Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates #18

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates #18

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2025

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
loader-utils 2.0.2 3.2.1
axios 1.7.2 1.8.3
body-parser 1.20.2 1.20.3
express 4.19.2 4.21.2
decode-uri-component 0.2.0 0.2.2
ip 2.0.0 removed
socks 2.7.0 2.8.3
socket.io 4.5.1 4.8.1

Updates loader-utils from 2.0.2 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

v3.2.0

3.2.0 (2021-11-11)

Features

  • hash uniformity for base digests (451858b)

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

  • base64 and unicode characters (02b1f3f)

v3.1.0

3.1.0 (2021-10-29)

Features

  • added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

v3.0.0

3.0.0 (2021-10-20)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

3.2.0 (2021-11-11)

Features

  • hash uniformity for base digests (451858b)

3.1.3 (2021-11-04)

Bug Fixes

3.1.2 (2021-11-04)

Bug Fixes

3.1.1 (2021-11-04)

Bug Fixes

  • base64 and unicode characters (02b1f3f)

3.1.0 (2021-10-29)

Features

  • added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

  • minimum supported Node.js version is 12.13.0 (93a87ce)
  • use xxhash64 by default for [hash]/[contenthash] and getHashDigest API
  • [emoji] was removed without replacements, please use custom function if you need this

... (truncated)

Commits

Updates axios from 1.7.2 to 1.8.3

Release notes

Sourced from axios's releases.

Release v1.8.3

Release notes:

Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Release v1.8.2

Release notes:

Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Release v1.8.1

Release notes:

Bug Fixes

  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Release v1.8.0

Release notes:

Bug Fixes

  • examples: application crashed when navigating examples in browser (#5938) (1260ded)
  • missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
  • utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Reverts

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.3 (2025-03-10)

Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

1.8.1 (2025-02-26)

Bug Fixes

  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

1.8.0 (2025-02-25)

Bug Fixes

  • examples: application crashed when navigating examples in browser (#5938) (1260ded)
  • missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
  • utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

... (truncated)

Commits
  • 39ec206 chore(release): v1.8.3 (#6819)
  • 10fa70e fix: add missing type for allowAbsoluteUrls (#6818)
  • 7821ef9 docs: update readme to include bun install (#6811)
  • ec159e5 fix(xhr/fetch): pass allowAbsoluteUrls to buildFullPath in xhr and `fet...
  • a9f7689 chore(release): v1.8.2 (#6812)
  • fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
  • 9812045 chore(sponsor): update sponsor block (#6804)
  • 72acf75 chore(sponsor): update sponsor block (#6794)
  • 2e64afd chore(release): v1.8.1 (#6800)
  • 36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
  • Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Removes ip

Updates socks from 2.7.0 to 2.8.3

Release notes

Sourced from socks's releases.

2.8.3

No release notes provided.

2.8.2

No release notes provided.

2.8.1

Fixes issue with lock file in 2.7.3 and 2.8.0

2.7.3

Removed ip package dependency.

2.7.1

No release notes provided.

Commits

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

New Contributors

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

  • Remove link renderization in html while redirecting
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.


Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

  • deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

1.16.0 / 2024-09-10

  • Remove link renderization in html while redirecting
Commits
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.


Updates socket.io from 4.5.1 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

[email protected]

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

[email protected]

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

Updates socket.io-parser from 4.0.5 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

Links

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

  • check the format of the event name (3b78117)

Links

4.2.2

Bug Fixes

  • calling destroy() should clear all internal state (22c42e3)
  • do not modify the input packet upon encoding (ae8dd88)

Links

4.2.1

Bug Fixes

  • check the format of the index of each attachment (b5d0cb7)

Links

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 12 u…
f53d9da 
…pdates

Bumps the npm_and_yarn group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [loader-utils](https://github.com/webpack/loader-utils) | `2.0.2` | `3.2.1` |
| [axios](https://github.com/axios/axios) | `1.7.2` | `1.8.3` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [ip](https://github.com/indutny/node-ip) | `2.0.0` | `removed` |
| [socks](https://github.com/JoshGlazebrook/socks) | `2.7.0` | `2.8.3` |
| [socket.io](https://github.com/socketio/socket.io) | `4.5.1` | `4.8.1` |



Updates `loader-utils` from 2.0.2 to 3.2.1
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md)
- [Commits](webpack/loader-utils@v2.0.2...v3.2.1)

Updates `axios` from 1.7.2 to 1.8.3
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.7.2...v1.8.3)

Updates `body-parser` from 1.20.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.2...1.20.3)

Updates `express` from 4.19.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.19.2...4.21.2)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `express` from 4.19.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.19.2...4.21.2)

Removes `ip`

Updates `socks` from 2.7.0 to 2.8.3
- [Release notes](https://github.com/JoshGlazebrook/socks/releases)
- [Commits](JoshGlazebrook/socks@2.7.0...2.8.3)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `socket.io` from 4.5.1 to 4.8.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/[email protected])

Updates `socket.io-parser` from 4.0.5 to 4.2.4
- [Release notes](https://github.com/Automattic/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@4.0.5...4.2.4)

Updates `ws` from 8.2.3 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.2.3...8.17.1)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ip
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socks
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 13, 2025
@dependabot dependabot bot mentioned this pull request Mar 13, 2025
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 13, 2025

Superseded by #20.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 13, 2025

Superseded by #19.

@dependabot dependabot bot closed this Mar 13, 2025
@dependabot dependabot bot closed this Mar 13, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-8d8098ba3b branch March 13, 2025 04:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants