Bump the npm_and_yarn group with 13 updates #38

dependabot · 2024-09-11T11:17:24Z

Bumps the npm_and_yarn group with 14 updates:

Package	From	To
karma	`6.3.2`	`6.3.16`
ansi-regex	`5.0.0`	`5.0.1`
ansi-regex	`3.0.0`	`5.0.1`
body-parser	`1.19.0`	`1.20.3`
got	`11.8.3`	`11.8.6`
json5	`1.0.1`	`1.0.2`
log4js	`6.3.0`	`6.9.1`
minimist	`1.2.5`	`1.2.8`
nanoid	`3.1.20`	`removed`
mocha	`8.4.0`	`10.7.3`
qs	`6.7.0`	`6.13.0`
socket.io	`3.1.2`	`4.7.5`
socket.io-parser	`4.0.4`	`4.2.4`
ws	`7.4.5`	`8.17.1`

Updates karma from 6.3.2 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)

warn when singleRun and autoWatch are false (69cfc76)

security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.0 (2022-06-14)

Features

support SRI verification of link tags (dc51a2e)

support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

... (truncated)

Commits

ab4b328 chore(release): 6.3.16 [skip ci]
ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
c1befa0 chore(release): 6.3.15 [skip ci]
d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
653c762 ci: prevent duplicate CI tasks on creating a PR
c97e562 chore(release): 6.3.14 [skip ci]
91d5acd fix: remove string template from client code
69cfc76 fix: warn when singleRun and autoWatch are false
839578c fix(security): remove XSS vulnerability in returnUrl query param
db53785 chore(release): 6.3.13 [skip ci]
Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1

deps: [email protected]

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1 / 2022-10-06

deps: [email protected]

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.19.2 / 2022-02-15

deps: [email protected]

deps: [email protected]

Fix handling of __proto__ keys

deps: [email protected]

deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates got from 11.8.3 to 11.8.6

Release notes

Sourced from got's releases.

v11.8.6

Destroy request object after successful response

sindresorhus/got@v11.8.5...v11.8.6

v11.8.5

Backport security fix sindresorhus/got@861ccd9

CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

Commits

2b1482c 11.8.6
2d1497e Destroy request object after successful response (#2187)
5e17bb7 11.8.5
bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
8ced192 Fix build
670eb04 11.8.4
20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

a62db1e 1.0.2
e0c23fe docs: update CHANGELOG for v1.0.2
62a6540 fix: add proto to objects and arrays
See full diff in compare view

Updates log4js from 6.3.0 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

fix(7922e82): regex for stacktrace - thanks @lamweili

addresses #1377 which has a regression since 6.8.0 from #1363 at commit 7922e82

6.9.0

feat: support for idempotent logging on browser - thanks @aellerton

addresses #968, #1270, #1288, #1372

docs: added that log4js.getLogger() may call log4js.configure() - thanks @lamweili

6.8.0

feat: added log4js.isConfigured() API - thanks @lamweili

docs: added log4js.isConfigured() - thanks @lamweili

feat(layout): support a specifier on %m - thanks @lamweili

fix: tilde expansion for windows - thanks @lamweili

docs: updated typescript usage - thanks @lamweili

test: improved test for fileAppender - thanks @lamweili

ci: generate coverage report in both text and html - thanks @lamweili

ci: replaced deprecated github set-output - thanks @lamweili

chore(deps): updated dependencies - thanks @lamweili

chore(deps): bump streamroller from 3.1.3 to 3.1.5

chore(deps): updated package-lock.json

chore(deps-dev): updated dependencies - thanks @lamweili

chore(deps-dev): bump @commitlint/cli from 17.3.0 to 17.4.4

chore(deps-dev): bump @commitlint/config-conventional from 17.3.0 to 17.4.4

chore(deps-dev): bump eslint from 8.28.0 to 8.34.0

chore(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0

chore(deps-dev): bump eslint-import-resolver-node from 0.3.6 to 0.3.7

chore(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.5

chore(deps-dev): bump fs-extra from 10.1.0 to 11.1.0

chore(deps-dev): bump husky from 8.0.2 to 8.0.3

chore(deps-dev): bump prettier from 2.8.0 to 2.8.4

chore(deps-dev): bump tap from 16.3.2 to 16.3.4

chore(deps-dev): bump typescript from 4.9.3 to 4.9.5

chore(deps-dev): updated package-lock.json

chore(deps-dev): bump json5 from 1.0.1 to 1.0.2 - thanks @Dependabot

6.7.1

type: updated Configuration.levels type to allow for custom log levels - thanks @lamweili

docs: fixed typo in layouts.md - thanks @dtslvr

chore(deps-dev): updated dependencies - thanks @lamweili

chore(deps-dev): bump @commitlint/cli from 17.1.2 to 17.3.0

chore(deps-dev): bump @commitlint/config-conventional from 17.1.0 to 17.3.0

chore(deps-dev): bump eslint from 8.24.0 to 8.28.0

chore(deps-dev): bump husky from 8.0.1 to 8.0.2

chore(deps-dev): bump prettier from 2.7.1 to 2.8.0

chore(deps-dev): bump tap from 16.3.0 to 16.3.2

... (truncated)

Commits

26dcec6 6.9.1
63ae5b9 Merge pull request #1379 from log4js-node/update-docs
185fa66 docs: updated changelog for 6.9.1
ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
2628688 fix(7922e82): regex for stacktrace
b3919d8 6.9.0
7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
f89e7b6 docs: updated changelog for 6.9.0
0082928 Merge pull request #1375 from log4js-node/update-docs
c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Removes nanoid

Updates mocha from 8.4.0 to 10.7.3

Release notes

Sourced from mocha's releases.

v10.7.3

10.7.3 (2024-08-09)

🩹 Fixes

make release-please build work (#5194) (afd66ef)

v10.7.2

10.7.2 (2024-08-06)

📚 Documentation

improve filtering (#5191) (1ac5b55)

🧹 Chores

fix failing markdown linting (#5193) (7e7a2ec)

v10.7.1

10.7.1 (2024-08-06)

🩹 Fixes

crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

add knip to validate included dependencies (5c2989f)

more fully remove assetgraph-builder and canvas (#5175) (1883c41)

replace nps with npm scripts (#5128) (c44653a), closes #5126

v10.7.0

What's Changed

feat: add option to not fail on failing test suite by @ilgonmic in mochajs/mocha#4771

New Contributors

@ilgonmic made their first contribution in mochajs/mocha#4771

Full Changelog: mochajs/mocha@v10.6.1...v10.7.0

v10.6.1

What's Changed

fix: do not exit when only unref'd timer is present in test code by @boneskull in mochajs/mocha#3825

fix: support canonical module by @JacobLey in mochajs/mocha#5040

... (truncated)

Changelog

Sourced from mocha's changelog.

10.7.3 (2024-08-09)

🩹 Fixes

make release-please build work (#5194) (afd66ef)

10.7.2 (2024-08-06)

📚 Documentation

improve filtering (#5191) (1ac5b55)

🧹 Chores

fix failing markdown linting (#5193) (7e7a2ec)

10.7.1 (2024-08-06)

🩹 Fixes

crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

add knip to validate included dependencies (5c2989f)

more fully remove assetgraph-builder and canvas (#5175) (1883c41)

replace nps with npm scripts (#5128) (c44653a), closes #5126

10.7.0 / 2024-07-20

🎉 Enhancements

#4771 feat: add option to not fail on failing test suite (@ilgonmic)

10.6.1 / 2024-07-20

🐛 Fixes

#3825 fix: do not exit when only unref'd timer is present in test code (@boneskull)

#5040 fix: support canonical module (@JacobLey)

10.6.0 / 2024-07-02

🎉 Enhancements

... (truncated)

Commits

d5766c8 chore(main): release 10.7.3 (#5195)
afd66ef fix: make release-please build work (#5194)
9e0a4bd chore(main): release 10.7.2 (#5192)
7e7a2ec chore: fix failing markdown linting (#5193)
1ac5b55 docs: improve filtering (#5191)
1528c42 chore(main): release 10.7.1 (#5189)
d7013dd fix: crash with --parallel and --retries both enabled (#5173)
5c2989f chore: add knip to validate included dependencies
a777fd1 ci: automate releases (#5186)
ac5574e ci: update to windows-latest in actions (#5185)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates qs from 6.7.0 to 6.13.0

Changelog

Sourced from qs's changelog.

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

[meta] fix changelog indentation

6.12.2

[Fix] parse: parse encoded square brackets (#506)

[readme] add CII best practices badge

6.12.1

[Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)

[Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)

[Refactor] utils: use +=

[Tests] increase coverage

6.12.0

[New] parse/stringify: add decodeDotInKeys/encodeDotKeys options (#488)

[New] parse: add duplicates option

[New] parse/stringify: add allowEmptyArrays option to allow [] in object values (#487)

[Refactor] parse/stringify: move allowDots config logic to its own variable

[Refactor] stringify: move option-handling code into normalizeStringifyOptions

[readme] update readme, add logos (#484)

[readme] stringify: clarify default arrayFormat behavior

[readme] fix line wrapping

[readme] remove dead badges

[Deps] update side-channel

[meta] make the dist build 50% smaller

[meta] add sideEffects flag

[meta] run build in prepack, not prepublish

[Tests] parse: remove useless tests; add coverage

[Tests] stringify: increase coverage

[Tests] use mock-property

[Tests] stringify: improve coverage

[Dev Deps] update @ljharb/eslint-config , aud, has-override-mistake, has-property-descriptors, mock-property, npmignore, object-inspect, tape

[Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak

[Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6

6.11.2

[Fix] parse: Fix parsing when the global Object prototype is frozen (#473)

[Tests] add passing test cases with empty keys (#473)

6.11.1

[Fix] stringify: encode comma values more consistently (#463)

[readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)

[meta] remove extraneous code backticks (#457)

[meta] fix changelog markdown

... (truncated)

Commits

5cf516c v6.13.0
8d56df2 [New] parse: add strictDepth option
c9a6694 [Tests] use npm audit instead of aud
f90cc35 v6.12.3
1bf9f7a [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
7ebf48b [meta] fix changelog indentation
d0dff11 v6.12.2
f0b8d03 [Dev Deps] update @ljharb/eslint-config, object-inspect, tape
81835ff [Fix]: parse: parse encoded square brackets
db47dcc [readme] add CII best practices badge
Additional commits viewable in compare view

Updates socket.io from 3.1.2 to 4.7.5

Release notes

Sourced from socket.io's releases.

4.7.5

Bug Fixes

close the adapters when the server is closed (bf64870)

remove duplicate pipeline when serving bundle (e426f3e)

Links

Diff: socketio/socket.io@4.7.4...4.7.5

Client release: 4.7.5

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4

Bug Fixes

typings: calling io.emit with no arguments incorrectly errored (cb6d2e0), closes #4914

Links

Diff: socketio/socket.io@4.7.3...4.7.4

Client release: 4.7.4

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3

Bug Fixes

return the first response when broadcasting to a single socket (#4878) (df8e70f)

typings: allow to bind to a non-secure Http2Server (#4853) (8c9ebc3)

Links

Diff: socketio/socket.io@4.7.2...4.7.3

Client release: 4.7.3

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2

Bug Fixes

clean up child namespace when client is rejected in middleware (#4773) (0731c0d)...
Description has been truncated

Bumps the npm_and_yarn group with 14 updates: | Package | From | To | | --- | --- | --- | | [karma](https://github.com/karma-runner/karma) | `6.3.2` | `6.3.16` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `3.0.0` | `5.0.1` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [got](https://github.com/sindresorhus/got) | `11.8.3` | `11.8.6` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [log4js](https://github.com/log4js-node/log4js-node) | `6.3.0` | `6.9.1` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [nanoid](https://github.com/ai/nanoid) | `3.1.20` | `removed` | | [mocha](https://github.com/mochajs/mocha) | `8.4.0` | `10.7.3` | | [qs](https://github.com/ljharb/qs) | `6.7.0` | `6.13.0` | | [socket.io](https://github.com/socketio/socket.io) | `3.1.2` | `4.7.5` | | [socket.io-parser](https://github.com/Automattic/socket.io-parser) | `4.0.4` | `4.2.4` | | [ws](https://github.com/websockets/ws) | `7.4.5` | `8.17.1` | Updates `karma` from 6.3.2 to 6.3.16 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v6.3.2...v6.3.16) Updates `ansi-regex` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `ansi-regex` from 3.0.0 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `got` from 11.8.3 to 11.8.6 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.3...v11.8.6) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `log4js` from 6.3.0 to 6.9.1 - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v6.3.0...v6.9.1) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Removes `nanoid` Updates `mocha` from 8.4.0 to 10.7.3 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v8.4.0...v10.7.3) Updates `qs` from 6.7.0 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.13.0) Updates `socket.io` from 3.1.2 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.7.5/CHANGELOG.md) - [Commits](socketio/socket.io@3.1.2...4.7.5) Updates `socket.io-parser` from 4.0.4 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@4.0.4...4.2.4) Updates `ws` from 7.4.5 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.4.5...8.17.1) --- updated-dependencies: - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: log4js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mocha dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner September 11, 2024 11:17

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 13 updates #38

Bump the npm_and_yarn group with 13 updates #38

dependabot bot commented on behalf of github Sep 11, 2024

Bump the npm_and_yarn group with 13 updates #38

Are you sure you want to change the base?

Bump the npm_and_yarn group with 13 updates #38

Conversation

dependabot bot commented on behalf of github Sep 11, 2024

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

6.4.0 (2022-06-14)

Features

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes

6.3.18 (2022-04-13)

Bug Fixes

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

v5.0.1

Fixes (backport of 6.0.1 to v5)

v5.0.1

Fixes (backport of 6.0.1 to v5)

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

v11.8.6

v11.8.5

v1.0.2

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

v2.2.0 [code, diff]

v2.1.3 [code, diff]

v2.1.2 [code, diff]

6.9.1

6.9.0

6.8.0

6.7.1

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

v1.2.7 - 2022-10-10

Commits

v10.7.3

10.7.3 (2024-08-09)

🩹 Fixes

v10.7.2

10.7.2 (2024-08-06)

Fixes (backport of `6.0.1` to v5)

Fixes (backport of `6.0.1` to v5)