Bump the npm_and_yarn group across 2 directories with 25 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
ajv	6.12.3	6.12.4
express	4.17.3	4.20.0
jszip	3.7.1	3.8.0
semver	5.7.1	5.7.2
webpack	5.68.0	5.94.0
webpack-dev-middleware	5.3.1	5.3.4
xml2js	0.4.19	0.5.0
electron	19.0.0	22.3.25
@babel/traverse	7.12.9	7.25.9
ejs	3.1.7	3.1.10
http-cache-semantics	4.1.0	4.1.1
mixin-deep	1.2.0	1.3.2
postcss	8.4.14	8.4.47
word-wrap	1.2.3	1.2.5
ws	7.5.8	7.5.10

Bumps the npm_and_yarn group with 6 updates in the /app directory:

Package	From	To
jszip	3.7.1	3.10.1
debug	4.1.1	4.3.7
minimist	1.2.6	1.2.8
dompurify	2.3.3	2.5.4
tar	6.1.11	6.2.1
ua-parser-js	0.7.28	0.7.39

Updates ajv from 6.12.3 to 6.12.4

Release notes

Sourced from ajv's releases.

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

Commits

• cf88d1d 6.12.4
• 161670b docs: readme links
• b4568b4 docs: MOSS grant
• 73f612f fix: coercion of array to scalar that should fail validation
• d4d1a13 test: failing coercion tests with option coerceTypes: array
• a1ebd03 Merge branch 'rgeerts-improved_language'
• bf63684 allowed unknown formats
• c34840c improved language to be more inclusive for less privileged populations
• See full diff in compare view

Updates express from 4.17.3 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: path-to-regexp@0.1.8 by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• path-to-regexp@0.1.10 by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1

... (truncated)

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates jszip from 3.7.1 to 3.8.0

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

Commits

• 3b98cfc 3.8.0
• 2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
• 1f631b0 Update contributing
• 459ff79 Add tests for utils that remove leading slash
• d4702a7 Merge pull request #541 from PatricSteffen/patch-1
• 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
• 85c4989 Merge pull request #796 from Stuk/ghci
• 40cc7f4 Add dependency caching
• 5ee321e Install deps needed for Playwright on Github Actions
• eeb841e Remove code and dependencies used for Saucelabs
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates webpack from 5.68.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates webpack-dev-middleware from 5.3.1 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)
• compatibility with Node.js 18

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• f3c62b8 chore(release): 5.3.3
• eeb8aa8 fix: types for Request and Response (#1271)
• 1a45388 chore(release): 5.3.2
• b8fb945 chore(deps): memfs force update (#1269)
• f88067d chore: update deps and ci (#1260)
• 7186318 chore(deps-dev): bump @​commitlint/cli
• 57c50ef ci: update checkout, setup-node, and codecov actions (#1267)
• 840146a chore(deps-dev): bump @​babel/preset-env
• Additional commits viewable in compare view

Updates xml2js from 0.4.19 to 0.5.0

Commits

• 9f730bb Update package.json with latest PR
• 50a492a Merge pull request #603 from autopulated/master
• 7bc3c5d Merge pull request #598 from fnimick/master
• f412a12 Merge pull request #635 from wisesimpson/patch-1
• d318ce0 Update README.md
• 581b19a use Object.create(null) to create all parsed objects (prevent prototype repla...
• a212950 Add documentation for explicitCharkey option
• 1832e0b Merge pull request #512 from economia/master
• 198063c Merge pull request #556 from Omega-Ariston/fix-issue544
• 0d71785 Merge pull request #562 from Omega-Ariston/addDocExample
• Additional commits viewable in compare view

Updates electron from 19.0.0 to 22.3.25

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.12.9 to 7.25.9

Release notes

Sourced from @​babel/traverse's releases.

v7.25.9 (2024-10-22)

Thanks @​victorenator for your first PR!

🐛 Bug Fix

• babel-parser, babel-template, babel-types
  • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@​liuxingbaoyu)
• babel-helper-compilation-targets, babel-preset-env
  • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@​JLHwung)
• Other
  • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@​victorenator)

🏠 Internal

• babel-helper-transform-fixture-test-runner
  • #16914 remove test options flaky (@​JLHwung)
• Every package
  • #16917 fix: Accidentally published tsconfig files (@​liuxingbaoyu)

🏃‍♀️ Performance

• babel-parser, babel-types
  • #16918 perf: Make VISITOR_KEYS etc. faster to access (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Viktar Vaŭčkievič (@​victorenator)
• @​liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

• babel-core
  • #16888 Restore public API of resolvePlugin/resolvePreset (@​nicolo-ribaudo)

🏠 Internal

• babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
  • #16824 Inline one-line syntax plugins (@​nicolo-ribaudo)

Committers: 3

• Babel Bot (@​babel-bot)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @​DylanPiercey and @​YuHyeonWook for your first PRs!

🐛 Bug Fix

• babel-helper-validator-identifier
  • #16825 fix: update identifier to unicode 16 (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.9 (2024-10-22)

🐛 Bug Fix

• babel-parser, babel-template, babel-types
  • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@​liuxingbaoyu)
• babel-helper-compilation-targets, babel-preset-env
  • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@​JLHwung)
• Other
  • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@​victorenator)

🏠 Internal

• babel-helper-transform-fixture-test-runner
  • #16914 remove test options flaky (@​JLHwung)

🏃‍♀️ Performance

• babel-parser, babel-types
  • #16918 perf: Make VISITOR_KEYS etc. faster to access (@​liuxingbaoyu)

v7.25.8 (2024-10-10)

🐛 Bug Fix

• babel-core
  • #16888 Restore public API of resolvePlugin/resolvePreset (@​nicolo-ribaudo)

🏠 Internal

• babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
  • #16824 Inline one-line syntax plugins (@​nicolo-ribaudo)

v7.25.7 (2024-10-02)

🐛 Bug Fix

• babel-helper-validator-identifier
  • #16825 fix: update identifier to unicode 16 (@​JLHwung)
• babel-traverse
  • #16814 fix: issue with node path keys updated on unrelated paths (@​DylanPiercey)
• babel-plugin-transform-classes
  • #16797 Use an inclusion rather than exclusion list for super() check (@​nicolo-ribaudo)
• babel-generator
  • #16788 Fix printing of TS infer in compact mode (@​nicolo-ribaudo)
  • #16785 Print TS type annotations for destructuring in assignment pattern (@​nicolo-ribaudo)
  • #16778 Respect [no LineTerminator here] after nodes (@​nicolo-ribaudo)

💅 Polish

• babel-types
  • #16852 Add deprecated JSDOC for fields (@​liuxingbaoyu)

🏠 Internal

• babel-core
  • #16820 Allow sync loading of ESM when --experimental-require-module (@​nicolo-ribaudo)
• babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env
  • #16858 Add browserslist config to external dependency (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

... (truncated)

Commits

• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
• 506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
• 9e14f7d chore: Enable more lint rules (#16827)
• e69a7e5 fix: issue with node path keys updated on unrelated paths (#16814)
• 7467c9d [Babel 8] Remove some Scope methods (#16705)
• 0a55713 [Babel 8] Remove DecimalLiteral AST (#16807)
• 69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
• Additional commits viewable in compare view

Updates body-parser from 1.19.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates cookie from 0.4.2 to 0.6.0

Release notes

Sourced from cookie's releases.

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

Changelog

Sourced from cookie's changelog.

0.6.0 / 2023-11-06

• Add partitioned option

0.5.0 / 2022-04-11

• Add priority option
• Fix expires option to reject invalid dates
• perf: improve default decode speed
• perf: remove slow string split in parse

Commits

• 38323ba 0.6.0
• 7560154 build: top-sites@1.1.194
• c45b52d docs: switch badges to badgen
• 84a1567 Add partitioned option
• c67a478 docs: fix typos in HISTORY
• 52a76c1 docs: fix typo in HISTORY
• 5f22857 Fix typo in JSDoc
• da7e44e build: mocha@10.2.0
• 936036a build: eslint-plugin-markdown@3.0.1
• 197f670 build: eslint@8.53.0
• Additional commits viewable in compare view

Updates ejs from 3.1.7 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

Commits