Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 7 updates#136

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-84d6deb93b
Open

build(deps): bump the npm_and_yarn group across 1 directory with 7 updates#136
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-84d6deb93b

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
cloudinary 1.40.0 2.7.0
mongoose 6.12.0 6.13.6
multer 1.4.5-lts.1 2.0.2
brace-expansion 1.1.11 1.1.12
on-headers 1.0.2 1.1.0
path-to-regexp 0.1.10 0.1.12
qs 6.13.0 6.14.1

Updates cloudinary from 1.40.0 to 2.7.0

Release notes

Sourced from cloudinary's releases.

Version 2.7.0

  • fix: prevent parameter injection via ampersand in parameter values (#709)

Version 2.6.1

No release notes provided.

Version 2.6.1-rc.1

  • fix: uploader interface

Version 2.6.0

  • chore: bumped jsdoc
  • fix: defaults for related asset methods and proper content_type
  • chore: Updated Sample Projects (#698)
  • fix: metadata field datasource type (#693)
  • feat: Add support for DELETE /resources/backup/:asset_id (#700)
  • chore: dev dependencies cleanup
  • chore: new node version support in CI

Version 2.5.1

  • fix: added missing stream method to ts spec

Version 2.5.0

  • feat: auto_transcription on upload and explicit support (#690)
  • feat: auto_chaptering on upload and explicit support (#689)
  • feat: access key management via provisioning api (#687)

Version 2.4.0

  • feat: exposing config endpoint from admin api
  • fix: update metadata field added missing param default_disabled
  • fix: types definitions

Version 2.3.1

  • fix: use 0.0.0 as fallback when package.json unavailable
  • fix: upload_chunked_stream works properly with more than 2 chunks

Version 2.3.0

  • fix: url analytics property name
  • fix: dependencies explicit version (fix for CI)
  • fix: decoding transformation string before sending in upload payload
  • feat: update folders

Version 2.2.0

  • feat: selective response for admin and search api
  • feat: multiple values support for fields and with_field methods in search api

Version 2.1.0

  • feat: added support for new api in beta - analyze api
  • chore: added state to datasource entry type
  • fix: metadata field api response datasource type improved
  • feat: notification-url for rename and destroy methods

... (truncated)

Changelog

Sourced from cloudinary's changelog.

2.7.0 / 2025-06-18

  • fix: prevent parameter injection via ampersand in parameter values (#709)

2.6.1 / 2025-05-05

2.6.1-rc.1 / 2025-05-05

  • fix: uploader interface

2.6.0 / 2025-03-11

  • chore: bumped jsdoc
  • fix: defaults for related asset methods and proper content_type
  • chore: Updated Sample Projects (#698)
  • fix: metadata field datasource type (#693)
  • feat: Add support for DELETE /resources/backup/:asset_id (#700)
  • chore: dev dependencies cleanup
  • chore: new node version support in CI

2.5.1 / 2024-10-08

  • fix: added missing stream method to ts spec

2.5.0 / 2024-09-15

  • feat: auto_transcription on upload and explicit support (#690)
  • feat: auto_chaptering on upload and explicit support (#689)
  • feat: access key management via provisioning api (#687)

2.4.0 / 2024-07-30

  • feat: exposing config endpoint from admin api
  • fix: update metadata field added missing param default_disabled
  • fix: types definitions

2.3.1 / 2024-07-25

  • fix: use 0.0.0 as fallback when package.json unavailable

... (truncated)

Commits

Updates mongoose from 6.12.0 to 6.13.6

Release notes

Sourced from mongoose's releases.

6.13.6 / 2025-01-13

  • fix: disallow nested $where in populate match
Changelog

Sourced from mongoose's changelog.

