Bump the npm_and_yarn group across 2 directories with 20 updates

Closed

Number: #32
Type: Pull Request
State: Closed

Author:

dependabot[bot]
Association: Unknown
Comments: 1

Created: November 27, 2025 at 12:15 AM UTC
(11 days ago)

Updated: November 27, 2025 at 05:44 AM UTC
(10 days ago)

Closed: November 27, 2025 at 05:44 AM UTC
(10 days ago)

Time to Close: about 5 hours

Labels:
dependencies javascript

Description:

Bumps the npm_and_yarn group with 4 updates in the /bin/Debug/net8.0/my-app directory: @angular/common, @angular/platform-server, cookie and ws.
Bumps the npm_and_yarn group with 4 updates in the /wwwroot directory: @angular/common, @angular/platform-server, cookie and ws.

Updates @angular/common from 17.1.3 to 21.0.1

Release notes

Sourced from @angular/common's releases.

21.0.1

compiler-cli

Commit Description

do not type check native controls with ControlValueAccessor

escape angular control flow in jsdoc

ignore non-existent files

core

Commit Description

apply bootstrap-options migration to platformBrowserDynamic

debug data causing memory leak for root effects

notify profiler events in case of errors

use injected DOCUMENT for CSP_NONCE

avoid repeat searches for field directive

forms

Commit Description

add DI option for classes on Field directive

allow dynamic type bindings on signal form controls

run reset as untracked

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Description

detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

fix(language-service): address potential memory leak during project creation (89095946cf)

fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit Description

Add experimental support for the Navigation API (#63406)

Support of optional keys for the KeyValue pipe (#48814)

update to cldr 47 (#64032)

properly type ngComponentOutlet (#64561)

improve typing of ngComponentOutletContent (#63674)

removengModuleFactory input of NgComponentOutlet (#62838)

compiler

Commit Description

don't choke on unbalanced parens in declaration block

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

Commit	Description
	apply bootstrap-options migration to `platformBrowserDynamic`
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected `DOCUMENT` for `CSP_NONCE`
	avoid repeat searches for field directive

Commit	Description
	add DI option for classes on `Field` directive
	allow dynamic `type` bindings on signal form controls
	run reset as untracked

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)
	improve typing of `ngComponentOutletContent` (#63674)
	remove`ngModuleFactory` input of `NgComponentOutlet` (#62838)

Commit	Description
	don't choke on unbalanced parens in declaration block

... (truncated)

Changelog

Sourced from @angular/common's changelog.

21.0.1 (2025-11-25)

compiler-cli

Commit Type Description

39c577bc36 fix do not type check native controls with ControlValueAccessor

8d3a89a477 fix escape angular control flow in jsdoc

bc34083d34 fix ignore non-existent files

core

Commit Type Description

0ea1e07174 fix apply bootstrap-options migration to platformBrowserDynamic

70507b8c1c fix debug data causing memory leak for root effects

a55482fca3 fix notify profiler events in case of errors

49ad7c6508 fix use injected DOCUMENT for CSP_NONCE

cc1ec09931 perf avoid repeat searches for field directive

forms

Commit Type Description

7d5c7cf99a feat add DI option for classes on Field directive

8acf5d2756 fix allow dynamic type bindings on signal form controls

de5fca94c5 fix run reset as untracked

http

Commit Type Description

3240d856d9 fix prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Type Description

f394215b14 fix detect structural ngTemplateOutlet and ngComponentOutlet

21.0.0 (2025-11-19)

Blog post "Announcing Angular v21".

Breaking Changes

Commit	Type	Description
39c577bc36	fix	do not type check native controls with ControlValueAccessor
8d3a89a477	fix	escape angular control flow in jsdoc
bc34083d34	fix	ignore non-existent files

Commit	Type	Description
0ea1e07174	fix	apply bootstrap-options migration to `platformBrowserDynamic`
70507b8c1c	fix	debug data causing memory leak for root effects
a55482fca3	fix	notify profiler events in case of errors
49ad7c6508	fix	use injected `DOCUMENT` for `CSP_NONCE`
cc1ec09931	perf	avoid repeat searches for field directive

Commit	Type	Description
7d5c7cf99a	feat	add DI option for classes on `Field` directive
8acf5d2756	fix	allow dynamic `type` bindings on signal form controls
de5fca94c5	fix	run reset as untracked

Commit	Type	Description
3240d856d9	fix	prevent XSRF token leakage to protocol-relative URLs

Commit	Type	Description
f394215b14	fix	detect structural ngTemplateOutlet and ngComponentOutlet

... (truncated)

Commits

3240d85 fix(http): prevent XSRF token leakage to protocol-relative URLs
6de8926 refactor(core): add debug name to resource (#64172)
00ffe91 refactor(common): removes unused NgModuleFactory config in NgComponentOutlet
8765b66 docs: add reference to Built-in Pipes in multiple pipe files
ab98e71 fix(common): remove placeholder image listeners once view is removed
8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
650af71 refactor(http): migrate XSRF classes to use inject() function
3bed9f0 build: format md files
a3c2fe8 Revert "refactor(common): Removes unused imports to clean up dependencies"
6d3e0f1 refactor(common): Removes unused imports to clean up dependencies
Additional commits viewable in compare view

Updates @angular/platform-server from 17.1.3 to 21.0.1

Release notes

Sourced from @angular/platform-server's releases.

21.0.1

compiler-cli

Commit Description

do not type check native controls with ControlValueAccessor

escape angular control flow in jsdoc

ignore non-existent files

core

Commit Description

apply bootstrap-options migration to platformBrowserDynamic

debug data causing memory leak for root effects

notify profiler events in case of errors

use injected DOCUMENT for CSP_NONCE

avoid repeat searches for field directive

forms

Commit Description

add DI option for classes on Field directive

allow dynamic type bindings on signal form controls

run reset as untracked

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Description

detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

fix(language-service): address potential memory leak during project creation (89095946cf)

fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit Description

Add experimental support for the Navigation API (#63406)

Support of optional keys for the KeyValue pipe (#48814)

update to cldr 47 (#64032)

properly type ngComponentOutlet (#64561)

improve typing of ngComponentOutletContent (#63674)

removengModuleFactory input of NgComponentOutlet (#62838)

compiler

Commit Description

don't choke on unbalanced parens in declaration block

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

Commit	Description
	apply bootstrap-options migration to `platformBrowserDynamic`
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected `DOCUMENT` for `CSP_NONCE`
	avoid repeat searches for field directive

Commit	Description
	add DI option for classes on `Field` directive
	allow dynamic `type` bindings on signal form controls
	run reset as untracked

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)
	improve typing of `ngComponentOutletContent` (#63674)
	remove`ngModuleFactory` input of `NgComponentOutlet` (#62838)

Commit	Description
	don't choke on unbalanced parens in declaration block

... (truncated)

Changelog

Sourced from @angular/platform-server's changelog.

21.0.1 (2025-11-25)

compiler-cli

Commit Type Description

39c577bc36 fix do not type check native controls with ControlValueAccessor

8d3a89a477 fix escape angular control flow in jsdoc

bc34083d34 fix ignore non-existent files

core

Commit Type Description

0ea1e07174 fix apply bootstrap-options migration to platformBrowserDynamic

70507b8c1c fix debug data causing memory leak for root effects

a55482fca3 fix notify profiler events in case of errors

49ad7c6508 fix use injected DOCUMENT for CSP_NONCE

cc1ec09931 perf avoid repeat searches for field directive

forms

Commit Type Description

7d5c7cf99a feat add DI option for classes on Field directive

8acf5d2756 fix allow dynamic type bindings on signal form controls

de5fca94c5 fix run reset as untracked

http

Commit Type Description

3240d856d9 fix prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Type Description

f394215b14 fix detect structural ngTemplateOutlet and ngComponentOutlet

21.0.0 (2025-11-19)

Blog post "Announcing Angular v21".

Breaking Changes

Commit	Type	Description
39c577bc36	fix	do not type check native controls with ControlValueAccessor
8d3a89a477	fix	escape angular control flow in jsdoc
bc34083d34	fix	ignore non-existent files

Commit	Type	Description
0ea1e07174	fix	apply bootstrap-options migration to `platformBrowserDynamic`
70507b8c1c	fix	debug data causing memory leak for root effects
a55482fca3	fix	notify profiler events in case of errors
49ad7c6508	fix	use injected `DOCUMENT` for `CSP_NONCE`
cc1ec09931	perf	avoid repeat searches for field directive

Commit	Type	Description
7d5c7cf99a	feat	add DI option for classes on `Field` directive
8acf5d2756	fix	allow dynamic `type` bindings on signal form controls
de5fca94c5	fix	run reset as untracked

Commit	Type	Description
3240d856d9	fix	prevent XSRF token leakage to protocol-relative URLs

Commit	Type	Description
f394215b14	fix	detect structural ngTemplateOutlet and ngComponentOutlet

... (truncated)

Commits

908b5a4 refactor: replace getDocument() with inject(DOCUMENT)
8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
3bed9f0 build: format md files
1b5e2c8 refactor(platform-server): remove redundant providedIn: 'root' from injecti...
062a696 refactor(platform-server): use URL constructor for robust parsing (#64494)
dd2f53b refactor(core): warning when hydration trigger is used without hydration b...
ad23764 feat(core): support IntersectionObserver options in viewport triggers (#64130)
f5b50ec refactor: clean up explicit standalone flags from tests (#63963)
f008045 fix(core): do not rename ARIA property bindings to attributes (#63925)
0d028e0 refactor(platform-browser): Remove zonejs compatibility detector (#63847)
Additional commits viewable in compare view

Updates @angular/platform-server from 17.1.3 to 21.0.1

Release notes

Sourced from @angular/platform-server's releases.

21.0.1

compiler-cli

Commit Description

do not type check native controls with ControlValueAccessor

escape angular control flow in jsdoc

ignore non-existent files

core

Commit Description

apply bootstrap-options migration to platformBrowserDynamic

debug data causing memory leak for root effects

notify profiler events in case of errors

use injected DOCUMENT for CSP_NONCE

avoid repeat searches for field directive

forms

Commit Description

add DI option for classes on Field directive

allow dynamic type bindings on signal form controls

run reset as untracked

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Description

detect structural ngTemplateOutlet and ngComponentOutlet

VSCode Extension: 21.0.0

fix(language-service): address potential memory leak during project creation (89095946cf)

fix(language-server): fix directory renaming on Windows (3f7111a9c3)

21.0.0

common

Commit Description

Add experimental support for the Navigation API (#63406)

Support of optional keys for the KeyValue pipe (#48814)

update to cldr 47 (#64032)

properly type ngComponentOutlet (#64561)

improve typing of ngComponentOutletContent (#63674)

removengModuleFactory input of NgComponentOutlet (#62838)

compiler

Commit Description

don't choke on unbalanced parens in declaration block

Commit	Description
	do not type check native controls with ControlValueAccessor
	escape angular control flow in jsdoc
	ignore non-existent files

Commit	Description
	apply bootstrap-options migration to `platformBrowserDynamic`
	debug data causing memory leak for root effects
	notify profiler events in case of errors
	use injected `DOCUMENT` for `CSP_NONCE`
	avoid repeat searches for field directive

Commit	Description
	add DI option for classes on `Field` directive
	allow dynamic `type` bindings on signal form controls
	run reset as untracked

Commit	Description
	prevent XSRF token leakage to protocol-relative URLs

Commit	Description
	detect structural ngTemplateOutlet and ngComponentOutlet

Commit	Description
	Add experimental support for the Navigation API (#63406)
	Support of optional keys for the KeyValue pipe (#48814)
	update to cldr 47 (#64032)
	properly type ngComponentOutlet (#64561)
	improve typing of `ngComponentOutletContent` (#63674)
	remove`ngModuleFactory` input of `NgComponentOutlet` (#62838)

Commit	Description
	don't choke on unbalanced parens in declaration block

... (truncated)

Changelog

Sourced from @angular/platform-server's changelog.

21.0.1 (2025-11-25)

compiler-cli

Commit Type Description

39c577bc36 fix do not type check native controls with ControlValueAccessor

8d3a89a477 fix escape angular control flow in jsdoc

bc34083d34 fix ignore non-existent files

core

Commit Type Description

0ea1e07174 fix apply bootstrap-options migration to platformBrowserDynamic

70507b8c1c fix debug data causing memory leak for root effects

a55482fca3 fix notify profiler events in case of errors

49ad7c6508 fix use injected DOCUMENT for CSP_NONCE

cc1ec09931 perf avoid repeat searches for field directive

forms

Commit Type Description

7d5c7cf99a feat add DI option for classes on Field directive

8acf5d2756 fix allow dynamic type bindings on signal form controls

de5fca94c5 fix run reset as untracked

http

Commit Type Description

3240d856d9 fix prevent XSRF token leakage to protocol-relative URLs

migrations

Commit Type Description

f394215b14 fix detect structural ngTemplateOutlet and ngComponentOutlet

21.0.0 (2025-11-19)

Blog post "Announcing Angular v21".

Breaking Changes

Commit	Type	Description
39c577bc36	fix	do not type check native controls with ControlValueAccessor
8d3a89a477	fix	escape angular control flow in jsdoc
bc34083d34	fix	ignore non-existent files

Commit	Type	Description
0ea1e07174	fix	apply bootstrap-options migration to `platformBrowserDynamic`
70507b8c1c	fix	debug data causing memory leak for root effects
a55482fca3	fix	notify profiler events in case of errors
49ad7c6508	fix	use injected `DOCUMENT` for `CSP_NONCE`
cc1ec09931	perf	avoid repeat searches for field directive

Commit	Type	Description
7d5c7cf99a	feat	add DI option for classes on `Field` directive
8acf5d2756	fix	allow dynamic `type` bindings on signal form controls
de5fca94c5	fix	run reset as untracked

Commit	Type	Description
3240d856d9	fix	prevent XSRF token leakage to protocol-relative URLs

Commit	Type	Description
f394215b14	fix	detect structural ngTemplateOutlet and ngComponentOutlet

... (truncated)

Commits

908b5a4 refactor: replace getDocument() with inject(DOCUMENT)
8ab0847 refactor(core): mark VERSION as @__PURE__ for better tree-shaking
3bed9f0 build: format md files
1b5e2c8 refactor(platform-server): remove redundant providedIn: 'root' from injecti...
062a696 refactor(platform-server): use URL constructor for robust parsing (#64494)
dd2f53b refactor(core): warning when hydration trigger is used without hydration b...
ad23764 feat(core): support IntersectionObserver options in viewport triggers (#64130)
f5b50ec refactor: clean up explicit standalone flags from tests (#63963)
f008045 fix(core): do not rename ARIA property bindings to attributes (#63925)
0d028e0 refactor(platform-browser): Remove zonejs compatibility detector (#63847)
Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates cookie from 0.4.2 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates js-yaml from 3.14.1 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/... Description has been truncated



      

      
        
          
            
              
              Package Dependencies
            
          
          
              
                
                  
                    Package:

                    
                      @angular/common
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      17.1.3 → 21.0.1
                    
                  
                    
                      Update Type:

                      
                        Major
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      braces
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      3.0.2 → 3.0.3
                    
                  
                    
                      Update Type:

                      
                        Patch
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      express
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      4.19.2 → 4.21.2
                    
                  
                    
                      Update Type:

                      
                        Minor
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      @angular/platform-server
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      17.1.3 → 21.0.1
                    
                  
                    
                      Update Type:

                      
                        Major
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      cookie
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      0.4.2 → 0.7.1
                    
                  
                    
                      Update Type:

                      
                        Minor
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      body-parser
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      1.20.2 → 1.20.3
                    
                  
                    
                      Update Type:

                      
                        Patch
                      
                    
                  
                
              
              
                
                  
                    Package:

                    
                      js-yaml
                  
                  
                  
                    Ecosystem:

                    npm
                  
                  
                    
                      Version Change:

                      3.14.1 → 4.1.1
                    
                  
                    
                      Update Type:

                      
                        Major
                      
                    
                  
                
              
          
        

      
        
          
            
              
              Security Advisories
            
          
          
              
                
                  
                    
                      cookie accepts cookie name, path, and domain with out of bounds characters
                      
                      
                          GHSA-pxg6-pf52-xh8x
                          CVE-2024-47764
                        
                          
                            LOW
                          
                      
                      
                        
                          ### Impact

The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...



    
    
      
        
          Actions
        
        
          
            
            View on GitHub
          
          
            
            View Repository
          
          
            
            All Dependabot PRs
        
      

      
        
          Technical Details
        
        
          
            
              ID:
              11411153
            
            
              UUID:
              3669418483
            
            
              Node ID:
              PR_kwDOLP6sz861v_Tp
            
            
              Host:
              GitHub
            
            
              Repository:
              batuhan-basoglu/NET-Web-API-w-Angular

ID:	`11411153`
UUID:	`3669418483`
Node ID:	`PR_kwDOLP6sz861v_Tp`
Host:	GitHub
Repository:	batuhan-basoglu/NET-Web-API-w-Angular