Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 26 updates #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 26 updates #54

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jun 6, 2025

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
webpack-dev-server 2.7.1 5.2.1
browserify-sign 4.0.4 4.2.3
css-what 2.1.0 2.1.3
elliptic 6.4.0 6.6.1
es5-ext 0.10.30 0.10.64
fsevents 1.1.2 1.2.13
hosted-git-info 2.5.0 2.8.9
lodash.merge 4.6.1 4.6.2
lodash.mergewith 4.6.0 4.6.2
minimatch 3.0.4 3.0.8
path-parse 1.0.5 1.0.7
ua-parser-js 0.7.14 0.7.40
y18n 3.2.1 3.2.2

Updates webpack-dev-server from 2.7.1 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

  • cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
  • requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

  • prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
  • take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

  • added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

  • speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

  • add visual progress indicators (a8f40b7)
  • added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
  • allow the server option to be Function (#5275) (02a1c6d)
  • http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits
  • 0d22a08 chore(release): 5.2.1
  • 6045b1e chore(deps): update (#5444)
  • ffd0b86 fix: take the first network found instead of the last one, this restores the ...
  • 9ea7b08 ci: update dependency-review-action (#5442)
  • 5c9378b Merge commit from fork
  • d2575ad Merge commit from fork
  • 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
  • 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
  • 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
  • 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.


Updates async from 1.5.2 to 2.5.0

Release notes

Sourced from async's releases.

v2.3.0

  • Added support for ES2017 async functions. Wherever you can pass a Node-style/CPS function that uses a callback, you can also pass an async function. Previously, you had to wrap async functions with asyncify. The caveat is that it will only work if async functions are supported natively in your environment, transpiled implementations can't be detected. (#1386, #1390)

v2.2.0

  • Added groupBy, and the Series/Limit equivalents, analogous to _.groupBy (#1364)
  • Fixed transform bug when callback was not passed (#1381)

v2.1.5

  • Fix auto bug when function names collided with Array.prototype (#1358)
  • Improve some error messages (#1349)
  • Avoid stack overflow case in queue
  • Fixed an issue in some, every and find where processing would continue after the result was determined.
  • Cleanup implementations of some, every and find

v2.1.3

  • Make bundle size smaller
  • Create optimized hotpath for filter in array case.

v2.1.2

  • Fixed a stackoverflow bug with detect, some, every on large inputs (#1293).

v2.1.0

  • retry and retryable now support an optional errorFilter function that determines if the task should retry on the error (#1256, #1261)
  • Optimized array iteration in race, cargo, queue, and priorityQueue (#1253)

v2.0.0

Lots of changes here!

First and foremost, we have a slick new site for docs. Special thanks to @​hargasinski for his work converting our old docs to jsdoc format and implementing the new website. Also huge ups to @​ivanseidel for designing our new logo. It was a long process for both of these tasks, but I think these changes turned out extraordinary well.

The biggest feature is modularization. You can now require("async/series") to only require the series function. Every Async library function is available this way. You still can require("async") to require the entire library, like you could do before.

We also provide Async as a collection of ES2015 modules. You can now import {each} from 'async-es' or import waterfall from 'async-es/waterfall'. If you are using only a few Async functions, and are using a ES bundler such as Rollup, this can significantly lower your build size.

Major thanks to @​Kikobeats, @​aearly and @​megawac for doing the majority of the modularization work, as well as @​jdalton and @​Rich-Harris for advisory work on the general modularization strategy.

Another one of the general themes of the 2.0 release is standardization of what an "async" function is. We are now more strictly following the node-style continuation passing style. That is, an async function is a function that:

  1. Takes a variable number of arguments
  2. The last argument is always a callback
  3. The callback can accept any number of arguments
  4. The first argument passed to the callback will be treated as an error result, if the argument is truthy
  5. Any number of result arguments can be passed after the "error" argument
  6. The callback is called once and exactly once, either on the same tick or later tick of the JavaScript event loop.

There were several cases where Async accepted some functions that did not strictly have these properties, most notably auto, every, some, and filter.

Another theme is performance. We have eliminated internal deferrals in all cases where they make sense. For example, in waterfall and auto, there was a setImmediate between each task -- these deferrals have been removed. A setImmediate call can add up to 1ms of delay. This might not seem like a lot, but it can add up if you are using many Async functions in the course of processing a HTTP request, for example. Nearly all asynchronous functions that do I/O already have some sort of deferral built in, so the extra deferral is unnecessary. The trade-off of this change is removing our built-in stack-overflow defense. Many synchronous callback calls in series can quickly overflow the JS call stack. If you do have a function that is sometimes synchronous (calling its callback on the same tick), and are running into stack overflows, wrap it with async.ensureAsync().

Another big performance win has been re-implementing queue, cargo, and priorityQueue with doubly linked lists instead of arrays. This has lead to queues being an order of magnitude faster on large sets of tasks.

... (truncated)

Changelog

Sourced from async's changelog.

v2.5.0

  • Added concatLimit, the Limit equivalent of concat (#1426, #1430)
  • concat improvements: it now preserves order, handles falsy values and the iteratee callback takes a variable number of arguments (#1437, #1436)
  • Fixed an issue in queue where there was a size discrepancy between workersList().length and running() (#1428, #1429)
  • Various doc fixes (#1422, #1424)

v2.4.1

  • Fixed a bug preventing functions wrapped with timeout() from being re-used. (#1418, #1419)

v2.4.0

  • Added tryEach, for running async functions in parallel, where you only expect one to succeed. (#1365, #687)
  • Improved performance, most notably in parallel and waterfall (#1395)
  • Added queue.remove(), for removing items in a queue (#1397, #1391)
  • Fixed using eval, preventing Async from running in pages with Content Security Policy (#1404, #1403)
  • Fixed errors thrown in an asyncifyed function's callback being caught by the underlying Promise (#1408)
  • Fixed timing of queue.empty() (#1367)
  • Various doc fixes (#1314, #1394, #1412)

v2.3.0

  • Added support for ES2017 async functions. Wherever you can pass a Node-style/CPS function that uses a callback, you can also pass an async function. Previously, you had to wrap async functions with asyncify. The caveat is that it will only work if async functions are supported natively in your environment, transpiled implementations can't be detected. (#1386, #1390)
  • Small doc fix (#1392)

v2.2.0

  • Added groupBy, and the Series/Limit equivalents, analogous to _.groupBy (#1364)
  • Fixed transform bug when callback was not passed (#1381)
  • Added note about reflect to parallel docs (#1385)

v2.1.5

  • Fix auto bug when function names collided with Array.prototype (#1358)
  • Improve some error messages (#1349)
  • Avoid stack overflow case in queue
  • Fixed an issue in some, every and find where processing would continue after the result was determined.
  • Cleanup implementations of some, every and find

v2.1.3

  • Make bundle size smaller
  • Create optimized hotpath for filter in array case.

v2.1.2

  • Fixed a stackoverflow bug with detect, some, every on large inputs (#1293).

v2.1.0

  • retry and retryable now support an optional errorFilter function that determines if the task should retry on the error (#1256, #1261)
  • Optimized array iteration in race, cargo, queue, and priorityQueue (#1253)
  • Added alias documentation to doc site (#1251, #1254)
  • Added BootStrap scrollspy to docs to highlight in the sidebar the current method being viewed (#1289, #1300)
  • Various minor doc fixes (#1263, #1264, #1271, #1278, #1280, #1282, #1302)

v2.0.1

... (truncated)

Commits

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

... (truncated)

Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates cookie from 0.3.1 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse

0.4.2

  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

0.4.1

  • Fix maxAge option to reject invalid values

0.4.0

  • Add SameSite=None support
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates css-what from 2.1.0 to 2.1.3

Commits

Updates dns-packet from 1.2.2 to 5.6.1

Changelog

Sourced from dns-packet's changelog.

Version 5.6.0 - 2023-04-18

  • Feature: Added support for the TLSA record type.

Version 5.5.0 - 2023-03-27

  • Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

  • Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

  • Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

  • Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

  • Breaking: Node.js 6.0.0 or greater is now required.
  • Feature: Added support for DNSSEC record types.

Version 4.1.0 - 2018-02-11

  • Feature: Added support for the MX record type.

Version 4.0.0 - 2018-02-04

  • Feature: Added streamEncode and streamDecode methods for encoding TCP packets.
  • Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
  • Breaking: Renamed the flag_trunc and flag_auth to flag_tc and flag_aa to match the names of these in the dns standards.

Version 3.0.0 - 2018-01-12

  • Breaking: The class option has been changed from integer to string.

Version 2.0.0 - 2018-01-11

  • Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater
Commits

Updates elliptic from 6.4.0 to 6.6.1

Commits

Updates es5-ext from 0.10.30 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view

Updates express from 4.15.4 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

  • Backported a fix for CVE-2024-47764...

    Description has been truncated

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 26 u…
0b410eb 
…pdates

Bumps the npm_and_yarn group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `2.7.1` | `5.2.1` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` |
| [css-what](https://github.com/fb55/css-what) | `2.1.0` | `2.1.3` |
| [elliptic](https://github.com/indutny/elliptic) | `6.4.0` | `6.6.1` |
| [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.30` | `0.10.64` |
| [fsevents](https://github.com/fsevents/fsevents) | `1.1.2` | `1.2.13` |
| [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.5.0` | `2.8.9` |
| [lodash.merge](https://github.com/lodash/lodash) | `4.6.1` | `4.6.2` |
| [lodash.mergewith](https://github.com/lodash/lodash) | `4.6.0` | `4.6.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.0.8` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.5` | `1.0.7` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.14` | `0.7.40` |
| [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` |



Updates `webpack-dev-server` from 2.7.1 to 5.2.1
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v2.7.1...v5.2.1)

Updates `async` from 1.5.2 to 2.5.0
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v1.5.2...v2.5.0)

Updates `browserify-sign` from 4.0.4 to 4.2.3
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.3)

Updates `cookie` from 0.3.1 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.3.1...v0.7.1)

Updates `css-what` from 2.1.0 to 2.1.3
- [Release notes](https://github.com/fb55/css-what/releases)
- [Commits](fb55/css-what@v2.1.0...v2.1.3)

Updates `dns-packet` from 1.2.2 to 5.6.1
- [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md)
- [Commits](mafintosh/dns-packet@v1.2.2...v5.6.1)

Updates `elliptic` from 6.4.0 to 6.6.1
- [Commits](indutny/elliptic@v6.4.0...v6.6.1)

Updates `es5-ext` from 0.10.30 to 0.10.64
- [Release notes](https://github.com/medikoo/es5-ext/releases)
- [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md)
- [Commits](medikoo/es5-ext@v0.10.30...v0.10.64)

Updates `express` from 4.15.4 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.15.4...4.21.2)

Updates `fsevents` from 1.1.2 to 1.2.13
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.1.2...v1.2.13)

Updates `hosted-git-info` from 2.5.0 to 2.8.9
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.5.0...v2.8.9)

Updates `http-proxy-middleware` from 0.17.4 to 2.0.9
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v0.17.4...v2.0.9)

Updates `http-proxy` from 1.16.2 to 1.18.1
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](http-party/node-http-proxy@1.16.2...1.18.1)

Updates `lodash.merge` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits)

Updates `lodash.mergewith` from 4.6.0 to 4.6.2
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits)

Updates `minimatch` from 3.0.4 to 3.0.8
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.0.8)

Updates `node-forge` from 0.6.33 to 1.3.1
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@0.6.33...v1.3.1)

Updates `path-parse` from 1.0.5 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `send` from 0.15.4 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.15.4...0.19.0)

Updates `serve-static` from 1.12.4 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.12.4...v1.16.2)

Updates `sockjs` from 0.3.18 to 0.3.24
- [Release notes](https://github.com/sockjs/sockjs-node/releases)
- [Changelog](https://github.com/sockjs/sockjs-node/blob/v0.3.24/Changelog)
- [Commits](sockjs/sockjs-node@v0.3.18...v0.3.24)

Updates `ua-parser-js` from 0.7.14 to 0.7.40
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@0.7.14...0.7.40)

Updates `webpack-dev-middleware` from 1.12.0 to 7.4.2
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v1.12.0...v7.4.2)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Updates `yargs-parser` from 4.2.1 to 5.0.0
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md)
- [Commits](yargs/yargs-parser@v4.2.1...v5.0.0)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: async
  dependency-version: 2.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserify-sign
  dependency-version: 4.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: css-what
  dependency-version: 2.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dns-packet
  dependency-version: 5.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: es5-ext
  dependency-version: 0.10.64
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fsevents
  dependency-version: 1.2.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hosted-git-info
  dependency-version: 2.8.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-proxy
  dependency-version: 1.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash.merge
  dependency-version: 4.6.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash.mergewith
  dependency-version: 4.6.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.0.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sockjs
  dependency-version: 0.3.24
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-version: 0.7.40
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack-dev-middleware
  dependency-version: 7.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-version: 3.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-version: 5.0.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 6, 2025
@changeset-bot
Copy link

changeset-bot bot commented Jun 6, 2025

⚠️ No Changeset found

Latest commit: 0b410eb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link

coderabbitai bot commented Jun 6, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@socket-security
Copy link

socket-security bot commented Jun 6, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedhasown@​2.0.2671007052100
Updatedpath-parse@​1.0.5 ⏵ 1.0.767100 +578 -251100
Addedminimalistic-assert@​1.0.11001005178100
Addedgopd@​1.2.0671007752100
Addedes-define-property@​1.0.1671008151100
Addedhas-symbols@​1.1.0671008151100
Addedside-channel@​1.1.0661008652100
Addedbundle-name@​4.1.01001005576100
Addeddefault-browser-id@​5.0.01001005976100
Updateddetect-node@​2.0.3 ⏵ 2.1.0100 +110060 +476100
Addedbrowserify-rsa@​4.1.11001006383100
Added@​types/​mime@​1.3.51001006476100
Addedis-wsl@​3.1.01001006676100
Addedlaunch-editor@​2.10.0991006683100
Added@​types/​http-errors@​2.0.41001006776100
Added@​types/​qs@​6.14.01001006784100
Added@​types/​connect@​3.4.381001006876100
Added@​types/​body-parser@​1.19.51001006877100
Added@​types/​bonjour@​3.5.131001006876100
Updatedparse-asn1@​5.1.0 ⏵ 5.1.7991006882100
Added@​types/​express@​4.17.221001006987100
Updatedutils-merge@​1.0.0 ⏵ 1.0.11001006976100
Addedis-docker@​3.0.01001006976100
See 123 more rows in the dashboard

View full report

@socket-security
Copy link

socket-security bot commented Jun 6, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn High
es5-ext@0.10.64 is Protestware or potentially unwanted behavior.

Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts.

From: yarn.locknpm/es5-ext@0.10.64

ℹ Read more on: This package | This alert | What is protestware?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.64. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant