chore(deps): bump cookie, @openapitools/openapi-generator-cli, @nestjs/platform-express and express

[dependabot]

Bumps cookie to 0.7.1 and updates ancestor dependencies cookie, @openapitools/openapi-generator-cli, @nestjs/platform-express and express. These dependencies need to be updated together.

Updates cookie from 0.5.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates @openapitools/openapi-generator-cli from 2.7.0 to 2.15.3

Release notes

Sourced from @​openapitools/openapi-generator-cli's releases.

v2.15.3

2.15.3 (2024-11-01)

Bug Fixes

• deps: update dependency tslib to v2.8.1 (#841) (0357c06)

v2.15.2

2.15.2 (2024-11-01)

Bug Fixes

• deps: update dependency @​nestjs/axios to v3.1.1 (#843) (9279abb)

v2.15.1

2.15.1 (2024-11-01)

Bug Fixes

• deps: update nest monorepo (#697) (14c9ba6)

v2.15.0

2.15.0 (2024-10-25)

Features

• release: trigger a release (407e90f)

v2.14.1

2.14.1 (2024-10-21)

Bug Fixes

• http: use proxy agent setup that supports proxy env variables with no_proxy (#781) (f452cc8), closes OpenAPITools/openapi-generator-cli#762

v2.14.0

2.14.0 (2024-10-08)

Features

• config schema: add openapi-normalizer generator property (#830) (c91d116)

v2.13.13

2.13.13 (2024-10-03)

... (truncated)

Commits

• 0357c06 fix(deps): update dependency tslib to v2.8.1 (#841)
• 81aab3e chore(deps): update dependency @​types/lodash to v4.17.13 (#842)
• 9279abb fix(deps): update dependency @​nestjs/axios to v3.1.1 (#843)
• 14c9ba6 fix(deps): update nest monorepo (#697)
• 275a547 chore(deps): update nrwl monorepo to v20.0.7 (#840)
• 8a5582e chore(deps): update dependency @​types/lodash to v4.17.12 (#839)
• 9626bc3 chore(deps): update dependency @​types/concurrently to v7.0.3 (#838)
• 407e90f feat(release): trigger a release
• f49899f chore: update nest js and nx dependencies (#837)
• f452cc8 fix(http): use proxy agent setup that supports proxy env variables with `no_p...
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 10.2.7 to 10.4.7

Release notes

Sourced from @​nestjs/platform-express's releases.

v10.4.5 (2024-10-16)

Dependencies

• platform-express
  • #14060 build(express): upgrade to express 4.2.1 (@​ezintz)
• Other
  • #13903 chore(deps): bump ws and @​nestjs/graphql in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #13917 chore(deps): bump micromatch from 4.0.4 to 4.0.8 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #14015 chore(deps): bump find-my-way from 8.1.0 to 8.2.2 in /sample/10-fastify (@​dependabot[bot])
  • #14039 chore(deps): bump serve-static, express and @​nestjs/platform-express in /sample/23-graphql-code-first (@​dependabot[bot])
  • #14040 chore(deps): bump send, @​nestjs/platform-express and express in /sample/24-serve-static (@​dependabot[bot])
  • #14034 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/28-sse (@​dependabot[bot])
  • #14035 chore(deps): bump send and @​nestjs/platform-express in /sample/28-sse (@​dependabot[bot])
  • #14030 chore(deps): bump send and @​nestjs/platform-express in /sample/25-dynamic-modules (@​dependabot[bot])
  • #14031 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/25-dynamic-modules (@​dependabot[bot])
  • #14026 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/26-queues (@​dependabot[bot])
  • #14025 chore(deps): bump send and @​nestjs/platform-express in /sample/26-queues (@​dependabot[bot])
• platform-fastify
  • #14064 build(fastify): upgrade light-my-request to 6.1.0 (@​PattyTrish)

Committers: 5

• Eduard Zintz (@​ezintz)
• Fernando Vargas (@​frndvrgs)
• Micael Levi L. Cavalcante (@​micalevisk)
• Patricia Ahern (@​PattyTrish)
• Rick Dutour Geerling (@​tuxmachine)

v10.4.2 (2024-09-16)

Dependencies

• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@​dependabot[bot])
• platform-fastify
  • #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@​dependabot[bot])
• Other
  • #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@​dependabot[bot])
  • #13946 chore(deps): bump webpack and @​nestjs/cli in /sample/02-gateways (@​dependabot[bot])
  • #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@​dependabot[bot])
  • #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13968 chore(deps-dev): bump @​commitlint/cli from 19.4.0 to 19.5.0 (@​dependabot[bot])
  • #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@​dependabot[bot])
  • #13973 chore(deps-dev): bump @​types/node from 22.5.1 to 22.5.5 (@​dependabot[bot])
  • #13922 chore(deps): bump @​apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #13921 chore(deps): bump @​apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@​dependabot[bot])
  • #13928 chore(deps-dev): bump @​types/node from 22.5.0 to 22.5.1 (@​dependabot[bot])
  • #13929 chore(deps-dev): bump @​commitlint/config-angular from 19.3.0 to 19.4.1 (@​dependabot[bot])
  • #13893 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@​dependabot[bot])
  • #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@​dependabot[bot])

... (truncated)

Commits

• a544552 chore(@​nestjs) publish v10.4.7 release
• 7843db3 chore(@​nestjs) publish v10.4.6 release
• 94a1ca1 chore: update readme and package.json
• ed644e9 chore(@​nestjs) publish v10.4.5 release
• 160c3b3 build(express): upgrade to express 4.2.1
• 5ae7e0f chore(@​nestjs) publish v10.4.4 release
• 3c24de6 chore: update readmes
• 2fb629e chore(@​nestjs) publish v10.4.3 release
• d3dd896 chore: update readme
• 696b441 chore(@​nestjs) publish v10.4.2 release
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

... (truncated)

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.