Skip to content

chore(deps): Bump the node-packages group across 1 directory with 5 updates#3

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/examples/node-app/node-packages-1372a66d8c
Closed

chore(deps): Bump the node-packages group across 1 directory with 5 updates#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/examples/node-app/node-packages-1372a66d8c

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 18, 2024
edited
Loading

Bumps the node-packages group with 3 updates in the /examples/node-app directory: express, express-handlebars and mocha.

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits

Updates express-handlebars from 7.1.3 to 8.0.1

Release notes

Sourced from express-handlebars's releases.

v8.0.1

8.0.1 (2024-08-07)

Bug Fixes

v8.0.0

8.0.0 (2024-08-07)

Bug Fixes

BREAKING CHANGES

  • minimum node v20
Changelog

Sourced from express-handlebars's changelog.

8.0.1 (2024-08-07)

Bug Fixes

8.0.0 (2024-08-07)

Bug Fixes

BREAKING CHANGES

  • minimum node v20
Commits
  • 8e7efb4 chore(release): 8.0.1 [skip ci]
  • efca370 fix: remove module type (#857)
  • 8abe846 chore(release): 8.0.0 [skip ci]
  • cb0358e fix: require node v20 (#854)
  • e90da8e chore(deps): update github/codeql-action action to v3 (#728)
  • b8032b3 chore(deps): update dependency glob to ^10.4.5 (#834)
  • 017c3ac chore: update eslint (#853)
  • fcf4d6d chore(deps): update devdependency @​types/node to ^18.19.43
  • 5ba9eed chore(deps): update devdependency ts-jest to ^29.2.4
  • 75076f8 chore(deps): update typescript-eslint monorepo to ^7.18.0
  • Additional commits viewable in compare view

Updates chai from 4.2.0 to 4.5.0

Release notes

Sourced from chai's releases.

v4.5.0

  • Update type detect (#1631) 1a36d35

chaijs/chai@v4.4.1...v4.5.0

What's Changed

Full Changelog: chaijs/chai@v4.4.1...v4.5.0

v4.4.1

What's Changed

Full Changelog: chaijs/chai@v4.4.0...v4.4.1

v4.4.0

What's Changed

Full Changelog: chaijs/chai@v4.3.10...v4.4.0

v4.3.10

This release simply bumps all dependencies to their latest non-breaking versions.

What's Changed

Full Changelog: chaijs/chai@v4.3.9...v4.3.10

v4.3.9

Upgrade dependencies.

This release upgrades dependencies to address CVE-2023-43646 where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.

Full Changelog: chaijs/chai@v4.3.8...v4.3.9

v4.3.8

What's Changed

... (truncated)

Commits

Updates chai-http from 4.2.0 to 4.4.0

Release notes

Sourced from chai-http's releases.

4.4.0

What's Changed

New Contributors

Full Changelog: chaijs/chai-http@4.3.0...4.4.0

4.3.0 / 2019-04-26

This feature release allows you to pass a Regular Expression to the redirectTo function.

expect(res).to.redirectTo(/^\/search\/results\?orderBy=desc$/);

Community Contributions

Code Features & Fixes

4.2.1 / 2019-01-02

This patch fixes usability issues for TypeScript definitions.

Community Contributions

Code Features & Fixes

Commits
  • a3715c4 4.4.0
  • 83f4f9e build
  • ce9866f Dependency updates to fix security vulnerabilities (#306)
  • dbba17c ci: update npm token (#289)
  • 0c2c350 docs: add badges to the README
  • be1d005 ci: don't run publish-npm job unless push
  • 0e78cee build(dev-deps): update semantic-release packages to latest versions
  • ee4952e docs: update README examples to modern syntax
  • 233118b feat: drop support for node < 10
  • 04ebb3d ci: update release token (#287)
  • Additional commits viewable in compare view

Updates mocha from 10.7.3 to 10.8.2

Release notes

Sourced from mocha's releases.

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

  • support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
  • test link in html reporter (#5224) (f054acc)

📚 Documentation

  • indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

  • fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

  • deps: bump the github-actions group with 1 update (#5132) (e536ab2)

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

10.8.2 (2024-10-30)

🩹 Fixes

  • support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
  • test link in html reporter (#5224) (f054acc)

📚 Documentation

  • indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

  • fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

  • deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

🩹 Fixes

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

... (truncated)

Commits
  • 05097db chore(main): release 10.8.2 (#5239)
  • 14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
  • 881e3b0 chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...
  • f054acc fix: test link in html reporter (#5224)
  • e536ab2 build(deps): bump the github-actions group with 1 update (#5132)
  • ba0fefe fix: support errors with circular dependencies in object values with --parall...
  • f44f71b chore(main): release 10.8.1 (#5238)
  • f72bc17 fix: handle case of invalid package.json with no explicit config (#5198)
  • 68803b6 fix: use accurate test links in HTML reporter (#5228)
  • d8ca270 fix: Typos on mochajs.org (#5237)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot requested a review from timothywarner as a code owner November 18, 2024 22:19
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 18, 2024
@github-advanced-security
Copy link

github-advanced-security bot commented Nov 18, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@dependabot
chore(deps): Bump the node-packages group across 1 directory with 5 u…
73391ee 
…pdates

Bumps the node-packages group with 3 updates in the /examples/node-app directory: [express](https://github.com/expressjs/express), [express-handlebars](https://github.com/express-handlebars/express-handlebars) and [mocha](https://github.com/mochajs/mocha).


Updates `express` from 4.19.2 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](expressjs/express@4.19.2...4.21.1)

Updates `express-handlebars` from 7.1.3 to 8.0.1
- [Release notes](https://github.com/express-handlebars/express-handlebars/releases)
- [Changelog](https://github.com/express-handlebars/express-handlebars/blob/master/CHANGELOG.md)
- [Commits](express-handlebars/express-handlebars@v7.1.3...v8.0.1)

Updates `chai` from 4.2.0 to 4.5.0
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](chaijs/chai@4.2.0...v4.5.0)

Updates `chai-http` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/chaijs/chai-http/releases)
- [Changelog](https://github.com/chaijs/chai-http/blob/main/History.md)
- [Commits](chaijs/chai-http@4.2.0...4.4.0)

Updates `mocha` from 10.7.3 to 10.8.2
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v10.7.3...v10.8.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: node-packages
- dependency-name: express-handlebars
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: node-packages
- dependency-name: chai
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: node-packages
- dependency-name: chai-http
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: node-packages
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: node-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/examples/node-app/node-packages-1372a66d8c branch from b474163 to 73391ee Compare November 25, 2024 23:13
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Dec 2, 2024

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Dec 10, 2024

Superseded by #7.

@dependabot dependabot bot closed this Dec 10, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/examples/node-app/node-packages-1372a66d8c branch December 10, 2024 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timothywarner timothywarner Awaiting requested review from timothywarner timothywarner is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants