Bump the npm_and_yarn group across 1 directory with 17 updates by dependabot[bot] · Pull Request #1 · llowgn/vuln_node_express

dependabot · 2024-03-21T21:29:09Z

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
debug	`2.6.9`	`3.1.0`
pug	`2.0.4`	`3.0.1`
ajv	`6.10.2`	`6.12.6`
ini	`1.3.5`	`1.3.8`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
minimatch	`3.0.4`	`3.1.2`
minimist	`1.2.0`	`1.2.8`
mkdirp	`0.5.1`	`0.5.6`
qs	`6.5.2`	`6.5.3`
express	`4.16.4`	`4.19.1`
request	`2.88.0`	``
sqlite3	`4.1.0`	`4.2.0`
semver	`5.7.1`	`5.7.2`
tar	`4.4.10`	`4.4.19`

Updates debug from 2.6.9 to 3.1.0

Release notes

Sourced from debug's releases.

3.1.0

Minor Changes

Ignore package-lock.json: e7e568a24736486721882282eb21beb31c741647

Remove component.json: 47747f329fe159e94262318b52b87a48f6c0acd4

Remove "component" from package.json: bdb7e0137f84dc8bcfc95daede7c694799d38dbf

Add DEBUG_HIDE_DATE env var: #486

Patches

Correct spelling mistake: daf1a7c8c0f62f5dbc8d48158d6748d0527cc551

Examples: fix colors printout: 7cd9e539ce571fc3314d34d9d1dac3124839dbac

Fix browser detection: fdfa0f5f6cc7e83fd60b6cf1e7b990cbf6388621

Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @amejiarosario and @zhuangya for their help!

3.0.0

Featuring pretty new colors!

Major Changes

Remove DEBUG_FD: #406

Make millisecond timer namespace specific and allow 'always enabled' output: #408

Use Date#toISOString() instead to Date#toUTCString() when output is not a TTY: #418

enabled() updates existing debug instances: #440

Minor Changes

Add destroy() function: #440

Document enabled flag: #465

Support 256 colors: #481

Update "browserify" to v14.4.0: 826fd94639efeaa3c5701b50d335caead084a5d6

Separate Node.js and web browser examples: 87880f6ae1f48b12d9f3346bce564a66cba6b93e

Example: use %o formatter: 31f3343de76cb8687041387a1b811745c6e84473

More readme screenshots replaced: 25eb545324912dd2863658d0ba35426c0f617619

Add Namespace Colors section to readme: 8b5c438a222167bd0cc66db046bac073f01b3c01

Separate the Node and Browser tests in Travis: f178d861df18abacac6e9e4607c7306a1147bf3d

Patches

Readme: fix typo: #473

Component: update "ms" to v2.0.0: d2dd80aeaf1b037f0b3be21838c4594bbedc4a9c

Credits

... (truncated)

Changelog

Sourced from debug's changelog.

3.1.0 / 2017-09-26

Add DEBUG_HIDE_DATE env var (#486)

Remove ReDoS regexp in %o formatter (#504)

Remove "component" from package.json

Remove component.json

Ignore package-lock.json

Examples: fix colors printout

Fix: browser detection

Fix: spelling mistake (#496, @EdwardBetts)

3.0.1 / 2017-08-24

Fix: Disable colors in Edge and Internet Explorer (#489)

3.0.0 / 2017-08-08

Breaking: Remove DEBUG_FD (#406)

Breaking: Use Date#toISOString() instead to Date#toUTCString() when output is not a TTY (#418)

Breaking: Make millisecond timer namespace specific and allow 'always enabled' output (#408)

Addition: document enabled flag (#465)

Addition: add 256 colors mode (#481)

Addition: enabled() updates existing debug instances, add destroy() function (#440)

Update: component: update "ms" to v2.0.0

Update: separate the Node and Browser tests in Travis-CI

Update: refactor Readme, fixed documentation, added "Namespace Colors" section, redid screenshots

Update: separate Node.js and web browser examples for organization

Update: update "browserify" to v14.4.0

Fix: fix Readme typo (#473)