6.13.6 / 2025-01-13

8.9.4 / 2025-01-09

  • fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI
  • fix(model): make Model.validate() static correctly cast document arrays #15169 #15164
  • fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156
  • fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120
  • types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158
  • docs: fix <code> in header ids #15159
  • docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

  • fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109
  • fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075
  • fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071
  • fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126
  • perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449
  • types: make BufferToBinary avoid Document instances #15123 #15122
  • types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111
  • types(schema): add missing removeIndex #15134
  • types: add cleanIndexes() to IndexManager interface #15127
  • docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

  • fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109
  • fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108
  • fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI
  • types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057
  • types: add UUID to RefType #15115 #15101
  • docs: remove link to Mongoose 5.x docs from dropdown #15116
  • docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

  • fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812
  • fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092
  • fix(model): handle discriminators in castObject() #15096 #15075
  • fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056
  • fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048
  • fix(document+schema): improve error message for get() on invalid path #15098 #15071
  • docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13

  • feat: upgrade mongodb -> 6.12

... (truncated)

Commits
  • e59e342 chore: release 6.13.6
  • 64a9f97 fix: disallow nested $where in populate match
  • 15bdccf chore: release 6.13.5
  • 33679bc fix: disallow using $where in match
  • 22210b1 chore: release 6.13.4
  • d21a239 Merge pull request #15043 from Automattic/vkarpov15/gh-15039
  • 68377ff fix: save execution stack in query as string
  • 6fbe9f0 Merge pull request #14998 from markstos/UT-8434-doc-strict-query-flipflop
  • 3e3dc2e docs: clarify strictQuery default will flip-flop in "Migrating to 6.x"
  • d98b2e7 docs: Add missing closing tag for Lodash entry.
  • Additional commits viewable in compare view

Updates multer from 1.4.5-lts.1 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

2.0.1

2.0.0

1.4.5-lts.2

  • Fix out-of-band error event from busboy (#1177)
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.


Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

What's Changed

New Contributors

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

Commits
  • 4b017af 1.1.0
  • b636f2d ♻️ refactor header array code
  • 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
  • 172eb41 ✨ support duplicate headers
  • c6e3849 🔒️ fix array handling
  • 6893518 💚 update CI - add newer node versions
  • 56a345d ✨ add script to update known hashes
  • 175ab21 👷 add upstream change detection (#31)
  • ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
  • 1a38c54 fix: use ubuntu-latest as ci runner (#19)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.


Updates path-to-regexp from 0.1.10 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

  • Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

  • Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Commits

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

  • [Fix] ensure arrayLength applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

6.13.1

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape
Commits
  • 3fa11a5 v6.14.1
  • a626704 [Dev Deps] update npmignore
  • 3086902 [Fix] ensure arrayLength applies to [] notation as well
  • fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
  • 0b06aac [Dev Deps] update @ljharb/eslint-config
  • 64951f6 [Refactor] parse: extract key segment splitting helper
  • e1bd259 [Dev Deps] update @ljharb/eslint-config
  • f4b3d39 [eslint] add eslint 9 optional peer dep
  • 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
  • 973dc3c [actions] add workflow permissions
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 7 up…
01a26e1 
…dates

Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloudinary](https://github.com/cloudinary/cloudinary_npm) | `1.40.0` | `2.7.0` |
| [mongoose](https://github.com/Automattic/mongoose) | `6.12.0` | `6.13.6` |
| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |
| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.10` | `0.1.12` |
| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` |



Updates `cloudinary` from 1.40.0 to 2.7.0
- [Release notes](https://github.com/cloudinary/cloudinary_npm/releases)
- [Changelog](https://github.com/cloudinary/cloudinary_npm/blob/master/CHANGELOG.md)
- [Commits](cloudinary/cloudinary_npm@1.40.0...2.7.0)

Updates `mongoose` from 6.12.0 to 6.13.6
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@6.12.0...6.13.6)

Updates `multer` from 1.4.5-lts.1 to 2.0.2
- [Release notes](https://github.com/expressjs/multer/releases)
- [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md)
- [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.2...v1.1.0)

Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.10...v0.1.12)

Updates `qs` from 6.13.0 to 6.14.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.13.0...v6.14.1)

---
updated-dependencies:
- dependency-name: cloudinary
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mongoose
  dependency-version: 6.13.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: multer
  dependency-version: 2.0.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.14.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 1, 2026
@dependabot dependabot bot mentioned this pull request Jan 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants