8000 Bump the npm_and_yarn group across 1 directory with 8 updates by dependabot[bot] · Pull Request #1 · tuckpuck/personal_site · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Bump the npm_and_yarn group across 1 directory with 8 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 8 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
@dependabot dependabot bot commented on behalf of github Sep 10, 2024

Bumps the npm_and_yarn group with 2 updates in the / directory: express and jquery.

Updates express from 4.15.4 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

New Contributors

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Updates debug from 2.6.8 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)
Commits

Updates forwarded from 0.1.1 to 0.2.0

Release notes

Sourced from forwarded's releases.

0.2.0

  • Use req.socket over deprecated req.connection

0.1.2

  • perf: improve header parsing
  • perf: reduce overhead when no X-Forwarded-For header
Changelog

Sourced from forwarded's changelog.

0.2.0 / 2021-05-31

  • Use req.socket over deprecated req.connection

0.1.2 / 2017-09-14

  • perf: improve header parsing
  • perf: reduce overhead when no X-Forwarded-For header
Commits
  • 93d2f4c 0.2.0
  • 815fd47 build: add version script for npm version releases
  • fd5c99f build: use GitHub Actions instead of Travis CI
  • 83df24a build: eslint-plugin-import@2.23.4
  • 9cc1690 build: eslint-plugin-promise@4.3.1
  • 78495b8 build: Node.js@12.22
  • 8844b1f build: Node.js@15.12
  • 8de09eb build: support Node.js 16.x
  • 63a16a6 Use req.socket over deprecated req.connection
  • d56b75b tests: fix test name
  • Additional commits viewable in compare view

Updates fresh from 0.5.0 to 0.5.2

Changelog

Sourced from fresh's changelog.

0.5.2 / 2017-09-13

  • Fix regression matching multiple ETags in If-None-Match
  • perf: improve If-None-Match token parsing

0.5.1 / 2017-09-11

  • Fix handling of modified headers with invalid dates
  • perf: improve ETag match loop
Commits
  • 02df630 0.5.2
  • 37cd4a2 build: Node.js@8.5
  • 731c0eb build: Node.js@6.11
  • 21a0f0c perf: improve If-None-Match token parsing
  • ff5f257 Fix regression matching multiple ETags in If-None-Match
  • e8a4aaf 0.5.1
  • 7015bce perf: improve ETag match loop
  • 7a2b460 Fix handling of modified headers with invalid dates
  • 1599530 bench: add simple benchmarks
  • 74793d9 build: eslint-plugin-node@5.1.1
  • Additional commits viewable in compare view

Updates jquery from 3.2.1 to 3.7.1

Release notes

Sourced from jquery's releases.

jQuery 3.7.1 Released: Reliable Table Row Dimensions

https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

jQuery 3.7.0: Staying in Order

https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

jQuery 3.6.4 Released: Selector Forgiveness

https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

jQuery supports CSS.supports in jQuery 3.6.3

https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

jQuery 3.6.2 :has arrived!

https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

jQuery 3.6.1 Maintenance Release

https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

jQuery 3.6.0 Released!

https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits
  • f79d5f1 3.7.1
  • 399b201 Release: revert change that broke release
  • f85d521 Release: update authors
  • 763ade6 Build: Generate the slim build on grunt & run compare_size on it
  • a288838 CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...
  • 87467a6 Selector: Only attach the unload handler in IE & Edge Legacy
  • 3c18c1f Build: Make sure *.cjs & *.mjs files use UNIX line endings as well
  • 72ae577 Build: switch preferred email for timmywil
  • a370d7d Build: Build: Bump actions/checkout from 3.5.2 to 3.5.3
  • 4a29888 Docs: Fix typos found by codespell
  • Additional commits viewable in compare view

Updates mime from 1.3.4 to 1.6.0

Changelog

Sourced from mime's changelog.

v1.6.0 (24/11/2017)

No changelog for this release.

v2.0.4 (24/11/2017)

  • [closed] Switch to mime-score module for resolving extension contention issues. #182
  • [closed] Update mime-db to 1.31.0 in v1.x branch #181

v1.5.0 (22/11/2017)

  • [closed] need ES5 version ready in npm package #179
  • [closed] mime-db no trace of iWork - pages / numbers / etc. #178
  • [closed] How it works in brownser ? #176
  • [closed] Missing ./Mime #175
  • [closed] Vulnerable Regular Expression #167

v2.0.3 (25/09/2017)

No changelog for this release.

v1.4.1 (25/09/2017)

  • [closed] Issue when bundling with webpack #172

v2.0.2 (15/09/2017)

