Bump the npm_and_yarn group across 1 directory with 8 updates#752
Merged
yeasy merged 2 commits intoJun 30, 2026
Merged
Conversation
Contributor
|
@dependabot rebase |
47be35e to
8c856de
Compare
Contributor
|
@dependabot rebase |
Bumps the npm_and_yarn group with 8 updates in the /src/dashboard directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.15` | `13.15.22` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Updates `body-parser` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.1) Updates `express` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `qs` from 6.14.0 to 6.15.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.2) Updates `validator` from 13.15.15 to 13.15.22 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.15...13.15.22) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) --- updated-dependencies: - dependency-name: body-parser dependency-version: 2.2.1 dependency-type: direct:production - dependency-name: express dependency-version: 5.2.0 dependency-type: direct:production - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect - dependency-name: qs dependency-version: 6.14.2 dependency-type: direct:production - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect - dependency-name: validator dependency-version: 13.15.22 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
8c856de to
49c9f22
Compare
…d_yarn-7a791d2a53
yeasy
approved these changes
Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 8 updates in the /src/dashboard directory:
2.2.02.2.15.1.05.2.04.17.214.18.16.14.06.15.213.15.1513.15.223.2.23.2.32.19.02.19.22.4.112.4.12Updates
body-parserfrom 2.2.0 to 2.2.1Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
Commits
d96b63d2.2.1 (#659)b204886sec: security patch for CVE-2025-13466e20e351feat: removehistory.mdfrom being packaged on publish (#660)0d7ce71docs: switch badges from badgen.net to shields.io (#661)168afffci: also test on first supported node.js version (#646)e539a71build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)9391612build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)57baafbbuild(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)a6a088ebuild(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)10a114dtest: add test for urlencoded invalid defaultCharset (#643)Updates
expressfrom 5.1.0 to 5.2.0Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
4007ad1Release: 5.2.0 (#6920)2f64f68sec: security patch for CVE-2024-51999ed0ba3fbuild(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)8eace46build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)30bae81build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)758d435deps: body-parser@^2.2.1 (#6922)77bcd52docs: update emeritus triagers (#6890)f33caf1Nominate to@efekrsklfor triage team (#6888)54af593refactor: use cached slice in app.listen (#6897)2551a7ddocs: switch badges from badgen.net to shields.io (#6900)Updates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
qsfrom 6.14.0 to 6.15.2Changelog
Sourced from qs's changelog.
Commits
9aca407v6.15.25e33d33[Dev Deps] update@ljharb/eslint-config21f80b3[Fix]stringify: skip null/undefined entries inarrayFormat: 'comma'+ `e...a0a81ea[Fix]stringify: use configureddelimiteraftercharsetSentinele3062f7[Fix]stringify: applyformatterto encoded key understrictNullHandling0c180a4[Fix]stringify: skip null/undefined filter-array entries instead of crashi...3a8b94a[Tests] add regression tests for keys containing percent-encoded bracket text96755ab[readme] fix grammara419ce5[Fix]parse: handle nested bracket groups and add regression tests3f5e1c5v6.15.1Updates
validatorfrom 13.15.15 to 13.15.22Release notes
Sourced from validator's releases.
Changelog
Sourced from validator's changelog.
Commits
f2b5c17maintenance: 2511 release (#2627)d457ecafix(isLength): correctly handle Unicode variation selectors (#2616)f2e3633docs: add install instructions to contibution guide (#2621)cf40145fix: URL validation for hostnames with ports (no protocol) (#2622)4af6124maintenance: 2510 release (#2585)30d4fe013.15.20cbef508fix(isURL): improve protocol detection. Resolves CVE-2025-56200 (#2608)6f436beFix typo in validators.test.js (#2581)3c85708Fix: correct French VAT (FR) validation regex and add tests (#2584)eee525c#2491 #2573 Simplify isBase64 to prevent stack overflow (#2574)Maintainer changes
This version was pushed to npm by wikirik, a new releaser for validator since your current version.
Updates
jwsfrom 3.2.2 to 3.2.3Release notes
Sourced from jws's releases.
Changelog
Sourced from jws's changelog.
Commits
4f6e73fMerge commit from forkbd0fea5version 3.2.37c3b4b4Enhance tests for HMAC streaming sign and verifya9b8ed9Improve secretOrKey initialization in VerifyStream6707fdeImprove secret handling in SignStreamMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.
Updates
min-documentfrom 2.19.0 to 2.19.2Commits
0d141502.19.249c2e06Merge pull request #56 from wasabina67/fix/prototype-pollution-removeAttribut...9666461Fix prototype pollution vulnerability in removeAttributeNS4490b402.19.12cd5871update ignorefe32e8dMerge pull request #55 from jameswassink/fix/prototype-pollution-removeAttrib...6c5f31aBetter prototype pollution fix0d4e819Fix prototype pollution in removeAttributeNSbf7b691Update package.json1b5402dMerge pull request #49 from PixnBits/patch-1Updates
sha.jsfrom 2.4.11 to 2.4.12Changelog
Sourced from sha.js's changelog.
Commits
eb4ea2fv2.4.12d8d77c0[meta] reorder package.jsondf9d521[eslint] fix package.json indentation35aec35[meta] addnpmignored528896[Dev Deps] add missing peer depb46e711[meta] addauto-changelog94ca724[Dev Deps] remove unusedbufferdep2dbe0aa[Dev Deps] update@ljharb/eslint-config