Bump the npm_and_yarn group across 1 directory with 18 updates#73
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 18 updates#73dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.5` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.6` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` | | [form-data](https://github.com/form-data/form-data) | `3.0.0` | `3.0.5` | | [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `1.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` | | [picomatch](https://github.com/micromatch/picomatch) | `2.2.2` | `2.3.2` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.1` | `4.2.6` | | [socket.io](https://github.com/socketio/socket.io) | `4.5.3` | `4.8.3` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.0` | `2.1.5` | | [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.7` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `body-parser` from 1.19.0 to 1.20.5 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.5) Updates `browserify-sign` from 4.2.1 to 4.2.6 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.6) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `follow-redirects` from 1.15.2 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.16.0) Updates `form-data` from 3.0.0 to 3.0.5 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.0...v3.0.5) Updates `get-func-name` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](webpack/loader-utils@v1.4.0...v1.4.2) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `picomatch` from 2.2.2 to 2.3.2 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.2.2...2.3.2) Updates `qs` from 6.7.0 to 6.15.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.7.0...v6.15.3) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `socket.io-parser` from 4.2.1 to 4.2.6 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@4.2.6) Updates `socket.io` from 4.5.3 to 4.8.3 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/4.5.3...socket.io@4.8.3) Updates `tar-fs` from 2.1.0 to 2.1.5 - [Commits](mafintosh/tar-fs@v2.1.0...v2.1.5) Updates `tmp` from 0.2.1 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.7) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: body-parser dependency-version: 1.20.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: get-func-name dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 1.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-version: 4.2.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-version: 4.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jul 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 17 updates in the / directory:
1.19.01.20.54.2.14.2.61.0.41.0.70.2.00.2.21.15.21.16.03.0.03.0.52.0.02.0.21.0.11.0.21.4.01.4.24.17.214.18.12.2.22.3.22.4.112.4.124.2.14.2.64.5.34.8.32.1.02.1.50.2.10.2.71.2.31.2.5Updates
body-parserfrom 1.19.0 to 1.20.5Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
... (truncated)
Commits
0defdberelease(patch): 1.20.5cd0e7a0deps(qs): bump qs to 6.15.16f24d7efix: correct off-by-one error in parameterCount (#716)b849bd5deps: qs@~6.14.1 (#690)2c55e2frefactor(json): simplify strict mode error string construction (#692)7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.
Updates
browserify-signfrom 4.2.1 to 4.2.6Changelog
Sourced from browserify-sign's changelog.
... (truncated)
Commits
3425738v4.2.6fb4be1d[Dev Deps] update@ljharb/eslint-config,auto-changelogd2a3f56[Fix] sign/verify generic SHA algorithms with RSA keys224dffe[meta] set audit-level to make posttest happyda15004[Deps] updatebn.js5916347[Dev Deps] update@ljharb/eslint-config,eslint,npmignore6f06a33[Tests] increase coveraged3a7458v4.2.537b083c[Tests] clean up tests and convert console info skips to tape skipsfaade86[Fix] restore node 0.10 supportMaintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
cipher-basefrom 1.0.4 to 1.0.7Changelog
Sourced from cipher-base's changelog.
Commits
0056718v1.0.7fd1e5ee[Refactor] useto-buffer08ba803[Dev Deps] update@ljharb/eslint-configf5249f9v1.0.6b7ddd2a[Fix] io.js 3.0 - Node.js 5.3 typed array supportf03cebfv1.0.588dc806[meta] addauto-changelog7a137d7[meta] addnpmignoreandsafe-publish-latest5c02918[meta] fix package.json indentation8fd1364[Fix] return valid values on multi-byte-wide TypedArray inputMaintainer changes
This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
decode-uri-componentfrom 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea460.2.2980e0bfPrevent overwriting previously decoded tokens3c8a3730.2.176abc93Switch to GitHub workflows746ca5dFix issue where decode throws - fixes #6486d7e2Update license (#1)a650457Tidelift tasks66e1c28Meta tweaksUpdates
follow-redirectsfrom 1.15.2 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.21ef28aRelease version 1.15.11 of the npm package.7c88135Roll back tree shaking.6e389baRelease version 1.15.10 of the npm package.5bc496eShake me up before you go-go.694d6b4Bump minimist from 1.2.5 to 1.2.8Updates
form-datafrom 3.0.0 to 3.0.5Changelog
Sourced from form-data's changelog.
... (truncated)
Commits
be3f3cfv3.0.56a8a1c6[Deps] updatehasown27c61a5[Dev Deps] update@ljharb/eslint-config,auto-changelog,eslint,tape8777e67[Fix] escape CR, LF, and"in field names and filenames9c82fcdv3.0.4e8c574c[Tests] handle predict-v8-randomness failures in node < 17 and node > 23c6ced61[Fix] Switch to usingcryptorandom for boundary values0150851[meta] actually ensure the readme backup isn’t publishedfc38b48[meta] fix readme capitalizationd2eb290[meta] addauto-changelogMaintainer changes
This version was pushed to npm by ljharb, a new releaser for form-data since your current version.
Install script changes
This version modifies
prepublishscript that runs during installation. Review the package contents before updating.Updates
get-func-namefrom 2.0.0 to 2.0.2Release notes
Sourced from get-func-name's releases.
Commits
Maintainer changes
This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.
Updates
json5from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e1.0.2e0c23fedocs: update CHANGELOG for v1.0.262a6540fix: add proto to objects and arraysUpdates
loader-utilsfrom 1.4.0 to 1.4.2Release notes
Sourced from loader-utils's releases.
Changelog
Sourced from loader-utils's changelog.
Commits
331ad50chore(release): 1.4.217cbf8ffix: ReDoS problem (#226)8f082b3chore(release): 1.4.14504e34fix: security problem (#220)Updates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
picomatchfrom 2.2.2 to 2.3.2Release notes
Sourced from picomatch's releases.
Changelog
Sourced from picomatch's changelog.
... (truncated)
Commits
81cba8dPublish 2.3.2fc1f6b6Merge commit from forkeec17aeMerge commit from fork78f8ca4Merge pull request #156 from micromatch/backport-1443f4f10eMerge pull request #144 from Jason3S/jdent-object-properties5467a5a2.3.19f241efMerge pull request #102 from micromatch/ISSUE-93_incorrect_extglob_expandingac3cb66fix: support stars in negation extglobs with expression after closing parenth...719d348Merge pull request #85 from XhmikosR/codeqlac74e57Merge pull request #91 from XhmikosR/patch-1Maintainer changes
This version was pushed to npm by danez, a new releaser for picomatch since your current version.
Updates
qsfrom 6.7.0 to 6.15.3Changelog
Sourced from qs's changelog.