Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot · 2024-06-23T07:00:40Z

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
braces	`3.0.2`	`3.0.3`
ejs	`3.1.9`	`3.1.10`
express	`4.18.2`	`4.19.2`
fast-xml-parser	`3.21.1`	`4.4.0`
follow-redirects	`1.15.2`	`1.15.6`
ini	`1.3.5`	`1.3.8`
jose	`4.9.2`	`4.15.7`

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates fast-xml-parser from 3.21.1 to 4.4.0

Release notes

Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

v4

Generating different combined, parser only, builder only, validator only browser bundles

Keeping cjs modules as they can be imported in cjs and esm modules both. Otherwise refer esm branch.

4.0.0-beta.8 / 2021-12-13

call tagValueProcessor for stop nodes

4.0.0-beta.7 / 2021-12-09

fix Validator bug when an attribute has no value but '=' only

XML Builder should suppress unpaired tags by default.

documents update for missing features

refactoring to use Object.assign

refactoring to remove repeated code

4.0.0-beta.6 / 2021-12-05

Support PI Tags processing

Support suppressBooleanAttributes by XML Builder for attributes with value true.

4.0.0-beta.5 / 2021-12-04

fix: when a tag with name "attributes"

4.0.0-beta.4 / 2021-12-02

Support HTML document parsing

skip stop nodes parsing when building the XML from JS object

Support external entites without DOCTYPE

update dev dependency: strnum v1.0.5 to fix long number issue

4.0.0-beta.3 / 2021-11-30

support global stopNodes expression like "*.stop"

support self-closing and paired unpaired tags

fix: CDATA should not be parsed.

Fix typings for XMLBuilder (#396)(By Anders Emil Salvesen)

supports XML entities, HTML entities, DOCTYPE entities

⚠️ 4.0.0-beta.2 / 2021-11-19

rename attrMap to attibutes in parser output when preserveOrder:true

supports unpairedTags

⚠️ 4.0.0-beta.1 / 2021-11-18

Parser returns an array now

to make the structure common

and to return root level detail

renamed cdataTagName to cdataPropName

Added commentPropName

fix typings

⚠️ 4.0.0-beta.0 / 2021-11-16

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.0 / 2024-05-18

fix #654: parse attribute list correctly for self closing stop node.

fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)

fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

code for v5 is added for experimental use

4.3.4 / 2024-01-10

fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

Remove unnecessary regex

4.3.2 / 2023-10-02

fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))

Fix #610 ignore properties set to Object.prototype

Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)

Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

change code implementation

4.2.4 / 2023-06-06

fix security bug

4.2.3 / 2023-06-05

fix security bug

4.2.2 / 2023-04-18

fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

... (truncated)

Commits

96f7501 update package detail
151b8f4 fix #654: parse attribute list correctly for self closing stop node
1a384a5 Run PR tests on node 16
2ae1f62 fix: return type for tagValueProcessor & attributeValueProcessor (#582)
9118736 docs: fix typos in v5 document fast-xml-parse (#650)
a96b968 fix: validator bag when closing tag is not opened. (#647)
3ab1b3b update pcakge detail
4c26aaa fix v5 options, add docs
391f24f Add support for parsing HTML numeric entities (#645)
072b2b0 update dev dependencies
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates jose from 4.9.2 to 4.15.7

Release notes

Sourced from jose's releases.

v4.15.7

Fixes

add a workerd package.json target (e36d69e)

v4.15.5

Fixes

add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

v4.15.4

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

Fixes

resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

Features

export the used crypto runtime as a constant (0681dda)

v4.14.6

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

Refactor

catch type error when decoding base64url signature (#569) (935e920)

catch type errors when decoding various base64url strings (9024e87)

v4.14.4

Refactor

cleanup NODE-ED25519 workerd workarounds (072e83d)

... (truncated)

Changelog

Sourced from jose's changelog.

4.15.7 (2024-06-18)

4.15.6 (2024-06-18)

Fixes

add a workerd package.json target (e36d69e)

4.15.5 (2024-03-07)

Fixes

add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1 (2023-10-02)

Fixes

resolve missing types for the cryptoRuntime const (1627965)

4.15.0 (2023-10-02)

Features

export the used crypto runtime as a constant (0681dda)

4.14.6 (2023-09-04)

Fixes

... (truncated)

Commits

5084808 chore(release): 4.15.7
122c939 chore(release): 4.15.6
e36d69e fix: add a workerd package.json target
765aafd chore(release): 4.15.5
b36e45e test: add export check to x509 pem import tests
e839ecb test: stop testing JWE RSA1_5 Algorithm
1b91d88 fix: add a maxOutputLength option to zlib inflate
9ca2b24 build: remove release action
f3035d8 chore: cleanup after release
f0bb220 chore(release): 4.15.4
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `3.21.1` | `4.4.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [jose](https://github.com/panva/jose) | `4.9.2` | `4.15.7` | Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `fast-xml-parser` from 3.21.1 to 4.4.0 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v3.21.1...v4.4.0) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `jose` from 4.9.2 to 4.15.7 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v4.15.7/CHANGELOG.md) - [Commits](panva/jose@v4.9.2...v4.15.7) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jose dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot bot commented on behalf of github Jun 23, 2024

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 7 updates #1

Conversation

dependabot bot commented on behalf of github Jun 23, 2024

v3.1.10

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

Security Fix

v4

v4.15.7

Fixes

v4.15.5

Fixes

v4.15.4

Fixes

v4.15.3

v4.15.2

Fixes

v4.15.1

Fixes

v4.15.0

Features

v4.14.6

Fixes

v4.14.5

Refactor

v4.14.4

Refactor

4.15.7 (2024-06-18)

4.15.6 (2024-06-18)

Fixes

4.15.5 (2024-03-07)

Fixes

4.15.4 (2023-10-14)

Fixes

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

4.15.1 (2023-10-02)

Fixes

4.15.0 (2023-10-02)

Features

4.14.6 (2023-09-04)

Fixes