Bump debug, body-parser, express, mongoose and socket.io

[dependabot[bot]]

Bumps debug to 2.6.9 and updates ancestor dependencies debug, debug, body-parser, express, mongoose and socket.io. These dependencies need to be updated together.

Updates debug from 2.6.7 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• See full diff in compare view

Updates debug from 2.6.8 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• See full diff in compare view

Updates body-parser from 1.17.2 to 1.20.1

Release notes

Sourced from body-parser's releases.

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

1.19.0

• deps: bytes@3.1.0
  • Add petabyte (pb) support
• deps: http-errors@1.7.2
  • Set constructor name when possible
  • deps: setprototypeof@1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: iconv-lite@0.4.24
  • Added encoding MIK
• deps: qs@6.7.0
  • Fix parsing array brackets after index
• deps: raw-body@2.4.0
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

1.19.0 / 2019-04-25

... (truncated)

Commits

• 830bdfb 1.20.1
• ecad1cc build: eslint@8.24.0
• 03b93cf build: supertest@6.3.0
• 2c611fc build: Node.js@18.10
• f199e94 perf: remove unnecessary object clone
• 0123e12 build: Node.js@18.9
• de1e6c2 build: Node.js@16.17
• 477ff13 build: eslint-plugin-import@2.26.0
• 40c3fff deps: qs@6.11.0
• 4aa84b7 build: supertest@6.2.4
• Additional commits viewable in compare view

Updates express from 4.15.3 to 4.18.2

Release notes

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0

... (truncated)

Commits

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: Node.js@18.10
• f56ce73 build: supertest@6.3.0
• 24b3dc5 deps: qs@6.11.0
• 689d175 deps: body-parser@1.20.1
• 340be0f build: eslint@8.24.0
• 33e8dc3 docs: use Node.js name style
• 644f646 build: supertest@6.2.4
• ecd7572 build: Node.js@14.20
• Additional commits viewable in compare view

Updates mongoose from 4.11.5 to 4.13.21

Changelog

Sourced from mongoose's changelog.

4.13.21 / 2020-07-12

• fix(query): delete top-level _bsontype property in queries to prevent silent empty queries #8222

5.9.23 / 2020-07-10

• fix(model): fix syncIndexes() error when db index has a collation but Mongoose index does not #9224 clhuang
• fix(array): only cast array to proper depth if it contains an non-array value #9217 #9215 cyrilgandon
• docs(schematype): document the transform option #9211
• docs(mongoose): fix typo #9212 JNa0

5.9.22 / 2020-07-06

• fix(schema): treat { type: mongoose.Schema.Types.Array } as equivalent to { type: Array } #9194
• fix: revert fix for #9107 to avoid issues when calling connect() multiple times #9167
• fix(update): respect storeSubdocValidationError option with update validators #9172
• fix: upgrade to safe-buffer 5.2 #9198
• docs: add a note about SSL validation to migration guide #9147
• docs(schemas): fix inconsistent header #9196 samtsai15

5.9.21 / 2020-07-01

• fix: propagate typeKey option to implicitly created schemas from typePojoToMixed #9185 joaoritter
• fix(populate): handle embedded discriminator refPath with multiple documents #9153
• fix(populate): handle deselected foreign field with perDocumentLimit and multiple documents #9175
• fix(document): disallow transform functions that return promises #9176 #9163 AbdelrahmanHafez
• fix(document): use strict equality when checking mixed paths for modifications #9165
• docs: add target="_blank" to all edit links #9058

5.9.20 / 2020-06-22

• fix(populate): handle populating primitive array under document array discriminator #9148
• fix(connection): make sure to close previous connection when calling openUri() on an already open connection #9107
• fix(model): fix conflicting $setOnInsert default values with update values in bulkWrite #9160 #9157 AbdelrahmanHafez
• docs(validation): add note about validateBeforeSave and invalidate #9144 dandv
• docs: specify the array field syntax for invalidate #9137 dandv
• docs: fix several typos and broken references #9024 AbdelrahmanHafez
• docs: fix minor typo #9143 dandv

5.9.19 / 2020-06-15

• fix: upgrade mongodb driver -> 3.5.9 #9124 AbdelrahmanHafez
• fix: copy required validator on single nested subdoc correctly when calling Schema#clone() #8819
• fix(discriminator): handle tiedValue when casting update on nested paths #9108
• fix(model): allow empty arrays for bulkWrite #9132 #9131 AbdelrahmanHafez
• fix(schema): correctly set partialFilterExpression for nested schema indexes #9091
• fix(castArrayFilters): handle casting on all fields of array filter #9122 lafeuil
• fix(update): handle nested path createdAt when overwriting parent path #9105
• docs(subdocs): add some notes on the difference between single nested subdocs and nested paths #9085
• docs(subdocs): improve docs on typePojoToMixed #9085

... (truncated)

Commits

• f88eb25 fix(query): delete top-level _bsontype property in queries to prevent silen...
• 1db031c test(schema): clean up messy tests re: #8459
• 8fa8012 test: test cleanup re: #8459
• 4a55040 chore: remove problematic mongoose-long dep and use mongodb 3.4 in tests
• 91f95da chore: run consistent mongod version in tests
• 0e65e6e chore: release 4.13.20
• 803090d fix(schema): make aliases handle mongoose-lean-virtuals
• 6a8b381 chore: add .config.js to gitignore and npmignore
• f51c4aa chore: release 4.13.19
• 2aeeaa8 Merge pull request #7950 from cdimitroulas/backport-aggregate-options-bugfix
• Additional commits viewable in compare view

Updates socket.io from 1.7.4 to 4.5.4

Release notes

Sourced from socket.io's releases.

4.5.4

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Links:

• Diff: https://github.com/socketio/socket.io/compare/4.5.3...4.5.4
• Client release: 4.5.4
• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

Links:

• Diff: https://github.com/socketio/socket.io/compare/4.5.2...4.5.3
• Client release: 4.5.3
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.2

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

Links:

• Diff: https://github.com/socketio/socket.io/compare/4.5.1...4.5.2
• Client release: 4.5.2
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.1

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#4351) (9b43c91)

Links:

• Diff: https://github.com/socketio/socket.io/compare/4.5.0...4.5.1
• Client release: 4.5.1
• engine.io version: ~6.2.0

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.5.4 (2022-11-22)

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Dependencies

• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3 (2022-10-15)

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

4.5.2 (2022-09-02)

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

2.5.0 (2022-06-26)

Bug Fixes

• fix race condition in dynamic namespaces (05e1278)
• ignore packet received after disconnection (22d4bdf)
• only set 'connected' to true after middleware execution (226cc16)
• prevent the socket from joining a room after disconnection (f223178)

4.5.1 (2022-05-17)

Bug Fixes

... (truncated)

Commits

• 3b7ced7 chore(release): 4.5.4
• c00bb95 chore: bump engine.io to version 6.2.1
• 57e5f25 chore: bump socket.io-parser to version 4.2.1
• f4b6984 docs: add missing versions in the changelog
• 945c84b chore(release): 4.5.3
• d3d0a2d fix(typings): accept an HTTP2 server in the constructor
• 19b225b docs(examples): update dependencies of the basic CRUD example
• 8fae95d docs: add jsdoc for each public method
• e6f6b90 docs: add deprecation notice for the allSockets() method
• 596eb88 ci: upgrade to actions/checkout@3 and actions/setup-node@3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pandapaul/minecraft-dailies-server/network/alerts).