Commits

f073e05 Release 3.1.0
2c0df9b rename DEBUG_HIDE_TTY_DATE to DEBUG_HIDE_DATE
dcb37b2 Merge branch '2.x'
56a3853 Add DEBUG_HIDE_TTY_DATE env var (#486)
bdb7e01 remove "component" from package.json
c38a016 remove ReDoS regexp in %o formatter (#504)
47747f3 remove component.json
a0601e5 fix
e7e568a ignore package-lock.json
fdfa0f5 Fix browser detection
Additional commits viewable in compare view

Updates pug from 2.0.4 to 3.0.1

Release notes

Sourced from pug's releases.

pug-code-gen@3.0.1

Bug Fixes

Update with to resolve core-js deprecation notice (#3259)

pug-runtime@3.0.1

Bug Fixes

Properly handle non-string values when rethrowing errors (#3269)

pug@3.0.1

Bug Fixes

Sanitise the pretty option (#3314)

If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

pug-attrs@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

pug-code-gen@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

New Features

Support EachOf nodes (#3179)

pug-load@3.0.0

Breaking Changes

read plugins must now return Buffer if you want to support filters that use renderBuffer (#3213)

Drop support for node 6 and 8 (#3243)

New Features

File nodes now get a raw property that is a Buffer, in addition to the str (#3213)

pug-runtime@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

Bug Fixes

wrap setting err.message with a try/catch (#2996)

... (truncated)

Commits

991e78f fix: sanitise and escape the pretty option (#3314)
06baa52 Fix TypeScript and add eachOf token definition (#3262)
13e46e9 chore: update with (#3259)
c077df4 docs: fix rolling versions link
ccba7da ci: publish canary release (#3257)
24a7b8e chore: remove get-repo dependency (#3256)
8288ec5 ci: fix some problems with the workflows and add dry-run (#3254)
eca9342 chore: update is-expression and jest (#3253)
9e96bb7 feat: allow filters to read non-text include files (#3213)
bb0731f chore: use minimal settings to format test files (#3245)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pug-bot, a new releaser for pug since your current version.

Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

fe59143 6.12.6
d580d3e Merge pull request #1298 from ajv-validator/fix-url
fd36389 fix: regular expression for "url" format
490e34c docs: link to v7-beta branch
9cd93a1 docs: note about v7 in readme
877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
f1c8e45 6.12.5
764035e Merge branch 'ChALkeR-chalker/fix-comma'
3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates json-schema from 0.2.3 to 0.4.0

Commits

f6f6a3b Use a little more robust method of checking instances
ef60987 Update version
b62f1da Protect against constructor modification, #84
fb427cd Link to json-schema-org repository in addition to site, fixes #54
22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
c52a27c Get basic test to pass
b3f42b3 Add security policy
3b0cec3 Update version
c28470f Update readme to acknowledge the state of the package
7dff9cd Merge pull request #81 from hodovani/patch-1
Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

#35 Backport json-schema 0.4.0 to version 1.4.x

Commits

5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates minimatch from 3.0.4 to 3.1.2

Commits

699c459 3.1.2
2f2b5ff fix: trim pattern
25d7c0d 3.1.1
55dda29 fix: treat nocase:true as always having magic
5e1fb8d 3.1.0
f8145c5 Add 'allowWindowsEscape' option
570e8b1 add publishConfig for v3 publishes
5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
Additional commits viewable in compare view

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

92f086d 0.5.6
2a28125 clean up tests
c905d65 update minimist
049cf18 0.5.5
bea6382 Remove unnecessary umask calls
42a012c 0.5.4
2867920 fix infinite loop on windows machines
d784e70 0.5.3
d612c5d add files list so this package isn't a monster
b2e7ba0 0.5.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates path-parse from 1.0.6 to 1.0.7

Commits

See full diff in compare view

Updates pug-code-gen from 2.0.2 to 3.0.2

Release notes

Sourced from pug-code-gen's releases.

pug-code-gen@3.0.2

Bug Fixes

Sanitise the pretty option (#3314)

If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

pug-code-gen@3.0.1

Bug Fixes

Update with to resolve core-js deprecation notice (#3259)

pug-code-gen@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

New Features

Support EachOf nodes (#3179)

Commits

991e78f fix: sanitise and escape the pretty option (#3314)
06baa52 Fix TypeScript and add eachOf token definition (#3262)
13e46e9 chore: update with (#3259)
c077df4 docs: fix rolling versions link
ccba7da ci: publish canary release (#3257)
24a7b8e chore: remove get-repo dependency (#3256)
8288ec5 ci: fix some problems with the workflows and add dry-run (#3254)
eca9342 chore: update is-expression and jest (#3253)
9e96bb7 feat: allow filters to read non-text include files (#3213)
bb0731f chore: use minimal settings to format test files (#3245)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pug-bot, a new releaser for pug-code-gen since your current version.

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3
ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
12ac1c4 [meta] fix README.md (#399)
0338716 [actions] backport actions from main
5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
51b8a0b add FUNDING.yml
45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
f814a7f [Dev Deps] backport from main
Additional commits viewable in compare view

Updates express from 4.16.4 to 4.19.1

Release notes

Sourced from express's releases.

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

use random port in test so it won't fail on already listening by @rluvaton in expressjs/express#5162

tests: use cb() instead of done() by @kristof-low in expressjs/express#5233

examples: remove multipart example by @riddlew in expressjs/express#5195

Update support Node.js@18 in the CI by @UlisesGascon in expressjs/express#5490

Fix favicon-related bug in cookie-sessions example by @DmytroKondrashov in expressjs/express#5414

Release 4.18.3 by @UlisesGascon in expressjs/express#5505

New Contributors

@vcsjones made their first contribution in expressjs/express#5032

@abenhamdine made their first contribution in expressjs/express#5034

@armujahid made their first contribution in expressjs/express#5027

@raksbisht made their first contribution in expressjs/express#5124

@rluvaton made their first contribution in expressjs/express#5162

@kristof-low made their first contribution in expressjs/express#5233

@riddlew made their first contribution in expressjs/express#5195

... (truncated)

Changelog

Sourced from express's changelog.

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: body-parser@1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

deps: qs@6.11.0

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

Invoke default with same arguments as types in res.format

Support proper 205 responses using res.send

Use http-errors for res.format error

deps: body-parser@1.20.0

Fix error message for json parse whitespace in strict

... (truncated)

Commits

4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
4ee853e docs: loosen TC activity rules
414854b docs: nominating @wesleytodd to be project captian
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Removes request

Updates sqlite3 from 4.1.0 to 4.2.0

Release notes

Sourced from sqlite3's releases.

v4.2.0

electron: Electron v8, v8.1.x & v8.2.x #1294 #1308

sqlite3: update to 3.31.1 (3310100) #1289

webpack: split sqlite3-binding.js out so that it could be override by webpack #1268

sqlite3: enable 'SQLITE_ENABLE_DBSTAT_VTAB=1' #1281

deps: remove request #1287

deps: alternative update of node-gyp for electron (v1 - v4), windows #1283

electron: fix dist url #1282

docs: Added json1 support note #1303

v4.1.1

Electron v6.1 and v7 support #1237

Electron v7.1 support #1254

SQLite3 update to 3.30.1 #1238

Overwrite 'msbuild_toolset' only if 'toolset' is defined #1242

Upgrade CI to node-gyp 6.x for Windows Electron v5 & v6 builds #1245

Node v13 support #1247

Use minimum supported node version for Electron 7 #1255

Changelog

Sourced from sqlite3's changelog.

4.2.0

electron: Electron v8, v8.1.x & v8.2.x #1294 #1308

sqlite3: update to 3.31.1 (3310100) #1289

webpack: split sqlite3-binding.js out so that it could be override by webpack #1268

