build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

dependabot · 2024-11-19T03:44:50Z

Bumps the npm_and_yarn group with 10 updates in the /registrants/src/UI/embc-registrant directory:

Package	From	To
axios	`1.6.8`	`1.7.7`
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.21.1`
cookie	`0.4.2`	`0.7.2`
socket.io	`4.7.5`	`4.8.1`
cross-spawn	`7.0.3`	`7.0.6`
dompurify	`3.1.0`	`3.2.0`
mermaid	`10.9.0`	`10.9.3`
micromatch	`4.0.5`	`4.0.8`
rollup	`4.14.3`	`4.27.3`

Bumps the npm_and_yarn group with 11 updates in the /responders/src/UI/embc-responder directory:

Package	From	To
bootstrap	`5.1.3`	`5.3.3`
axios	`1.6.8`	`1.7.7`
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.21.1`
cookie	`0.4.2`	`0.7.2`
socket.io	`4.7.5`	`4.8.1`
cross-spawn	`7.0.3`	`7.0.6`
dompurify	`3.1.3`	`3.2.0`
mermaid	`10.9.0`	`10.9.3`
micromatch	`4.0.5`	`4.0.8`
rollup	`4.17.2`	`4.27.3`

Bumps the npm_and_yarn group with 9 updates in the /suppliers/src/UI/embc-supplier directory:

Package	From	To
bootstrap	`4.6.2`	`5.0.0`
axios	`1.7.2`	`1.7.7`
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.21.1`
cookie	`0.4.2`	`0.7.2`
socket.io	`4.7.5`	`4.8.1`
cross-spawn	`7.0.3`	`7.0.6`
micromatch	`4.0.5`	`4.0.8`
rollup	`4.17.2`	`4.27.3`

Updates axios from 1.6.8 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

Release v1.7.5

Release notes:

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

5b8a826 chore(release): v1.7.7 (#6585)
364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
d584fcf chore(release): v1.7.6 (#6583)
bc03c6c chore(examples): fix module import (#6575)
df9889b fix(fetch): optimize signals composing logic; (#6582)
ee208cf chore(sponsor): update sponsor block (#6576)
085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
59cd6b0 chore(release): v1.7.5 (#6574)
6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
Additional commits viewable in compare view

Updates cookie from 0.4.2 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

engine.io@~6.6.0 (no change)

ws@~8.17.1 (no change)

socket.io-client@4.8.1

Bug Fixes

bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

engine.io-client@~6.6.1 (no change)

ws@~8.17.1 (no change)

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:
import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});
Here is the list of provided implementations:

Transport Description

Fetch HTTP long-polling based on the built-in fetch() method.

NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.

XHR HTTP long-polling based on the built-in XMLHttpRequest object.

NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.

WebSocket WebSocket transport based on the built-in WebSocket object.

WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits

91e1c8b chore(release): socket.io@4.8.1
8d5528a chore(release): socket.io-client@4.8.1
71387e5 refactor(sio-client): reexport transports from the engine
aead835 refactor(sio): make Namespace._fns private (#5196)
029e010 chore(release): engine.io-client@6.6.2
4ca6ddb docs(nuxt): update example with latest version
ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
d4b3dde ci: use Node.js 22
3b68658 chore: bump @fails-components/webtransport to version 1.1.4 (dev)
Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates dompurify from 3.1.0 to 3.2.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.0

Added type declarations, thanks @reduckted , @philmayfield, @aloisklink, @ssi02014 and others

Fixed a minor issue with the handling of hooks, thanks @kevin-mizu

DOMPurify 3.1.7

Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @masatokinugawa

Fixed several smaller typos in documentation and test & build files, thanks @christianhg

Added better support for Angular compiler, thanks @jeroen1602

Added several new attributes to HTML and SVG allow-list, thanks @Gigabyte5671 and @Rotzbua

Removed the foreignObject element from the list of HTML entry-points, thanks @masatokinugawa

Bumped several dependencies to be more up to date

DOMPurify 3.1.6

Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @kevin-mizu

Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @realansgar

Fixed a minor problem with the bower file pointing to the wrong dist path

Fixed several minor typos in docs, comments and comment blocks, thanks @Rotzbua

Updated several development dependencies

DOMPurify 3.1.5

Fixed a minor issue with the dist paths in bower.js, thanks @HakumenNC

Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @kakao-bishop-cho

DOMPurify 3.1.4

Fixed an issue with the recently implemented isNaN checks, thanks @tulach

Added several new popover attributes to allow-list, thanks @Gigabyte5671

Fixed the tests and adjusted the test runner to cover all branches

DOMPurify 3.1.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK

Added better configurability for comment scrubbing default behavior

Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu

Added better handling and readability of the nodeType property, thanks @ssi02014

Fixed some smaller issues in README and other documentation

DOMPurify 3.1.2

Addressed and fixed a mXSS variation found by @kevin-mizu

Addressed and fixed a mXSS variation found by Adam Kues of Assetnote

Updated tests for older Safari and Chrome versions

DOMPurify 3.1.1

Fixed an mXSS sanitiser bypass reported by @icesfont

Added new code to track element nesting depth

Added new code to enforce a maximum nesting depth of 255

Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Commits

f0d7507 Merge pull request #1015 from cure53/main
2cf6e25 chore: Preparing 3.2.0 release
0e54785 Merge pull request #1014 from ssi02014/refactor/types
e75080a fix: remove types from jsdoc
fd7af7e fix: remove types from jsdoc
4092e55 fix: remove types from jsdoc
0f7fc8a docs: fixed ts-doc
5529184 docs: improved ts-doc
fbd2ce8 imp: improved types and utils
211ffb5 Merge pull request #1008 from aloisklink/fix/export-Config-type
Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
Additional commits viewable in compare view

Updates mermaid from 10.9.0 to 10.9.3

Commits

85ec96a chore: bump mermaid version to v10.9.3
9301a57 style: prettify src/diagrams/block/blockDB.ts
2bedd0e chore(deps): update katex to 0.16.11
92a07ff chore(deps): update bundled DOMPurify to 3.1.6
4dd4997 chore: Bump version
fc61512 [10] ci: upgrade to pnpm/action-setup@v4 to avoid CI failures
402abdf [10] fix: ban version v3.1.7 of DOMPurify

Description has been truncated

… updates Bumps the npm_and_yarn group with 10 updates in the /registrants/src/UI/embc-registrant directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.6.8` | `1.7.7` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.1` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.7.5` | `4.8.1` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.1.0` | `3.2.0` | | [mermaid](https://github.com/mermaid-js/mermaid) | `10.9.0` | `10.9.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [rollup](https://github.com/rollup/rollup) | `4.14.3` | `4.27.3` | Bumps the npm_and_yarn group with 11 updates in the /responders/src/UI/embc-responder directory: | Package | From | To | | --- | --- | --- | | [bootstrap](https://github.com/twbs/bootstrap) | `5.1.3` | `5.3.3` | | [axios](https://github.com/axios/axios) | `1.6.8` | `1.7.7` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.1` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.7.5` | `4.8.1` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.1.3` | `3.2.0` | | [mermaid](https://github.com/mermaid-js/mermaid) | `10.9.0` | `10.9.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [rollup](https://github.com/rollup/rollup) | `4.17.2` | `4.27.3` | Bumps the npm_and_yarn group with 9 updates in the /suppliers/src/UI/embc-supplier directory: | Package | From | To | | --- | --- | --- | | [bootstrap](https://github.com/twbs/bootstrap) | `4.6.2` | `5.0.0` | | [axios](https://github.com/axios/axios) | `1.7.2` | `1.7.7` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.1` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.7.5` | `4.8.1` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [rollup](https://github.com/rollup/rollup) | `4.17.2` | `4.27.3` | Updates `axios` from 1.6.8 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.7) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.7.5 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io@4.7.5...socket.io@4.8.1) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `dompurify` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.1.0...3.2.0) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `mermaid` from 10.9.0 to 10.9.3 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](mermaid-js/mermaid@v10.9.0...v10.9.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `rollup` from 4.14.3 to 4.27.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.14.3...v4.27.3) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `bootstrap` from 5.1.3 to 5.3.3 - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](twbs/bootstrap@v5.1.3...v5.3.3) Updates `axios` from 1.6.8 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.7) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.7.5 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io@4.7.5...socket.io@4.8.1) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `dompurify` from 3.1.3 to 3.2.0 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.1.0...3.2.0) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `mermaid` from 10.9.0 to 10.9.3 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md) - [Commits](mermaid-js/mermaid@v10.9.0...v10.9.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `rollup` from 4.17.2 to 4.27.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.14.3...v4.27.3) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `bootstrap` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](twbs/bootstrap@v5.1.3...v5.3.3) Updates `axios` from 1.7.2 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.7) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `socket.io` from 4.7.5 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/socket.io@4.7.5...socket.io@4.8.1) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.19.2...4.21.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `rollup` from 4.17.2 to 4.27.3 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.14.3...v4.27.3) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) --- updated-dependencies: - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mermaid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bootstrap dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mermaid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bootstrap dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

dependabot bot commented on behalf of github Nov 19, 2024

Transport	Description
`Fetch`	HTTP long-polling based on the built-in `fetch()` method.
`NodeXHR`	HTTP long-polling based on the `XMLHttpRequest` object provided by the `xmlhttprequest-ssl` package.
`XHR`	HTTP long-polling based on the built-in `XMLHttpRequest` object.
`NodeWebSocket`	WebSocket transport based on the `WebSocket` object provided by the `ws` package.
`WebSocket`	WebSocket transport based on the built-in `WebSocket` object.
`WebTransport`	WebTransport transport based on the built-in `WebTransport` object.

build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

Are you sure you want to change the base?

build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

Conversation

dependabot bot commented on behalf of github Nov 19, 2024

Release v1.7.7

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.6

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.5

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.4

Release notes:

Bug Fixes

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.3 / 2024-09-10

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

v0.7.2

0.7.1

0.7.0

0.6.0

0.5.0

socket.io@4.8.1

Dependencies

socket.io-client@4.8.1

Bug Fixes

Dependencies

socket.io-client@4.8.0

Features

Custom transport implementations

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

DOMPurify 3.2.0

DOMPurify 3.1.7

DOMPurify 3.1.6

DOMPurify 3.1.5

DOMPurify 3.1.4

DOMPurify 3.1.3

DOMPurify 3.1.2

DOMPurify 3.1.1

4.21.1

What's Changed

4.21.0