build(deps): bump the npm_and_yarn group across 1 directory with 12 updates

Open

Number: #8
Type: Pull Request
State: Open

Author:

dependabot[bot]
Association: None
Comments: 2

Created: September 04, 2025 at 07:22 PM UTC
(1 day ago)

Updated: September 04, 2025 at 07:31 PM UTC
(1 day ago)

Labels:
dependencies javascript

Description:

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
@babel/runtime	`7.20.13`	`7.28.3`
@babel/helpers	`7.20.13`	`7.28.3`
@babel/traverse	`7.20.13`	`7.28.3`
brace-expansion	`1.1.11`	`1.1.12`
browserify-sign	`4.2.1`	`4.2.3`
cipher-base	`1.0.4`	`1.0.6`
es5-ext	`0.10.62`	`0.10.64`
express	`4.18.2`	`4.21.2`
nanoid	`3.3.4`	`3.3.11`
sha.js	`2.4.11`	`2.4.12`
socket.io-parser	`4.2.2`	`4.2.4`

Updates @babel/runtime from 7.20.13 to 7.28.3

Release notes

Sourced from @babel/runtime's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

SOUHAILA SERBOUT (@souhailaS)

@liuxingbaoyu

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

:bug: Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

:memo: Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

:leftwards_arrow_with_hook: Revert

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

#17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

v7.28.0 (2025-07-02)

:rocket: New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

... (truncated)

Commits

ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
eebd3a0 v7.27.1
Additional commits viewable in compare view

Updates @babel/helpers from 7.20.13 to 7.28.3

Release notes

Sourced from @babel/helpers's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

SOUHAILA SERBOUT (@souhailaS)

@liuxingbaoyu

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

:bug: Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

:memo: Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

:leftwards_arrow_with_hook: Revert

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

#17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

v7.28.0 (2025-07-02)

:rocket: New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

... (truncated)

Commits

ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
49c0dbb Fix iterator compatibility of regeneratorValues (#17335)
Additional commits viewable in compare view

Updates @babel/traverse from 7.20.13 to 7.28.3

Release notes

Sourced from @babel/traverse's releases.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

SOUHAILA SERBOUT (@souhailaS)

@liuxingbaoyu

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

:bug: Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

:nail_care: Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

:memo: Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

:house: Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

:microscope: Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

:bug: Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

:bug: Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

:memo: Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

:leftwards_arrow_with_hook: Revert

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

#17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

v7.28.0 (2025-07-02)

:rocket: New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

... (truncated)

Commits

ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
5051613 Type-check .d.ts file with strict: true (#17461)
ccc5fae v7.28.0
4b4e7e2 Create babel-helper-globals (#17297)
cf5ae03 LVal coverage updates (Part 2) (#17391)
6ca9df4 Accept bigints in t.bigIntLiteral factory (#17378)
75f0140 Parse discard binding (#17163)
4ce7dfd v7.27.7
6c8faf1 add generateUidBasedOnNode test cases (#17381)
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](https://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
66387d7 [Tests] migrate from travis to GHA
f2dc13e [meta] add missing engines.node
0e7a2d9 [Deps] update inherits, safe-buffer
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates nanoid from 3.3.4 to 3.3.11

Rele...

Description has been truncated

Pull Request Statistics

Commits:
0

Files Changed:
0

Additions:
+0

Deletions:
-0

Package Dependencies

Package:
@babel/helpers

Ecosystem:
npm

Version Change:
7.20.13 → 7.28.3

Update Type:
Minor

Package:
@babel/traverse

Ecosystem:
npm

Version Change:
7.20.13 → 7.28.3

Update Type:
Minor

Package:
@babel/runtime

Ecosystem:
npm

Version Change:
7.20.13 → 7.28.3

Update Type:
Minor

Package:
nanoid

Ecosystem:
npm

Version Change:
3.3.4 → 3.3.11

Update Type:
Patch

Package:
express

Ecosystem:
npm

Version Change:
4.18.2 → 4.21.2

Update Type:
Minor

Package:
es5-ext

Ecosystem:
npm

Version Change:
0.10.62 → 0.10.64

Update Type:
Patch

Package:
browserify-sign

Ecosystem:
npm

Version Change:
4.2.1 → 4.2.3

Update Type:
Patch

Package:
socket.io-parser

Ecosystem:
npm

Version Change:
4.2.2 → 4.2.4

Update Type:
Patch

Package:
brace-expansion

Ecosystem:
npm

Version Change:
1.1.11 → 1.1.12

Update Type:
Patch

Package:
sha.js

Ecosystem:
npm

Version Change:
2.4.11 → 2.4.12

Update Type:
Patch

Package:
cipher-base

Ecosystem:
npm

Version Change:
1.0.4 → 1.0.6

Update Type:
Patch

Security Advisories

cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-pxg6-pf52-xh8x CVE-2024-47764 LOW

### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`6978612`
UUID:	`3385129388`
Node ID:	`PR_kwDOI9w2I86m7WY2`
Host:	GitHub
Repository:	MetaMask/react-native-self-host-example