Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 8 updates #1

Open
wants to merge 1 commit into
base: gomix
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 8 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 27, 2024

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
express 4.17.1 4.19.2
mongoose 5.6.9 5.13.20
bson 1.1.1 1.1.6
qs 6.7.0 6.11.0
body-parser 1.19.0 1.20.2
semver 5.7.1 5.7.2

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: [email protected]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates mongoose from 5.6.9 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.2.3 / 2024-03-21

8.2.2 / 2024-03-15

  • fix(model): improve update minimizing to only minimize top-level properties in the update #14437 #14420 #13782
  • fix: add Null check in case schema.options['type'][0] is undefined #14431 Atharv-Bobde
  • types: consistently infer array of objects in schema as a DocumentArray #14430 #14367
  • types: add TypeScript interface for the new PipelineStage - Vector Search - solving issue #14428 #14429 jkorach
  • types: add pre and post function types on Query class #14433 #14432 IICarst
  • types(model): make bulkWrite() types more flexible to account for casting #14423
  • docs: update version support documentation for mongoose 5 & 6 #14427 hasezoey

7.6.10 / 2024-03-13

  • docs(model): add extra note about lean option for insertMany() skipping casting #14415
  • docs(mongoose): add options.overwriteModel details to mongoose.model() docs #14422

8.2.1 / 2024-03-04

  • fix(document): make $clone avoid converting subdocs into POJOs #14395 #14353
  • fix(connection): avoid unhandled error on createConnection() if on('error') handler registered #14390 #14377
  • fix(schema): avoid applying default write concern to operations that are in a transaction #14391 #11382
  • types(querycursor): correct cursor async iterator type with populate() support #14384 #14374
  • types: missing typescript details on options params of updateMany, updateOne, etc. #14382 #14379 #14378 FaizBShah sderrow
  • types: allow Record as valid query select argument #14371 sderrow

6.12.7 / 2024-03-01

  • perf(model): make insertMany() lean option skip hydrating Mongoose docs #14376 #14372
  • perf(document+schema): small optimizations to make init() faster #14383 #14113
  • fix(connection): don't modify passed options object to openUri() #14370 #13376 #13335
  • fix(ChangeStream): bubble up resumeTokenChanged changeStream event #14355 #14349 3150

7.6.9 / 2024-02-26

  • fix(document): handle embedded recursive discriminators on nested path defined using Schema.prototype.discriminator #14256 #14245
  • types(model): correct return type for findByIdAndDelete() #14233 #14190
  • docs(connections): add note about using asPromise() with createConnection() for error handling #14364 #14266
  • docs(model+query+findoneandupdate): add more details about overwriteDiscriminatorKey option to docs #14264 #14246

<<<<<<< HEAD 8.2.0 / 2024-02-22

  • feat(model): add recompileSchema() function to models to allow applying schema changes after compiling #14306 #14296
  • feat: add middleware for bulkWrite() and createCollection() #14358 #14263 #7893
  • feat(model): add hydratedPopulatedDocs option to make hydrate recursively hydrate populated docs #14352 #4727

... (truncated)

Commits
  • 0f3997a chore: release 5.13.20
  • f1efabf fix: avoid prototype pollution on init
  • 98e0762 chore: release 5.13.19
  • 7e36d21 chore: release 5.13.18
  • 6759c60 undo accidental changes and actually pin @​types/json-schema
  • 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
  • 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
  • 26424d5 5.x - bump mongodb driver to 3.7.4
  • 4b8b0a9 add versionNumber to 5.x
  • 1bc07ec chore: release 5.13.17
  • Additional commits viewable in compare view

Updates bson from 1.1.1 to 1.1.6

Release notes

Sourced from bson's releases.

1.1.6

The MongoDB Node.js team is pleased to announce version 1.1.6 of the bson module!

The BSON library was written prior to the invention of the BigInt type in Javascript ecosystem. As a result the library was not able to serialize the type properly and silently failed to correctly maintain the bigint value. With this update, the library will now throw an error if it detects a bigint value. However, we've also added to/fromBigInt helper methods to the long class, please note that numbers will be clamped to int64 bit width.

const bytes = BSON.serialize({ myBigNumber: Long.fromBigInt(23n) })
const doc = BSON.deserialize(bytes)
doc.myBigNumber.toBigInt() === 23n // true

New Feature

  • [NODE-2378] - Return error when failing to serialize bigint type and add Long class helpers

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release!

v1.1.4

The MongoDB Node.js team is pleased to announce version 1.1.4 of the bson module!

This patch release resolves an issue with BSON serialization with invalid _bsontype, originally reported by @​xiaofen9. MongoDB will be issuing a CVE for this vulnerability, and we recommend that all users pin their version of the bson module to 1.1.4 or higher.

Release Notes

Changelog

Sourced from bson's changelog.

1.1.6 (2021-03-16)

Bug Fixes

  • Throw error on bigint usage and add helpers to Long (#426) (375f368)

1.1.5 (2020-08-10)

Bug Fixes

  • object-id: harden the duck-typing (b526145)

1.1.3 (2019-11-09)

Reverts 1.1.2

1.1.2 (2019-11-08)

Bug Fixes

  • _bsontype: only check bsontype if it is a prototype member. (dd8a349)

Commits
Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for bson since your current version.


