Bump the npm_and_yarn group across 1 directory with 5 updates #5

dependabot · 2024-10-28T04:21:09Z

Bumps the npm_and_yarn group with 5 updates in the /client directory:

Package	From	To
cookie	`0.6.0`	`0.7.1`
express	`4.21.0`	`4.21.1`
path-to-regexp	`0.1.10`	`3.3.0`
serve	`14.2.1`	`14.2.4`
http-proxy-middleware	`2.0.6`	`2.0.7`

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

Commits

8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
See full diff in compare view

Updates path-to-regexp from 0.1.10 to 3.3.0

Release notes

Sourced from path-to-regexp's releases.

Add backtracking protection

Fixed

Add backtrack protection to 3.x release (#321) d31670a

pillarjs/path-to-regexp@v3.2.0...v3.3.0

Match Function

Added

Add native match function to library

Validate and sensitive options

Add sensitive option for tokensToFunction (#191)

Add validate option to path functions (#178)

Fix backtracking in 1.x

Fixed

Add backtrack protection to 1.x release (#320) 925ac8e

Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Backport token to function options

Added

Backport TokensToFunctionOptions

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)

Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

Handle non-ending paths where the final character is a delimiter

E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

New option! Ability to set endsWith to match paths like /test?query=string up to the query string

New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)

Remove isarray dependency

Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)

Remove overloaded keys argument that accepted options

Remove keys list attached to the RegExp output

Remove asterisk functionality (it's a real pain to properly encode)

Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)

Allow a delimiter option to be passed in with parse

Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

2eb1293 3.3.0
d31670a Add backtrack protection to 3.x release (#321)
6d2e8db 3.2.0
0e0dce9 Add native match function to library
dd966ea Fix validate: false examples in README
ead0298 Changed coverage tool to nyc (#201)
1aa2238 Bump node version tests
f232e6d 3.1.0
cb331c6 Update dev dependencies
36344dc Rename noValidate option to validate
Additional commits viewable in compare view

Updates serve from 14.2.1 to 14.2.4

Release notes

Sourced from serve's releases.

14.2.4

Patches

Bump serve-handler, vitest, and `typescript: #812

14.2.3

Patches

Bump @zeit/schemas to 2.36.0: #803

14.2.2

Patches

fix: Update ajv from 8.11.0 to 8.12.0: #796

Credits

Huge thanks to @legobeat for helping!

Commits

dd53938 14.2.4
67d75e0 Bump serve-handler, vitest, and typescript (#812)
d06104a X handle has changed (#805)
c8b7436 14.2.3
183554e Bump @zeit/schemas to 2.36.0 (#803)
28a4667 14.2.2
9211513 fix: Update ajv from 8.11.0 to 8.12.0 (#796)
1ea55b1 Lock PNPM version to 7 (#782)
See full diff in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.7

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the /client directory: | Package | From | To | | --- | --- | --- | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `0.7.1` | | [express](https://github.com/expressjs/express) | `4.21.0` | `4.21.1` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.10` | `3.3.0` | | [serve](https://github.com/vercel/serve) | `14.2.1` | `14.2.4` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.7` | Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.1) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.21.0...4.21.1) Updates `path-to-regexp` from 0.1.10 to 3.3.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v3.3.0) Updates `serve` from 14.2.1 to 14.2.4 - [Release notes](https://github.com/vercel/serve/releases) - [Commits](vercel/serve@14.2.1...14.2.4) Updates `http-proxy-middleware` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.7) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 5 updates #5

Bump the npm_and_yarn group across 1 directory with 5 updates #5

dependabot bot commented on behalf of github Oct 28, 2024

Bump the npm_and_yarn group across 1 directory with 5 updates #5

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 5 updates #5

Conversation

dependabot bot commented on behalf of github Oct 28, 2024

0.7.1

0.7.0

4.21.1

What's Changed

4.21.1 / 2024-10-08

Add backtracking protection

Match Function

Validate and sensitive options

Fix backtracking in 1.x

Backport token to function options

Error on bad input

Moved to GitHub Releases

3.0.0 / 2019-01-13

2.4.0 / 2018-08-26

2.3.0 / 2018-08-20

2.2.1 / 2018-04-24

2.2.0 / 2018-03-06

2.1.0 / 2017-10-20

2.0.0 / 2017-08-23

1.7.0 / 2016-11-08

1.6.0 / 2016-10-03

1.5.3 / 2016-06-15

14.2.4

Patches

14.2.3

Patches

14.2.2

Patches

Credits

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.7