Bump the npm_and_yarn group across 1 directory with 37 updates #1

dependabot · 2025-02-13T13:31:14Z

Bumps the npm_and_yarn group with 28 updates in the / directory:

Package	From	To
async	`2.6.3`	`2.6.4`
body-parser	`1.12.4`	`1.20.3`
jsonwebtoken	`5.0.5`	`9.0.2`
passport-jwt	`3.0.1`	`4.0.1`
passport	`0.2.2`	`0.6.0`
express	`4.12.3`	`4.20.0`
mithril	`0.1.34`	`1.1.7`
ajv	`6.12.0`	`6.12.6`
ansi-regex	`3.0.0`	`3.0.1`
base64-url	`1.2.1`	`removed`
express-session	`1.11.1`	`1.18.1`
bl	`0.4.2`	`removed`
docker	`0.2.14`	`1.0.0`
browserify-sign	`4.0.4`	`4.2.3`
moment	`2.24.0`	`2.30.1`
emailjs	`0.3.16`	`4.0.3`
cookie	`0.1.2`	`0.7.2`
cookie-parser	`1.3.4`	`1.4.7`
express	`4.20.0`	`4.21.2`
fsevents	`0.3.8`	`2.3.3`
watchify	`2.6.2`	`4.0.0`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
mysql	`2.6.1`	`removed`
ueberdb2	`0.3.8`	`5.0.6`
shell-quote	`0.0.1`	`1.8.2`
browserify	`9.0.8`	`17.0.1`
shelljs	`0.3.0`	`removed`
jshint	`2.11.0`	`2.13.6`

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates body-parser from 1.12.4 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1

deps: [email protected]

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1 / 2022-10-06

deps: [email protected]

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.19.2 / 2022-02-15

deps: [email protected]

deps: [email protected]

Fix handling of __proto__ keys

deps: [email protected]

deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates jsonwebtoken from 5.0.5 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573

Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555

Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577

Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544

ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

... (truncated)

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
84539b2 Updating package version to 9.0.1 (#920)
a99fd4b fix(stubs): allow decode method to be stubbed (#876)
e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates passport-jwt from 3.0.1 to 4.0.1

Commits

fed94fa 4.0.1 release
cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
8e4ad5b Address minmatch vulnerability
e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
bfbc6cc Update jsonwebtoken to 9.0.0
a49b43e Update minimist due to prototype pollution vulnerability in previous version
a5137c6 Merge pull request #192 from markhoney/patch-1
ea824cd Update jsonwebtoken and run npm audit fix
8e57eec Remove older node versions shiping npm without support for "ci"
3ab9305 Add CI workflow in GitHub Actions
Additional commits viewable in compare view

Updates lodash from 4.17.15 to 3.10.1

Commits

dfbd78f Bump to v3.10.1.
e132e87 Rebuild lodash and docs.
bb78c0e Provide correct argsCount hint to customizer functions of clone methods.
1a77202 Documentation (includes): value -> target. [ci skip]
230f901 Use strict equality checks for baseIndexOf comparisons.
fbc7c28 Cleanup Safari 8 bug note in isFunction. [ci skip]
5d88cb7 Code formatting nit for coercing to strings.
caae7a5 Ensure getFuncName returns a string.
816f37b Move getData function guard to `isLaziable.
a2dd717 Let mozilla manage their i18n. [ci skip]
Additional commits viewable in compare view

Updates passport from 0.2.2 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

req#login() and req#logout() regenerate the the session and clear session information by default.

req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the removal of private variables in [email protected].

[0.5.1] - 2021-12-15

Added

Informative error message in session strategy if session support is not available.

Changed

authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

c33067b 0.6.0
3052bb4 Update changelog.
42630cb Merge pull request #900 from jaredhanson/fix-fixation
8dd79fe Use utils-merge rather than Object.assign for compatibility.
4f6bd5b Change keepSessionData to keepSessionData.
46756e5 Silence verbose logging.
987b191 Add tests.
f8a175f Add tests.
29a90d6 No need to guard callback existence.
bfba8a1 Add tests.
Additional commits viewable in compare view

Updates express from 4.12.3 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

... (truncated)

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates mithril from 0.1.34 to 1.1.7

Release notes

Sourced from mithril's releases.

v1.1.7

Ordinarily, I would not have released this, but it includes a backport of a security fix from v2.0.3. If you're stuck on v1.x, you should really update to this ASAP.

Bug fixes

core: Workaround for Internet Explorer bug when running in an iframe

Fix prototype pollution vulnerability in m.parseQueryString (#2523 @isiahmeadows @Hunter-Dolan)

v1.1.6

No release notes provided.

v1.1.5

API: If a user sets the Content-Type header within a request's options, that value will be the entire header value rather than being appended to the default value (#1924)

v1.1.4

Bug fixes:

core: don't call onremove on the children of components that return null from the view #1921 octavore (#1922)

hypertext: correct handling of shared attributes object passed to m(). Will copy attributes when it's necessary #1941 s-ilya (#1942)

Fix IE bug where active element is null causing render function to throw error. (1943)

Ospec improvements:

Log using util.inspect to show object content instead of "[object Object]" (#1661, @porsager)

v1.1.3

Bug fixes:

move out npm dependencies added by mistake

v1.1.2

Bug fixes:

core: Namespace fixes #1819, (#1825 @SamuelTilly), #1820 (#1864), #1872 (#1873)

core: Fix select option to allow empty string value #1814 (#1828 @spacejack)

core: Reset e.redraw when it was set to false #1850 (#1890)

core: differentiate between { value: "" } and { value: 0 } for form elements #1595 comment (#1862)

core: Don't reset the cursor of textareas in IE10 when setting an identical value #1870 (#1871)

hypertext: Correct handling of [value=""] (#1843, @CreaturesInUnitards)

router: Don't overwrite the options object when redirecting from onmatch with m.route.set() #1857 (#1889)

stream: Move the "use strict" directive inside the IIFE #1831 (#1893)

Ospec improvements:

Shell command: Ignore hidden directories and files (#1855 @pdfernhout))

Library: Add the possibility to name new test suites (#1529)

Docs / Repo maintenance:

Our thanks to @0joshuaolson1, @ACXgit, @cavemansspa, @CreaturesInUnitards, @dlepaux, @isaaclyman, @kevinkace, @micellius, @spacejack and @yurivish

... (truncated)

Changelog

Sourced from mithril's changelog.

Release v2.2.14

Patch Changes

Improve handling of is-elements and Fix tiny bugs of setAttr()/updateStyle() (@kfule)

Fixes a few tiny bugs in attributes and style properties updates, and improves handling of is-elements in updateNode().

domFor: always get generation from delayedRemoval instead of parameter (@kfule)

The generation of domFor is no longer passed as a parameter. This allows domFor to work well in onbeforeremove and onremove and reduces the amount of code.

[render: wrap stateResult and attrsResult in Promise.resolve(), fix #2592 (@kfule)](MithrilJS/mithril.js#3005)

This PR wraps the return value of onbeforeremove in Promise.resolve(). This ensures that thenable objects are also always processed asynchronously. fix #2592.

Release v2.2.13

Patch Changes

[Fix form checkValidity(), remove vnode.dom === .activeElement from setAttr() (Continued from #2257) (@kfule)](MithrilJS/mithril.js#3002)

Remove vnode.dom === activeElement(vnode.dom) from setAttribute() to fix validityCheck(), to fix MithrilJS/mithril.js#2256.

Bump glob from 11.0.0 to 11.0.1 in the normal group (@dependabot[bot])

Bumps the normal group with 1 update: glob. Updates glob from 11.0.0 to 11.0.1. Commits. 148ef61 11.0.1.

Release v2.2.12

Patch Changes

disable Terser's "reduce_funcs" option for performance (@kfule)

Terser's “reduce_funcs” option seems to degrade performance. So, disable it.

Bump chokidar from 4.0.1 to 4.0.3 in the normal group across 1 directory (@dependabot[bot])

Bumps the normal group with 1 update in the / directory: chokidar. Updates chokidar from 4.0.1 to 4.0.3. Release notes.

Release v2.2.11

Patch Changes

[Use new pr-release prerelease hook (Fixes #2987) (@JAForbes)](MithrilJS/mithril.js#2996)

Per @dead-claudia's suggestion, pr-release now allows you to invoke a custom command before creating the github release.

[updateStyle(): use setProperty() when css vars and dashed-properties, fixes #2989 (@kfule)](MithrilJS/mithril.js#2991)

This PR changes updateStyle() to use setProperty() for dashed-properties. This PR maybe fixes #2989.

Delete .github/ISSUE_TEMPLATE/0-docs.yml (@dead-claudia)

Do a much better job discouraging filing docs bugs here.

... (truncated)

Commits

35ab329 v1.1.7
8d7ff39 Add a package fix already included in v2
56ad8d6 Merge v1_1_x into master-v1_1_x
4f3ddc1 Preparing for release
b2b4800 Prevent prototype pollution while parsing query strings on V1 (#2523)
93c84a5 [docs] typo
d13a61a [docs] clarify the component/RouteResolver distinction
c335aa7 docs: latest site updates (#2126)
6fb77b7 docs: update with latest fixes (#2116)
8d30578 test: inline iframe.js so ospec doesn't try to run it
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isiahmeadows, a new releaser for mithril since your current version.

Updates tough-cookie from 2.5.0 to 0.12.1

Commits

03a1bad 0.12.1
d321a2d Rename repository to tough-cookie
37ecb0f 0.12.0
63d1d5e Merge pull request #15 from goinstant/stash/sync-api
d2a30fb Docs for Sync API
e9c37a3 Cannot use Sync API on Async store
1735855 Sync API
c13b08a Update .jshintrc
1975977 0.11.0
4810bbb Merge pull request #14 from lalitkapoor/GH-5
Additional commits viewable in compare view

Updates ajv from 6.12.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

Commits

fe59143 6.12.6
d580d3e Merge pull request #1298 from ajv-validator/fix-url
fd36389 fix: regular expression for "url" format
490e34c docs: link to v7-beta branch
9cd93a1 docs: note about v7 in readme
877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
f1c8e45 6.12.5
764035e Merge branch 'ChALkeR-chalker/fix-comma'
3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
Additional commits viewable in compare view

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

f545bdb 3.0.1
c57d4c2 fix a few old XO issues for backport
419250f Fix potential ReDoS (#37)
See full diff in compare view

Removes base64-url

Updates express-session from 1.11.1 to 1.18.1

Release notes

Sourced from express-session's releases.

1.18.1

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/session#984

dep: [email protected] by @knolleary in expressjs/session#997

Release: 1.18.1 by @UlisesGascon in expressjs/session#998

New Contributors

@inigomarquinez made their first contribution in expressjs/session#984

@knolleary made their first contribution in expressjs/session#997

@UlisesGascon made their first contribution in expressjs/session#998

Full Changelog: expressjs/session@v1.18.0...v1.18.1

1.18.0

Add debug log for pathname mismatch

Add partitioned to cookie options

Add priority to cookie options

Fix handling errors from setting cookie

Support any type in secret that crypto.createHmac supports

deps: [email protected]

Fix expires option to reject invalid dates

perf: improve default decode speed

perf: remove slow string split in parse

deps: [email protected]

1.17.3

Fix resaving already-saved new session at end of request

deps: [email protected]

1.17.2

Fix res.end patch to always commit headers

deps: [email protected]

deps: [email protected]

1.17.1

Fix internal method wrapping error on failed reloads

1.17.0

deps: [email protected]

Add SameSite=None support

deps: [email protected]

1.16.2

Fix restoring cookie.originalMaxAge when store returns Date

deps: parseurl@~1.3.3

1.16.1

Fix error passing data option to Cookie constructor

Fix uncaught error from bad session data

... (truncated)

Description has been truncated

Bumps the npm_and_yarn group with 28 updates in the / directory: | Package | From | To | | --- | --- | --- | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [body-parser](https://github.com/expressjs/body-parser) | `1.12.4` | `1.20.3` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `5.0.5` | `9.0.2` | | [passport-jwt](https://github.com/mikenicholson/passport-jwt) | `3.0.1` | `4.0.1` | | [passport](https://github.com/jaredhanson/passport) | `0.2.2` | `0.6.0` | | [express](https://github.com/expressjs/express) | `4.12.3` | `4.20.0` | | [mithril](https://github.com/MithrilJS/mithril.js) | `0.1.34` | `1.1.7` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.0` | `6.12.6` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `3.0.1` | | [base64-url](https://github.com/joaquimserafim/base64-url) | `1.2.1` | `removed` | | [express-session](https://github.com/expressjs/session) | `1.11.1` | `1.18.1` | | [bl](https://github.com/rvagg/bl) | `0.4.2` | `removed` | | [docker](https://github.com/jbt/docker) | `0.2.14` | `1.0.0` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [moment](https://github.com/moment/moment) | `2.24.0` | `2.30.1` | | [emailjs](https://github.com/eleith/emailjs) | `0.3.16` | `4.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.1.2` | `0.7.2` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.3.4` | `1.4.7` | | [express](https://github.com/expressjs/express) | `4.20.0` | `4.21.2` | | [fsevents](https://github.com/fsevents/fsevents) | `0.3.8` | `2.3.3` | | [watchify](https://github.com/browserify/watchify) | `2.6.2` | `4.0.0` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [mysql](https://github.com/mysqljs/mysql) | `2.6.1` | `removed` | | [ueberdb2](https://github.com/ether/ueberDB) | `0.3.8` | `5.0.6` | | [shell-quote](https://github.com/ljharb/shell-quote) | `0.0.1` | `1.8.2` | | [browserify](https://github.com/browserify/browserify) | `9.0.8` | `17.0.1` | | [shelljs](https://github.com/shelljs/shelljs) | `0.3.0` | `removed` | | [jshint](https://github.com/jshint/jshint) | `2.11.0` | `2.13.6` | Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `body-parser` from 1.12.4 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.12.4...1.20.3) Updates `jsonwebtoken` from 5.0.5 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v5.0.5...v9.0.2) Updates `passport-jwt` from 3.0.1 to 4.0.1 - [Commits](mikenicholson/passport-jwt@v3.0.1...v4.0.1) Updates `lodash` from 4.17.15 to 3.10.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...3.10.1) Updates `passport` from 0.2.2 to 0.6.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.2.2...v0.6.0) Updates `express` from 4.12.3 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.12.3...4.20.0) Updates `mithril` from 0.1.34 to 1.1.7 - [Release notes](https://github.com/MithrilJS/mithril.js/releases) - [Changelog](https://github.com/MithrilJS/mithril.js/blob/main/docs/recent-changes.md) - [Commits](MithrilJS/mithril.js@v0.1.34...v1.1.7) Updates `tough-cookie` from 2.5.0 to 0.12.1 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.5.0...v0.12.1) Updates `ajv` from 6.12.0 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.0...v6.12.6) Updates `ansi-regex` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v3.0.0...v3.0.1) Removes `base64-url` Updates `express-session` from 1.11.1 to 1.18.1 - [Release notes](https://github.com/expressjs/session/releases) - [Changelog](https://github.com/expressjs/session/blob/master/HISTORY.md) - [Commits](expressjs/session@v1.11.1...v1.18.1) Removes `bl` Updates `docker` from 0.2.14 to 1.0.0 - [Changelog](https://github.com/jbt/docker/blob/master/History.md) - [Commits](jbt/docker@v0.2.14...v1.0.0) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `moment` from 2.24.0 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.30.1) Updates `emailjs` from 0.3.16 to 4.0.3 - [Changelog](https://github.com/eleith/emailjs/blob/main/CHANGELOG.md) - [Commits](https://github.com/eleith/emailjs/commits) Updates `debug` from 2.1.3 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.1.3...2.6.9) Updates `cookie` from 0.1.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.1.2...v0.7.2) Updates `cookie-parser` from 1.3.4 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.3.4...1.4.7) Updates `express` from 4.20.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.12.3...4.20.0) Updates `elliptic` from 6.5.2 to 6.6.1 - [Commits](indutny/elliptic@v6.5.2...v6.6.1) Updates `qs` from 2.4.1 to 6.4.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v2.4.1...v6.4.1) Updates `fsevents` from 0.3.8 to 2.3.3 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v0.3.8...v2.3.3) Updates `watchify` from 2.6.2 to 4.0.0 - [Release notes](https://github.com/browserify/watchify/releases) - [Changelog](https://github.com/browserify/watchify/blob/master/CHANGELOG.md) - [Commits](browserify/watchify@v2.6.2...v4.0.0) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Removes `mysql` Updates `ueberdb2` from 0.3.8 to 5.0.6 - [Changelog](https://github.com/ether/ueberDB/blob/main/CHANGELOG.md) - [Commits](https://github.com/ether/ueberDB/commits/v5.0.6) Updates `semver` from 4.3.2 to 6.3.1 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](npm/node-semver@v4.3.2...v6.3.1) Updates `send` from 0.12.2 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.12.2...0.19.0) Updates `serve-static` from 1.9.3 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.9.3...v1.16.2) Updates `shell-quote` from 0.0.1 to 1.8.2 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v0.0.1...v1.8.2) Updates `browserify` from 9.0.8 to 17.0.1 - [Release notes](https://github.com/browserify/browserify/releases) - [Changelog](https://github.com/browserify/browserify/blob/master/changelog.markdown) - [Commits](browserify/browserify@9.0.8...v17.0.1) Removes `shelljs` Updates `jshint` from 2.11.0 to 2.13.6 - [Release notes](https://github.com/jshint/jshint/releases) - [Changelog](https://github.com/jshint/jshint/blob/main/CHANGELOG.md) - [Commits](jshint/jshint@2.11.0...2.13.6) --- updated-dependencies: - dependency-name: async dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: passport-jwt dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: passport dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: mithril dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base64-url dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express-session dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: bl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: docker dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: moment dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: emailjs dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: debug dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: watchify dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mysql dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ueberdb2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: shelljs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jshint dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 37 updates #1

Bump the npm_and_yarn group across 1 directory with 37 updates #1

dependabot bot commented on behalf of github Feb 13, 2025

Bump the npm_and_yarn group across 1 directory with 37 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 37 updates #1

Conversation

dependabot bot commented on behalf of github Feb 13, 2025

v2.6.4

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

9.0.2 - 2023-08-30

9.0.1 - 2023-07-05

9.0.0 - 2022-12-21

Breaking changes

Security fixes

8.5.1 - 2019-03-18

Bug fix

Docs

8.5.0 - 2019-02-20

New Functionality

Test Improvements

[0.6.0] - 2022-05-20

Added

Changed

Security

[0.5.3] - 2022-05-16

Fixed

[0.5.2] - 2021-12-16

Fixed

[0.5.1] - 2021-12-15

Added

Changed

[0.5.0] - 2021-09-23

Changed

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

v1.1.7

Bug fixes

v1.1.6

v1.1.5

v1.1.4

Bug fixes:

Ospec improvements:

v1.1.3

Bug fixes:

v1.1.2

Bug fixes:

Ospec improvements:

Docs / Repo maintenance:

Release v2.2.14

Patch Changes

Improve handling of is-elements and Fix tiny bugs of setAttr()/updateStyle() (@​kfule)

domFor: always get generation from delayedRemoval instead of parameter (@​kfule)

[render: wrap stateResult and attrsResult in Promise.resolve(), fix #2592 (@​kfule)](MithrilJS/mithril.js#3005)

Release v2.2.13

Patch Changes

[Fix form checkValidity(), remove vnode.dom === .activeElement from setAttr() (Continued from #2257) (@​kfule)](MithrilJS/mithril.js#3002)

Bump glob from 11.0.0 to 11.0.1 in the normal group (@​dependabot[bot])

Release v2.2.12

Patch Changes

disable Terser's "reduce_funcs" option for performance (@​kfule)

`Improve handling of is-elements and Fix tiny bugs of setAttr()/updateStyle() (@kfule)`

`domFor: always get generation from delayedRemoval instead of parameter (@kfule)`

[render: wrap stateResult and attrsResult in Promise.resolve(), fix #2592 (`@kfule`)](MithrilJS/mithril.js#3005)

[Fix form checkValidity(), remove vnode.dom === .activeElement from setAttr() (Continued from #2257) (`@kfule`)](MithrilJS/mithril.js#3002)

`Bump glob from 11.0.0 to 11.0.1 in the normal group (@dependabot[bot])`

`disable Terser's "reduce_funcs" option for performance (@kfule)`

`Bump chokidar from 4.0.1 to 4.0.3 in the normal group across 1 directory (@dependabot[bot])`

[Use new pr-release prerelease hook (Fixes #2987) (`@JAForbes`)](MithrilJS/mithril.js#2996)

[updateStyle(): use setProperty() when css vars and dashed-properties, fixes #2989 (`@kfule`)](MithrilJS/mithril.js#2991)

`Delete .github/ISSUE_TEMPLATE/0-docs.yml (@dead-claudia)`