build(deps): bump the npm_and_yarn group across 2 directories with 5 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 2 updates in the /oid4vc/demo/frontend directory: cookie and express. Bumps the npm_and_yarn group with 4 updates in the /oid4vc/integration/credo directory: cookie, express, send and expo.

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• See full diff in compare view

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• See full diff in compare view

Updates send from 0.18.0 to 0.19.1

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0

Changelog

Sourced from send's changelog.

1.1.0 / 2024-09-10

• Changes from 0.19.0

1.0.0 / 2024-07-25

• Drop support for Node.js <18.0
• statuses@^2.0.1
• range-parser@^1.2.1
• on-finished@^2.4.1
• ms@^2.1.3
• mime-types@^2.1.35
• http-errors@^2.0.0
• fresh@^0.5.2
• etag@^1.8.1
• escape-html@^1.0.3
• encodeurl@^2.0.0
• destroy@^1.2.0
• debug@^4.3.5

1.0.0-beta.2 / 2024-03-04

• Changes from 0.18.0

1.0.0-beta.1 / 2022-02-04

• Drop support for Node.js 0.8
• Remove hidden option -- use dotfiles option
• Remove from alias to root -- use root directly
• Remove send.etag() -- use etag in options
• Remove send.index() -- use index in options
• Remove send.maxage() -- use maxAge in options
• Remove send.root() -- use root in options
• Use mime-types for file to content type mapping -- removed send.mime
• deps: debug@3.1.0
  • Add DEBUG_HIDE_DATE environment variable
  • Change timer to per-namespace instead of global
  • Change non-TTY date format
  • Remove DEBUG_FD environment variable support
  • Support 256 namespace colors

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for send since your current version.

Updates expo from 51.0.20 to 52.0.7

Changelog

Sourced from expo's changelog.

52.0.7 — 2024-11-14

This version does not introduce any user-facing changes.

52.0.6 — 2024-11-14

This version does not introduce any user-facing changes.

52.0.5 — 2024-11-13

This version does not introduce any user-facing changes.

52.0.4 — 2024-11-13

This version does not introduce any user-facing changes.

52.0.3 — 2024-11-12

This version does not introduce any user-facing changes.

52.0.2 — 2024-11-11

This version does not introduce any user-facing changes.

52.0.1 — 2024-11-11

This version does not introduce any user-facing changes.

52.0.0 — 2024-11-10

This version does not introduce any user-facing changes.

52.0.0-preview.23 — 2024-11-07

This version does not introduce any user-facing changes.

52.0.0-preview.22 — 2024-11-07

💡 Others

• Removed unused process.env.EXPO_BASE_URL injection code for DOM Components webview-wrapper. (#32629 by @​kudo)

52.0.0-preview.21 — 2024-11-06

This version does not introduce any user-facing changes.

52.0.0-preview.20 — 2024-11-05

🎉 New features

... (truncated)

Commits

• See full diff in compare view

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

• disable regexp backtracking (#160) (ba5aaef)
• core: support worker threads (#127) (f4af31c)

Commits

• d35c865 chore(release): 6.0.6
• 5a37e19 chore: update package.json and package.lock
• ba5aaef fix: disable regexp backtracking (#160)
• f4af31c fix(core): support worker threads (#127)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openwallet-foundation/acapy-plugins/network/alerts).

[dbluhm]

Both of these updates are in the OID4VC plugin. We'll validate that everything is working as expected and approve and merge as appropriate.

[dbluhm]

Tested, looks good