Open dependabot[bot] opened 1 day ago
Bumps the npm_and_yarn group with 9 updates in the / directory:
0.2.2
0.2.3
1.7.2
1.7.7
1.20.2
1.20.3
4.19.2
4.21.1
3.0.2
3.0.3
7.0.3
7.0.6
2.0.6
2.0.7
4.0.5
4.0.8
5.91.0
5.96.1
Updates @eslint/plugin-kit from 0.2.2 to 0.2.3
@eslint/plugin-kit
Sourced from @eslint/plugin-kit's releases.
@eslint/plugin-kit
plugin-kit: v0.2.3 0.2.3 (2024-11-14) Dependencies The following workspace dependencies were updated devDependencies @eslint/core bumped from ^0.8.0 to ^0.9.0
@eslint/core
a957ee3
3591a78
2fa68b7
071be84
e73b1dc
d0b2e70
3a87bbb
schema
c24083b
Updates axios from 1.7.2 to 1.7.7
axios
Sourced from axios's releases.
Release v1.7.7 Release notes: Bug Fixes fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085) http: fixed support for IPv6 literal strings in url (#5731) (364993f) Contributors to this release Rishi556 Dmitriy Mozgovoy Release v1.7.6 Release notes: Bug Fixes fetch: fix content length calculation for FormData payload; (#6524) (085f568) fetch: optimize signals composing logic; (#6582) (df9889b) Contributors to this release Dmitriy Mozgovoy Jacques Germishuys kuroino721 Release v1.7.5 Release notes: Bug Fixes adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707) core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a) core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b) fetch: fix credentials handling in Cloudflare workers (#6533) (550d885) Contributors to this release Dmitriy Mozgovoy Antonin Bas Hans Otto Wirtz Release v1.7.4 Release notes: Bug Fixes sec: CVE-2024-39338 (#6539) (#6543) (6b6b605) sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a) Contributors to this release Lev Pachmanov
ReferenceError: navigator is not defined
... (truncated)
Sourced from axios's changelog.
1.7.7 (2024-08-31) Bug Fixes fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085) http: fixed support for IPv6 literal strings in url (#5731) (364993f) Contributors to this release Rishi556 Dmitriy Mozgovoy 1.7.6 (2024-08-30) Bug Fixes fetch: fix content length calculation for FormData payload; (#6524) (085f568) fetch: optimize signals composing logic; (#6582) (df9889b) Contributors to this release Dmitriy Mozgovoy Jacques Germishuys kuroino721 1.7.5 (2024-08-23) Bug Fixes adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707) core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a) core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b) fetch: fix credentials handling in Cloudflare workers (#6533) (550d885) Contributors to this release Dmitriy Mozgovoy Antonin Bas Hans Otto Wirtz 1.7.4 (2024-08-13) Bug Fixes sec: CVE-2024-39338 (#6539) (#6543) (6b6b605) sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
5b8a826
364993f
d198085
d584fcf
bc03c6c
df9889b
ee208cf
085f568
59cd6b0
6700a8a
Updates body-parser from 1.20.2 to 1.20.3
body-parser
Sourced from body-parser's releases.
1.20.3 What's Changed Important deps: qs@6.13.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation Other changes chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522 ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523 fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527 deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521 Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531 Linter by @UlisesGascon in expressjs/body-parser#534 Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535 New Contributors @inigomarquinez made their first contribution in expressjs/body-parser#522 @melikhov-dev made their first contribution in expressjs/body-parser#521 @bjohansebas made their first contribution in expressjs/body-parser#531 @UlisesGascon made their first contribution in expressjs/body-parser#534 Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
depth
32
Infinity
@inigomarquinez
@wesleytodd
@melikhov-dev
@bjohansebas
@UlisesGascon
Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3
Sourced from body-parser's changelog.
1.20.3 / 2024-09-10 deps: qs@6.13.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
1752951
39744cf
b2695c4
ade0f3f
99a1bd6
9478591
83db46a
9d4e212
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates express from 4.19.2 to 4.21.1
express
Sourced from express's releases.
4.21.1 What's Changed Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029 Release: 4.21.1 by @UlisesGascon in expressjs/express#6031 Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1 4.21.0 What's Changed Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935 finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954 fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951 Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946 New Contributors @agadzinski93 made their first contribution in expressjs/express#5946 Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0 4.20.0 What's Changed Important IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity) Remove link renderization in html while using res.redirect Other Changes 4.19.2 Staging by @wesleytodd in expressjs/express#5561 remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562 feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565 Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564 Add a Threat Model by @UlisesGascon in expressjs/express#5526 Assign captain of encodeurl by @blakeembrey in expressjs/express#5579 Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587 docs: update Security.md by @inigomarquinez in expressjs/express#5590 docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600 Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433 docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605 deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569 skip QUERY method test by @jonchurch in expressjs/express#5628 ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639 add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627 doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619 List and sort all projects, add captains by @blakeembrey in expressjs/express#5653 docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666 ✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690 [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672 skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695
@joshbuker
Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
"back"
@blakeembrey
@agadzinski93
Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
res.redirect
@marco-ippolito
@jonchurch
http-errors
expressjs.com
morgan
cors
@mertcanaltin
@ctcpip
res.clearCookie
options.maxAge
options.expires
Sourced from express's changelog.
4.21.1 / 2024-10-08 Backported a fix for CVE-2024-47764 4.21.0 / 2024-09-11 Deprecate res.location("back") and res.redirect("back") magic string deps: serve-static@1.16.2 includes send@0.19.0 deps: finalhandler@1.3.1 deps: qs@6.13.0 4.20.0 / 2024-09-10 deps: serve-static@0.16.0 Remove link renderization in html while redirecting deps: send@0.19.0 Remove link renderization in html while redirecting deps: body-parser@0.6.0 add depth option to customize the depth level in the parser IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity) Remove link renderization in html while using res.redirect deps: path-to-regexp@0.1.10 Adds support for named matching groups in the routes using a regex Adds backtracking protection to parameters without regexes defined deps: encodeurl@~2.0.0 Removes encoding of \, |, and ^ to align better with URL spec Deprecate passing options.maxAge and options.expires to res.clearCookie Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
res.location("back")
res.redirect("back")
\
|
^
8e229f9
a024c8a
7e562c6
1bcde96
7d36477
40d2d8f
77ada90
21df421
4c9ddc1
9ebe5d5
Updates braces from 3.0.2 to 3.0.3
braces
74b2db2
88f1429
415d660
190510f
716eb9f
a5851e5
2092bd1
9f5b4cf
98414f9
665ab5d
Updates cookie from 0.6.0 to 0.7.1
cookie
Sourced from cookie's releases.
0.7.1 Fixed Allow leading dot for domain (#174) Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172) https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1 0.7.0 perf: parse cookies ~10% faster (#144 by @kurtextrem and #170) fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw) fix: add main to package.json for rspack (#166 by @proudparrot2) https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0
Fixed
serialize
obj.hasOwnProperty
https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1
@kurtextrem
@bewinsnw
main
package.json
@proudparrot2
https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0
cf4658f
6a8b8f5
58015c0
ab057d6
5f02ca8
a5d591c
51968f9
9e7ca51
d6f39b0
6bb701f
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Updates cross-spawn from 7.0.3 to 7.0.6
cross-spawn
Sourced from cross-spawn's changelog.
7.0.6 (2024-11-18) Bug Fixes update cross-spawn version to 7.0.5 in package-lock.json (f700743) 7.0.5 (2024-11-07) Bug Fixes fix escaping bug introduced by backtracking (640d391) 7.0.4 (2024-11-07) Bug Fixes disable regexp backtracking (#160) (5ff3a07)
77cd97f
6717de4
f700743
9a7e3b2
0852683
640d391
bff0c87
a7c6abc
9b9246e
5ff3a07
Updates http-proxy-middleware from 2.0.6 to 2.0.7
http-proxy-middleware
Sourced from http-proxy-middleware's releases.
v2.0.7 Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7 v2.0.7-beta.1 Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1 v2.0.7-beta.0 Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0
Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7
Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1
Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0
Sourced from http-proxy-middleware's changelog.
v2.0.7 ci(github actions): add publish.yml fix(filter): handle errors
1e92339
90afb7c
0b4274e
1bd6dd5
Updates micromatch from 4.0.5 to 4.0.8
micromatch
Sourced from micromatch's releases.
4.0.8 Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.
Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.
Sourced from micromatch's changelog.
[4.0.8] - 2024-08-22 backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch [4.0.7] - 2024-05-22 this is basically v4.0.5, with some README updates it is vulnerable to CVE-2024-4067 Updated braces to v3.0.3 to avoid CVE-2024-4068 does NOT break API compatibility [4.0.6] - 2024-05-21 Added hasBraces to check if a pattern contains braces. Fixes CVE-2024-4067 BREAKS API COMPATIBILITY Should be labeled as a major release, but it's not.
hasBraces
8bd704e
a0e6841
4ec2884
03aa805
814f5f7
67fcce6
113f2e3
d9dbd9a
2ab1315
1406ea3
Updates path-to-regexp from 0.1.7 to 0.1.10
path-to-regexp
Sourced from path-to-regexp's releases.
Backtrack protection Fixed Add backtrack protection to parameters 29b96b4 This will break some edge cases but should improve performance https://github.com/pillarjs/path-to-regexp/compare/v0.1.9...v0.1.10 Support non-lookahead regex output Added Allow a non-lookahead regex (#312) c4272e4 https://github.com/component/path-to-regexp/compare/v0.1.8...v0.1.9 Support named matching groups in RegExp Added Add support for named matching groups (#301) 114f62d https://github.com/pillarjs/path-to-regexp/compare/v0.1.7...v0.1.8
https://github.com/pillarjs/path-to-regexp/compare/v0.1.9...v0.1.10
Added
https://github.com/component/path-to-regexp/compare/v0.1.8...v0.1.9
RegExp
https://github.com/pillarjs/path-to-regexp/compare/v0.1.7...v0.1.8
c827fce
29b96b4
ac4c234
bdb6635
c4272e4
51a1955
114f62d
Updates send from 0.18.0 to 0.19.0
send
Sourced from send's releases.
0.19.0 What's Changed Remove link renderization in html while redirecting (pillarjs/send#235) New Contributors @UlisesGascon made their first contribution in pillarjs/send#235 Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0
Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0
Sourced from send's changelog.
0.19.0 / 2024-09-10 Remove link renderization in html while redirecting
9d2db99
ae4f298
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates serve-static from 1.15.0 to 1.16.2
serve-static
Sourced from serve-static's releases.
1.16.0 What's Changed Remove link renderization in html while redirecting (expressjs/serve-static#173) New Contributors @UlisesGascon made their first contribution in
Bumps the npm_and_yarn group with 9 updates in the / directory:
0.2.20.2.31.7.21.7.71.20.21.20.34.19.24.21.13.0.23.0.37.0.37.0.62.0.62.0.74.0.54.0.85.91.05.96.1Updates
@eslint/plugin-kitfrom 0.2.2 to 0.2.3Release notes
Sourced from
@eslint/plugin-kit's releases.Commits
a957ee3chore: release main (#130)3591a78feat: Add Language#normalizeLanguageOptions() (#131)2fa68b7chore: fix formatting error (#133)071be84Merge commit from forke73b1dcdocs: Update README sponsorsd0b2e70fix: non-optional properties in generic interfaces (#132)3a87bbbfix: Support legacyschemaproperties (#128)c24083bdocs: Update README sponsorsUpdates
axiosfrom 1.7.2 to 1.7.7Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
5b8a826chore(release): v1.7.7 (#6585)364993ffix(http): fixed support for IPv6 literal strings in url (#5731)d198085fix(fetch): fix stream handling in Safari by fallback to using a stream reade...d584fcfchore(release): v1.7.6 (#6583)bc03c6cchore(examples): fix module import (#6575)df9889bfix(fetch): optimize signals composing logic; (#6582)ee208cfchore(sponsor): update sponsor block (#6576)085f568fix(fetch): fix content length calculation for FormData payload; (#6524)59cd6b0chore(release): v1.7.5 (#6574)6700a8afix(core): add the missed implementation of AxiosError#status property; (#6573)Updates
body-parserfrom 1.20.2 to 1.20.3Release notes
Sourced from body-parser's releases.