sqlite3: enable 'SQLITE_ENABLE_DBSTAT_VTAB=1' #1281

deps: remove request #1287

deps: alternative update of node-gyp for electron (v1 - v4), windows #1283

electron: fix dist url #1282

docs: Added json1 support note #1303

4.1.1

Electron v6.1 and v7 support #1237

Electron v7.1 support #1254

SQLite3 update to 3.30.1 #1238

Overwrite 'msbuild_toolset' only if 'toolset' is defined #1242

Upgrade CI to node-gyp 6.x for Windows Electron v5 & v6 builds #1245

Node v13 support #1247

Use minimum supported node version for Electron 7 #1255

Commits

afa2207 release: 4.2.0 [publish binary]
926fb95 release: 4.2.0 (#1309)
73b7333 sqlite3: enable 'SQLITE_ENABLE_DBSTAT_VTAB=1' (#1281)
cf2b3ce ci: fix .travis.yml formatting
75fee8a prebuilt: add electron 8.1 & 8.2 (#1308)
fc48aed docs: Added json1 support note (#1303)
fdceaef webpack: split sqlite3-binding.js out so that it could be override by webpack...
a704bd7 deps: remove request (#1287)
dc30669 prebuilt: electron 8 (#1294)
65da4a8 sqlite3 update to 3.31.1 (3310100) (#1289)
Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (Description has been truncated

Bumps the npm_and_yarn group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [debug](https://github.com/debug-js/debug) | `2.6.9` | `3.1.0` | | [pug](https://github.com/pugjs/pug) | `2.0.4` | `3.0.1` | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.12.6` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.8` | | [mkdirp](https://github.com/isaacs/node-mkdirp) | `0.5.1` | `0.5.6` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [express](https://github.com/expressjs/express) | `4.16.4` | `4.19.1` | | [request](https://github.com/request/request) | `2.88.0` | `` | | [sqlite3](https://github.com/TryGhost/node-sqlite3) | `4.1.0` | `4.2.0` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [tar](https://github.com/isaacs/node-tar) | `4.4.10` | `4.4.19` | Updates `debug` from 2.6.9 to 3.1.0 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/3.1.0/CHANGELOG.md) - [Commits](debug-js/debug@2.6.9...3.1.0) Updates `pug` from 2.0.4 to 3.0.1 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.1) Updates `ajv` from 6.10.2 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 1.2.0 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.0...v1.2.8) Updates `mkdirp` from 0.5.1 to 0.5.6 - [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md) - [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `pug-code-gen` from 2.0.2 to 3.0.2 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug-code-gen@2.0.2...pug-code-gen@3.0.2) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `express` from 4.16.4 to 4.19.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.4...4.19.1) Removes `request` Updates `sqlite3` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/TryGhost/node-sqlite3/releases) - [Changelog](https://github.com/TryGhost/node-sqlite3/blob/v4.2.0/CHANGELOG.md) - [Commits](TryGhost/node-sqlite3@v4.1.0...v4.2.0) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `tar` from 4.4.10 to 4.4.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.10...v4.4.19) --- updated-dependencies: - dependency-name: debug dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: pug dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: mkdirp dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: path-parse dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: pug-code-gen dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: request dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: sqlite3 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2024

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-8805363902 branch from 0af79a6 to 65ce1da Compare March 21, 2024 21:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 17 updates#1

Bump the npm_and_yarn group across 1 directory with 17 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-security-group-8805363902

dependabot bot commented on behalf of github Mar 21, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 21, 2024

3.1.0

Minor Changes

Patches

Credits

3.0.0

Major Changes

Minor Changes

Patches

Credits

3.1.0 / 2017-09-26

3.0.1 / 2017-08-24

3.0.0 / 2017-08-08

pug-code-gen@3.0.1

Bug Fixes

pug-runtime@3.0.1

Bug Fixes

pug@3.0.1

Bug Fixes

pug-attrs@3.0.0

Breaking Changes

pug-code-gen@3.0.0

Breaking Changes

New Features

pug-load@3.0.0

Breaking Changes

New Features

pug-runtime@3.0.0

Breaking Changes

Bug Fixes

v6.12.6

v6.12.5

v6.12.4

v6.12.3

v6.12.2

v6.12.1

v6.12.0

v6.11.0

v1.4.2 (2021-11-29)

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

pug-code-gen@3.0.2

Bug Fixes

pug-code-gen@3.0.1

Bug Fixes

pug-code-gen@3.0.0

Breaking Changes

New Features

6.5.3

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

New Contributors

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

v4.2.0

v4.1.1

4.2.0

4.1.1

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels