build(deps): bump the npm_and_yarn group with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates:

Package	From	To
express	4.20.0	4.21.0
@azure/identity	4.2.0	4.5.0
@azure/msal-node	2.8.1	2.16.2
body-parser	1.20.2	1.20.3
braces	3.0.2	3.0.3
micromatch	4.0.5	4.0.8
mysql2	3.9.7	3.12.0
path-to-regexp	0.1.7	0.1.10
rollup	4.17.2	4.29.1
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
webpack	5.91.0	5.97.1

Updates express from 4.20.0 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• See full diff in compare view

Updates @azure/identity from 4.2.0 to 4.5.0

Commits

• 57b8380 feat(playwrighttesting): Added runName in service config (#31379)
• 258b4b1 Sync eng/common directory with azure-sdk-tools for PR 9177 (#31432)
• 97e9849 Handle missing artifacts without exception (#31437)
• d0b70a8 [ServiceBus] expose omitMessagesBody option under ./experimental subpath (#31...
• 24d7877 Sync .github/workflows directory with azure-sdk-tools for PR 9199 (#31438)
• 20f3c84 Sync eng/common directory with azure-sdk-tools for PR 9202 (#31439)
• 3e11a2e Sync eng/common directory with azure-sdk-tools for PR 9147 (#31440)
• efbd492 Fix lint issues in CODEOWNERS (#31435)
• 3a21d19 [monitor-opentelemetry] Live Metrics: Perf Counter update (#31341)
• 2d33359 [Identity] Add Pop token support (#30961)
• Additional commits viewable in compare view

Updates @azure/msal-node from 2.8.1 to 2.16.2

Release notes

Sourced from @​azure/msal-node's releases.

@​azure/msal-node v2.16.2

2.16.2

Tue, 19 Nov 2024 17:21:57 GMT

Patches

• removeAccount method now clears client cache by retrieving partitionKey when accountEntities are empty (#7329) (luccarebtoledo@gmail.com)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-node v2.16.1

2.16.1

Tue, 12 Nov 2024 15:32:46 GMT

Patches

• Fixes bug where getAllAccounts always writes to the cache (shylasummers@microsoft.com)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-node v2.16.0

2.16.0

Tue, 05 Nov 2024 18:58:45 GMT

Minor changes

• Add first order broker parameters #7348 (kshabelko@microsoft.com)
• Make clear synchronous (shylasummers@microsoft.com)
• Remove NetworkManager class (thomas.norling@microsoft.com)
• Region auto enable on env variable #7354 (rginsburg@microsoft.com)
• Bump @​azure/msal-common to v14.16.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-node v2.15.0

2.15.0

Thu, 03 Oct 2024 00:40:42 GMT

Minor changes

• Implemented functionality to skip the cache for MI when claims are provided #7207 (rginsburg@microsoft.com)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

Patches

... (truncated)

Commits

• See full diff in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates mysql2 from 3.9.7 to 3.12.0

Release notes

Sourced from mysql2's releases.

v3.12.0

3.12.0 (2024-12-23)

Features

• PoolCluster: restoreNodeTimeout implementation (#3218) (9a38601)

v3.11.5

3.11.5 (2024-11-28)

Bug Fixes

• fix datetime fields returned without time part when time is 00:00:00 (#3204) (bded498)
• resolve circular dependencies (#3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#3209) (cdc9415)

v3.11.4

3.11.4 (2024-11-05)

Bug Fixes

• types: correct TypeCast's Next callback to return unknown (#3129) (401db79)

v3.11.3

3.11.3 (2024-09-14)

Bug Fixes

• typings: synchronize types of sqlstring (#3047) (81be01b)

v3.11.2

3.11.2 (2024-09-11)

Bug Fixes

• resolve LRU conflicts, cache loss and premature engine breaking change (#2988) (2c3c858)

v3.11.1

3.11.1 (2024-09-10)

Bug Fixes

• createPoolCluster: add pattern and selector to promise-based getConnection (#3017) (ab7c49f)
• update connection cleanup process to handle expired connections and exceeding config.maxIdle (#3022) (b091cf4)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.12.0 (2024-12-23)

Features

• PoolCluster: restoreNodeTimeout implementation (#3218) (9a38601)

3.11.5 (2024-11-28)

Bug Fixes

• 1040 datetime fields returned without time part when time is 00:00:00 (#3204) (bded498)
• circular dependencies (#3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#3209) (cdc9415)

3.11.4 (2024-11-05)

Bug Fixes

• types: correct TypeCast's Next callback to return unknown (#3129) (401db79)

3.11.3 (2024-09-14)

Bug Fixes

• typings: synchronize types of sqlstring (#3047) (81be01b)

3.11.2 (2024-09-11)

Bug Fixes

• resolve LRU conflicts, cache loss and premature engine breaking change (#2988) (2c3c858)

3.11.1 (2024-09-10)

Bug Fixes

• createPoolCluster: add pattern and selector to promise-based getConnection (#3017) (ab7c49f), closes #1381
• update connection cleanup process to handle expired connections and exceeding config.maxIdle (#3022) (b091cf4)

3.11.0 (2024-07-27)

Features

... (truncated)

Commits

• 646ac6d chore(master): release 3.12.0 (#3268)
• e455b6b build(deps): bump lucide-react from 0.468.0 to 0.469.0 in /website (#3289)
• e3f5145 build(deps): bump sass from 1.82.0 to 1.83.0 in /website (#3284)
• 04f8dab build(deps): bump prism-react-renderer from 2.4.0 to 2.4.1 in /website (#3282)
• d97f80a build(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 in /website (#3281)
• 0a022ab build(deps-dev): bump c8 from 10.1.2 to 10.1.3 (#3278)
• 29c8c85 build(deps-dev): bump lint-staged from 15.2.10 to 15.2.11 (#3277)
• 6eaa468 build(deps-dev): bump @​types/node from 22.10.1 to 22.10.2 (#3276)
• 605fa04 build(deps): bump lucide-react from 0.467.0 to 0.468.0 in /website (#3272)
• e60a584 build(deps-dev): bump eslint-plugin-react-hooks in /website (#3271)
• Additional commits viewable in compare view

Updates path-to-regexp from 0.1.7 to 0.1.10

Release notes

Sourced from path-to-regexp's releases.

Backtrack protection

Fixed

• Add backtrack protection to parameters 29b96b4
  • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

• Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

• Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

• c827fce 0.1.10
• 29b96b4 Add backtrack protection to parameters
• ac4c234 Update repo url (#314)
• bdb6635 0.1.9
• c4272e4 Allow a non-lookahead regex (#312)
• 51a1955 0.1.8
• 114f62d Add support for named matching groups (#301)
• See full diff in compare view

Updates rollup from 4.17.2 to 4.29.1

Release notes

Sourced from rollup's releases.

v4.29.1

4.29.1

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#5771)

Pull Requests

• #5769: Remove unnecessary lifetimes (@​lukastaegert)
• #5771: fix: do not optimize the literal value if the cache is deoptimized (@​TrickyPi)

v4.29.0

4.29.0

2024-12-20

Features

• Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)

Pull Requests

• #5759: docs: add utf-8 encoding to JSON file reading (@​chouchouji)
• #5760: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5763: fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (@​TrickyPi)
• #5766: chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (@​renovate[bot])
• #5767: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.28.1

4.28.1

2024-12-06

Bug Fixes

• Support running Rollup natively on LoongArch (#5749)
• Add optional debugId to SourceMap types (#5751)

Pull Requests

• #5749: feat: add support for LoongArch (@​darkyzhou)
• #5751: feat: Add debugId to SourceMap types (@​timfish, @​lukastaegert)
• #5752: chore(deps): update dependency mocha to v11 (@​renovate[bot])
• #5753: chore(deps): update dependency vite to v6 (@​renovate[bot])
• #5754: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5755: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5756: Test if saving the Cargo cache can speed up FreeBSD (@​lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.29.1

2024-12-21

Bug Fixes

• Fix crash from deoptimized logical expressions (#5771)

Pull Requests

• #5769: Remove unnecessary lifetimes (@​lukastaegert)
• #5771: fix: do not optimize the literal value if the cache is deoptimized (@​TrickyPi)

4.29.0

2024-12-20

Features

• Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)

Pull Requests

• #5759: docs: add utf-8 encoding to JSON file reading (@​chouchouji)
• #5760: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5763: fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (@​TrickyPi)
• #5766: chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (@​renovate[bot])
• #5767: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.28.1

2024-12-06

Bug Fixes

• Support running Rollup natively on LoongArch (#5749)
• Add optional debugId to SourceMap types (#5751)

Pull Requests

• #5749: feat: add support for LoongArch (@​darkyzhou)
• #5751: feat: Add debugId to SourceMap types (@​timfish, @​lukastaegert)
• #5752: chore(deps): update dependency mocha to v11 (@​renovate[bot])
• #5753: chore(deps): update dependency vite to v6 (@​renovate[bot])
• #5754: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5755: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5756: Test if saving the Cargo cache can speed up FreeBSD (@​lukastaegert)

4.28.0

... (truncated)

Commits

• 5d37778 4.29.1
• 86e1f43 fix: do not optimize the literal value if the cache is deoptimized (#5771)
• f116952 Remove unnecessary lifetimes (#5769)
• dadd488 4.29.0
• a4b78eb fix(deps): lock file maintenance minor/patch updates (#5767)
• d52f00d fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (#5763)
• 65c8901 chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#5766)
• 7a8ac46 docs: add utf-8 encoding to JSON file reading (#5759)
• 31f1670 fix(deps): lock file maintenance minor/patch updates (#5760)
• e60fb1c 4.28.1
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates webpack from 5.91.0 to 5.97.1

Release notes

Sourced from webpack's releases.

v5.97.1

Bug Fixes

• Performance regression
• Sub define key should't be renamed when it's a defined variable

v5.97.0

Bug Fixes

• Don't crash with filesystem cache and unknown scheme
• Generate a valid code when output.iife is true and output.library.type is umd
• Fixed conflict variable name with concatenate modules and runtime code
• Merge duplicate chunks before
• Collisions in ESM library
• Use recursive search for versions of shared dependencies
• [WASM] Don't crash WebAssembly with Reference Types (sync and async)
• [WASM] Fixed wasm loading for sync and async webassembly
• [CSS] Don't add [uniqueName] to localIdentName when it is empty
• [CSS] Parsing strings on Windows
• [CSS] Fixed CSS local escaping

New Features

• Added support for injecting debug IDs
• Export the MergeDuplicateChunks plugin
• Added universal loading for JS chunks and JS worker chunks (only ES modules)
• [WASM] Added universal loading for WebAssembly chunks (only for async WebAssembly)
• [CSS] Allow initial CSS chunks to be placed anywhere - the output.cssHeadDataCompression option was deleted
• [CSS] Added universal loading for CSS chunks
• [CSS] Parse ICSS @value at-rules in CSS modules
• [CSS] Parse ICSS :import rules in CSS modules
• [CSS] Added the url and import options for CSS
• [CSS] Allow to import custom properties in CSS modules

Performance

• Faster Queue implementation, also fixed queue iterator state in dequeue method to ensure correct behavior after item removal

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime

... (truncated)

Commits

• 3612d36 chore(release): 5.97.1
• eb7ac6f fix: perf regression
• 554be24 fix: sub define key should't be renamed when it's a defined variable
• 5e0e780 refactor: issue #19030
• 58fb035 fix: sub define key should't be renamed when it's a defined variable
• af1fd12 perf: regression
• 34f19cb fix: package.json
• 0ec7f5d refactor: issue #19030
• 5e7b8a2 fix: package.json
• 644f1d1 refactor: no extra work for CSS unescaping
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[tylermarien]

@dependabot merge