Bump debug, body-parser and serve-static #2

dependabot · 2023-01-12T12:04:19Z

Bumps debug, body-parser and serve-static. These dependencies needed to be updated together.
Updates debug from 2.6.8 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

remove ReDoS regexp in %o formatter (#504)

Commits

13abeae Release 2.6.9
f53962e remove ReDoS regexp in %o formatter (#504)
See full diff in compare view

Updates body-parser from 1.17.2 to 1.20.1

Release notes

Sourced from body-parser's releases.

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: http-errors@2.0.0

deps: depd@2.0.0

deps: statuses@2.0.1

deps: on-finished@2.4.1

deps: qs@6.10.3

deps: raw-body@2.5.1

deps: http-errors@2.0.0

1.19.2

deps: bytes@3.1.2

deps: qs@6.9.7

Fix handling of __proto__ keys

deps: raw-body@2.4.3

deps: bytes@3.1.2

1.19.1

deps: bytes@3.1.1

deps: http-errors@1.8.1

deps: inherits@2.0.4

deps: toidentifier@1.0.1

deps: setprototypeof@1.2.0

deps: qs@6.9.6

deps: raw-body@2.4.2

deps: bytes@3.1.1

deps: http-errors@1.8.1

deps: safe-buffer@5.2.1

deps: type-is@~1.6.18

1.19.0

deps: bytes@3.1.0

Add petabyte (pb) support

deps: http-errors@1.7.2

Set constructor name when possible

deps: setprototypeof@1.1.1

deps: statuses@'>= 1.5.0 < 2'

deps: iconv-lite@0.4.24

Added encoding MIK

deps: qs@6.7.0

Fix parsing array brackets after index

deps: raw-body@2.4.0

deps: bytes@3.1.0

deps: http-errors@1.7.2

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.1 / 2022-10-06

deps: qs@6.11.0

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: http-errors@2.0.0

deps: depd@2.0.0

deps: statuses@2.0.1

deps: on-finished@2.4.1

deps: qs@6.10.3

deps: raw-body@2.5.1

deps: http-errors@2.0.0

1.19.2 / 2022-02-15

deps: bytes@3.1.2

deps: qs@6.9.7

Fix handling of __proto__ keys

deps: raw-body@2.4.3

deps: bytes@3.1.2

1.19.1 / 2021-12-10

deps: bytes@3.1.1

deps: http-errors@1.8.1

deps: inherits@2.0.4

deps: toidentifier@1.0.1

deps: setprototypeof@1.2.0

deps: qs@6.9.6

deps: raw-body@2.4.2

deps: bytes@3.1.1

deps: http-errors@1.8.1

deps: safe-buffer@5.2.1

deps: type-is@~1.6.18

1.19.0 / 2019-04-25

... (truncated)

Commits

830bdfb 1.20.1
ecad1cc build: eslint@8.24.0
03b93cf build: supertest@6.3.0
2c611fc build: Node.js@18.10
f199e94 perf: remove unnecessary object clone
0123e12 build: Node.js@18.9
de1e6c2 build: Node.js@16.17
477ff13 build: eslint-plugin-import@2.26.0
40c3fff deps: qs@6.11.0
4aa84b7 build: supertest@6.2.4
Additional commits viewable in compare view

Updates serve-static from 1.12.3 to 1.15.0

Release notes

Sourced from serve-static's releases.

1.15.0

deps: send@0.18.0

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: depd@2.0.0

deps: destroy@1.2.0

deps: http-errors@2.0.0

deps: on-finished@2.4.1

deps: statuses@2.0.1

1.14.2

deps: send@0.17.2

deps: http-errors@1.8.1

deps: ms@2.1.3

pref: ignore empty http tokens

1.14.1

Set stricter CSP header in redirect response

deps: send@0.17.1

deps: range-parser@~1.2.1

1.14.0

deps: parseurl@~1.3.3

deps: send@0.17.0

deps: http-errors@~1.7.2

deps: mime@1.6.0

deps: ms@2.1.1

deps: statuses@~1.5.0

perf: remove redundant path.normalize call

1.13.2

Fix incorrect end tag in redirects

deps: encodeurl@~1.0.2

Fix encoding % as last character

deps: send@0.16.2

deps: depd@~1.1.2

deps: encodeurl@~1.0.2

deps: statuses@~1.4.0

1.13.1

Fix regression when root is incorrectly set to a file

deps: send@0.16.1

1.13.0

deps: send@0.16.0

Add 70 new types for file extensions

Add immutable option

Fix missing </html> in default error & redirects

Set charset as "UTF-8" for .js and .json

Use instance methods on steam to check for listeners

... (truncated)

Changelog

Sourced from serve-static's changelog.

1.15.0 / 2022-03-24

deps: send@0.18.0

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: depd@2.0.0

deps: destroy@1.2.0

deps: http-errors@2.0.0

deps: on-finished@2.4.1

deps: statuses@2.0.1

1.14.2 / 2021-12-15

deps: send@0.17.2

deps: http-errors@1.8.1

deps: ms@2.1.3

pref: ignore empty http tokens

1.14.1 / 2019-05-10

Set stricter CSP header in redirect response

deps: send@0.17.1

deps: range-parser@~1.2.1

1.14.0 / 2019-05-07

deps: parseurl@~1.3.3

deps: send@0.17.0

deps: http-errors@~1.7.2

deps: mime@1.6.0

deps: ms@2.1.1

deps: statuses@~1.5.0

perf: remove redundant path.normalize call

1.13.2 / 2018-02-07

Fix incorrect end tag in redirects

deps: encodeurl@~1.0.2

Fix encoding % as last character

deps: send@0.16.2

deps: depd@~1.1.2

deps: encodeurl@~1.0.2

deps: statuses@~1.4.0

1.13.1 / 2017-09-29

... (truncated)

Commits

9b5a12a 1.15.0
a39a0df docs: update CI link
d702ea2 build: Node.js@17.8
ff1510a deps: send@0.18.0
813c7e4 build: mocha@9.2.2
2e029f9 build: Node.js@17.7
3269f31 build: supertest@6.2.2
71cd4f8 build: mocha@9.2.1
a5cdf62 build: Node.js@17.5
9d11e38 build: Node.js@16.14
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [debug](https://github.com/debug-js/debug), [body-parser](https://github.com/expressjs/body-parser) and [serve-static](https://github.com/expressjs/serve-static). These dependencies needed to be updated together. Updates `debug` from 2.6.8 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.6.8...2.6.9) Updates `body-parser` from 1.17.2 to 1.20.1 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.17.2...1.20.1) Updates `serve-static` from 1.12.3 to 1.15.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.12.3...v1.15.0) --- updated-dependencies: - dependency-name: debug dependency-type: indirect - dependency-name: body-parser dependency-type: indirect - dependency-name: serve-static dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump debug, body-parser and serve-static #2

Bump debug, body-parser and serve-static #2

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump debug, body-parser and serve-static #2

Are you sure you want to change the base?

Bump debug, body-parser and serve-static #2

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 12, 2023

2.6.9

Patches

Credits

2.6.9 / 2017-09-22

1.20.0

1.19.2

1.19.1

1.19.0

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

1.19.0 / 2019-04-25

1.15.0

1.14.2

1.14.1

1.14.0

1.13.2

1.13.1

1.13.0

1.15.0 / 2022-03-24

1.14.2 / 2021-12-15

1.14.1 / 2019-05-10

1.14.0 / 2019-05-07

1.13.2 / 2018-02-07

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants