Bump the npm_and_yarn group across 4 directories with 11 updates #418

dependabot · 2024-11-17T08:20:46Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
rollup	`2.79.2`	`4.27.2`
@babel/traverse	`7.23.2`	`7.25.9`
cookie	`0.4.2`	`0.7.2`
socket.io	`4.7.5`	`4.8.1`
follow-redirects	`1.15.6`	`1.15.9`

Bumps the npm_and_yarn group with 2 updates in the /examples/commonjs directory: cookie and express.
Bumps the npm_and_yarn group with 3 updates in the /examples/es6 directory: braces, cookie and express.
Bumps the npm_and_yarn group with 1 update in the /examples/managementCli directory: braces.

Updates rollup from 2.79.2 to 4.27.2

Release notes

Sourced from rollup's releases.

v4.27.2

4.27.2

2024-11-15

Bug Fixes

Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

#5728: Fix more variable deconflicting issues (@lukastaegert)

v4.27.1

4.27.1

2024-11-15

Bug Fixes

Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

#5727: Debug out-of-memory issues with Rollup v4.27.0 (@lukastaegert)

v4.27.0

4.27.0

2024-11-15

Features

Tree-shake unused properties in object literals (#5420)

Bug Fixes

Change hash length limit to 21 to avoid inconsistent hash length (#5423)

Pull Requests

#5420: feat: implement object tree-shaking (@TrickyPi, @lukastaegert)

#5723: Reduce max hash size to 21 (@lukastaegert)

#5724: fix(deps): update swc monorepo (major) (@renovate[bot])

#5725: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

v4.26.0

4.26.0

2024-11-13

... (truncated)

Changelog

Sourced from rollup's changelog.

4.27.2

2024-11-15

Bug Fixes

Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

#5728: Fix more variable deconflicting issues (@lukastaegert)

4.27.1

2024-11-15

Bug Fixes

Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

#5727: Debug out-of-memory issues with Rollup v4.27.0 (@lukastaegert)

4.27.0

2024-11-15

Features

Tree-shake unused properties in object literals (#5420)

Bug Fixes

Change hash length limit to 21 to avoid inconsistent hash length (#5423)

Pull Requests

#5420: feat: implement object tree-shaking (@TrickyPi, @lukastaegert)

#5723: Reduce max hash size to 21 (@lukastaegert)

#5724: fix(deps): update swc monorepo (major) (@renovate[bot])

#5725: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.26.0

2024-11-13

Features

Allow to avoid await bundle.close() via explicit resource management in TypeScript (#5721)

... (truncated)

Commits

a503a4d 4.27.2
6c68455 Fix more variable deconflicting issues (#5728)
aaf38b7 4.27.1
faeb905 Debug out-of-memory issues with Rollup v4.27.0 (#5727)
c035068 4.27.0
b58e48b fix(deps): update swc monorepo (major) (#5724)
50697b8 Reduce max hash size to 21 (#5723)
a9acb57 feat: implement object tree-shaking (#5420)
7ec926c chore(deps): lock file maintenance minor/patch updates (#5725)
ae1d14b 4.26.0
Additional commits viewable in compare view

Updates @babel/traverse from 7.23.2 to 7.25.9

Release notes

Sourced from @babel/traverse's releases.

v7.25.9 (2024-10-22)

Thanks @victorenator for your first PR!

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

Every package

#16917 fix: Accidentally published tsconfig files (@liuxingbaoyu)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Viktar Vaŭčkievič (@victorenator)

@liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

Committers: 3

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @DylanPiercey and @YuHyeonWook for your first PRs!

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.9 (2024-10-22)

🐛 Bug Fix

babel-parser, babel-template, babel-types

#16905 fix: Keep type annotations in syntacticPlaceholders mode (@liuxingbaoyu)

babel-helper-compilation-targets, babel-preset-env

#16907 fix: support BROWSERSLIST{,_CONFIG} env (@JLHwung)

Other

#16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@victorenator)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16914 remove test options flaky (@JLHwung)

🏃‍♀️ Performance

babel-parser, babel-types

#16918 perf: Make VISITOR_KEYS etc. faster to access (@liuxingbaoyu)

v7.25.8 (2024-10-10)

🐛 Bug Fix

babel-core

#16888 Restore public API of resolvePlugin/resolvePreset (@nicolo-ribaudo)

🏠 Internal

babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env

#16824 Inline one-line syntax plugins (@nicolo-ribaudo)

v7.25.7 (2024-10-02)

🐛 Bug Fix

babel-helper-validator-identifier

#16825 fix: update identifier to unicode 16 (@JLHwung)

babel-traverse

#16814 fix: issue with node path keys updated on unrelated paths (@DylanPiercey)

babel-plugin-transform-classes

#16797 Use an inclusion rather than exclusion list for super() check (@nicolo-ribaudo)

babel-generator

#16788 Fix printing of TS infer in compact mode (@nicolo-ribaudo)

#16785 Print TS type annotations for destructuring in assignment pattern (@nicolo-ribaudo)

#16778 Respect [no LineTerminator here] after nodes (@nicolo-ribaudo)

💅 Polish

babel-types

#16852 Add deprecated JSDOC for fields (@liuxingbaoyu)

🏠 Internal

babel-core

#16820 Allow sync loading of ESM when --experimental-require-module (@nicolo-ribaudo)

babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env

#16858 Add browserslist config to external dependency (@JLHwung)

babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

... (truncated)

Commits

b07957e v7.25.9
af91759 fix: Accidentally publishing useless files (#16917)
2533cfb v7.25.7
611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
9e14f7d chore: Enable more lint rules (#16827)
e69a7e5 fix: issue with node path keys updated on unrelated paths (#16814)
7467c9d [Babel 8] Remove some Scope methods (#16705)
0a55713 [Babel 8] Remove DecimalLiteral AST (#16807)
69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
Additional commits viewable in compare view

Updates cookie from 0.4.2 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

engine.io@~6.6.0 (no change)

ws@~8.17.1 (no change)

[email protected]

Bug Fixes

bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

engine.io-client@~6.6.1 (no change)

ws@~8.17.1 (no change)

[email protected]

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:
import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});
Here is the list of provided implementations:

Transport Description

Fetch HTTP long-polling based on the built-in fetch() method.

NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.

XHR HTTP long-polling based on the built-in XMLHttpRequest object.

NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.

WebSocket WebSocket transport based on the built-in WebSocket object.

WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

91e1c8b chore(release): [email protected]
8d5528a chore(release): [email protected]
71387e5 refactor(sio-client): reexport transports from the engine
aead835 refactor(sio): make Namespace._fns private (#5196)
029e010 chore(release): [email protected]
4ca6ddb docs(nuxt): update example with latest version
ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
d4b3dde ci: use Node.js 22
3b68658 chore: bump @fails-components/webtransport to version 1.1.4 (dev)
Additional commits viewable in compare view

Updates follow-redirects from 1.15.6 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

engine.io@~6.6.0 (no change)

ws@~8.17.1 (no change)

[email protected]

Bug Fixes

bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

engine.io-client@~6.6.1 (no change)

ws@~8.17.1 (no change)

[email protected]

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:
import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});
Here is the list of provided implementations:

Transport Description

Fetch HTTP long-polling based on the built-in fetch() method.

NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.

XHR HTTP long-polling based on the built-in XMLHttpRequest object.

NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.

WebSocket WebSocket transport based on the built-in WebSocket object.

WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

91e1c8b chore(release): [email protected]
8d5528a chore(release): [email protected]
71387e5 refactor(sio-client): reexport transports from the engine
aead835 refactor(sio): make Namespace._fns private (#5196)
029e010 chore(release): [email protected]
4ca6ddb docs(nuxt): update example with latest version
ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
d4b3dde ci: use Node.js 22
3b68658 chore: bump @fails-components/webtransport to version 1.1.4 (dev)
Additional commits viewable in compare view

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

9d2db99 0.19.0
ae4f298 Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: [email protected]

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): [email protected]
48c7397 1.16.0
0c11fad Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node....
Description has been truncated

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [rollup](https://github.com/rollup/rollup) | `2.79.2` | `4.27.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.23.2` | `7.25.9` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.7.5` | `4.8.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.15.9` | Bumps the npm_and_yarn group with 2 updates in the /examples/commonjs directory: [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 3 updates in the /examples/es6 directory: [braces](https://github.com/micromatch/braces), [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 1 update in the /examples/managementCli directory: [braces](https://github.com/micromatch/braces). Updates `rollup` from 2.79.2 to 4.27.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.2...v4.27.2) Updates `@babel/traverse` from 7.23.2 to 7.25.9 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.9/packages/babel-traverse) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.7.5 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]@4.8.1) Updates `follow-redirects` from 1.15.6 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.6...v1.15.9) Updates `socket.io` from 4.7.5 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]@4.8.1) Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Nov 17, 2024

dependabot bot mentioned this pull request Nov 17, 2024

Bump the npm_and_yarn group across 4 directories with 11 updates #415

Closed

rollup cjs

a04f02d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 4 directories with 11 updates #418

Bump the npm_and_yarn group across 4 directories with 11 updates #418

dependabot bot commented on behalf of github Nov 17, 2024

Transport	Description
`Fetch`	HTTP long-polling based on the built-in `fetch()` method.
`NodeXHR`	HTTP long-polling based on the `XMLHttpRequest` object provided by the `xmlhttprequest-ssl` package.
`XHR`	HTTP long-polling based on the built-in `XMLHttpRequest` object.
`NodeWebSocket`	WebSocket transport based on the `WebSocket` object provided by the `ws` package.
`WebSocket`	WebSocket transport based on the built-in `WebSocket` object.
`WebTransport`	WebTransport transport based on the built-in `WebTransport` object.

Bump the npm_and_yarn group across 4 directories with 11 updates #418

Are you sure you want to change the base?

Bump the npm_and_yarn group across 4 directories with 11 updates #418

Conversation

dependabot bot commented on behalf of github Nov 17, 2024

v4.27.2

4.27.2

Bug Fixes

Pull Requests

v4.27.1

4.27.1

Bug Fixes

Pull Requests

v4.27.0

4.27.0

Features

Bug Fixes

Pull Requests

v4.26.0

4.26.0

4.27.2

Bug Fixes

Pull Requests

4.27.1

Bug Fixes

Pull Requests

4.27.0

Features

Bug Fixes

Pull Requests

4.26.0

Features

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

Committers: 4

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

Committers: 3

v7.25.7 (2024-10-02)

🐛 Bug Fix

v7.25.9 (2024-10-22)

🐛 Bug Fix

🏠 Internal

🏃‍♀️ Performance

v7.25.8 (2024-10-10)

🐛 Bug Fix

🏠 Internal

v7.25.7 (2024-10-02)

🐛 Bug Fix

💅 Polish

🏠 Internal

v0.7.2

0.7.1

0.7.0

0.6.0

0.5.0

[email protected]

Dependencies

[email protected]

Bug Fixes

Dependencies

[email protected]

Features

Custom transport implementations

[email protected]

Dependencies

[email protected]

Bug Fixes

Dependencies

[email protected]

Features

Custom transport implementations

v0.7.2

0.7.1

0.7.0

0.6.0

0.5.0