Bump the npm_and_yarn group across 2 directories with 41 updates by dependabot[bot] · Pull Request #7 · norschel/enterJSWebSecurity2025

dependabot · 2025-11-15T10:19:08Z

Bumps the npm_and_yarn group with 6 updates in the /Source/Tailwind.Traders.Web/ClientApp directory:

Package	From	To
axios	`0.21.1`	`0.30.2`
node-sass	`4.14.1`	`9.0.0`
brace-expansion	`1.1.11`	`1.1.12`
cipher-base	`1.0.4`	`1.0.7`
minimatch	`3.0.4`	`3.0.8`
sha.js	`2.4.11`	`2.4.12`

Bumps the npm_and_yarn group with 1 update in the /Source/Tailwind.Traders.Web directory: tough-cookie.

Updates axios from 0.21.1 to 0.30.2

Release notes

Sourced from axios's releases.

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @thatguyinabeanie in axios/axios#6829

fix: add allowAbsoluteUrls type by @thatguyinabeanie in axios/axios#6849

Contributors to this release

@mori5321 made their first contribution in axios/axios#4917

@TehZarathustra made their first contribution in axios/axios#6271

@nafeger made their first contribution in axios/axios#6787

@thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @Sean-Powell in axios/axios#6402

fix: omit nulls in params by @Willshaw in axios/axios#6394

fix(backport): fix paramsSerializer function validation by @solonzhu in axios/axios#6361

fix: Regular Expression Denial of Service (ReDoS) by @qiongshusheng in axios/axios#6708

Contributors to this release

@Sean-Powell made their first contribution in axios/axios#6402

@Willshaw made their first contribution in axios/axios#6394

@solonzhu made their first contribution in axios/axios#6361

... (truncated)

Commits

2fcb4ec chore: v0.30.2
153f483 chore: preversion
ee548ff fix: tests failing
a1b1d3f fix: backport maxContentLength vulnerability fix to v0.x (#7034)
b17c4de chore: build latest version
ad6b82a chore: build latest version
da447d5 chore(deps): bump form-data from 4.0.0 to 4.0.4 (#6978)
6e922e4 chore: added build artifacts
a06ed1e chore: added pre-release artifacts
c010622 feat: add type for allowAbsoluteUrls (#6849)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates node-sass from 4.14.1 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Node 20 support by @nschonni in sass/node-sass#3355

Breaking changes

Drop support for Node 14 (@nschonni)

Supported Environments

OS Architecture Node

Windows x86 & x64 16, 18, 19, 20

OSX x64 16, 18, 19, 20

Linux* x64 16, 18, 19, 20

Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Fix binaries being partially downloaded by @xzyfer in sass/node-sass#3313

Bump node-gyp and nan for node 19 support by @xzyfer in sass/node-sass#3314

feat: Node 18 and 19 support and drop Node 17 by @nschonni in sass/node-sass#3257

Breaking changes

Drop support for Node 12 (@nschonni)

Drop support for Node 17 (@nschonni)

Set rejectUnauthorized to true by default (@scott-ut, #3149)

Features

Add support for Node 18 (@nschonni)

Add support for Node 19 (@nschonni)

Replace request with make-fetch-happen (@CamilleDrapier @xzyfer, #3193, #3313)

Dependencies

Bump true-case-path@2.2.1

Bump node-gyp @9.0.0

Bump nan@^2.17.0

Bump sass-graph@^4.0.1

Misc

Bump various GitHub Actions dependencies (@nschonni)

... (truncated)

Commits

87f3899 feat: Node 20 support (#3355)
06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
ee13eb9 8.0.0
98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
e9bb866 Bump node-gyp and nan for node 19 support (#3314)
ab7840b Fix binaries being partially downloaded (#3313)
d595abf 7.0.3
3b556c1 7.0.2
Additional commits viewable in compare view

Updates qs from 6.10.1 to 6.13.0

Changelog

Sourced from qs's changelog.

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

[meta] fix changelog indentation

6.12.2

[Fix] parse: parse encoded square brackets (#506)

[readme] add CII best practices badge

6.12.1

[Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)

[Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)

[Refactor] utils: use +=

[Tests] increase coverage

6.12.0

[New] parse/stringify: add decodeDotInKeys/encodeDotKeys options (#488)

[New] parse: add duplicates option

[New] parse/stringify: add allowEmptyArrays option to allow [] in object values (#487)

[Refactor] parse/stringify: move allowDots config logic to its own variable

[Refactor] stringify: move option-handling code into normalizeStringifyOptions

[readme] update readme, add logos (#484)

[readme] stringify: clarify default arrayFormat behavior

[readme] fix line wrapping

[readme] remove dead badges

[Deps] update side-channel

[meta] make the dist build 50% smaller

[meta] add sideEffects flag

[meta] run build in prepack, not prepublish

[Tests] parse: remove useless tests; add coverage

[Tests] stringify: increase coverage

[Tests] use mock-property

[Tests] stringify: improve coverage

[Dev Deps] update @ljharb/eslint-config , aud, has-override-mistake, has-property-descriptors, mock-property, npmignore, object-inspect, tape

[Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak

[Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6

6.11.2

[Fix] parse: Fix parsing when the global Object prototype is frozen (#473)

[Tests] add passing test cases with empty keys (#473)

6.11.1

[Fix] stringify: encode comma values more consistently (#463)

[readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)

[meta] remove extraneous code backticks (#457)

[meta] fix changelog markdown

... (truncated)

Commits

5cf516c v6.13.0
8d56df2 [New] parse: add strictDepth option
c9a6694 [Tests] use npm audit instead of aud
f90cc35 v6.12.3
1bf9f7a [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
7ebf48b [meta] fix changelog indentation
d0dff11 v6.12.2
f0b8d03 [Dev Deps] update @ljharb/eslint-config, object-inspect, tape
81835ff [Fix]: parse: parse encoded square brackets
db47dcc [readme] add CII best practices badge
Additional commits viewable in compare view

Updates semver from 5.3.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
c83c18c 5.7.1
956e228 Correct typo in README
8055dda 5.7.0
604e73d auto-publishing scripts
bed01e2 remove the nomin comments, since we don't minify any more anyway
9cb68f1 document parse method
38d42ca 5.7 changelog
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/runtime from 7.8.3 to 7.28.4

Release notes

Sourced from @babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
Additional commits viewable in compare view

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Changelogs are for humans, not machines.

There should be an entry for every single version.

The same types of changes should be grouped.

Versions and sections should be linkable.

The latest version comes first.

The release date of each versions is displayed.

Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

Added for new features.

Changed for changes in existing functionality.

Deprecated for soon-to-be removed features.

Removed for now removed features.

Fixed for any bug fixes.

Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

The undocumented .makeRe method was removed

Require Node.js >= 8.3

Non-breaking changes

Caching was removed

Commits

See full diff in compare view

Updates micromatch from 3.1.10 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

4.0.4

fix: Update picomatch to fix regression #179 (8becb55)

4.0.3

Enforce newer version of picomatch with bugfixes

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

Adds support for options.onMatch. See the readme for details

Adds support for options.onIgnore. See the readme for details

Adds support for options.onResult. See the readme for details

Breaking changes

Require Node.js >= 8.6

Removed support for passing an array of brace patterns to micromatch.braces().

To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.

cache - caching and all related options and methods have been removed

options.unixify was renamed to options.windows

options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.

options.snapdragon was removed, as snapdragon is no longer used.

options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

micromatch results are directly compared to bash results

in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results

micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates loader-utils from 1.2.3 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.js version is 8.9.0 (#166) (c937e8c)

the getOptions method returns empty object on empty query (#167) (b595cfb)

Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

minimum required Node.js version is 8.9.0 (#166) (c937e8c)

the getOptions method returns empty object on empty query (#167) (b595cfb)

Use md4 by default

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

... (truncated)

Commits

6688b50 chore(release): 2.0.4
ac09944 fix: ReDoS problem (#225)
7162619 chore(release): 2.0.3
a93cf6f fix(security): prototype polution exploit (#217)
90c7c4b chore(release): 2.0.2
8c2d24e fix: base64 generation and unicode characters (#197)
5fb5562 chore(release): 2.0.1
1069f61 fix: md4 support on Node.js v17 (#193)
d9f4e23 chore(release): 2.0.0
865dc03 refactor: switch to md4 by default (#168)
Additional commits viewable in compare view

Updates ansi-html from 0.0.7 to 0.0.9

Commits

See full diff in compare view

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

Fix a bug in priorityQueue where it didn't wait for the result. (#1725)

Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

Fix potential prototype pollution exploit

v3.2.1

Use queueMicrotask if available to the environment (#1761)

Minor perf improvement in priorityQueue (#1727)

More examples in documentation (#1726)

Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)

Improved test coverage (#1754)

v3.2.0

Fix a bug in Safari related to overwriting func.name

Remove built-in browserify configuration (#1653)

Varios doc fixes (#1688, #1703, #1704)

v3.1.1

Allow redefining name property on wrapped functions.

v3.1.0

Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)

Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)

Fixed a parsing bug in autoInject with complicated function bodies (#1663)

Added ES6+ configuration for Browserify bundlers (#1653)

Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)

Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.
</tr></table> 

... (truncated)

Commits

85fb18f Version 3.2.6
8c0c941 Update built files
5f756b4 Fix ReDoS (#1980)
39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
7b8ddeb build(deps-dev): bump @babel/core from 7.24.7 to 7.25.2 (#1981)
4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
3568a74 build(deps-dev): bump @babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
Additional commits viewable in compare view

Updates follow-redirects from 1.5.10 to 1.15.11

Commits

21ef28a Release version 1.15.11 of the npm package.
7c88135 Roll back tree shaking.
6e389ba Release version 1.15.10 of the npm package.
5bc496e Shake me up before you go-go.
694d6b4 Bump minimist from 1.2.5 to 1.2.8
e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20....
Description has been truncated

Bumps the npm_and_yarn group with 6 updates in the /Source/Tailwind.Traders.Web/ClientApp directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.21.1` | `0.30.2` | | [node-sass](https://github.com/sass/node-sass) | `4.14.1` | `9.0.0` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.8` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | Bumps the npm_and_yarn group with 1 update in the /Source/Tailwind.Traders.Web directory: [tough-cookie](https://github.com/salesforce/tough-cookie). Updates `axios` from 0.21.1 to 0.30.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.1...v0.30.2) Updates `node-sass` from 4.14.1 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v4.14.1...v9.0.0) Updates `qs` from 6.10.1 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.1...v6.13.0) Updates `semver` from 5.3.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.3.0...v5.7.2) Updates `@babel/runtime` from 7.8.3 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) Updates `braces` from 2.3.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/3.0.3) Updates `micromatch` from 3.1.10 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@3.1.10...4.0.8) Updates `loader-utils` from 1.2.3 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.2.3...v2.0.4) Updates `ansi-html` from 0.0.7 to 0.0.9 - [Commits](https://github.com/Tjatse/ansi-html/commits) Updates `async` from 2.6.3 to 3.2.6 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v3.2.6) Updates `follow-redirects` from 1.5.10 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.5.10...v1.15.11) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `cookie` from 0.4.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.0...v0.7.1) Updates `cross-spawn` from 3.0.1 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@3.0.1...v7.0.6) Updates `express` from 4.17.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.17.1...4.21.2) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `http-proxy-middleware` from 0.19.1 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v0.19.1...v2.0.9) Updates `ws` from 5.2.2 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.2...7.5.10) Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.14.2) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `minimatch` from 3.0.4 to 3.0.8 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.0.8) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `node-forge` from 0.10.0 to 1.3.1 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@0.10.0...v1.3.1) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `postcss` from 7.0.21 to 7.0.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md) - [Commits](postcss/postcss@7.0.21...7.0.39) Updates `scss-tokenizer` from 0.2.3 to 0.4.3 - [Release notes](https://github.com/sasstools/scss-tokenizer/releases) - [Commits](sasstools/scss-tokenizer@v0.2.3...v0.4.3) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `shell-quote` from 1.7.2 to 1.8.3 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.3) Updates `tar` from 2.2.2 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.2...v6.2.1) Updates `terser` from 4.8.0 to 5.44.1 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v4.8.0...v5.44.1) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `webpack-dev-middleware` from 3.7.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v3.7.3...v5.3.4) Updates `webpack-dev-server` from 3.11.0 to 4.15.2 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/v4.15.2/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.11.0...v4.15.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `tough-cookie` from 2.3.2 to 4.1.3 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.2...v4.1.3) --- updated-dependencies: - dependency-name: axios dependency-version: 0.30.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-sass dependency-version: 9.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.13.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 2.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-html dependency-version: 0.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-version: 3.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-version: 0.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-parse dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 7.0.39 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: scss-tokenizer dependency-version: 0.4.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-version: 1.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 6.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-version: 5.44.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-version: 1.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 4.15.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.3 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 15, 2025

dependabot bot mentioned this pull request Nov 15, 2025

Bump tough-cookie from 2.3.2 to 4.1.3 in /Source/Tailwind.Traders.Web in the npm_and_yarn group across 1 directory #3

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Bump the npm_and_yarn group across 2 directories with 41 updates#7

Bump the npm_and_yarn group across 2 directories with 41 updates#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/Source/Tailwind.Traders.Web/ClientApp/npm_and_yarn-d5328abeb0

dependabot bot commented on behalf of github Nov 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

Comments

Conversation

dependabot bot commented on behalf of github Nov 15, 2025

v0.30.2

What's Changed

New Contributors

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Release v0.30.0

Release notes:

Bug Fixes

Contributors to this release

v0.29.0

Release notes:

Bug Fixes

Contributors to this release

v9.0.0

What's Changed

Breaking changes

Supported Environments

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

Misc

6.13.0

6.12.3

6.12.2

6.12.1

6.12.0

6.11.2

6.11.1

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

Release history

[3.0.0] - 2018-04-08

4.0.8

4.0.4

4.0.3

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

1.20....
Description has been truncated