Skip to content

Bump the npm_and_yarn group across 1 directory with 15 updates #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: ours
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 15 updates #6

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 16, 2025

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
webpack 5.74.0 5.99.5
@babel/traverse 7.19.3 7.27.0
body-parser 1.20.0 1.20.3
express 4.18.1 4.21.2
braces 3.0.2 3.0.3
follow-redirects 1.15.2 1.15.9
http-proxy-middleware 2.0.6 2.0.9
json5 2.2.1 2.2.3
loader-utils 2.0.2 2.0.4
webpack-dev-middleware 5.3.3 5.3.4
ws 8.9.0 8.18.1

Updates webpack from 5.74.0 to 5.99.5

Release notes

Sourced from webpack's releases.

v5.99.5

Fixes

  • Control dead flow for labeled and blockless statements

v5.99.4

Fixes

  • Fixed terminated state for if/else

v5.99.3

Fixes

  • Fixed dead control flow with deep nested if/else

v5.99.2

Fixes

  • Dead control flow for exotic cases

v5.99.1

Fixes

  • Dead control flow for many cases

v5.99.0

Fixes

  • Fixed a lot of types
  • Fixed runtime error when using asset module as entrypoint and runtimeChunk
  • JSON generator now preserves __proto__ property
  • Fixed when entry module isn't executed when targeting webworker with a runtime chunk
  • Do not duplicate modules with import attributes and reexport
  • The module and module ESM libraries have been union and code generation has been improved
  • Use a valid output path for errored asset modules
  • Remove BOM from JavaScript and CSS files when loader was not used
  • Create export for externals for module/modern-module library
  • Export unprovided variables for commonjs-static library
  • Forward semicolons from meta.webpackAST
  • Use xxhash64 for cache.hashAlgorithm when experiments.futureDefaults enabled
  • [CSS] Fixed profiling plugin for CSS
  • [CSS] Avoid extra module.export output for CSS module

Features

  • Add dead control flow check
  • Handle new Worker(import.meta.url) and new Worker(new URL(import.meta.url)) syntax
  • Added ability to generate custom error content for generators

Performance Improvements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.


Updates @babel/traverse from 7.19.3 to 7.27.0

Release notes

Sourced from @​babel/traverse's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

  • babel-generator, babel-parser

🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • babel-parser, babel-types
    • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
  • babel-generator
  • babel-parser, babel-template
  • babel-plugin-transform-typescript, babel-traverse
  • babel-parser
  • babel-types
    • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-traverse
  • babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-cli
  • babel-plugin-transform-named-capturing-groups-regex, babel-types

🏃‍♀️ Performance

Committers: 5

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

  • babel-generator, babel-parser

🚀 New Feature

  • babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • babel-parser, babel-types
    • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
  • babel-generator
  • babel-parser, babel-template
  • babel-plugin-transform-typescript, babel-traverse
  • babel-parser
  • babel-types
    • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-traverse
  • babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-cli
  • babel-plugin-transform-named-capturing-groups-regex, babel-types

🏃‍♀️ Performance

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

... (truncated)

Commits

Updates body-parser from 1.20.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1 / 2022-10-06

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates cookie from 0.5.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates follow-redirects from 1.15.2 to 1.15.9

Commits
  • e4e55c7 Release version 1.15.9 of the npm package.
  • 31a1abf Attempt much more gentle detection.
  • d2aaa97 Fix url field.
  • 62558f0 Release version 1.15.8 of the npm package.
  • a8d1cee Return subtlety.
  • 458ca8e Fix native URL test for Node 20.
  • ca49e44 Handle KeepAlive connections in tests.
  • f3711d7 Test on Node 20 and 22.
  • fda0faf Fix typo.
  • 760757f Release version 1.15.7 of the npm package.
  • Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

  • fix(fixRequestBody): check readableLength

v2.0.8

  • fix(fixRequestBody): prevent multiple .write() calls
  • fix(fixRequestBody): handle invalid request

v2.0.7

  • ci(github actions): add publish.yml
  • fix(filter): handle errors
Commits

Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Updates loader-utils from 2.0.2 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

@dependabot
Bump the npm_and_yarn group across 1 directory with 15 updates
94b79e6 
Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [webpack](https://github.com/webpack/webpack) | `5.74.0` | `5.99.5` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.19.3` | `7.27.0` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.0` | `1.20.3` |
| [express](https://github.com/expressjs/express) | `4.18.1` | `4.21.2` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.9` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` |
| [json5](https://github.com/json5/json5) | `2.2.1` | `2.2.3` |
| [loader-utils](https://github.com/webpack/loader-utils) | `2.0.2` | `2.0.4` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` |
| [ws](https://github.com/websockets/ws) | `8.9.0` | `8.18.1` |



Updates `webpack` from 5.74.0 to 5.99.5
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.74.0...v5.99.5)

Updates `@babel/traverse` from 7.19.3 to 7.27.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.0/packages/babel-traverse)

Updates `body-parser` from 1.20.0 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.0...1.20.3)

Updates `express` from 4.18.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.1...4.21.2)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `cookie` from 0.5.0 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.5.0...v0.7.1)

Updates `express` from 4.18.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.1...4.21.2)

Updates `follow-redirects` from 1.15.2 to 1.15.9
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9)

Updates `http-proxy-middleware` from 2.0.6 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9)

Updates `json5` from 2.2.1 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.1...v2.2.3)

Updates `loader-utils` from 2.0.2 to 2.0.4
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](webpack/loader-utils@v2.0.2...v2.0.4)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4)

Updates `ws` from 8.9.0 to 8.18.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.9.0...8.18.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.99.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.27.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-version: 2.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: loader-utils
  dependency-version: 2.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-version: 5.3.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants