg)
• #5056: chore: inline nyan reporter's write function (@​JoshuaKGoldberg)
• #5050: docs: touchups to labels and a template title post-revamp (@​JoshuaKGoldberg)
• #5038: docs: overhaul contributing and maintenance docs for end-of-year 2023 (@​JoshuaKGoldberg)
• #5029: chore: remove stale workflow (@​JoshuaKGoldberg)
• #5024: chore: remove nanoid as dependency (@​Uzlopak)
• #5023: chore: remove touch as dev dependency (@​Uzlopak)
• #5022: chore: remove uuid dev dependency (@​Uzlopak)
• #5021: update can-i-use (@​Uzlopak)
• #5020: chore: fix the ci (@​Uzlopak)
• #4974: Add Node v19 to test matrix (@​juergba)

... (truncated)

Commits

• ffd9557 Release v10.4.0
• 7ac67f3 build(deps): bump the github-actions group with 2 updates (#5125)
• 7a2781c chore: activate dependabot for workflows (#5123)
• 97dcbb2 fix: harden error handling in lib/cli/run.js (#5074)
• 6f3f45e fix: xunit integration test (#5122)
• a5b5652 docs: fix documentation concerning glob expansion on UNIX (#4869)
• efbb147 feat: add file path to xunit reporter (#4985)
• a2e600d fix: closes #5115 (#5116)
• 3735873 feat: include .cause stacks in the error stack traces (#4829)
• b88978d chore: bump ESLint ecmaVersion to 2020 (#5104)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates yargs-parser from 7.0.0 to 13.1.2

Changelog

Sourced from yargs-parser's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

21.1.1 (2022-08-04)

Bug Fixes

• typescript: ignore .cts files during publish (#454) (d69f9c3), closes #452

21.1.0 (2022-08-03)

Features

• allow the browser build to be imported (#443) (a89259f)

Bug Fixes

• halt-at-non-option: prevent known args from being parsed when "unknown-options-as-args" is enabled (#438) (c474bc1)
• node version check now uses process.versions.node (#450) (d07bcdb)
• parse options ending with 3+ hyphens (#434) (4f1060b)

21.0.1 (2022-02-27)

Bug Fixes

• return deno env object (#432) (b00eb87)

21.0.0 (2021-11-15)

⚠ BREAKING CHANGES

• drops support for 10 (#421)

Bug Fixes

• esm json import (#416) (90f970a)
• parser should preserve inner quotes (#407) (ae11f49)

Code Refactoring

• drops support for 10 (#421) (3aaf878)

20.2.9 (2021-06-20)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates npm-check from 5.9.0 to 5.9.2

Commits

• f8ce810 5.9.2
• edc4a6d Downgrade depcheck to restore older Node.js support
• dcb8bbe 5.9.1
• c610aa8 Merge pull request #368 from omrilotan/2019-10-29-fix-vuln
• ce892a9 Update depcheck
• 4b633e2 Fix vulnerabilities
• f569c7d Merge pull request #326 from mansona/fixing-ci
• b713af5 adding later node versions to CI
• 76cefd6 fixing CI for Node 4
• f47c605 Merge pull request #321 from dyun8080/patch-1
• Additional commits viewable in compare view

Updates minimist from 0.0.8 to 1.2.7

Changelog

Sourced from minimist's changelog.

v1.2.7 - 2022-10-10

Commits

• [meta] add auto-changelog 0ebf4eb
• [actions] add reusable workflows e115b63
• [eslint] add eslint; rules to enable later are warnings f58745b
• [Dev Deps] switch from covert to nyc ab03356
• [readme] rename and add badges 236f4a0
• [meta] create FUNDING.yml; add funding in package.json 783a49b
• [meta] use npmignore to autogenerate an npmignore file f81ece6
• Only apps should have lockfiles 56cad44
• [Dev Deps] update covert, tape; remove unnecessary tap 49c5f9f
• [Tests] add aud in posttest 228ae93
• [meta] add safe-publish-latest 01fc23f
• [meta] update repo URLs 6b164c7

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

• security notice 4cf1354
• additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

• more failing proto pollution tests 13c01a5
• even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

• failing test for protocol pollution 0efed03
• cleanup 67d3722
• console.dir -> console.log 47acf72
• don't assign onto proto 63e7ed0

... (truncated)

Commits

• c590d75 v1.2.7
• 0ebf4eb [meta] add auto-changelog
• e115b63 [actions] add reusable workflows
• 01fc23f [meta] add safe-publish-latest
• f58745b [eslint] add eslint; rules to enable later are warnings
• 228ae93 [Tests] add aud in posttest
• 236f4a0 [readme] rename and add badges
• ab03356 [Dev Deps] switch from covert to nyc
• 49c5f9f [Dev Deps] update covert, tape; remove unnecessary tap
• 783a49b [meta] create FUNDING.yml; add funding in package.json
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

• 92f086d 0.5.6
• 2a28125 clean up tests
• c905d65 update minimist
• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster
• b2e7ba0 0.5.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates pathval from 1.1.0 to 1.1.1

Release notes

Sourced from pathval's releases.

v1.1.1

Fixes a security issue around prototype pollution.

Commits

• db6c3e3 chore: v1.1.1
• 7859e0e Merge pull request #60 from deleonio/fix/vulnerability-prototype-pollution
• 49ce1f4 style: correct rule in package.json
• c77b9d2 fix: prototype pollution vulnerability + working tests
• 49031e4 chore: remove very old nodejs
• 57730a9 chore: update deps and tool configuration
• a123018 Merge pull request #55 from chaijs/remove-lgtm
• 07eb4a8 Delete MAINTAINERS
• a0147cd Merge pull request #54 from astorije/patch-1
• aebb278 Center repo name on README
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by chai, a new releaser for pathval since your current version.

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
• [readme] fix version badge

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#399)
• Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits

• 56763c1 v6.11.0
• ddd3e29 [readme] fix version badge
• c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
• 95bc018 v6.10.5
• 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
• ba9703c v6.10.4
• 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
• 113b990 [Dev Deps] update object-inspect
• c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
• 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
• Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.2

Release notes

Sourced from body-parser's releases.

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

Changelog

Sourced from body-parser's changelog.

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6

... (truncated)

Commits

• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• Additional commits viewable in compare view

Updates socket.io-parser from 4.2.1 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

Links

• Diff: https://github.com/socketio/socket.io-parser/compare/4.2.3...4.2.4

4.2.3

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (3b78117)

Links

• Diff:
  dependabot[bot] commented 2 weeks ago

  Superseded by #507.