Bump the npm_and_yarn group across 1 directory with 25 updates #1

dependabot · 2025-08-31T04:47:53Z

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
@octokit/request-error	`5.0.1`	`5.1.1`
express	`4.18.2`	`4.21.2`
http-proxy-middleware	`2.0.6`	`2.0.9`
next	`14.0.4`	`14.2.32`
@babel/runtime	`7.23.2`	`7.28.3`
brace-expansion	`1.1.11`	`1.1.12`
@octokit/request	`8.1.4`	`8.4.1`
axios	`1.6.2`	`1.11.0`
braces	`3.0.2`	`3.0.3`
cookie	`0.4.1`	`0.7.1`
cookie-parser	`1.4.6`	`1.4.7`
esbuild	`0.19.11`	`0.25.9`
tsx	`4.7.0`	`4.20.5`
micromatch	`4.0.5`	`4.0.8`
lint-staged	`15.0.2`	`15.5.2`
nanoid	`3.3.6`	`3.3.11`
on-headers	`1.0.2`	`1.1.0`
morgan	`1.10.0`	`1.10.1`
undici	`5.27.2`	`5.29.0`

Updates @octokit/request-error from 5.0.1 to 5.1.1

Release notes

Sourced from @octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

ReDos regex vulnerability, reported by @dayshift (12a14f0)

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

upgrade @octokit/types to v13 (3af20bd)

Features

security: Add provenance (#416) (94147e8)

Commits

b51ed27 test: ReDos regex vulnerability, reported by @dayshift
12a14f0 fix: ReDos regex vulnerability, reported by @dayshift
3af20bd fix: upgrade @octokit/types to v13
94147e8 feat(security): Add provenance (#416)
See full diff in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates next from 14.0.4 to 14.2.32

Release notes

Sourced from next's releases.

v14.2.32

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix router handling when setting a location response header #82588

Credits

Huge thanks to @ztanner for helping!

v14.2.31

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix(next/image): improve and simplify detect-content-type (#82179)

fix(next/image): fix image-optimizer.ts headers (#82178)

Credits

Huge thanks to @styfle and @ztanner for helping!

Commits

89ee561 v14.2.32
6a974ad [backport v14]: fix router handling when setting a location response header (...
55f7662 v14.2.31
5dd68a5 [backport v14]: fix(next/image): improve and simplify detect-content-type (#8...
bcc7c65 [backport v14]: fix(next/image): fix image-optimizer.ts headers (#82114) (#82...
243072b v14.2.30
f523d4a [backport]: config.allowedDevOrigins (#80410)
ca92115 v14.2.29
ec9ee87 Only share incremental cache for edge in next start (#79389)
e65628a v14.2.28
Additional commits viewable in compare view

Updates @babel/runtime from 7.23.2 to 7.28.3

Release notes

Sourced from @babel/runtime's releases.

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Nicolò Ribaudo (@nicolo-ribaudo)

SOUHAILA SERBOUT (@souhailaS)

@liuxingbaoyu

v7.28.1 (2025-07-12)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

↩️ Revert

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types

#17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

v7.28.0 (2025-07-02)

🚀 New Feature

babel-node

#17147 Support top level await in node repl (@liuxingbaoyu)

babel-types

... (truncated)

Commits

ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
eebd3a0 v7.27.1
Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates @octokit/request from 8.1.4 to 8.4.1

Release notes

Sourced from @octokit/request's releases.

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (#741) (356411e)

v8.4.0

8.4.0 (2024-04-09)

Features

re-add redirect request option (#636) (abc4955), closes #599

v8.3.1

8.3.1 (2024-04-05)

Bug Fixes

upgrade @octokit/endpoint (4e7127c)

v8.3.0

8.3.0 (2024-04-05)

Bug Fixes

upgrade @octokit/types (6822e8b)

Features

security: Add provenance (#685) (2e67925)

v8.2.0

8.2.0 (2024-02-09)

Features

add documentation link in error message (#667) (dbfeab2)

v8.1.6

8.1.6 (2023-11-22)

Bug Fixes

... (truncated)

Commits

356411e fix: ReDos regex vulnerability, reported by @DayShift (#741)
abc4955 feat: re-add redirect request option (#636)
4e7127c fix: upgrade @octokit/endpoint
2e67925 feat(security): Add provenance (#685)
6822e8b fix: upgrade @octokit/types
dbfeab2 feat: add documentation link in error message (#667)
c013de4 docs: fix spelling errors (#671)
3d22c38 chore(deps): update dependency prettier to v3.2.5
984ec17 chore(deps): update dependency esbuild to ^0.20.0
2a9cf78 ci(action): update peter-evans/create-or-update-comment action to v4
Additional commits viewable in compare view

Updates axios from 1.6.2 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

Release v1.10.0

Release notes:

Bug Fixes

adapter: pass fetchOptions to fetch function (#6883) (0f50af8)

form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)

package: add module entry point for React Native; (#6933) (3d343b8)

Features

types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

Dimitrios Lazanas

Adrian Knapp

Howie Zhao

Uhyeon Park

Sampo Silvennoinen

Release v1.9.0

Release notes:

Bug Fixes

core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)

fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)

headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)

headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)

http: send minimal end multipart boundary (#6661) (987d2e2)

types: fix autocomplete for adapter config (#6855) (e61a893)

... (truncated)

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

1.10.0 (2025-06-14)

Bug Fixes

adapter: pass fetchOptions to fetch function (#6883) (0f50af8)

form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)

package: add module entry point for React Native; (#6933) (3d343b8)

Features

types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

Dimitrios Lazanas

Adrian Knapp

Howie Zhao

Uhyeon Park

Sampo Silvennoinen

1.9.0 (2025-04-24)

Bug Fixes

core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)

fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)

headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)

headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

... (truncated)

Commits

b76c4ac chore(release): v1.11.0 (#6974)
e72c193 fix: form-data npm pakcage (#6970)
8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
a2214ca fix: prevent RangeError when using large Buffers (#6961)
6161947 refactor: use spread operator instead of '.apply()' (#6938)
a1d16dd refactor: use an object spread instead of Object.assign (#6939)
07183cd chore(sponsor): update sponsor block (#6952)
ef36347 docs(CONTRIBUTING): update docs link for accuracy (#6894)
b29bd6a chore(sponsor): update sponsor block (#6948)
a406a93 chore(sponsor): update sponsor block (#6937)
Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEs...
Description has been truncated

Bumps the npm_and_yarn group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `5.0.1` | `5.1.1` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [next](https://github.com/vercel/next.js) | `14.0.4` | `14.2.32` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.23.2` | `7.28.3` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [@octokit/request](https://github.com/octokit/request.js) | `8.1.4` | `8.4.1` | | [axios](https://github.com/axios/axios) | `1.6.2` | `1.11.0` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.1` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.4.6` | `1.4.7` | | [esbuild](https://github.com/evanw/esbuild) | `0.19.11` | `0.25.9` | | [tsx](https://github.com/privatenumber/tsx) | `4.7.0` | `4.20.5` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `15.0.2` | `15.5.2` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.11` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [morgan](https://github.com/expressjs/morgan) | `1.10.0` | `1.10.1` | | [undici](https://github.com/nodejs/undici) | `5.27.2` | `5.29.0` | Updates `@octokit/request-error` from 5.0.1 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v5.0.1...v5.1.1) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `next` from 14.0.4 to 14.2.32 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.4...v14.2.32) Updates `@babel/runtime` from 7.23.2 to 7.28.3 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.3/packages/babel-runtime) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `@octokit/request` from 8.1.4 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v8.1.4...v8.4.1) Updates `axios` from 1.6.2 to 1.11.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.2...v1.11.0) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.4.6...1.4.7) Updates `esbuild` from 0.19.11 to 0.25.9 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md) - [Commits](evanw/esbuild@v0.19.11...v0.25.9) Updates `tsx` from 4.7.0 to 4.20.5 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.7.0...v4.20.5) Updates `follow-redirects` from 1.15.4 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.11) Updates `form-data` from 4.0.0 to 4.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.4) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `lint-staged` from 15.0.2 to 15.5.2 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v15.0.2...v15.5.2) Updates `nanoid` from 3.3.6 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.11) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `morgan` from 1.10.0 to 1.10.1 - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.10.0...1.10.1) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `undici` from 5.27.2 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.27.2...v5.29.0) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-version: 5.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.32 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.11.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-version: 1.4.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tsx dependency-version: 4.20.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lint-staged dependency-version: 15.5.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: morgan dependency-version: 1.10.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 31, 2025

martin86722 merged commit f2ff63d into main Aug 31, 2025
37 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-1d99a2037e branch August 31, 2025 05:13

martin86722 restored the dependabot/npm_and_yarn/npm_and_yarn-1d99a2037e branch August 31, 2025 05:14

martin86722 deleted the dependabot/npm_and_yarn/npm_and_yarn-1d99a2037e branch August 31, 2025 05:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Uh oh!

dependabot bot commented on behalf of github Aug 31, 2025

Uh oh!

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 31, 2025

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

Features

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v2.0.9

What's Changed

v2.0.8

What's Changed

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.9

v2.0.8

v2.0.7

v14.2.32

Core Changes

Credits

v14.2.31

Core Changes

Credits

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.2 (2025-07-24)

🐛 Bug Fix

Committers: 4

v7.28.1 (2025-07-12)

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

↩️ Revert

v7.28.0 (2025-07-02)

🚀 New Feature

v1.1.12

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

v8.4.0

8.4.0 (2024-04-09)

Features

v8.3.1