Changelog
Sourced from body-parser's changelog.
Commits
17529511.20.339744cfchore: linter (#534)b2695c4Merge commit from forkade0f3fadd scorecard to readme (#531)99a1bd6deps: qs@6.12.3 (#521)9478591fix: pin to node@22.4.183db46aci: fix errors in ci github action for node 8 and 9 (#523)9d4e212chore: add support for OSSF scorecard reporting (#522)Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates
expressfrom 4.19.2 to 4.21.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
8e229f94.21.1a024c8afix(deps): cookie@0.7.17e562c64.21.01bcde96fix(deps): qs@6.13.0 (#5946)7d36477fix(deps): serve-static@1.16.2 (#5951)40d2d8ffix(deps): finalhandler@1.3.177ada90Deprecate"back"magic string in redirects (#5935)21df4214.20.04c9ddc1feat: upgrade to serve-static@0.16.09ebe5d5feat: upgrade to send@0.19.0 (#5928)Updates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
cookiefrom 0.6.0 to 0.7.1Release notes
Sourced from cookie's releases.
Commits
cf4658f0.7.16a8b8f5Allow leading dot for domain (#174)58015c0Remove more code and perf wins (#172)ab057d60.7.05f02ca8Migrate history to GitHub releasesa5d591cMigrate history to GitHub releases51968f9Skip isNaN9e7ca51perf(parse): cache length, return early (#144)d6f39b0Fix tests for old node6bb701fRemove failing scorecardMaintainer changes
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Updates
cross-spawnfrom 7.0.3 to 7.0.6Changelog
Sourced from cross-spawn's changelog.
Commits
77cd97fchore(release): 7.0.66717de4chore: upgrade standard-versionf700743fix: update cross-spawn version to 7.0.5 in package-lock.json9a7e3b2chore: fix build status badge0852683chore(release): 7.0.5640d391fix: fix escaping bug introduced by backtrackingbff0c87chore: remove codecova7c6abcchore: replace travis with github workflows9b9246echore(release): 7.0.45ff3a07fix: disable regexp backtracking (#160)Updates
expressfrom 4.19.2 to 4.21.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
8e229f94.21.1a024c8afix(deps): cookie@0.7.17e562c64.21.01bcde96fix(deps): qs@6.13.0 (#5946)7d36477fix(deps): serve-static@1.16.2 (#5951)40d2d8ffix(deps): finalhandler@1.3.177ada90Deprecate"back"magic string in redirects (#5935)21df4214.20.04c9ddc1feat: upgrade to serve-static@0.16.09ebe5d5feat: upgrade to send@0.19.0 (#5928)Updates
http-proxy-middlewarefrom 2.0.6 to 2.0.7Release notes
Sourced from http-proxy-middleware's releases.
Changelog
Sourced from http-proxy-middleware's changelog.
Commits
1e92339ci(github-actions): fix npm tag90afb7cchore(package): v2.0.70b4274efix(filter): handle errors1bd6dd5ci(github actions): add publish.ymlUpdates
micromatchfrom 4.0.5 to 4.0.8Release notes
Sourced from micromatch's releases.
Changelog
Sourced from micromatch's changelog.
Commits
8bd704e4.0.8a0e6841run verb to generate README documentation4ec2884Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7lint67fcce6fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3fix: CVE numbers in CHANGELOGd9dbd9afeat: updated CHANGELOG2ab1315fix: use actions/setup-node@v41406ea3feat: rework test to work on macos with node 10,12 and 14Updates
path-to-regexpfrom 0.1.7 to 0.1.10Release notes
Sourced from path-to-regexp's releases.
Commits
c827fce0.1.1029b96b4Add backtrack protection to parametersac4c234Update repo url (#314)bdb66350.1.9c4272e4Allow a non-lookahead regex (#312)51a19550.1.8114f62dAdd support for named matching groups (#301)Updates
sendfrom 0.18.0 to 0.19.0Release notes
Sourced from send's releases.
Changelog
Sourced from send's changelog.
Commits
9d2db990.19.0ae4f298Merge commit from forkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates
serve-staticfrom 1.15.0 to 1.16.2Release notes
Sourced from serve-static's releases.