Bump the npm_and_yarn group across 1 directory with 14 updates#2
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 14 updates#2dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.22.0` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.9.0` | `7.29.7` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.0` | `6.15.0` | | [bn.js](https://github.com/indutny/bn.js) | `4.11.8` | `4.12.4` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.15.0` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.18.1` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.17` | `3.1.6` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.1` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [yaml](https://github.com/eemeli/yaml) | `1.8.2` | `1.10.3` | Updates `express` from 4.17.1 to 4.22.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md) - [Commits](expressjs/express@4.17.1...4.22.0) Updates `@babel/helpers` from 7.9.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-helpers) Updates `ajv` from 6.12.0 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.0...v6.15.0) Updates `bn.js` from 4.11.8 to 4.12.4 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.11.8...v4.12.4) Updates `brace-expansion` from 1.1.11 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.15) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `js-yaml` from 3.13.1 to 3.15.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.13.1...3.15.0) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `lodash` from 4.17.15 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.18.1) Updates `path-to-regexp` from 0.1.7 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13) Updates `pbkdf2` from 3.0.17 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.17...v3.1.6) Updates `picomatch` from 2.2.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/commits/2.3.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `yaml` from 1.8.2 to 1.10.3 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v1.8.2...v1.10.3) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yaml dependency-version: 1.10.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 13 updates in the / directory:
4.17.14.22.07.9.07.29.76.12.06.15.04.11.84.12.41.1.111.1.151.0.41.0.73.13.13.15.03.2.23.2.34.17.154.18.13.0.173.1.62.2.12.3.22.4.112.4.121.8.21.10.3Updates
expressfrom 4.17.1 to 4.22.0Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-519996a23d34deps: use tilde notation forqs(#6919)8c12cdfdeps: qs@6.14.0 (#6909)7fea74fdeps: use tilde notation for certain dependencies (#6905)dac7a04chore: wider range for query test skip (#6513)997919bci: add node.js 24 to test matrix (#6506)36fb59cfix(ci): reordernpm isteps to fix ci for older node versions (#6336)3a5edfafix(ci): updated github actions ci workflow (#6323)52d9781fix(test): add test for method routes without paths #5955Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.
Updates
@babel/helpersfrom 7.9.0 to 7.29.7Release notes
Sourced from @babel/helpers's releases.
... (truncated)
Commits
4fba754v7.29.737d5595v7.29.21c0a08d[7.x backport] fix: Properly handle await in finally (#17805)d7f4008v7.28.699dcba5chore: enable some ts-eslint rules (#17592)c1b55f6Useeslint.config.mts(#17573)35055e3v7.28.418d88b8Improve@babel/coretypings (#17471)ef155f5v7.28.3741cbd2chore: fix various typos across codebase (#17476)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/helperssince your current version.Updates
ajvfrom 6.12.0 to 6.15.0Release notes
Sourced from ajv's releases.
Commits
184bc326.15.0fea46aftest/fix prototype pollution via $data ref with format keyword (#2606)e3af0a76.14.0b552ed6add regExp option to address $data exploit via a regular expression (CVE-2025...72f2286docs: update v7 info231e52bMerge pull request #1320 from philsturgeon/patch-1d3475fcAdd spectral, an AJV util from a sponsor413afe0docs: v7.0.0-beta.311e997bupdate readme for v7fe591436.12.6Updates
bn.jsfrom 4.11.8 to 4.12.4Commits
12f9f8f4.12.46b98684fix: clear surplus words in inotn so notn(width) stays below 2 ** width (#319)39fe4384.12.367ecb35backport(4.x): fix imaskn state (#317)c4098ba4.12.26277fd7backport(4.x): Fix imuln/muln with zero (backport of #313) (#314)ac0d4af4.12.1a5f14b4Fix serious issue in.toString(16)(#309)0cd2661Remove package-lock.json added by npm84ae3134.12.0Maintainer changes
This version was pushed to npm by fanatid, a new releaser for bn.js since your current version.
Updates
brace-expansionfrom 1.1.11 to 1.1.15Release notes
Sourced from brace-expansion's releases.
Commits
2203f4f1.1.150b09384Backport v5.0.6 change to v1 (#111)10c05fc1.1.141afa1b2Add opt-in { max } mitigation to v1 legacy line (#103)2fbb6a2Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)0d7652eBackport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)6c353ca1.1.137fd684fBackport fix for GHSA-f886-m6hf-6m8v (#95)44f33b41.1.12c460dbdpkg: publish on tag 1.xUpdates
cipher-basefrom 1.0.4 to 1.0.7Changelog
Sourced from cipher-base's changelog.
Commits
0056718v1.0.7fd1e5ee[Refactor] useto-buffer08ba803[Dev Deps] update@ljharb/eslint-configf5249f9v1.0.6b7ddd2a[Fix] io.js 3.0 - Node.js 5.3 typed array supportf03cebfv1.0.588dc806[meta] addauto-changelog7a137d7[meta] addnpmignoreandsafe-publish-latest5c02918[meta] fix package.json indentation8fd1364[Fix] return valid values on multi-byte-wide TypedArray inputMaintainer changes
This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
js-yamlfrom 3.13.1 to 3.15.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
c34b6c43.15.0 released21e13d3dist rebuild4165c62Add v3-legacy tag for publishd8ff750Add package lock24f13e7AddedmaxTotalMergeKeys(10000) loader option (v5 backport)9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)37caaad3.14.1 released094c0f7dist rebuildUpdates
jwsfrom 3.2.2 to 3.2.3Release notes
Sourced from jws's releases.
Changelog
Sourced from jws's changelog.
Commits
4f6e73fMerge commit from forkbd0fea5version 3.2.37c3b4b4Enhance tests for HMAC streaming sign and verifya9b8ed9Improve secretOrKey initialization in VerifyStream6707fdeImprove secret handling in SignStreamMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.
Updates
lodashfrom 4.17.15 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
path-to-regexpfrom 0.1.7 to 0.1.13Release notes
Sourced from path-to-regexp's releases.
Changelog
Sourced from path-to-regexp's changelog.
Commits
9fd0c870.1.13 (#425)7ccf02cfix: CVE-2026-4867640e6940.1.12f01c26aMerge commit from fork0c711920.1.118f09549Add error on bad input valuesc827fce0.1.1029b96b4Add backtrack protection to parametersac4c234Update repo url (#314)bdb66350.1.9Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.
Updates
pbkdf2from 3.0.17 to 3.1.6Changelog
Sourced from pbkdf2's changelog.
... (truncated)
Commits
ea4768bv3.1.6b729629[Tests] fixnpm run postlint7c4a495[Fix] coerce-0keylen to+05e0cf51[Dev Deps] update@ljharb/eslint-config,@types/node,auto-changelog1c3b1f5[Deps] updateto-buffere3cce16[Dev Deps] update@ljharb/eslint-config,@types/node,eslint,npmignoref6b0e42[eslint] fix an errorfb1f747[New] add TypeScript type declarations528bd38[readme] replace runkit CI badge with shields.io check-runs badge3687905v3.1.5Maintainer changes
This version was pushed to npm by ljharb, a new releaser for pbkdf2 since your current version.
Updates
picomatchfrom 2.2.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.