catalyst icon indicating copy to clipboard operation
catalyst copied to clipboard
verified publisher icon github

Bump the npm_and_yarn group across 1 directory with 9 updates

Open dependabot[bot] opened this issue 5 months ago • 0 comments

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
body-parser 1.20.0 1.20.3
express 4.18.1 4.21.2
braces 3.0.2 3.0.3
cookie 0.3.1 0.7.1
@lhci/cli 0.10.0 0.15.1
ip 1.1.5 removed
@open-wc/testing 3.1.6 3.2.2
@web/test-runner 0.14.0 0.20.2

Updates body-parser from 1.20.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1 / 2022-10-06

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates cookie from 0.3.1 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse

0.4.2

  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

0.4.1

  • Fix maxAge option to reject invalid values

0.4.0

  • Add SameSite=None support
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates @lhci/cli from 0.10.0 to 0.15.1

Release notes

Sourced from @​lhci/cli's releases.

v0.15.1

What's Changed

New Contributors

Full Changelog: https://github.com/GoogleChrome/lighthouse-ci/compare/v0.15.0...v0.15.1

v0.15.0

v0.15.0 (2025-06-09)

BREAKING CHANGE

  • upgrade to lighthouse 12.6.1

v0.14.0

v0.14.0 (2024-06-20)

  • feat: upgrade to lighthouse 12.0.0 (#1035) (cc564a6), closes #1035
  • feat: support .htm files in fallback server (#1033) (2ed3b31), closes #1033
  • feat: increase column width for project name (#1006) (8fe7e8d), closes #1006
  • feat: upgrade to lighthouse 12.1.0 (#1046) (8a0e3dc), closes #1046
  • feat(cli): add --lhr to assert command to load LHRs from anywhere (#1024) (19c7ca6), closes #1024
  • fix(cli): use ProxyAgent instead of HttpsProxyAgent (#1038) (cdf4605), closes #1038
  • chore: bump lhci references to 0.13 (083d639)
  • misc(release): remove hulk from release process (mostly) (36e629e)

... (truncated)

Commits
  • 76a49c7 fix: use viewer origin as string instead of object (#1109)
  • 602bf7d chore: bump lhci references to 0.15
  • d2cdea9 chore: update docker images with latest version
  • 6b3b50e feat: upgrade to lighthouse 12.6.1 (#1103)
  • 912d985 chore: update versions in ci (#1104)
  • e83b2f6 fix(cli): improve filename sanitization for hash routes (#1084)
  • d04aba1 feat(cli): change wizard default branch to main (#1069)
  • 115818a chore: Heroku Postgres Hobby plan doesn't exist anymore (#1077)
  • ef83477 chore: update versions in heroku-server recipe (#1078)
  • 3cac9eb docs: update GitHub Actions versions in README.md (#1086)
  • Additional commits viewable in compare view

Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Removes ip

Updates @open-wc/testing from 3.1.6 to 3.2.2

Release notes

Sourced from @​open-wc/testing's releases.

@​open-wc/testing@​3.2.2

Patch Changes

  • e94ca9aa: chore(testing): remove unused dependencies"

@​open-wc/testing@​3.2.1

Patch Changes

  • 84e38ab1: Use split versions for all lit dependencies
  • Updated dependencies [84e38ab1]
    • @​open-wc/testing-helpers@​2.3.1

@​open-wc/testing@​3.1.8

Patch Changes

  • 91a5d224: fix(deps): update dependency @​types/chai-dom to v1
  • Updated dependencies [077d07eb]
    • @​open-wc/testing-helpers@​2.2.1

@​open-wc/testing@​3.1.7

Patch Changes

  • b187c0bc: Add types export for node16 module resolution
  • Updated dependencies [b187c0bc]
    • @​open-wc/testing-helpers@​2.1.4
Changelog

Sourced from @​open-wc/testing's changelog.

3.2.2

Patch Changes

  • e94ca9aa: chore(testing): remove unused dependencies"

3.2.1

Patch Changes

  • 84e38ab1: Use split versions for all lit dependencies
  • Updated dependencies [84e38ab1]
    • @​open-wc/testing-helpers@​2.3.1

3.2.0

Minor Changes

  • 935c8ffe: Drop support for Node@14

Patch Changes

  • 3289e0eb: Add oneDefaultPreventedEvent export into testing package and no-side-effect indexes
  • Updated dependencies [935c8ffe]
  • Updated dependencies [3289e0eb]
  • Updated dependencies [80c6ae66]

3.1.8

Patch Changes

  • 91a5d224: fix(deps): update dependency @​types/chai-dom to v1
  • Updated dependencies [077d07eb]
    • @​open-wc/testing-helpers@​2.2.1

3.1.7

Patch Changes

  • b187c0bc: Add types export for node16 module resolution
  • Updated dependencies [b187c0bc]
    • @​open-wc/testing-helpers@​2.1.4
Commits

Updates @web/test-runner from 0.14.0 to 0.20.2

Release notes

Sourced from @​web/test-runner's releases.

@​web/test-runner@​0.20.2

Patch Changes

  • 7aedbaa: Summary Reporter - re-enabled error reporting and made option to disable browser logs and error reporting in this reporter

@​web/test-runner@​0.20.1

Patch Changes

  • 24e3290: Improve debug message for test runner uncaught exceptions

    This should make debugging easier. It wasn't very easy to figure out where the errors originated from (because of how the actual uncaught exception only happened with many concurrent builds inside a sandbox environment that is hard to debug).

  • Updated dependencies [79b0ba4]

    • @​web/test-runner-chrome@​0.18.1

@​web/test-runner@​0.20.0

Minor Changes

  • 86eaa21: Upgrade puppeteer version to v24

Patch Changes

  • Updated dependencies [86eaa21]
    • @​web/test-runner-chrome@​0.18.0

@​web/test-runner@​0.19.0

Minor Changes

  • b546e8b5: Upgrade puppeteer-core and puppeteer to v23

Patch Changes

  • Updated dependencies [b546e8b5]
    • @​web/test-runner-chrome@​0.17.0

@​web/test-runner@​0.18.3

Patch Changes

  • 6914f3b6: Show suites names for summaryReporter when flatten option is true

@​web/test-runner@​0.18.2

Patch Changes

  • 6a97a691: Unify visual-written representation of skipped tests.

@​web/test-runner@​0.18.1

Patch Changes

... (truncated)

Changelog

Sourced from @​web/test-runner's changelog.

0.20.2

Patch Changes

  • 7aedbaa: Summary Reporter - re-enabled error reporting and made option to disable browser logs and error reporting in this reporter

0.20.1

Patch Changes

  • 24e3290: Improve debug message for test runner uncaught exceptions

    This should make debugging easier. It wasn't very easy to figure out where the errors originated from (because of how the actual uncaught exception only happened with many concurrent builds inside a sandbox environment that is hard to debug).

  • Updated dependencies [79b0ba4]

    • @​web/test-runner-chrome@​0.18.1

0.20.0

Minor Changes

  • 86eaa21: Upgrade puppeteer version to v24

Patch Changes

  • Updated dependencies [86eaa21]
    • @​web/test-runner-chrome@​0.18.0

0.19.0

Minor Changes

  • b546e8b5: Upgrade puppeteer-core and puppeteer to v23

Patch Changes

  • Updated dependencies [b546e8b5]
    • @​web/test-runner-chrome@​0.17.0

0.18.3

Patch Changes

  • 6914f3b6: Show suites names for summaryReporter when flatten option is true

0.18.2

... (truncated)

Commits
  • 9645344 Version Packages
  • 61260d5 Turned error reporting back on by default to match old behviour before it was...
  • 4fa7523 add back broken error reporting and make log reporting optional
  • db00ed5 Version Packages
  • 24e3290 refactor: improve debug message for test runner uncaught exceptions
  • f00a581 Version Packages
  • fcb71cd Version Packages
  • 8834ad8 Version Packages
  • d5ae228 Version Packages (#2803)
  • 9a88d83 Version Packages (#2774)
  • Additional commits viewable in compare view

Updates ws from 7.5.7 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

  • Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).
Commits
  • d962d70 [dist] 7.5.10
  • 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Aug 06 '25 00:08 dependabot[bot]