Bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
mongodb	1.4.12	3.1.13
ms	0.1.0	2.0.0
mpath	0.1.1	0.8.4
mquery	0.5.3	3.2.3
node-static	0.5.9	0.7.11
highlight.js	7.0.1	10.4.1
markdown	0.3.1	0.5.0
open	0.0.3	6.0.0

Bumps the npm_and_yarn group with 1 update in the /examples/express/connection-sharing directory: express.

Updates mongodb from 1.4.12 to 3.1.13

Changelog

Sourced from mongodb's changelog.

3.1.13 (2019-01-23)

Bug Fixes

• restore ability to webpack by removing makeLazyLoader (050267d)
• bulk: honor ignoreUndefined in initializeUnorderedBulkOp (e806be4)
• changeStream: properly handle changeStream event mid-close (#1902) (5ad9fa9)
• db_ops: ensure we async resolve errors in createCollection (210c71d)

3.1.12 (2019-01-16)

Features

• core: update to mongodb-core v3.1.11 (9bef6e7)

3.1.11 (2019-01-15)

Bug Fixes

• bulk: fix error propagation in empty bulk.execute (a3adb3f)
• bulk: make sure that any error in bulk write is propagated (bedc2d2)
• bulk: properly calculate batch size for bulk writes (aafe71b)
• operations: do not call require in a hot path (ff82ff4)

3.1.10 (2018-11-16)

Bug Fixes

• auth: remember to default to admin database (c7dec28)

Features

• core: update to mongodb-core v3.1.9 (bd3355b)

... (truncated)

Commits

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing makeLazyLoader
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mbroadst, a new releaser for mongodb since your current version.

Updates ms from 0.1.0 to 2.0.0

Release notes

Sourced from ms's releases.

2.0.0

Major Changes

• Limit str to 100 to avoid ReDoS of 0.3s: #89

Patches

• Ignored logs coming from npm: b1eaab752203e978492a4d540a7ae1d26e6306b1
• Bumped dependencies to the latest version: bcf57157678fd5afc691383145a35e116f9704d0
• Invalidated cache for slack badge: 94b995c1d6d5d13ec976a0c6849a3cca9b277e6b

Credits

Huge thanks to @​karenyavine for their help!

1.0.0

Major Changes

• Removed component specification: 1fbbe974cdcad96e592dcb65a7b2a8649f690420

Patches

• Test on LTS version of Node: c9b1fd319f0f9198d85ecf4ba83e46cc1216be04
• Removed XO: 94068ea6d518387670df277f740b1abada80ed48
• Use prettier and eslint: 57b3ef8e3423cae6254f94c5564a11b4492cff43
• Badge for XO removed: 389840b329436117741b2ef13a172725082695b9
• Removed browser testing: e818c3581aca3119c00d81901bfe8fe653bcfda4
• More suitable name for file containing tests: ee91f307a8dc3581ebdad614ec0533ddb3d8bf56

0.7.3

Patches

• Mark "options" param as optional in jsdoc: #77
• Lowercased text files: 5f0653ab192a30301aed8668b4588a87975b41ab
• Pinned dependencies: 126d7f094a1836b991c8d0abfeb4d0ce09ac280f
• Chore(package): update serve to version 5.0.1: #81

Credits

Huge thanks to @​Jokero for their help!

0.7.2

Patches 💅

• Added license field to package.json file: zeit/ms#42
• Renamed long and short (reserved keywords): zeit/ms#53
• Capitalized important files: b2d9f9d
• Specified version numbers for devDependencies in package.json: abd3616
• Updated license file to the latest version: 5d53ae8
• Only upload important files to npm, instead of excluding certain ones: 2b2f02a
• Adjusted name of repository in package.json: e84f95d

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by leo, a new releaser for ms since your current version.

Updates mpath from 0.1.1 to 0.8.4

Changelog

Sourced from mpath's changelog.

0.8.4 / 2021-09-01

• fix: throw error if parts contains an element that isn't a string or number #13

0.8.3 / 2020-12-30

• fix: use var instead of let/const for Node.js 4.x support

0.8.2 / 2020-12-30

• fix(stringToParts): fall back to legacy treatment for square brackets if square brackets contents aren't a number Automattic/mongoose#9640
• chore: add eslint

0.8.1 / 2020-12-10

• fix(stringToParts): handle empty string and trailing dot the same way that split() does for backwards compat

0.8.0 / 2020-11-14

• feat: support square bracket indexing for get(), set(), has(), and unset()

0.7.0 / 2020-03-24

• BREAKING CHANGE: remove component.json #9 AlexeyGrigorievBoost

0.6.0 / 2019-05-01

• feat: support setting dotted paths within nested arrays

0.5.2 / 2019-04-25

• fix: avoid using subclassed array constructor when doing map()

0.5.1 / 2018-08-30

• fix: prevent writing to constructor and prototype as well as proto

0.5.0 / 2018-08-30

• BREAKING CHANGE: disallow setting/unsetting proto properties
• feat: re-add support for Node < 4 for this release

