Closed dependabot[bot] closed 1 week ago
@dependabot squash and merge
On Tue, Sep 17, 2024 at 1:39 AM dependabot[bot] @.***> wrote:
This automated pull request fixes a security vulnerability https://github.com/jjj333-p/dendrite-admin-interface/security/dependabot/5 (moderate severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps serve-static https://github.com/expressjs/serve-static and express https://github.com/expressjs/express. These dependencies needed to be updated together. Updates serve-static from 1.15.0 to 1.16.2 Release notes
Sourced from serve-static's releases https://github.com/expressjs/serve-static/releases.
1.16.0 What's Changed
- Remove link renderization in html while redirecting ( expressjs/serve-static#173 https://redirect.github.com/expressjs/serve-static/pull/173)
New Contributors
- @UlisesGascon https://github.com/UlisesGascon made their first contribution in expressjs/serve-static#173 https://redirect.github.com/expressjs/serve-static/pull/173
Full Changelog: @.*** https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0
Changelog
Sourced from serve-static's changelog https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md.
1.16.2 / 2024-09-11
- deps: encodeurl@~2.0.0
1.16.1 / 2024-09-11
- deps: @.***
1.16.0 / 2024-09-10
- Remove link renderization in html while redirecting
Commits
- ec9c5ec https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2 1.16.2
- f454d37 https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114 fix(deps): encodeurl@~2.0.0
- 77a8255 https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77 1.16.1
- 4263f49 https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d fix(deps): @.***
- 48c7397 https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed 1.16.0
- 0c11fad https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b Merge commit from fork
- See full diff in compare view https://github.com/expressjs/serve-static/compare/v1.15.0...v1.16.2
Maintainer changes
This version was pushed to npm by wesleytodd https://www.npmjs.com/~wesleytodd, a new releaser for serve-static since your current version.
Updates express from 4.19.2 to 4.21.0 Release notes
Sourced from express's releases https://github.com/expressjs/express/releases.
4.21.0 What's Changed
- Deprecate "back" magic string in redirects by @blakeembrey https://github.com/blakeembrey in expressjs/express#5935 https://redirect.github.com/expressjs/express/pull/5935
- @.*** by @wesleytodd https://github.com/wesleytodd in expressjs/express#5954 https://redirect.github.com/expressjs/express/pull/5954
- fix(deps): @.*** by @wesleytodd https://github.com/wesleytodd in expressjs/express#5951 https://redirect.github.com/expressjs/express/pull/5951
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 https://github.com/agadzinski93 in expressjs/express#5946 https://redirect.github.com/expressjs/express/pull/5946
New Contributors
- @agadzinski93 https://github.com/agadzinski93 made their first contribution in expressjs/express#5946 https://redirect.github.com/expressjs/express/pull/5946
Full Changelog: @.*** https://github.com/expressjs/express/compare/4.20.0...4.21.0 4.20.0 What's Changed Important
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
- Remove link renderization in html while using res.redirect
Other Changes
- 4.19.2 Staging by @wesleytodd https://github.com/wesleytodd in expressjs/express#5561 https://redirect.github.com/expressjs/express/pull/5561
- remove duplicate location test for data uri by @wesleytodd https://github.com/wesleytodd in expressjs/express#5562 https://redirect.github.com/expressjs/express/pull/5562
- feat: document beta releases expectations by @marco-ippolito https://github.com/marco-ippolito in expressjs/express#5565 https://redirect.github.com/expressjs/express/pull/5565
- Cut down on duplicated CI runs by @jonchurch https://github.com/jonchurch in expressjs/express#5564 https://redirect.github.com/expressjs/express/pull/5564
- Add a Threat Model by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5526 https://redirect.github.com/expressjs/express/pull/5526
- Assign captain of encodeurl by @blakeembrey https://github.com/blakeembrey in expressjs/express#5579 https://redirect.github.com/expressjs/express/pull/5579
- Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch https://github.com/jonchurch in expressjs/express#5587 https://redirect.github.com/expressjs/express/pull/5587
- docs: update Security.md by @inigomarquinez https://github.com/inigomarquinez in expressjs/express#5590 https://redirect.github.com/expressjs/express/pull/5590
- docs: update triage nomination policy by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5600 https://redirect.github.com/expressjs/express/pull/5600
- Add CodeQL (SAST) by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5433 https://redirect.github.com/expressjs/express/pull/5433
- docs: add UlisesGascon as triage initiative captain by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5605 https://redirect.github.com/expressjs/express/pull/5605
- deps: encodeurl@~2.0.0 by @blakeembrey https://github.com/blakeembrey in expressjs/express#5569 https://redirect.github.com/expressjs/express/pull/5569
- skip QUERY method test by @jonchurch https://github.com/jonchurch in expressjs/express#5628 https://redirect.github.com/expressjs/express/pull/5628
- ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch https://github.com/jonchurch in expressjs/express#5639 https://redirect.github.com/expressjs/express/pull/5639
- add support @.*** in the CI by @mertcanaltin https://github.com/mertcanaltin in expressjs/express#5627 https://redirect.github.com/expressjs/express/pull/5627
- doc: add table of contents, tc/triager lists to readme by @mertcanaltin https://github.com/mertcanaltin in expressjs/express#5619 https://redirect.github.com/expressjs/express/pull/5619
- List and sort all projects, add captains by @blakeembrey https://github.com/blakeembrey in expressjs/express#5653 https://redirect.github.com/expressjs/express/pull/5653
- docs: add @UlisesGascon https://github.com/UlisesGascon as captain for cookie-parser by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5666 https://redirect.github.com/expressjs/express/pull/5666
- ✨ bring back query tests for node 21 by @ctcpip https://github.com/ctcpip in expressjs/express#5690 https://redirect.github.com/expressjs/express/pull/5690
- [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch https://github.com/jonchurch in expressjs/express#5672 https://redirect.github.com/expressjs/express/pull/5672
- skip QUERY tests for Node 21 only, still not supported by @jonchurch https://github.com/jonchurch in expressjs/express#5695 https://redirect.github.com/expressjs/express/pull/5695
- 📝 update people, add ctcpip to TC by @ctcpip https://github.com/ctcpip in expressjs/express#5683 https://redirect.github.com/expressjs/express/pull/5683
- remove minor version pinning from ci by @jonchurch https://github.com/jonchurch in expressjs/express#5722 https://redirect.github.com/expressjs/express/pull/5722
- Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu https://github.com/IamLizu in expressjs/express#5762 https://redirect.github.com/expressjs/express/pull/5762
- Replace Appveyor windows testing with GHA by @jonchurch https://github.com/jonchurch in expressjs/express#5599 https://redirect.github.com/expressjs/express/pull/5599
- Add OSSF Scorecard badge by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5436 https://redirect.github.com/expressjs/express/pull/5436
- update scorecard link by @bjohansebas https://github.com/bjohansebas in expressjs/express#5814 https://redirect.github.com/expressjs/express/pull/5814
- Nominate @IamLizu https://github.com/IamLizu to the triage team by @UlisesGascon https://github.com/UlisesGascon in expressjs/express#5836 https://redirect.github.com/expressjs/express/pull/5836
- deps: @.*** by @blakeembrey https://github.com/blakeembrey in expressjs/express#5603 https://redirect.github.com/expressjs/express/pull/5603
... (truncated) Changelog
Sourced from express's changelog https://github.com/expressjs/express/blob/4.21.0/History.md.
4.21.0 / 2024-09-11
- Deprecate res.location("back") and res.redirect("back") magic string
- deps: @.***
- includes @.***
- deps: @.***
- deps: @.***
4.20.0 / 2024-09-10
- deps: @.***
- Remove link renderization in html while redirecting
- deps: @.***
- Remove link renderization in html while redirecting
- deps: @.***
- add depth option to customize the depth level in the parser
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
- Remove link renderization in html while using res.redirect
- deps: @.***
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of \, |, and ^ to align better with URL spec
- Deprecate passing options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
- 7e562c6 https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff 4.21.0
- 1bcde96 https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb fix(deps): @.*** (#5946 https://redirect.github.com/expressjs/express/issues/5946)
- 7d36477 https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997 fix(deps): @.*** (#5951 https://redirect.github.com/expressjs/express/issues/5951)
- 40d2d8f https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b fix(deps): @.***
- 77ada90 https://github.com/expressjs/express/commit/77ada906dba57fd6e308f0d750e01653dbeaddfc Deprecate "back" magic string in redirects (#5935 https://redirect.github.com/expressjs/express/issues/5935)
- 21df421 https://github.com/expressjs/express/commit/21df421ebc7a5249bb31101da666bbf22adc3f18 4.20.0
- 4c9ddc1 https://github.com/expressjs/express/commit/4c9ddc1c47bf579e55c2fe837d76a952e9fd8959 feat: upgrade to @.***
- 9ebe5d5 https://github.com/expressjs/express/commit/9ebe5d500d22cbb2b8aaa73446866b084c747971 feat: upgrade to @.*** (#5928 https://redirect.github.com/expressjs/express/issues/5928)
- ec4a01b https://github.com/expressjs/express/commit/ec4a01b6b8814d7b007f36a3023f4dbafdbc3d09 feat: upgrade to @.*** (#5926 https://redirect.github.com/expressjs/express/issues/5926)
- 54271f6 https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 fix: don't render redirect values in anchor href
- Additional commits viewable in compare view https://github.com/expressjs/express/compare/4.19.2...4.21.0
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot show
ignore conditions will show all of the ignore conditions of the specified dependency - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/jjj333-p/dendrite-admin-interface/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/jjj333-p/dendrite-admin-interface/pull/20 Commit Summary
- 61d3d35 https://github.com/jjj333-p/dendrite-admin-interface/pull/20/commits/61d3d357792f333fec27f04de417cd88aa83bda5 Bump serve-static and express
File Changes
(1 file https://github.com/jjj333-p/dendrite-admin-interface/pull/20/files)
- M package-lock.json https://github.com/jjj333-p/dendrite-admin-interface/pull/20/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519 (100)
Patch Links:
- https://github.com/jjj333-p/dendrite-admin-interface/pull/20.patch
- https://github.com/jjj333-p/dendrite-admin-interface/pull/20.diff
— Reply to this email directly, view it on GitHub https://github.com/jjj333-p/dendrite-admin-interface/pull/20, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWNJYMA7JPIUOQA6BVNWVZ3ZXAIG5AVCNFSM6AAAAABOLIUW32VHI2DSMVQWIX3LMV43ASLTON2WKOZSGUZTAOJSGE3TEMQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Bumps serve-static and express. These dependencies needed to be updated together. Updates
serve-static
from 1.15.0 to 1.16.2Release notes
Sourced from serve-static's releases.
Changelog
Sourced from serve-static's changelog.
Commits
ec9c5ec
1.16.2f454d37
fix(deps): encodeurl@~2.0.077a8255
1.16.14263f49
fix(deps): send@0.19.048c7397
1.16.00c11fad
Merge commit from forkMaintainer changes
This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.
Updates
express
from 4.19.2 to 4.21.0Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
7e562c6
4.21.01bcde96
fix(deps): qs@6.13.0 (#5946)7d36477
fix(deps): serve-static@1.16.2 (#5951)40d2d8f
fix(deps): finalhandler@1.3.177ada90
Deprecate"back"
magic string in redirects (#5935)21df421
4.20.04c9ddc1
feat: upgrade to serve-static@0.16.09ebe5d5
feat: upgrade to send@0.19.0 (#5928)ec4a01b
feat: upgrade to body-parser@1.20.3 (#5926)54271f6
fix: don't render redirect values in anchor hrefDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show