  • [V2] fs.readFileSync is not a function #165
  • [closed] The extension for video/quicktime should map to .mov, not .qt #164
  • [V2] [v2 Feedback request] Mime class API #163
  • [V2] [v2 Feedback request] Resolving conflicts over extensions #162
  • [V2] Allow callers to load module with official, full, or no defined types. #161
  • [V2] Use "facets" to resolve extension conflicts #160
  • [V2] Remove fs and path dependencies #152
  • [V2] Default content-type should not be application/octet-stream #139
  • [V2] reset mime-types #124
  • [V2] Extensionless paths should return null or false #113

v2.0.1 (14/09/2017)

  • [closed] Changelog for v2.0 does not mention breaking changes #171
  • [closed] MIME breaking with 'class' declaration as it is without 'use strict mode' #170

... (truncated)

Commits

Updates qs from 6.5.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

  • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
  • [meta] use npmignore to autogenerate an npmignore file
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

  • [Fix] stringify: actually fix cyclic references (#426)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [actions] update codecov uploader
  • [actions] update workflows
  • [Tests] clean up stringify tests slightly
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

  • [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

  • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
  • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
  • [meta] fix README.md (#399)
  • [meta] only run npm run dist in publish, not install
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
  • [Tests] fix tests on node v0.6
  • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
  • [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits
  • 56763c1 v6.11.0
  • ddd3e29 [readme] fix version badge
  • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
  • 95bc018 v6.10.5
  • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
  • ba9703c v6.10.4
  • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
  • 113b990 [Dev Deps] update object-inspect
  • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
  • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
  • Additional commits viewable in compare view

Updates serve-static from 1.12.4 to 1.16.0

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

1.15.0

  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1

1.14.2

  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens

1.14.1

  • Set stricter CSP header in redirect response
  • deps: send@0.17.1
    • deps: range-parser@~1.2.1

1.14.0

  • deps: parseurl@~1.3.3
  • deps: send@0.17.0
    • deps: http-errors@~1.7.2
    • deps: mime@1.6.0
    • deps: ms@2.1.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call

1.13.2

  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: send@0.16.2
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0

1.13.1

... (truncated)

Changelog

Sourced from serve-static's changelog.

1.16.0 / 2024-09-10

  • Remove link renderization in html while redirecting

1.15.0 / 2022-03-24

  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1

1.14.2 / 2021-12-15

  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens

1.14.1 / 2019-05-10

  • Set stricter CSP header in redirect response
  • deps: send@0.17.1
    • deps: range-parser@~1.2.1

1.14.0 / 2019-05-07

  • deps: parseurl@~1.3.3
  • deps: send@0.17.0
    • deps: http-errors@~1.7.2
    • deps: mime@1.6.0
    • deps: ms@2.1.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call

1.13.2 / 2018-02-07

  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: send@0.16.2

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 8 updates
f01f569 
Bumps the npm_and_yarn group with 2 updates in the / directory: [express](https://github.com/expressjs/express) and [jquery](https://github.com/jquery/jquery).


Updates `express` from 4.15.4 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.15.4...4.20.0)

Updates `debug` from 2.6.8 to 2.6.9
- [Release notes](https://github.com/debug-js/debug/releases)
- [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md)
- [Commits](
738F
debug-js/debug@2.6.8...2.6.9)

Updates `forwarded` from 0.1.1 to 0.2.0
- [Release notes](https://github.com/jshttp/forwarded/releases)
- [Changelog](https://github.com/jshttp/forwarded/blob/master/HISTORY.md)
- [Commits](jshttp/forwarded@v0.1.1...v0.2.0)

Updates `fresh` from 0.5.0 to 0.5.2
- [Changelog](https://github.com/jshttp/fresh/blob/master/HISTORY.md)
- [Commits](jshttp/fresh@v0.5.0...v0.5.2)

Updates `jquery` from 3.2.1 to 3.7.1
- [Release notes](https://github.com/jquery/jquery/releases)
- [Changelog](https://github.com/jquery/jquery/blob/main/changelog.md)
- [Commits](jquery/jquery@3.2.1...3.7.1)

Updates `mime` from 1.3.4 to 1.6.0
- [Changelog](https://github.com/broofa/mime/blob/v1.6.0/CHANGELOG.md)
- [Commits](broofa/mime@v1.3.4...v1.6.0)

Updates `qs` from 6.5.0 to 6.11.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.0...v6.11.0)

Updates `serve-static` from 1.12.4 to 1.16.0
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.12.4...1.16.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: forwarded
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fresh
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jquery
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mime
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants
0