0.4.1 / 2018-04-08

• fix: allow opting out of weird $ set behavior re: Automattic/mongoose#6273

0.4.0 / 2018-03-27

• feat: add support for ES6 maps
• BREAKING CHANGE: drop support for Node < 4

... (truncated)

Commits

• 634a0fa chore: release 0.8.4
• 89402d2 fix: throw error if parts contains an element that isn't a string or number
• 03c4efe chore: add basic SECURITY.md file
• ad7a023 chore: release 0.8.3
• f050c3a fix: use var instead of let/const for Node.js 4.x support
• e3bdd36 chore: release 0.8.2
• b09cebc chore: add lint
• ffed519 fix(stringToParts): fall back to legacy treatment for square brackets if squa...
• 095573c chore: release 0.8.1
• c507d2c fix(stringToParts): handle empty string and trailing dot the same way that `s...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vkarpov15, a new releaser for mpath since your current version.

Updates mquery from 0.5.3 to 3.2.3

Changelog

Sourced from mquery's changelog.

3.2.3 / 2020-12-10

• fix(utils): avoid copying special properties like __proto__ when merging and cloning. Fix CVE-2020-35149

3.2.2 / 2019-09-22

• fix: dont re-call setOptions() when pulling base class options Automattic/mongoose#8159

3.2.1 / 2018-08-24

• chore: upgrade deps

3.2.0 / 2018-08-24

• feat: add $useProjection to opt in to using projection instead of fields re: MongoDB deprecation warnings Automattic/mongoose#6880

3.1.2 / 2018-08-01

• chore: move eslint to devDependencies #110 jakesjews

3.1.1 / 2018-07-30

• chore: add eslint #107 Fonger
• docs: clean up readConcern docs #106 Fonger

3.1.0 / 2018-07-29

• feat: add readConcern() helper #105 Fonger
• feat: add maxTimeMS() as alias of maxTime() #105 Fonger
• feat: add collation() helper #105 Fonger

3.0.1 / 2018-07-02

• fix: parse sort array options correctly #103 #102 Fonger

3.0.0 / 2018-01-20

• chore: upgrade deps and add nsp

3.0.0-rc0 / 2017-12-06

• BREAKING CHANGE: remove support for node < 4
• BREAKING CHANGE: remove support for retainKeyOrder, will always be true by default re: Automattic/mongoose#2749

2.3.3 / 2017-11-19

• fixed; catch sync errors in cursor.toArray() re: Automattic/mongoose#5812

2.3.2 / 2017-09-27

... (truncated)

Commits

• eeaa57c chore: release 3.2.3
• 792e69f fix(utils): avoid copying special properties like __proto__ when merging an...
• 2268a48 Merge pull request #118 from aheckmann/dependabot/npm_and_yarn/mongodb-3.6.1
• 658f66a chore(deps-dev): bump mongodb from 3.1.1 to 3.6.1
• e68f8e1 chore: add tidelift disclosure
• 6d3e0c7 chore: release 3.2.2
• b36dfd8 fix: dont re-call setOptions() when pulling base class options
• d8d94f8 chore: remove istanbul and use eslint 5.x
• ec0f83f chore: get rid of package-lock.json
• 6bd88b7 travis; update node versions
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vkarpov15, a new releaser for mquery since your current version.

Updates node-static from 0.5.9 to 0.7.11

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by cloudhead, a new releaser for node-static since your current version.

Updates highlight.js from 7.0.1 to 10.4.1

Release notes

Sourced from highlight.js's releases.

10.4.1

Security fixes:

• (fix) Exponential backtracking fixes for: Josh Goebel
  • cpp
  • handlebars
  • gams
  • perl
  • jboss-cli
  • r
  • erlang-repl
  • powershell
  • routeros
• (fix) Polynomial backtracking fixes for: Josh Goebel
  • asciidoc
  • reasonml
  • latex
  • kotlin
  • gcode
  • d
  • aspectj
  • moonscript
  • coffeescript/livescript
  • csharp
  • scilab
  • crystal
  • elixir
  • basic
  • ebnf
  • ruby
  • fortran/irpf90
  • livecodeserver
  • yaml
  • x86asm
  • dsconfig
  • markdown
  • ruleslanguage
  • xquery
  • sqf

Very grateful to Michael Schmidt for all the help.

10.4.0 - November 2020

A largish release with many improvements and fixes from quite a few different contributors. Enjoy!

Deprecations:

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Version 10.4.1 (tentative)

Security

• (fix) Exponential backtracking fixes for: Josh Goebel
  • cpp
  • handlebars
  • gams
  • perl
  • jboss-cli
  • r
  • erlang-repl
  • powershell
  • routeros
• (fix) Polynomial backtracking fixes for: Josh Goebel
  • asciidoc
  • reasonml
  • latex
  • kotlin
  • gcode
  • d
  • aspectj
  • moonscript
  • coffeescript/livescript
  • csharp
  • scilab
  • crystal
  • elixir
  • basic
  • ebnf
  • ruby
  • fortran/irpf90
  • livecodeserver
  • yaml
  • x86asm
  • dsconfig
  • markdown
  • ruleslanguage
  • xquery
  • sqf

Very grateful to Michael Schmidt for all the help.

Version 10.4.0

A largish release with many improvements and fixes from quite a few different contributors. Enjoy!

... (truncated)

Commits

• e96b915 bump 10.4.1
• 065f65f chore(release) allow release script to handle production releases
• 68509fc chore(docs) bump SECURITY mention to 9.18.5
• aa0fb85 chore(docs) Version 9 has reached EOL.
• fb0a626 enh(ci): Add tests for polynomial regex issues
• fa46dd1 fix(reasonml) fix poly backtracking issue
• d496052 fix(latex) fix poly backtracking issue
• d9f1cdb fix(javascript/typescript) fix poly backtracking issue
• fdec037 fix(asciidoc) fix poly backtracking issue
• 02ca487 fix(kotlin) fix poly backtracking issue
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by joshgoebel, a new releaser for highlight.js since your current version.

Updates markdown from 0.3.1 to 0.5.0

Changelog

Sourced from markdown's changelog.

v0.5.0 - 2013-07-26

There might be other bug fixes then the ones listed - I've been a bit lax at updating the changes file, sorry :(

• Fix "undefined" appearing in output for some cases with blockquotes
• Fix (multiple) global variable leaks. Ooops
• Allow spaces in img/link paths (#48)
• Handle windows line endings (#58)
• Fix IE8 issues (#68, #86, #97)
• Fix images inside links mistakenly requiring a title attribute to parse correctly (#71)
• Add explicit text of the license to the readme (#74)
• Style tweaks by XhmikosR (#81, #82, #83)
• Build now tested by TravisCI thanks to sebs (#85)
• Fix "cuddled" header parsing (#94)
• Add support for tables to Maruku dialect (#66) Thanks redsun82!

v0.4.0 - 2012-06-09

• Improve link parsing when multiple on a line (#5)
• npm test will now run the entire test suite cleanly (switch tests over to node-tap) (#21)
• Fix blockquote merging/implicit conversion between string/String (#24, #44)
• Allow inline elements to appear inside link text (#27)
• Fix to correctly render self-closing tags (#28, #35, #40)
• Actually render image references (#36)
• Make it work in IE7/8 (#37)
• Improve link parsing when link is inside parenthesis (#38)
• Fix JSLint warnings (#42)
• md2html can now process stdin (#43)
• Fix for anchors enclosed by parenthesis (#46)

#5: evilstreak/markdown-js#5 #21: evilstreak/markdown-js#21 #24: evilstreak/markdown-js#24 #27: evilstreak/markdown-js#27 #28: evilstreak/markdown-js#28 #35: evilstreak/markdown-js#35 #36: evilstreak/markdown-js#36 #37: evilstreak/markdown-js#37 #38: evilstreak/markdown-js#38 #40: evilstreak/markdown-js#40 #42: evilstreak/markdown-js#42 #43: evilstreak/markdown-js#43 #44: evilstreak/markdown-js#44 #46: evilstreak/markdown-js#46

... (truncated)

Commits

• 165fedf v0.5.0
• e1813a2 Add test for image without title inside link (#71)
• 87e2804 Update changelog since 0.4
• 984a0ec Implement tables for Maruku dialect by redsun82
• 01fdd68 Style change - move function just used in table processing into Maruku.block....
• 28d5c63 Fix broken escaping introduected in 404344f
• c819ed3 added reference to new tests
• 8d3b49a added some tests for tables
• 7c867b3 added tolerance for up to three spaces for headers and first horizontal rule ...
• 828a7bf corrected some omitted characters needing escape in _split_on_unescaped
• Additional commits viewable in compare view

Updates open from 0.0.3 to 6.0.0

Release notes

Sourced from open's releases.

v6.0.0

Breaking:

• Rename the package from opn to open (See the readme for more info) eca88d8
• Make the wait option false by default da2d663
• Require Node.js 8 5c525b5

Enhancements:

• Add support for Windows apps referenced by their WSL paths (#118) b30220c

sindresorhus/open@v5.5.0...v6.0.0

v5.5.0

• Use system xdg-open in Electron apps on Linux (#108) 6d3f255

sindresorhus/open@v5.4.0...v5.5.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by sindresorhus, a new releaser for open since your current version.

Updates express from 3.1.1 to 4.22.0

Release notes

Sourced from express's releases.

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

... (truncated)

Commits

• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• 6a23d34 deps: use tilde notation for qs (#6919)
• 8c12cdf deps: qs@6.14.0 (#6909)
• 7fea74f deps: use tilde notation for certain dependencies (#6905)
• dac7a04 chore: wider range for query test skip (#6513)
• 997919b ci: add node.js 24 to test matrix (#6506)
• 36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
• 3a5edfa fix(ci): updated github actions ci workflow (#6323)
• 52d9781 fix(test): add test for method routes without paths #5955
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.