Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 2 directories with 21 updates

Closed
Number: #25
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: September 10, 2025 at 10:34 PM UTC
(3 months ago)
Updated: September 10, 2025 at 11:54 PM UTC
(3 months ago)
Closed: September 10, 2025 at 11:54 PM UTC
(3 months ago)
Time to Close: about 1 hour
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 9 updates in the /bin/Debug/net8.0/my-app directory:

Package From To
@angular/ssr 17.1.3 18.2.21
express 4.19.2 4.21.2
braces 3.0.2 3.0.3
cookie 0.4.2 0.7.1
socket.io 4.7.4 4.8.1
esbuild 0.19.11 0.25.9
@angular-devkit/build-angular 17.1.3 20.3.0
ws 8.11.0 8.17.1
socket.io-adapter 2.5.2 2.5.5

Bumps the npm_and_yarn group with 9 updates in the /wwwroot directory:

Package From To
@angular/ssr 17.1.3 18.2.21
express 4.19.2 4.21.2
braces 3.0.2 3.0.3
cookie 0.4.2 0.7.1
socket.io 4.7.4 4.8.1
esbuild 0.19.11 0.25.9
@angular-devkit/build-angular 17.1.3 20.3.0
ws 8.11.0 8.17.1
socket.io-adapter 2.5.2 2.5.5

Updates @angular/ssr from 17.1.3 to 18.2.21

Release notes

Sourced from @​angular/ssr's releases.

18.2.21

@​angular-devkit/build-angular

Commit Description
fix - 700e6bc01 avoid extra tick in SSR builds

@​angular/build

Commit Description
fix - cccc91b91 avoid extra tick in SSR dev-server builds

@​angular/ssr

Commit Description
feat - 4af385201 introduce BootstrapContext for isolated server-side rendering

Breaking Changes

@​angular/ssr

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

    Before:

    const bootstrap = () => bootstrapApplication(AppComponent, config);

    After:

    const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);

18.2.20

No release notes provided.

18.2.19

@​angular-devkit/build-angular

Commit Description
fix - 01cc617bc update http-proxy-middleware to v3.0.5

18.2.18

@​angular/build

Commit Description
fix - 4245ca7b4 update vite to 5.4.17

18.2.17

@​angular/build

Commit Description
fix - 247ceff7f update vite to 5.4.16 due to a security issues

18.2.16

... (truncated)

Changelog

Sourced from @​angular/ssr's changelog.

18.2.21 (2025-09-10)

Breaking Changes

@​angular/ssr

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

    Before:

    const bootstrap = () => bootstrapApplication(AppComponent, config);

    After:

    const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);

@​angular-devkit/build-angular

Commit Type Description
700e6bc01 fix avoid extra tick in SSR builds

@​angular/build

Commit Type Description
cccc91b91 fix avoid extra tick in SSR dev-server builds

@​angular/ssr

Commit Type Description
4af385201 feat introduce BootstrapContext for isolated server-side rendering

19.2.16 (2025-09-10)

Breaking Changes

@​angular/ssr

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

... (truncated)

Commits
  • 0e3ba96 release: cut the v18.2.21 release
  • 947a836 build: update Angular FW packages
  • cccc91b fix(@​angular/build): avoid extra tick in SSR dev-server builds
  • 700e6bc fix(@​angular-devkit/build-angular): avoid extra tick in SSR builds
  • 4af3852 feat(@​angular/ssr): introduce BootstrapContext for isolated server-side rende...
  • 5d82d44 release: cut the v18.2.20 release
  • f048078 build: update dependency webpack-dev-server to v5.2.2
  • 40fd214 build: disable RBE
  • cfb0a4f release: cut the v18.2.19 release
  • 01cc617 fix(@​angular-devkit/build-angular): update http-proxy-middleware to v3.0.5
  • Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates braces from 3.0.2 to 3.0.3

Commits

Updates cookie from 0.4.2 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates socket.io from 4.7.4 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

socket.io-client@4.8.1

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";

const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits
  • 91e1c8b chore(release): socket.io@4.8.1
  • 8d5528a chore(release): socket.io-client@4.8.1
  • 71387e5 refactor(sio-client): reexport transports from the engine
  • aead835 refactor(sio): make Namespace._fns private (#5196)
  • 029e010 chore(release): engine.io-client@6.6.2
  • 4ca6ddb docs(nuxt): update example with latest version
  • ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
  • 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
  • d4b3dde ci: use Node.js 22
  • 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
  • Additional commits viewable in compare view

Updates esbuild from 0.19.11 to 0.25.9

Release notes

Sourced from esbuild's releases.

v0.25.9

  • Better support building projects that use Yarn on Windows (#3131, #3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())

    // Old output
    
const fn0 = () => 0;
    
const fn1 = () => 1;
    
console.log(fn0, function() {
    
return fn1();
    
}());
    

    // New output
    
const fn0 = () => 0;
    
const fn1 = (() => 1);
    
console.log(fn0, (function() {
    
return fn1();
    
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#4257, #4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

v0.25.8

  • Fix another TypeScript parsing edge case (#4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

Commits

Updates @angular-devkit/build-angular from 17.1.3 to 20.3.0

Release notes

Sourced from @​angular-devkit/build-angular's releases.

20.3.0

@​angular/cli

Commit Description
fix - f6ad41c13 improve bun lockfile detection and optimize lockfile checks

@​schematics/angular

Commit Description
fix - ef20a278d align labels in ai-config schema

@​angular-devkit/build-angular

Commit Description
fix - 1a7890873 avoid extra tick in SSR builds

@​angular/build

Commit Description
fix - 5d46d6ec1 preserve names in esbuild for improved debugging in dev mode

@​angular/ssr

Commit Description
feat - 7eacb4187 introduce BootstrapContext for isolated server-side rendering

Breaking Changes

@​angular/ssr

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

    Before:

    const bootstrap = () => bootstrapApplication(AppComponent, config);

    After:

    const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);

20.3.0-rc.0

@​angular/cli

Commit Description
fix - f6ad41c13 improve bun lockfile detection and optimize lockfile checks

@​schematics/angular

Commit Description
fix - ef20a278d align labels in ai-config schema

@​angular-devkit/build-angular

Commit Description
fix - 1a7890873 avoid extra tick in SSR builds

@​angular/build

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

20.3.0 (2025-09-10)

Breaking Changes

@​angular/ssr

  • The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

    Before:

    const bootstrap = () => bootstrapApplication(AppComponent, config);

    After:

    const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);

@​schematics/angular

Commit Type Description
ef20a278d fix align labels in ai-config schema

@​angular/cli

Commit Type Description
f6ad41c13 fix improve bun lockfile detection and optimize lockfile checks

@​angular-devkit/build-angular

Commit Type Description
1a7890873 fix avoid extra tick in SSR builds

@​angular/build

Commit Type Description
5d46d6ec1 fix preserve names in esbuild for improved debugging in dev mode

@​angular/ssr

Commit Type Description
7eacb4187 feat introduce BootstrapContext for isolated server-side rendering

... (truncated)

Commits
  • db1c025 release: cut the v20.3.0 release
  • d85d590 release: cut the v20.3.0-rc.0 release
  • b3c1d72 build: update FW packages to 20.3.0
  • 7eacb41 feat(@​angular/ssr): introduce BootstrapContext for isolated server-side rende...
  • ef20a27 fix(@​schematics/angular): align labels in ai-config schema
  • e21bd5c build: prepare exceptional minor branch: 20.3.x
  • 1a78908 fix(@​angular-devkit/build-angular): avoid extra tick in SSR builds
  • ec9442c ci: update runs-on to ubuntu-latest
  • 5772469 build: update github/codeql-action action to v3.30.2
  • a48db0a refactor(@​angular/cli): exclude Cnpm from LOCKFILE_NAMES type
  • Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9

v2.0.8

What's Changed

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8

v2.0.7

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

  • fix(fixRequestBody): check readableLength

v2.0.8

  • fix(fixRequestBody): prevent multiple .write() calls
  • fix(fixRequestBody): handle invalid request

v2.0.7

  • ci(github actions): add publish.yml
  • fix(filter): handle errors
Commits

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.
Changelog

Sourced from nanoid's changelog.

3.3.11

  • Fixed React Native support.

3.3.10

3.3.9

  • Reduced npm package size.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates on-headers from 1.0.2 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

What's Changed

New Contributors

Full Changelog: https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

Commits
  • 4b017af 1.1.0
  • b636f2d ♻️ refactor header array code
  • 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
  • 172eb41 ✨ suppor...

    Description has been truncated

Pull Request Statistics
Commits:
1
Files Changed:
4
Additions:
+13570
Deletions:
-7862
Package Dependencies
Package:
ws
Ecosystem:
npm
Version Change:
8.11.0 → 8.17.1
Update Type:
Minor
Package:
@angular-devkit/build-angular
Ecosystem:
npm
Version Change:
17.1.3 → 20.3.0
Update Type:
Major
Package:
braces
Ecosystem:
npm
Version Change:
3.0.2 → 3.0.3
Update Type:
Patch
Package:
express
Ecosystem:
npm
Version Change:
4.19.2 → 4.21.2
Update Type:
Minor
Package:
esbuild
Ecosystem:
npm
Version Change:
0.19.11 → 0.25.9
Update Type:
Minor
Package:
cookie
Ecosystem:
npm
Version Change:
0.4.2 → 0.7.1
Update Type:
Minor
Package:
socket.io
Ecosystem:
npm
Version Change:
4.7.4 → 4.8.1
Update Type:
Minor
Package:
socket.io-adapter
Ecosystem:
npm
Version Change:
2.5.2 → 2.5.5
Update Type:
Patch
Package:
@angular/ssr
Ecosystem:
npm
Version Change:
17.1.3 → 18.2.21
Update Type:
Major
Security Advisories
cookie accepts cookie name, path, and domain with out of bounds characters
GHSA-pxg6-pf52-xh8x CVE-2024-47764 LOW
### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...
on-headers is vulnerable to http response header manipulation
GHSA-76c9-3jph-rj3q CVE-2025-7339 LOW
### Impact A bug in on-headers versions `< 1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()` ### Patches Users should upgrade t...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 7495280
UUID: 2817018434
Node ID: PR_kwDOLP6sz86n6EpC
Host: GitHub
Repository: batuhan-basoglu/NET-Web-API-w-Angular
Mergeable: Yes
Merge State: Unstable
Rebaseable: Yes