Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the npm_and_yarn group across 12 directories with 42 updates

Open
Number: #12
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: September 10, 2025 at 08:05 PM UTC
(2 days ago)
Updated: September 10, 2025 at 08:05 PM UTC
(2 days ago)
Labels:
dependencies javascript
Description:

Bumps the npm_and_yarn group with 21 updates in the /chapter-02/2.5 directory:

Package From To
vue 3.0.3 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-plugin-router 4.5.19 5.0.9
@vue/cli-plugin-vuex 4.5.19 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8
tmp 0.0.33 removed
eslint 6.8.0 9.35.0

Bumps the npm_and_yarn group with 19 updates in the /chapter-03/3_10 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8
tmp 0.0.33 removed
eslint 6.8.0 9.35.0

Bumps the npm_and_yarn group with 19 updates in the /chapter-03/3_11 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8
tmp 0.0.33 removed
eslint 6.8.0 9.35.0

Bumps the npm_and_yarn group with 19 updates in the /chapter-03/3_9 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8
tmp 0.0.33 removed
eslint 6.8.0 9.35.0

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_4 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_5 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_6 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_7 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_8 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 17 updates in the /chapter-04/4_9 directory:

Package From To
vue 3.0.4 3.5.21
@babel/traverse 7.12.9 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.1 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.5.9 5.0.9
@vue/cli-plugin-eslint 4.5.9 5.0.9
@vue/cli-service 4.5.9 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8

Bumps the npm_and_yarn group with 22 updates in the /chapter-08/8.6 directory:

Package From To
vue 2.6.11 3.0.0
@babel/traverse 7.10.4 7.28.4
ansi-regex 3.0.0 3.0.1
ansi-regex 4.1.0 4.1.1
ansi-regex 5.0.0 5.0.1
ajv 6.12.2 6.12.6
async 2.6.3 2.6.4
body-parser 1.19.0 1.20.3
express 4.17.1 4.21.2
qs 6.5.2 6.5.3
browserify-sign 4.2.0 4.2.3
cipher-base 1.0.4 1.0.6
decode-uri-component 0.2.0 0.2.2
dns-packet 1.3.1 1.3.4
ejs 2.7.4 removed
@vue/cli-plugin-babel 4.4.6 5.0.9
@vue/cli-plugin-eslint 4.4.6 5.0.9
@vue/cli-service 4.4.6 5.0.9
@vue/eslint-config-airbnb 5.1.0 5.3.0
minimist 1.2.5 1.2.8
tmp 0.0.33 removed
eslint 6.8.0 9.35.0
eslint-plugin-vue 6.2.2 10.4.0
vue-template-compiler 2.6.11 2.7.16

Bumps the npm_and_yarn group with 9 updates in the /chapter-09/09.2 directory:

Package From To
vue 3.0.0 3.5.21
json5 1.0.1 1.0.2
loader-utils 1.4.0 1.4.2
serialize-javascript 2.1.2 4.0.0
terser-webpack-plugin 1.4.3 1.4.6
tmp 0.0.33 removed
eslint 6.8.0 9.35.0
eslint-plugin-vue 6.2.2 10.4.0
y18n 4.0.0 4.0.3

Updates vue from 3.0.3 to 3.5.21

Release notes

Sourced from vue's releases.

v3.5.21

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.20

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.19

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.18

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.17

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.16

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.15

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.14

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.13

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.12

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.11

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.10

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.9

For stable releases, please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vue's changelog.

3.5.21 (2025-09-02)

Bug Fixes

Performance Improvements

  • improve regexp performance with non-capturing groups (#13567) (1e8b65a)

3.5.20 (2025-08-25)

Bug Fixes

3.5.19 (2025-08-21)

Bug Fixes

... (truncated)

Commits
  • 4b6cb1f release: v3.5.21
  • 5d75a17 fix(Suspence): handle Suspense + KeepAlive HMR updating edge case (#13076)
  • 55922ff fix(compiler-sfc): check lang before attempt to compile script (#13508)
  • 1e8b65a perf: improve regexp performance with non-capturing groups (#13567)
  • f2699a5 fix(watch): use maximum depth for duplicates (#13434)
  • 99d54b2 fix(compiler-core): force dynamic slots when slot referencing scope vars (#9427)
  • 15fc75f fix(runtime-core): use separate emits caches for components and mixins (#11661)
  • 4810f14 chore(types): compatible with TS 5.8 (#12973)
  • 7171def refactor: remove canary release workflows (#13794)
  • 26bce3d chore: update side effect annotations to use standardized format (#13839)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vue since your current version.


Updates @babel/traverse from 7.12.9 to 7.28.4

Release notes

Sourced from @​babel/traverse's releases.

v7.28.4 (2025-09-05)

Thanks @​gwillen and @​mrginglymus for your first PRs!

:house: Internal

Committers: 5

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

Committers: 5

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.4 (2025-09-05)

:house: Internal

v7.28.3 (2025-08-14)

:eyeglasses: Spec Compliance

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

:bug: Bug Fix

:nail_care: Polish

  • babel-plugin-transform-regenerator, babel-plugin-transform-runtime

:memo: Documentation

:house: Internal

:microscope: Output optimization

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

v7.28.2 (2025-07-24)

:bug: Bug Fix

  • babel-types
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

v7.28.1 (2025-07-12)

:bug: Bug Fix

  • babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

:memo: Documentation

... (truncated)

Commits

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

Updates ansi-regex from 5.0.0 to 5.0.1

Commits

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1 / 2022-10-06

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0 / 2022-04-02

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.17.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Importan...

Description has been truncated

Pull Request Statistics
Commits:
1
Files Changed:
24
Additions:
+129764
Deletions:
-116659
Package Dependencies
Package:
eslint
Ecosystem:
npm
Version Change:
6.8.0 → 9.35.0
Update Type:
Major
Package:
@babel/traverse
Ecosystem:
npm
Version Change:
7.12.9 → 7.28.4
Update Type:
Minor
Package:
express
Ecosystem:
npm
Version Change:
4.17.1 → 4.21.2
Update Type:
Minor
Package:
vue
Ecosystem:
npm
Version Change:
3.0.3 → 3.5.21
Update Type:
Minor
Package:
decode-uri-component
Ecosystem:
npm
Version Change:
0.2.0 → 0.2.2
Update Type:
Patch
Package:
async
Ecosystem:
npm
Version Change:
2.6.3 → 2.6.4
Update Type:
Patch
Package:
browserify-sign
Ecosystem:
npm
Version Change:
4.2.1 → 4.2.3
Update Type:
Patch
Package:
minimist
Ecosystem:
npm
Version Change:
1.2.5 → 1.2.8
Update Type:
Patch
Package:
ejs
Ecosystem:
npm
Version Change:
2.7.4 → removed
Package:
qs
Ecosystem:
npm
Version Change:
6.5.2 → 6.5.3
Update Type:
Patch
Package:
dns-packet
Ecosystem:
npm
Version Change:
1.3.1 → 1.3.4
Update Type:
Patch
Package:
ansi-regex
Ecosystem:
npm
Version Change:
3.0.0 → 3.0.1
Update Type:
Patch
Package:
body-parser
Ecosystem:
npm
Version Change:
1.19.0 → 1.20.3
Update Type:
Minor
Package:
@vue/cli-service
Ecosystem:
npm
Version Change:
4.5.9 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-babel
Ecosystem:
npm
Version Change:
4.5.9 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-eslint
Ecosystem:
npm
Version Change:
4.5.9 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-router
Ecosystem:
npm
Version Change:
4.5.19 → 5.0.9
Update Type:
Major
Package:
@vue/cli-plugin-vuex
Ecosystem:
npm
Version Change:
4.5.19 → 5.0.9
Update Type:
Major
Package:
tmp
Ecosystem:
npm
Version Change:
0.0.33 → removed
Package:
@vue/eslint-config-airbnb
Ecosystem:
npm
Version Change:
5.1.0 → 5.3.0
Update Type:
Minor
Package:
cipher-base
Ecosystem:
npm
Version Change:
1.0.4 → 1.0.6
Update Type:
Patch
Security Advisories
cookie accepts cookie name, path, and domain with out of bounds characters
GHSA-pxg6-pf52-xh8x CVE-2024-47764 LOW
### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=25920...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 7445932
UUID: 2816708016
Node ID: PR_kwDOPrPMbc6n442w
Host: GitHub
Repository: ibiscum/Vue.js-3.0-Cookbook
Merge State: Unknown