Bump the npm_and_yarn group across 1 directory with 13 updates#33
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 13 updates#33dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.8.7` | `7.29.6` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.22.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.15.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.18.1` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.1` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [store2](https://github.com/nbubna/store) | `2.10.0` | `2.14.4` | | [ws](https://github.com/websockets/ws) | `5.2.2` | `5.2.5` | Updates `@babel/core` from 7.8.7 to 7.29.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `express` from 4.17.1 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@4.17.1...v4.22.2) Updates `js-yaml` from 3.13.1 to 3.15.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.13.1...3.15.0) Updates `lodash` from 4.17.15 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.18.1) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `path-to-regexp` from 0.1.7 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13) Updates `picomatch` from 2.2.1 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/commits/2.3.2) Updates `send` from 0.17.1 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.2) Updates `serve-static` from 1.14.1 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.3) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `store2` from 2.10.0 to 2.14.4 - [Commits](nbubna/store@2.10.0...2.14.4) Updates `ws` from 5.2.2 to 5.2.5 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.2...5.2.5) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.6 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: store2 dependency-version: 2.14.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 5.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jul 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 10 updates in the / directory:
7.8.77.29.61.0.41.0.74.17.14.22.23.13.13.15.04.17.154.18.12.19.02.19.22.2.12.3.22.4.112.4.122.10.02.14.45.2.25.2.5Updates
@babel/corefrom 7.8.7 to 7.29.6Release notes
Sourced from @babel/core's releases.
... (truncated)
Commits
04ea6b2v7.29.699f498a[7.x packport]Improve input source map handling (#18001)feba0a3Preserve original identifier names from input sourcemaps (#17992) (#17998)aa8394ev7.29.0ad0d03f[7.x backport] feat: Allow specifying startLine in code frame (#17739)d7f4008v7.28.6e130225Polish(standalone): improve message on invalid preset/plugin (#17606)99dcba5chore: enable some ts-eslint rules (#17592)c92c491Improve Unicode handling in code-frame tokenizer (#17589)d725e39AddBABEL_7_TO_8_DANGEROUSLY_DISABLE_VERSION_CHECK(#17569)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for
@babel/coresince your current version.Updates
cipher-basefrom 1.0.4 to 1.0.7Changelog
Sourced from cipher-base's changelog.
Commits
0056718v1.0.7fd1e5ee[Refactor] useto-buffer08ba803[Dev Deps] update@ljharb/eslint-configf5249f9v1.0.6b7ddd2a[Fix] io.js 3.0 - Node.js 5.3 typed array supportf03cebfv1.0.588dc806[meta] addauto-changelog7a137d7[meta] addnpmignoreandsafe-publish-latest5c02918[meta] fix package.json indentation8fd1364[Fix] return valid values on multi-byte-wide TypedArray inputMaintainer changes
This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
expressfrom 4.17.1 to 4.22.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
df0abc94.22.2836d3664.xupdate qs to 6.15.1, body-parser 1.20.5 (#7224)8d09bfefix: restore array parsing for req.query repeated keys (#7181)d39e8addeps: body-parser@~1.20.4 (#7021)efe85d9deps: qs@^6.14.1 (#6972)f62378e📝 add note to history12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-51999Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
js-yamlfrom 3.13.1 to 3.15.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
c34b6c43.15.0 released21e13d3dist rebuild4165c62Add v3-legacy tag for publishd8ff750Add package lock24f13e7AddedmaxTotalMergeKeys(10000) loader option (v5 backport)9963d363.14.2 released10d3c8edist rebuild5278870fix prototype pollution in merge (<<) (#731)37caaad3.14.1 released094c0f7dist rebuildUpdates
lodashfrom 4.17.15 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
min-documentfrom 2.19.0 to 2.19.2Commits
0d141502.19.249c2e06Merge pull request #56 from wasabina67/fix/prototype-pollution-removeAttribut...9666461Fix prototype pollution vulnerability in removeAttributeNS4490b402.19.12cd5871update ignorefe32e8dMerge pull request #55 from jameswassink/fix/prototype-pollution-removeAttrib...6c5f31aBetter prototype pollution fix0d4e819Fix prototype pollution in removeAttributeNSbf7b691Update package.json1b5402dMerge pull request #49 from PixnBits/patch-1Updates
path-to-regexpfrom 0.1.7 to 0.1.13Release notes
Sourced from path-to-regexp's releases.
Changelog
Sourced from path-to-regexp's changelog.
Commits
9fd0c870.1.13 (#425)7ccf02cfix: CVE-2026-4867640e6940.1.12f01c26aMerge commit from fork0c711920.1.118f09549Add error on bad input valuesc827fce0.1.1029b96b4Add backtrack protection to parametersac4c234Update repo url (#314)bdb66350.1.9Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.
Updates
picomatchfrom 2.2.1 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by danez, a new releaser for picomatch since your current version.
Updates
sendfrom 0.17.1 to 0.19.2Release notes
Sourced from send's releases.
Changelog
Sourced from send's changelog.
Commits
34ba03b0.19.2 (#280)e53e4e5deps: use tilde notation and update certain dependencies (#279)19efaa30.19.10a9fa80fix(deps): encodeurl@~2.0.0 (#240)9d2db990.19.0ae4f298Merge commit from forkb69cbb30.18.0f53edbbLimit the headers removed for 304 response706d6dddocs: add security policyb690ba4docs: fix linux build badge linkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates
serve-staticfrom 1.14.1 to 1.16.3Release notes
Sourced from serve-static's releases.
Changelog
Sourced from serve-static's changelog.
Commits
9acad221.16.3 (#229)52dc97ddeps: send@~0.19.1 and upgrade Node.js versions on the CI (#227)ec9c5ec1.16.2f454d37fix(deps): encodeurl@~2.0.077a82551.16.14263f49fix(deps): send@0.19.048c73971.16.00c11fadMerge commit from fork9b5a12a1.15.0a39a0dfdocs: update CI linkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.
Updates
sha.jsfrom 2.4.11 to 2.4.12Changelog
Sourced from sha.js's changelog.
Commits
eb4ea2fv2.4.12d8d77c0[meta] reorder package.jsondf9d521[eslint] fix package.json indentation35aec35[meta] addnpmignored528896[Dev Deps] add missing peer depb46e711[meta] addauto-changelog94ca724[Dev Deps] remove unusedbufferdep2dbe0aa[Dev Deps] update@ljharb/eslint-config73e33ae[Tests] avoid console logsf2a258e[Fix] support multi-byte wide typed arraysMaintainer changes
This version was pushed to npm by ljharb, a new releaser for sha.js since your current version.
Updates
store2from 2.10.0 to 2.14.4Commits
bb2680d2.14.45c4c208minor version build updates