chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #19

dependabot · 2025-03-13T04:45:20Z

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
loader-utils	`2.0.2`	`3.2.1`
axios	`1.7.2`	`1.8.3`
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.21.2`
cookie	`0.4.2`	`0.7.2`
socket.io	`4.5.1`	`4.8.1`
decode-uri-component	`0.2.0`	`0.2.2`
ip	`2.0.0`	`removed`
socks	`2.7.0`	`2.8.3`
rollup	`4.18.0`	`4.35.0`

Updates loader-utils from 2.0.2 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

ReDoS problem (#224) (d2d752d)

v3.2.0

3.2.0 (2021-11-11)

Features

hash uniformity for base digests (451858b)

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

crash with md4 hash (#198) (ef084d4)

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

bug with unicode characters (#196) (0426405)

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

base64 and unicode characters (02b1f3f)

v3.1.0

3.1.0 (2021-10-29)

Features

added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

v3.0.0

3.0.0 (2021-10-20)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

ReDoS problem (#224) (d2d752d)

3.2.0 (2021-11-11)

Features

hash uniformity for base digests (451858b)

3.1.3 (2021-11-04)

Bug Fixes

crash with md4 hash (#198) (ef084d4)

3.1.2 (2021-11-04)

Bug Fixes

bug with unicode characters (#196) (0426405)

3.1.1 (2021-11-04)

Bug Fixes

base64 and unicode characters (02b1f3f)

3.1.0 (2021-10-29)

Features

added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

minimum supported Node.js version is 12.13.0 (93a87ce)

use xxhash64 by default for [hash]/[contenthash] and getHashDigest API

[emoji] was removed without replacements, please use custom function if you need this

... (truncated)

Commits

a3fd3ca chore(release): 3.2.1
d2d752d fix: ReDoS problem (#224)
52cd134 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#209)
9fe2381 chore: add .gitattributes for normalizing end of lines - fixes #203 (#204)
a282654 chore(release): 3.2.0
f2a524b chore(deps): update (#200)
451858b feat: hash uniformity for base digests
f7dbfe1 chore(release): 3.1.3
ef084d4 fix: crash with md4 hash (#198)
097f5c3 chore(release): 3.1.2
Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.8.3

Release notes

Sourced from axios's releases.

Release v1.8.3

Release notes:

Bug Fixes

add missing type for allowAbsoluteUrls (#6818) (10fa70e)

xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Ashcon Partovi

StefanBRas

Marc Hassan

Release v1.8.2

Release notes:

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.3 (2025-03-10)

Bug Fixes

add missing type for allowAbsoluteUrls (#6818) (10fa70e)

xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Ashcon Partovi

StefanBRas

Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

... (truncated)

Commits

39ec206 chore(release): v1.8.3 (#6819)
10fa70e fix: add missing type for allowAbsoluteUrls (#6818)
7821ef9 docs: update readme to include bun install (#6811)
ec159e5 fix(xhr/fetch): pass allowAbsoluteUrls to buildFullPath in xhr and `fet...
a9f7689 chore(release): v1.8.2 (#6812)
fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
9812045 chore(sponsor): update sponsor block (#6804)
72acf75 chore(sponsor): update sponsor block (#6794)
2e64afd chore(release): v1.8.1 (#6800)
36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates cookie from 0.4.2 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates socket.io from 4.5.1 to 4.8.1

Release notes

Sourced from socket.io's releases.

[email protected]

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

engine.io@~6.6.0 (no change)

ws@~8.17.1 (no change)

[email protected]

Bug Fixes

bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

engine.io-client@~6.6.1 (no change)

ws@~8.17.1 (no change)

[email protected]

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:
import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});
Here is the list of provided implementations:

Transport Description

Fetch HTTP long-polling based on the built-in fetch() method.

NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.

XHR HTTP long-polling based on the built-in XMLHttpRequest object.

NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.

WebSocket WebSocket transport based on the built-in WebSocket object.

WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

91e1c8b chore(release): [email protected]
8d5528a chore(release): [email protected]
71387e5 refactor(sio-client): reexport transports from the engine
aead835 refactor(sio): make Namespace._fns private (#5196)
029e010 chore(release): [email protected]
4ca6ddb docs(nuxt): update example with latest version
ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
d4b3dde ci: use Node.js 22
3b68658 chore: bump @fails-components/webtransport to version 1.1.4 (dev)
Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Removes ip

Updates socks from 2.7.0 to 2.8.3

Release notes

Sourced from socks's releases.

2.8.3

No release notes provided.

2.8.2

No release notes provided.

2.8.1

Fixes issue with lock file in 2.7.3 and 2.8.0

2.7.3

Removed ip package dependency.

2.7.1

No release notes provided.

Commits

a2a06d9 2.8.3
992b002 Fix bug with ipv6 conversion in ipToBuffer (#101)
99633ae v280 (#98)
89d8c07 Fix package lock for 2.7.x (#97)
66b7f73 remove ip package (#94)
76d013e 2.7.1
6352745 Bug fix createConnectionChain - creating a tunnel (#88)
See full diff in compare view

Updates rollup from 4.18.0 to 4.35.0

Release notes

Sourced from rollup's releases.

v4.35.0

4.35.0

2025-03-08

Features

Pass build errors to the closeBundle hook (#5867)

Pull Requests

#5852: chore(deps): update dependency eslint-plugin-unicorn to v57 (@renovate[bot], @lukastaegert)

#5862: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)

#5867: feat(5858): make closeBundle hook receive the last error (@GauBen)

#5872: chore(deps): update dependency builtin-modules to v5 (@renovate[bot])

#5873: chore(deps): update uraimo/run-on-arch-action action to v3 (@renovate[bot])

#5874: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

v4.34.9

4.34.9

2025-03-01

Bug Fixes

Support JSX modes in WASM (#5866)

Allow the CustomPluginOptions to be extended (#5850)

Pull Requests

#5850: Revert CustomPluginOptions to be an interface (@sapphi-red, @lukastaegert)

#5851: Javascript to JavaScript (@dasa, @lukastaegert)

#5853: chore(deps): update dependency pinia to v3 (@renovate[bot])

#5854: fix(deps): update swc monorepo (major) (@renovate[bot])

#5855: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

#5860: chore(deps): update dependency @shikijs/vitepress-twoslash to v3 (@renovate[bot])

#5861: chore(deps): update dependency globals to v16 (@renovate[bot])

#5863: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5864: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5866: Add jsx parameter to parseAsync in native.wasm.js (@TrickyPi)

v4.34.8

4.34.8

2025-02-17

Bug Fixes

Do not make assumptions about the value of nested paths in logical expressions if the expression cannot be simplified (#5846)

Description has been truncated

…pdates Bumps the npm_and_yarn group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [loader-utils](https://github.com/webpack/loader-utils) | `2.0.2` | `3.2.1` | | [axios](https://github.com/axios/axios) | `1.7.2` | `1.8.3` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.5.1` | `4.8.1` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [ip](https://github.com/indutny/node-ip) | `2.0.0` | `removed` | | [socks](https://github.com/JoshGlazebrook/socks) | `2.7.0` | `2.8.3` | | [rollup](https://github.com/rollup/rollup) | `4.18.0` | `4.35.0` | Updates `loader-utils` from 2.0.2 to 3.2.1 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.2...v3.2.1) Updates `axios` from 1.7.2 to 1.8.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.2...v1.8.3) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.19.2...4.21.2) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.5.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `express` from 4.19.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.19.2...4.21.2) Removes `ip` Updates `socks` from 2.7.0 to 2.8.3 - [Release notes](https://github.com/JoshGlazebrook/socks/releases) - [Commits](JoshGlazebrook/socks@2.7.0...2.8.3) Updates `rollup` from 4.18.0 to 4.35.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.18.0...v4.35.0) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `socket.io` from 4.5.1 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]) Updates `socket.io-parser` from 4.0.5 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.0.5...4.2.4) Updates `ws` from 8.2.3 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.2.3...8.17.1) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socks dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-03-13T04:45:28Z

Superseded by #20.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 13, 2025

dependabot bot closed this Mar 13, 2025

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-c25105db77 branch March 13, 2025 04:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #19

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #19

dependabot bot commented on behalf of github Mar 13, 2025

dependabot bot commented on behalf of github Mar 13, 2025

Transport	Description
`Fetch`	HTTP long-polling based on the built-in `fetch()` method.
`NodeXHR`	HTTP long-polling based on the `XMLHttpRequest` object provided by the `xmlhttprequest-ssl` package.
`XHR`	HTTP long-polling based on the built-in `XMLHttpRequest` object.
`NodeWebSocket`	WebSocket transport based on the `WebSocket` object provided by the `ws` package.
`WebSocket`	WebSocket transport based on the built-in `WebSocket` object.
`WebTransport`	WebTransport transport based on the built-in `WebTransport` object.

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #19

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #19

Conversation

dependabot bot commented on behalf of github Mar 13, 2025

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

v3.2.0

3.2.0 (2021-11-11)

Features

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

v3.1.0

3.1.0 (2021-10-29)

Features

v3.0.0

3.0.0 (2021-10-20)

3.2.1 (2022-11-11)

Bug Fixes

3.2.0 (2021-11-11)

Features

3.1.3 (2021-11-04)

Bug Fixes

3.1.2 (2021-11-04)

Bug Fixes

3.1.1 (2021-11-04)

Bug Fixes

3.1.0 (2021-10-29)

Features

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

Release v1.8.3

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.2

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.0

Release notes:

Bug Fixes

Features

Reverts

1.8.3 (2025-03-10)

Bug Fixes

Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes

Contributors to this release

1.8.1 (2025-02-26)

Bug Fixes

Contributors to this release

1.8.0 (2025-02-25)

Bug Fixes

Features

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.3 / 2024-09-10

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors