Bump the npm_and_yarn group across 1 directory with 26 updates #8

dependabot · 2024-03-26T04:59:04Z

Bumps the npm_and_yarn group with 23 updates in the / directory:

Package	From	To
@angular/core	`7.2.15`	`10.2.5`
y18n	`3.2.1`	`3.2.2`
yargs-parser	`5.0.0`	`5.0.1`
@babel/traverse	`7.4.4`	`7.24.1`
browserify-sign	`4.0.4`	`4.2.3`
express	`4.16.4`	`4.19.2`
follow-redirects	`1.7.0`	`1.15.6`
fsevents	`1.2.9`	`1.2.13`
minimist	`1.2.0`	`1.2.8`
mkdirp	`0.5.1`	`0.5.6`
karma	`4.1.0`	`6.4.3`
handlebars	`4.1.2`	`4.7.8`
protractor	`5.4.2`	`5.4.4`
ip	`1.1.5`	`1.1.9`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
lodash	`4.17.11`	`4.17.21`
postcss	`7.0.14`	`8.4.35`
@angular-devkit/build-angular	`0.13.9`	`17.3.2`
qs	`6.5.2`	`6.5.3`
angular-cli-ghpages	`0.5.3`	`2.0.0-beta.2`
set-value	`2.0.0`	`2.0.1`
union-value	`1.0.0`	`1.0.1`

Updates @angular/core from 7.2.15 to 10.2.5

Changelog

Sourced from @angular/core's changelog.

10.2.5 (2021-04-14)

Bug Fixes

compiler-cli: show a more specific error for Ivy NgModules (#41534) (#41598) (f630f33)

core: fix possible XSS attack in development through SSR (#40525) (ba8da74)

10.2.4 (2020-12-17)

Bug Fixes

core: fix possible XSS attack in development through SSR. (#40152) (0b8e3d5)

core: set ngDevMode to false when calling enableProdMode() (#40160) (90570c0)

10.2.3 (2020-11-09)

Bug Fixes

compiler: ensure that i18n message-parts have the correct source-span (#39589) (e67a331)

compiler: skipping leading whitespace should not break placeholder source-spans (#39589) (2b684b7), closes #39195

compiler-cli: avoid duplicate diagnostics about unknown pipes (#39517) (861e4fa)

compiler-cli: do not drop non-Angular decorators when downleveling (#39577) (1c6cf8a), closes #39574

10.2.2 (2020-11-04)

Bug Fixes

compiler-cli: report missing pipes when fullTemplateTypeCheck is disabled (#39320) (71d0063), closes #38195

core: markDirty() should only mark flags when really scheduling tick. (#39316) (8c82106), closes #39296

router: Ensure all outlets are used when commands have a prefix (#39456) (85d5242)

Performance Improvements

core: do not recurse into modules that have already been registered (#39514) (812355c), closes #39487

... (truncated)

Commits

ba8da74 fix(core): fix possible XSS attack in development through SSR (#40525)
90570c0 fix(core): set ngDevMode to false when calling enableProdMode() (#40160)
0b8e3d5 fix(core): fix possible XSS attack in development through SSR. (#40152)
1aee8b3 refactor(compiler): store the fullStart location on ParseSourceSpans (#39...
812355c perf(core): do not recurse into modules that have already been registered (#3...
8f36c21 refactor(router): Small refactor of createUrlTree and extra tests (#39456)
90acb91 docs: tView.preOrderHooks and tView.preOrderCheckHooks docs update (#39497)
8c82106 fix(core): markDirty() should only mark flags when really scheduling tick. (#...
0b37249 docs(core): update a typo in the comment of ngZoneEventCoalescing (#39423)
3b779a1 docs: fix typo in initializeInputAndOutputAliases docstring (#39438)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @angular/core since your current version.

Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

security: ensure entry exists for backport (#120) (b22c0df)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates yargs-parser from 5.0.0 to 5.0.1

Changelog

Sourced from yargs-parser's changelog.

5.0.0 (2017-02-18)

Bug Fixes

environment variables should take precedence over config file (#81) (76cee1f)

BREAKING CHANGES

environment variables will now override config files (args, env, config-file, config-object)

5.0.1 (2021-03-10)

Bug Fixes

security: address GHSA-p9pc-299p-vxgp (#362) (1c417bd)

4.2.1 (2017-01-02)

Bug Fixes

flatten/duplicate regression (#75) (68d68a0)

4.2.0 (2016-12-01)

Bug Fixes

inner objects in configs had their keys appended to top-level key when dot-notation was disabled (#72) (0b1b5f9)

Features

allow multiple arrays to be provided, rather than always combining (#71) (0f0fb2d)

4.1.0 (2016-11-07)

... (truncated)

Commits

eab6c03 chore: release 5.0.1 (#363)
1c417bd fix(security): address GHSA-p9pc-299p-vxgp (#362)
e93a345 chore: mark release in commit history (#361)
ee15863 chore: push new package version
4774207 fix: back-porting prototype fixes for really old version (#271)
See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates @babel/traverse from 7.4.4 to 7.24.1

Release notes

Sourced from @babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

Other

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

babel-standalone

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone

#16323 Allow separate helpers to be excluded in Babel 8 (@liuxingbaoyu)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env

#16318 [babel 8] Fix @babel/compat-data package.json (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

... (truncated)

Commits

822b025 v7.24.1
fc0d5ad Update typescript and lint tools (#16351)
69e7928 Consider well-known and registered symbols as literals (#16342)
40110e9 Update source map deps (#16327)
ce59160 v7.24.0
bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
08a057c Use Object.hasOwn when available (#16248)
a0dd614 v7.23.9
1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
e428a6d v7.23.7
Additional commits viewable in compare view

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates express from 4.16.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: body-parser@1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

deps: qs@6.11.0

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.7.0 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates fsevents from 1.2.9 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Commits

844a05d Version Bump
f393f2a Only build fsevents on macOS (#322)
6a281a7 [publish binary]
acc2bce [publish binary]
f532b6e [publish binary]
4c6a1c0 Add node 13 to travis matrix.
92e40aa Release 1.2.12.
909af26 Release v1.2.11
7074adb Release v1.2.10
See full diff in compare view

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0Description has been truncated

Bumps the npm_and_yarn group with 23 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `7.2.15` | `10.2.5` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | | [yargs-parser](https://github.com/yargs/yargs-parser) | `5.0.0` | `5.0.1` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.4.4` | `7.24.1` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [express](https://github.com/expressjs/express) | `4.16.4` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.7.0` | `1.15.6` | | [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.8` | | [mkdirp](https://github.com/isaacs/node-mkdirp) | `0.5.1` | `0.5.6` | | [karma](https://github.com/karma-runner/karma) | `4.1.0` | `6.4.3` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.1.2` | `4.7.8` | | [protractor](https://github.com/angular/protractor) | `5.4.2` | `5.4.4` | | [ip](https://github.com/indutny/node-ip) | `1.1.5` | `1.1.9` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.11` | `4.17.21` | | [postcss](https://github.com/postcss/postcss) | `7.0.14` | `8.4.35` | | [@angular-devkit/build-angular](https://github.com/angular/angular-cli) | `0.13.9` | `17.3.2` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [angular-cli-ghpages](https://github.com/angular-schule/angular-cli-ghpages) | `0.5.3` | `2.0.0-beta.2` | | [set-value](https://github.com/jonschlinkert/set-value) | `2.0.0` | `2.0.1` | | [union-value](https://github.com/jonschlinkert/union-value) | `1.0.0` | `1.0.1` | Updates `@angular/core` from 7.2.15 to 10.2.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/10.2.5/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/10.2.5/packages/core) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Updates `yargs-parser` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/v5.0.1/CHANGELOG.md) - [Commits](yargs/yargs-parser@v5.0.0...v5.0.1) Updates `@babel/traverse` from 7.4.4 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `express` from 4.16.4 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.4...4.19.2) Updates `follow-redirects` from 1.7.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.6) Updates `fsevents` from 1.2.9 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) Updates `minimist` from 1.2.0 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.0...v1.2.8) Updates `mkdirp` from 0.5.1 to 0.5.6 - [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md) - [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6) Updates `karma` from 4.1.0 to 6.4.3 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v4.1.0...v6.4.3) Updates `handlebars` from 4.1.2 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.7.8) Updates `protractor` from 5.4.2 to 5.4.4 - [Release notes](https://github.com/angular/protractor/releases) - [Changelog](https://github.com/angular/protractor/blob/5.4.4/CHANGELOG.md) - [Commits](angular/protractor@5.4.2...5.4.4) Updates `handlebars` from 4.1.2 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.7.8) Updates `ip` from 1.1.5 to 1.1.9 - [Commits](indutny/node-ip@v1.1.5...v1.1.9) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `jszip` from 3.2.1 to 3.10.1 - [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md) - [Commits](Stuk/jszip@v3.2.1...v3.10.1) Updates `lodash` from 4.17.11 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.11...4.17.21) Updates `postcss` from 7.0.14 to 8.4.35 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.14...8.4.35) Updates `@angular-devkit/build-angular` from 0.13.9 to 17.3.2 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular-cli/commits/17.3.2) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `angular-cli-ghpages` from 0.5.3 to 2.0.0-beta.2 - [Release notes](https://github.com/angular-schule/angular-cli-ghpages/releases) - [Commits](https://github.com/angular-schule/angular-cli-ghpages/commits) Updates `set-value` from 2.0.0 to 2.0.1 - [Commits](jonschlinkert/set-value@2.0.0...2.0.1) Updates `union-value` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/jonschlinkert/union-value/releases) - [Commits](jonschlinkert/union-value@1.0.0...1.0.1) Updates `webpack-dev-middleware` from 3.4.0 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v3.4.0...v5.3.4) Updates `xml2js` from 0.4.19 to 0.4.23 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits) --- updated-dependencies: - dependency-name: "@angular/core" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: yargs-parser dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: mkdirp dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: protractor dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jszip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@angular-devkit/build-angular" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: angular-cli-ghpages dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: set-value dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: union-value dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 26 updates #8

Bump the npm_and_yarn group across 1 directory with 26 updates #8

dependabot bot commented on behalf of github Mar 26, 2024

Bump the npm_and_yarn group across 1 directory with 26 updates #8

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 26 updates #8

Conversation

dependabot bot commented on behalf of github Mar 26, 2024

10.2.5 (2021-04-14)

Bug Fixes

10.2.4 (2020-12-17)

Bug Fixes

10.2.3 (2020-11-09)

Bug Fixes

10.2.2 (2020-11-04)

Bug Fixes

Performance Improvements

y18n y18n-v4.0.3

Bug Fixes

y18n y18n-v4.0.2

Bug Fixes

5.0.0 (2017-02-18)

Bug Fixes

BREAKING CHANGES

5.0.1 (2021-03-10)

Bug Fixes

4.2.1 (2017-01-02)

Bug Fixes

4.2.0 (2016-12-01)

Bug Fixes

Features

4.1.0 (2016-11-07)

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 4

v7.24.0 (2024-02-28)

🚀 New Feature

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.24.0 (2024-02-28)

🚀 New Feature

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

Release v1.2.13

Release v1.2.11

Intermediate Release

v1.2.8 - 2023-02-09

Merged

Fixed

Commits