Updates mpath from 0.6.0 to 0.8.4

Changelog

Sourced from mpath's changelog.

0.8.4 / 2021-09-01

  • fix: throw error if parts contains an element that isn't a string or number #13

0.8.3 / 2020-12-30

  • fix: use var instead of let/const for Node.js 4.x support

0.8.2 / 2020-12-30

  • fix(stringToParts): fall back to legacy treatment for square brackets if square brackets contents aren't a number Automattic/mongoose#9640
  • chore: add eslint

0.8.1 / 2020-12-10

  • fix(stringToParts): handle empty string and trailing dot the same way that split() does for backwards compat

0.8.0 / 2020-11-14

  • feat: support square bracket indexing for get(), set(), has(), and unset()

0.7.0 / 2020-03-24

Commits
  • 634a0fa chore: release 0.8.4
  • 89402d2 fix: throw error if parts contains an element that isn't a string or number
  • 03c4efe chore: add basic SECURITY.md file
  • ad7a023 chore: release 0.8.3
  • f050c3a fix: use var instead of let/const for Node.js 4.x support
  • e3bdd36 chore: release 0.8.2
  • b09cebc chore: add lint
  • ffed519 fix(stringToParts): fall back to legacy treatment for square brackets if squa...
  • 095573c chore: release 0.8.1
  • c507d2c fix(stringToParts): handle empty string and trailing dot the same way that `s...
  • Additional commits viewable in compare view

Updates mquery from 3.2.1 to 3.2.5

Changelog

Sourced from mquery's changelog.

3.2.5 / 2021-03-29

  • fix(utils): make mergeClone() skip special properties like __proto__ #121 zpbrent

3.2.4 / 2021-02-12

3.2.3 / 2020-12-10

  • fix(utils): avoid copying special properties like __proto__ when merging and cloning. Fix CVE-2020-35149

3.2.2 / 2019-09-22

Commits
  • 6646bd9 chore: release 3.2.5
  • 158f059 Merge pull request #121 from 418sec/1-npm-mquery
  • d3b230b Merge pull request #1 from zpbrent/patch-1
  • a7b6d7c Update utils.js
  • 34344fa chore: release 3.2.4
  • 2dd768d fix(utils): make clone() only copy own properties
  • bb185d9 chore: update changelog with CVE
  • eeaa57c chore: release 3.2.3
  • 792e69f fix(utils): avoid copying special properties like __proto__ when merging an...
  • 2268a48 Merge pull request #118 from aheckmann/dependabot/npm_and_yarn/mongodb-3.6.1
  • Additional commits viewable in compare view

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

  • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
  • [meta] use npmignore to autogenerate an npmignore file
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

  • [Fix] stringify: actually fix cyclic references (#426)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [actions] update codecov uploader
  • [actions] update workflows
  • [Tests] clean up stringify tests slightly
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

  • [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

  • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
  • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
  • [meta] fix README.md (#399)
  • [meta] only run npm run dist in publish, not install
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
  • [Tests] fix tests on node v0.6
  • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
  • [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits
  • 56763c1 v6.11.0
  • ddd3e29 [readme] fix version badge
  • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
  • 95bc018 v6.10.5
  • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
  • ba9703c v6.10.4
  • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
  • 113b990 [Dev Deps] update object-inspect
  • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
  • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
  • Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.2

Release notes

Sourced from body-parser's releases.

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1

1.20.0

1.19.2

1.19.1

Changelog

Sourced from body-parser's changelog.

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

... (truncated)

Commits

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 8 updates
f4ceabc 
Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.19.2` |
| [mongoose](https://github.com/Automattic/mongoose) | `5.6.9` | `5.13.20` |
| [bson](https://github.com/mongodb/js-bson) | `1.1.1` | `1.1.6` |
| [qs](https://github.com/ljharb/qs) | `6.7.0` | `6.11.0` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.2` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |


Updates `express` from 4.17.1 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.19.2)

Updates `mongoose` from 5.6.9 to 5.13.20
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@5.6.9...5.13.20)

Updates `bson` from 1.1.1 to 1.1.6
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/v1.1.6/HISTORY.md)
- [Commits](https://github.com/mongodb/js-bson/commits/v1.1.6)

Updates `mpath` from 0.6.0 to 0.8.4
- [Changelog](https://github.com/mongoosejs/mpath/blob/master/History.md)
- [Commits](mongoosejs/mpath@0.6.0...0.8.4)

Updates `mquery` from 3.2.1 to 3.2.5
- [Changelog](https://github.com/mongoosejs/mquery/blob/master/History.md)
- [Commits](mongoosejs/mquery@3.2.1...3.2.5)

Updates `qs` from 6.7.0 to 6.11.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `body-parser` from 1.19.0 to 1.20.2
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.0...1.20.2)

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: mongoose
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: bson
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: mpath
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: mquery
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: body-parser
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: semver
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants