Bump the npm_and_yarn group across 3 directories with 13 updates by dependabot[bot] · Pull Request #3 · Debug-Doctor/docker-course

dependabot · 2026-02-21T02:21:56Z

Bumps the npm_and_yarn group with 4 updates in the /mern-docker/backend directory: express, mongoose, braces and minimatch.
Bumps the npm_and_yarn group with 5 updates in the /next-docker directory:

Package	From	To
mongoose	`8.0.3`	`8.9.5`
braces	`3.0.2`	`3.0.3`
next	`14.0.4`	`15.5.10`
js-yaml	`4.1.0`	`4.1.1`
nanoid	`3.3.7`	`3.3.11`

Bumps the npm_and_yarn group with 1 update in the /starter_next-docker directory: next.

Updates express from 4.18.2 to 4.22.0

Release notes

Sourced from express's releases.

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

... (truncated)

Commits

49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
3a5edfa fix(ci): updated github actions ci workflow (#6323)
52d9781 fix(test): add test for method routes without paths #5955
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates mongoose from 8.0.3 to 8.9.5

Release notes

Sourced from mongoose's releases.

8.9.5 / 2025-01-13

fix: disallow nested $where in populate match

fix(schema): handle bitwise operators on Int32 #15176 #15170

8.9.4 / 2025-01-09

fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI

fix(model): make Model.validate() static correctly cast document arrays #15169 #15164

fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156

fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120

types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158

docs: fix <code> in header ids #15159

docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109

fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075

fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071

fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126

perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449

types: make BufferToBinary avoid Document instances #15123 #15122

types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111

types(schema): add missing removeIndex #15134

types: add cleanIndexes() to IndexManager interface #15127

docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109

fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108

fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI

types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057

types: add UUID to RefType #15115 #15101

docs: remove link to Mongoose 5.x docs from dropdown #15116

docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812

fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092

fix(model): handle discriminators in castObject() #15096 #15075

fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056

fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048

fix(document+schema): improve error message for get() on invalid path #15098 #15071

docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.9.5 / 2025-01-13

fix: disallow nested $where in populate match CVE-2025-23061

fix(schema): handle bitwise operators on Int32 #15176 #15170

7.8.4 / 2025-01-13

fix: disallow nested $where in populate match CVE-2025-23061

6.13.6 / 2025-01-13

fix: disallow nested $where in populate match CVE-2025-23061

8.9.4 / 2025-01-09

fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI

fix(model): make Model.validate() static correctly cast document arrays #15169 #15164

fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156

fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120

types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158

docs: fix <code> in header ids #15159

docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109

fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075

fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071

fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126

perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449

types: make BufferToBinary avoid Document instances #15123 #15122

types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111

types(schema): add missing removeIndex #15134

types: add cleanIndexes() to IndexManager interface #15127

docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109

fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108

fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI

types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057

types: add UUID to RefType #15115 #15101

docs: remove link to Mongoose 5.x docs from dropdown #15116

docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812

fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092

... (truncated)

Commits

5af0a10 chore: release 8.9.5
a42d8f5 Merge branch '7.x'
73e81ab chore: release 7.8.4
4fe9a90 Merge branch '6.x' into 7.x
e59e342 chore: release 6.13.6
64a9f97 fix: disallow nested $where in populate match
fa33717 Merge pull request #15176 from Automattic/vkarpov15/gh-15170
0728602 test: make test cast non-boolean value
0cad0d7 fix(schema): handle bitwise operators on Int32
39886fb docs: quick changelog formatting fix
Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates cookie from 0.5.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates minimatch from 3.1.2 to 10.2.2

Changelog

Sourced from minimatch's changelog.

change log

10.2

Add braceExpandMax option

10.1

Add magicalBraces option for escape

Fix makeRe when partial: true is set.

Fix makeRe when pattern ends in a final ** path part.

10.0

Require node 20 or 22 and higher

9.0

No default export, only named exports.

8.0

Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions

Bump required Node.js version

7.4

Add escape() method

Add unescape() method

Add Minimatch.hasMagic() method

7.3

Add support for posix character classes in a unicode-aware way.

7.2

Add windowsNoMagicRoot option

7.1

Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

... (truncated)

Commits

f42b239 10.2.2
fa2133b update deps
b9d0153 ci: update action workflows
35d9ee9 expand engines to include node 18
6d7ac34 10.2.1
2e111f3 coalesce consecutive non-globstar * characters
1a62a2a 10.2.0
758b5a3 changelog 10.2
903e50b add braceExpandMax option, format
a50a110 10.1.3
Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

640e694 0.1.12
f01c26a Merge commit from fork
0c71192 0.1.11
8f09549 Add error on bad input values
c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
bdb6635 0.1.9
c4272e4 Allow a non-lookahead regex (#312)
51a1955 0.1.8
Additional commits viewable in compare view

Updates qs from 6.11.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

... (truncated)

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.2

Release notes

Sourced from send's releases.

0.19.2

What's Changed

deps: use tilde notation and update certain dependencies by @Phillip9587 in pillarjs/send#279

Release: 0.19.2 by @UlisesGascon in pillarjs/send#280

Full Changelog: pillarjs/send@0.19.1...0.19.2

0.19.1

What's Changed

fix(deps): encodeurl@~2.0.0 by @wesleytodd in pillarjs/send#240

Full Changelog: pillarjs/send@0.19.0...0.19.1

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.2 / 2025-12-15

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: statuses@~2.0.2

0.19.1 / 2024-10-09

deps: encodeurl@~2.0.0

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

34ba03b 0.19.2 (#280)
e53e4e5 deps: use tilde notation and update certain dependencies (#279)
19efaa3 0.19.1
0a9fa80 fix(deps): encodeurl@~2.0.0 (#240)
9d2db99 0.19.0
ae4f298 Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1.16.3

What's Changed

deps: send@~0.19.1 by @Phillip9587 in expressjs/serve-static#227

Release: 1.16.3 by @UlisesGascon in expressjs/serve-static#229

Full Changelog: expressjs/serve-static@v1.16.2...v1.16.3

v1.16.2

What's Changed

encodeurl@~2.0.0 by @wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

bump send to 0.19 by @tommasini in expressjs/serve-static#176

New Contributors

@tommasini made their first contribution in expressjs/serve-static#176

<...
Description has been truncated

Bumps the npm_and_yarn group with 4 updates in the /mern-docker/backend directory: [express](https://github.com/expressjs/express), [mongoose](https://github.com/Automattic/mongoose), [braces](https://github.com/micromatch/braces) and [minimatch](https://github.com/isaacs/minimatch). Bumps the npm_and_yarn group with 5 updates in the /next-docker directory: | Package | From | To | | --- | --- | --- | | [mongoose](https://github.com/Automattic/mongoose) | `8.0.3` | `8.9.5` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [next](https://github.com/vercel/next.js) | `14.0.4` | `15.5.10` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | Bumps the npm_and_yarn group with 1 update in the /starter_next-docker directory: [next](https://github.com/vercel/next.js). Updates `express` from 4.18.2 to 4.22.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md) - [Commits](expressjs/express@4.18.2...4.22.0) Updates `mongoose` from 8.0.3 to 8.9.5 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@8.0.3...8.9.5) Updates `body-parser` from 1.20.1 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.4) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.5.0 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.5.0...v0.7.2) Updates `minimatch` from 3.1.2 to 10.2.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v10.2.2) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `qs` from 6.11.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.2) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `mongoose` from 8.0.3 to 8.9.5 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@8.0.3...8.9.5) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `next` from 14.0.4 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.4...v15.5.10) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `next` from 14.0.4 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.4...v15.5.10) --- updated-dependencies: - dependency-name: express dependency-version: 4.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 8.9.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 8.9.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 21, 2026

This was referenced Feb 21, 2026

Bump mongoose from 8.0.3 to 8.9.5 in /next-docker in the npm_and_yarn group across 1 directory #1

Closed

Bump next from 14.0.4 to 14.2.26 in /next-docker in the npm_and_yarn group across 1 directory #2

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Bump the npm_and_yarn group across 3 directories with 13 updates#3

Bump the npm_and_yarn group across 3 directories with 13 updates#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/mern-docker/backend/npm_and_yarn-e223a8237f

dependabot bot commented on behalf of github Feb 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 21, 2026

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

8.9.5 / 2025-01-13

8.9.4 / 2025-01-09

8.9.3 / 2024-12-30

8.9.2 / 2024-12-19

8.9.1 / 2024-12-16

8.9.0 / 2024-12-13

8.9.5 / 2025-01-13

7.8.4 / 2025-01-13

6.13.6 / 2025-01-13

8.9.4 / 2025-01-09

8.9.3 / 2024-12-30

8.9.2 / 2024-12-19

8.9.1 / 2024-12-16

1.20.4

What's Changed

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.4 / 2025-12-01

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

v0.7.2

0.7.1

0.7.0

0.6.0

change log

10.2

10.1

10.0

9.0

8.0

7.4

7.3

7.2

7.1

Fix backtracking (again)

Error on bad input

Backtrack protection

Support non-lookahead regex output

Support named matching groups in RegExp

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

0.19.2

What's Changed

0.19.1

What's Changed

0.19.0

What's Changed

New Contributors

0.19.2 / 2025-12-15

0.19.1 / 2024-10-09

0.19.0 / 2024-09-10

v1.16.3

What's Changed

Support named matching groups in `RegExp`