chore(deps): bump the patch-updates group across 1 directory with 3 updates by dependabot[bot] · Pull Request #148 · STARTcloud/armor

dependabot · 2026-02-16T09:25:15Z

Bumps the patch-updates group with 3 updates in the / directory: cors, openid-client and eslint-plugin-prettier.

Updates cors from 2.8.5 to 2.8.6

Release notes

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates openid-client from 6.8.1 to 6.8.2

Release notes

Sourced from openid-client's releases.

v6.8.2

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.2 (2026-02-07)

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

b14e51c chore(release): 6.8.2
f6f84e2 fix: use duplex: half for fetchProtectedResource with ReadableStream body input
f879890 chore: bump packages
b506e1a build(deps): bump the actions group with 4 updates (#853)
0baa958 chore: bump packages
c5d4931 chore: bump packages
7cf3c12 test: revert undici for the time being
8b2e360 chore: bump packages
79386b7 build(deps): bump lodash from 4.17.21 to 4.17.23 (#849)
950e199 build(deps-dev): bump tar from 7.5.3 to 7.5.6 (#848)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openid-client since your current version.

Updates eslint-plugin-prettier from 5.5.4 to 5.5.5

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.5

Patch Changes

#772 7264ed0 Thanks @BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

#776 77651a3 Thanks @aswils! - fix: bump synckit for yarn PnP ESM issue

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.5

Patch Changes

#772 7264ed0 Thanks @BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

#776 77651a3 Thanks @aswils! - fix: bump synckit for yarn PnP ESM issue

Commits

e2c154a chore: release eslint-plugin-prettier (#773)
6795c1a build(deps): Bump the actions group across 1 directory with 2 updates (#774)
77651a3 fix: bump synckit for yarn PnP ESM issue (#776)
7264ed0 chore: bump prettier-linter-helpers to v1.0.1 (#772)
e11a5b7 build(deps): Bump the actions group across 1 directory with 3 updates (#769)
befda88 ci: enable trusted publishing (#757)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-prettier since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…pdates Bumps the patch-updates group with 3 updates in the / directory: [cors](https://github.com/expressjs/cors), [openid-client](https://github.com/panva/openid-client) and [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier). Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `openid-client` from 6.8.1 to 6.8.2 - [Release notes](https://github.com/panva/openid-client/releases) - [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md) - [Commits](panva/openid-client@v6.8.1...v6.8.2) Updates `eslint-plugin-prettier` from 5.5.4 to 5.5.5 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v5.5.4...v5.5.5) --- updated-dependencies: - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: openid-client dependency-version: 6.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: eslint-plugin-prettier dependency-version: 5.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added automated dependencies labels Feb 16, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

chore(deps): bump the patch-updates group across 1 directory with 3 updates#148

chore(deps): bump the patch-updates group across 1 directory with 3 updates#148
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/patch-updates-f1675a6eca

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 16, 2026

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v6.8.2

Fixes

6.8.2 (2026-02-07)

Fixes

v5.5.5

Patch Changes

5.5.5

Patch Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants