{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":207409203,"defaultBranch":"master","name":"monolith-to-microservices","ownerLogin":"googlecodelabs","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-09-09T21:35:53.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/13681719?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726157613.0","currentOid":""},"activityList":{"items":[{"before":"278f5ad34fad6a086ba091d05712cab77f7477a5","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/webpack-dev-middleware-5.3.4","pushedAt":"2024-09-12T16:13:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"b26b43092becae998b1909ce46ca6cbfdb21be61","after":"91f541ce786a9cb85dba54872f0635bcf2b1cd8c","ref":"refs/heads/master","pushedAt":"2024-09-12T16:13:31.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump webpack-dev-middleware from 5.3.0 to 5.3.4 in /react-app (#74)\n\nBumps\r\n[webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware)\r\nfrom 5.3.0 to 5.3.4.\r\n
\r\nRelease notes\r\n

Sourced from webpack-dev-middleware's\r\nreleases.

\r\n
\r\n

v5.3.4

\r\n

5.3.4\r\n(2024-03-20)

\r\n

Bug Fixes

\r\n\r\n

v5.3.3

\r\n

5.3.3\r\n(2022-05-18)

\r\n

Bug Fixes

\r\n\r\n

v5.3.2

\r\n

5.3.2\r\n(2022-05-17)

\r\n

Bug Fixes

\r\n\r\n

v5.3.1

\r\n

5.3.1\r\n(2022-02-01)

\r\n

Bug Fixes

\r\n\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from webpack-dev-middleware's\r\nchangelog.

\r\n
\r\n

5.3.4\r\n(2024-03-20)

\r\n

Bug Fixes

\r\n\r\n

5.3.3\r\n(2022-05-18)

\r\n

Bug Fixes

\r\n\r\n

5.3.2\r\n(2022-05-17)

\r\n

Bug Fixes

\r\n\r\n

5.3.1\r\n(2022-02-01)

\r\n

Bug Fixes

\r\n\r\n
\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpack-dev-middleware&package-manager=npm_and_yarn&previous-version=5.3.0&new-version=5.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\n> **Note**\r\n> Automatic rebases have been disabled on this pull request as it has\r\nbeen open for over 30 days.\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump webpack-dev-middleware from 5.3.0 to 5.3.4 in /react-app (#74)"}},{"before":"7734b757e3d8021da3297dc167ce5ab6b5ec7f7b","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/ejs-3.1.10","pushedAt":"2024-09-12T16:13:15.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"14c89d42c269e82853f3573bfc13bb9aecdd3e1d","after":"b26b43092becae998b1909ce46ca6cbfdb21be61","ref":"refs/heads/master","pushedAt":"2024-09-12T16:13:13.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump ejs from 3.1.9 to 3.1.10 in /react-app (#81)\n\nBumps [ejs](https://github.com/mde/ejs) from 3.1.9 to 3.1.10.\r\n
\r\nRelease notes\r\n

Sourced from ejs's\r\nreleases.

\r\n
\r\n

v3.1.10

\r\n

Version 3.1.10

\r\n
\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ejs&package-manager=npm_and_yarn&previous-version=3.1.9&new-version=3.1.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\n> **Note**\r\n> Automatic rebases have been disabled on this pull request as it has\r\nbeen open for over 30 days.\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ejs from 3.1.9 to 3.1.10 in /react-app (#81)"}},{"before":"c42bb70c553b3c5a0663461534393ab66599ce86","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/src/products/express-4.20.0","pushedAt":"2024-09-12T16:12:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"3978aef2eb44e1025dc2696bc414f975bc5790f4","after":"14c89d42c269e82853f3573bfc13bb9aecdd3e1d","ref":"refs/heads/master","pushedAt":"2024-09-12T16:12:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump express from 4.17.1 to 4.20.0 in /microservices/src/products (#92)\n\nBumps [express](https://github.com/expressjs/express) from 4.17.1 to\r\n4.20.0.\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
  • docs: specify new instructions for question and\r\ndiscuss by @​IamLizu in expressjs/express#5835
    • \r\n
  • 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
    • \r\n
  • path-to-regexp@0.1.10 by @​blakeembrey in\r\nexpressjs/express#5902
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​marco-ippolito\r\nmade their first contribution in expressjs/express#5565
    • \r\n
  • @​inigomarquinez\r\nmade their first contribution in expressjs/express#5590
    • \r\n
  • @​mertcanaltin\r\nmade their first contribution in expressjs/express#5627
    • \r\n
  • @​ctcpip made\r\ntheir first contribution in expressjs/express#5690
    • \r\n
  • @​bjohansebas\r\nmade their first contribution in expressjs/express#5814
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.20.0

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    • deps: raw-body@2.5.2
      • \r\n
    \r\n
    • \r\n
  • deps: cookie@0.6.0\r\n
      \r\n
    • Add partitioned option
      • \r\n
    \r\n
    • \r\n
\r\n

4.18.2 / 2022-10-08

\r\n
    \r\n
  • Fix regression routing a large stack in a single route
    • \r\n
  • deps: body-parser@1.20.1
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • 125bb74\r\npath-to-regexp@0.1.10 (#5902)
    • \r\n
  • 2a980ad\r\nmerge-descriptors@1.0.3 (#5781)
    • \r\n
  • a3e7e05\r\ndocs: specify new instructions for question and\r\ndiscuss
    • \r\n
  • c5addb9\r\ndeps: path-to-regexp@0.1.8 (#5603)
    • \r\n
  • e35380a\r\ndocs: add @​IamLizu to the\r\ntriage team (#5836)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by ulisesgascon, a new\r\nreleaser for express since your current version.

\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.17.1&new-version=4.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump express from 4.17.1 to 4.20.0 in /microservices/src/products (#92)"}},{"before":null,"after":"c42bb70c553b3c5a0663461534393ab66599ce86","ref":"refs/heads/dependabot/npm_and_yarn/microservices/src/products/express-4.20.0","pushedAt":"2024-09-12T16:10:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump express from 4.17.1 to 4.20.0 in /microservices/src/products\n\nBumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.20.0.\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/master/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.17.1...4.20.0)\n\n---\nupdated-dependencies:\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump express from 4.17.1 to 4.20.0 in /microservices/src/products"}},{"before":"8c25f3a3445823360e6e356e30bd25205656c374","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/braces-3.0.3","pushedAt":"2024-09-12T16:09:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"a44724012a87b664c18c4ef47dac4f5451f65b35","after":"3978aef2eb44e1025dc2696bc414f975bc5790f4","ref":"refs/heads/master","pushedAt":"2024-09-12T16:09:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump braces from 3.0.2 to 3.0.3 in /react-app (#82)\n\nBumps [braces](https://github.com/micromatch/braces) from 3.0.2 to\r\n3.0.3.\r\n
\r\nCommits\r\n
    \r\n
  • 74b2db2\r\n3.0.3
    • \r\n
  • 88f1429\r\nupdate eslint. lint, fix unit tests.
    • \r\n
  • 415d660\r\nSnyk js braces 6838727 (#40)
    • \r\n
  • 190510f\r\nfix tests, skip 1 test in test/braces.expand
    • \r\n
  • 716eb9f\r\nreadme bump
    • \r\n
  • a5851e5\r\nMerge pull request #37\r\nfrom coderaiser/fix/vulnerability
    • \r\n
  • 2092bd1\r\nfeature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
    • \r\n
  • 9f5b4cf\r\nfix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
    • \r\n
  • 98414f9\r\nremove funding file
    • \r\n
  • 665ab5d\r\nupdate keepEscaping doc (#27)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=braces&package-manager=npm_and_yarn&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\n> **Note**\r\n> Automatic rebases have been disabled on this pull request as it has\r\nbeen open for over 30 days.\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump braces from 3.0.2 to 3.0.3 in /react-app (#82)"}},{"before":"bab4bb69186c884d3bd1a37956e6607618f3b70d","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/webpack-5.94.0","pushedAt":"2024-09-12T16:09:38.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"f58523f153e509a7cc2b3f2dbd3915160638e9b3","after":"a44724012a87b664c18c4ef47dac4f5451f65b35","ref":"refs/heads/master","pushedAt":"2024-09-12T16:09:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump webpack from 5.76.2 to 5.94.0 in /react-app (#83)\n\nBumps [webpack](https://github.com/webpack/webpack) from 5.76.2 to\r\n5.94.0.\r\n
\r\nRelease notes\r\n

Sourced from webpack's\r\nreleases.

\r\n
\r\n

v5.94.0

\r\n

Bug Fixes

\r\n
    \r\n
  • Added runtime condition for harmony reexport checked
    • \r\n
  • Handle properly\r\ndata/http/https protocols in\r\nsource maps
    • \r\n
  • Make bigint optimistic when browserslist not found
    • \r\n
  • Move @​types/eslint-scope to dev deps
    • \r\n
  • Related in asset stats is now always an array when no related\r\nfound
    • \r\n
  • Handle ASI for export declarations
    • \r\n
  • Mangle destruction incorrect with export named default properly
    • \r\n
  • Fixed unexpected asi generation with sequence expression
    • \r\n
  • Fixed a lot of types
    • \r\n
\r\n

New Features

\r\n
    \r\n
  • Added new external type "module-import"
    • \r\n
  • Support webpackIgnore for new URL()\r\nconstruction
    • \r\n
  • [CSS] @import pathinfo support
    • \r\n
\r\n

Security

\r\n
    \r\n
  • Fixed DOM clobbering in auto public path
    • \r\n
\r\n

v5.93.0

\r\n

Bug Fixes

\r\n
    \r\n
  • Generate correct relative path to runtime chunks
    • \r\n
  • Makes DefinePlugin quieter under default log level
    • \r\n
  • Fixed mangle destructuring default in namespace import
    • \r\n
  • Fixed consumption of eager shared modules for module federation
    • \r\n
  • Strip slash for pretty regexp
    • \r\n
  • Calculate correct contenthash for CSS generator options
    • \r\n
\r\n

New Features

\r\n
    \r\n
  • Added the binary generator option for asset modules to\r\nexplicitly keep source maps produced by loaders
    • \r\n
  • Added the modern-module library value for tree shakable\r\noutput
    • \r\n
  • Added the overrideStrict option to override strict or\r\nnon-strict mode for javascript modules
    • \r\n
\r\n

v5.92.1

\r\n

Bug Fixes

\r\n
    \r\n
  • Doesn't crash with an error when the css experiment is enabled and\r\ncontenthash is used
    • \r\n
\r\n

v5.92.0

\r\n

Bug Fixes

\r\n
    \r\n
  • Correct tidle range's comutation for module federation
    • \r\n
  • Consider runtime for pure expression dependency update hash
    • \r\n
  • Return value in the subtractRuntime function for\r\nruntime logic
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • eabf85d\r\nchore(release): 5.94.0
    • \r\n
  • 955e057\r\nsecurity: fix DOM clobbering in auto public path
    • \r\n
  • 9822387\r\ntest: fix
    • \r\n
  • cbb86ed\r\ntest: fix
    • \r\n
  • 5ac3d7f\r\nfix: unexpected asi generation with sequence expression
    • \r\n
  • 2411661\r\nsecurity: fix DOM clobbering in auto public path
    • \r\n
  • b8c03d4\r\nfix: unexpected asi generation with sequence expression
    • \r\n
  • f46a03c\r\nrevert: do not use heuristic fallback for "module-import"
    • \r\n
  • 60f1898\r\nfix: do not use heuristic fallback for "module-import"
    • \r\n
  • 66306aa\r\nRevert "fix: module-import get fallback from\r\nexternalsPresets"
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webpack&package-manager=npm_and_yarn&previous-version=5.76.2&new-version=5.94.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump webpack from 5.76.2 to 5.94.0 in /react-app (#83)"}},{"before":"43ff2e334d8990bcbff096fe45f595102e369db0","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/micromatch-4.0.8","pushedAt":"2024-09-12T16:09:25.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"2c0b7ee795ed094c37cbd5b1c1f894daa90b79e6","after":"f58523f153e509a7cc2b3f2dbd3915160638e9b3","ref":"refs/heads/master","pushedAt":"2024-09-12T16:09:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump micromatch from 4.0.4 to 4.0.8 in /react-app (#84)\n\nBumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.4\r\nto 4.0.8.\r\n
\r\nRelease notes\r\n

Sourced from micromatch's\r\nreleases.

\r\n
\r\n

4.0.8

\r\n

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We\r\nconsider the issues low-priority, so even if you see automated scanners\r\nsaying otherwise, don't be scared.

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from micromatch's\r\nchangelog.

\r\n
\r\n

[4.0.8] - 2024-08-22

\r\n
    \r\n
  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch
    • \r\n
\r\n

[4.0.7] - 2024-05-22

\r\n
    \r\n
  • this is basically v4.0.5, with some README updates
    • \r\n
  • it is vulnerable to CVE-2024-4067
    • \r\n
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
    • \r\n
  • does NOT break API compatibility
    • \r\n
\r\n

[4.0.6] - 2024-05-21

\r\n
    \r\n
  • Added hasBraces to check if a pattern contains\r\nbraces.
    • \r\n
  • Fixes CVE-2024-4067
    • \r\n
  • BREAKS API COMPATIBILITY
    • \r\n
  • Should be labeled as a major release, but it's not.
    • \r\n
\r\n

[4.0.1 - 4.0.5]

\r\n

[4.0.0] - 2019-03-20

\r\n

Added

\r\n
    \r\n
  • Adds support for options.onMatch. See the readme for\r\ndetails
    • \r\n
  • Adds support for options.onIgnore. See the readme for\r\ndetails
    • \r\n
  • Adds support for options.onResult. See the readme for\r\ndetails
    • \r\n
\r\n

Breaking changes

\r\n
    \r\n
  • Require Node.js >= 8.6
    • \r\n
  • Removed support for passing an array of brace patterns to\r\nmicromatch.braces().
    • \r\n
  • To strictly enforce closing brackets (for {,\r\n[, and (), you must now use\r\nstrictBrackets=true instead of\r\nstrictErrors.
    • \r\n
  • cache - caching and all related options and methods\r\nhave been removed
    • \r\n
  • options.unixify was renamed to\r\noptions.windows
    • \r\n
  • options.nodupes Was removed. Duplicates are always\r\nremoved by default. You can override this with custom behavior by using\r\nthe onMatch, onResult and\r\nonIgnore functions.
    • \r\n
  • options.snapdragon was removed, as snapdragon is no\r\nlonger used.
    • \r\n
  • options.sourcemap was removed, as snapdragon is no\r\nlonger used, which provided sourcemap support.
    • \r\n
\r\n

[3.0.0] - 2017-04-11

\r\n

Complete overhaul, with 36,000+ new unit tests validated against\r\nactual output generated by Bash and minimatch. More specifically,\r\n35,000+ of the tests:

\r\n
    \r\n
  • micromatch results are directly compared to bash results
    • \r\n
  • in rare cases, when micromatch and bash disagree, micromatch's\r\nresults are compared to minimatch's results
    • \r\n
  • micromatch is much more accurate than minimatch, so there were cases\r\nwhere I had to make assumptions. I'll try to document these.
    • \r\n
\r\n

This refactor introduces a parser and compiler that are supersets of\r\nmore granular parsers and compilers from other sub-modules. Each of\r\nthese sub-modules has a singular responsibility and focuses on a certain\r\ntype of matching that aligns with a specific part of the Bash\r\n"expansion" API.

\r\n

These sub-modules work like plugins to seamlessly create the\r\nmicromatch parser/compiler, so that strings are parsed in one pass, an\r\nAST\r\nis created, then a new string is generated by the compiler.

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 8bd704e\r\n4.0.8
    • \r\n
  • a0e6841\r\nrun verb to generate README documentation
    • \r\n
  • 4ec2884\r\nMerge branch 'v4' into hauserkristof-feature/v4.0.8
    • \r\n
  • 03aa805\r\nMerge pull request #266\r\nfrom hauserkristof/feature/v4.0.8
    • \r\n
  • 814f5f7\r\nlint
    • \r\n
  • 67fcce6\r\nfix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
    • \r\n
  • 113f2e3\r\nfix: CVE numbers in CHANGELOG
    • \r\n
  • d9dbd9a\r\nfeat: updated CHANGELOG
    • \r\n
  • 2ab1315\r\nfix: use actions/setup-node@v4
    • \r\n
  • 1406ea3\r\nfeat: rework test to work on macos with node 10,12 and 14
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=micromatch&package-manager=npm_and_yarn&previous-version=4.0.4&new-version=4.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump micromatch from 4.0.4 to 4.0.8 in /react-app (#84)"}},{"before":"b454100d202f33a0e78eadd298d7127486a9519a","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/monolith/express-4.20.0","pushedAt":"2024-09-12T13:47:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"d79b5a2bec9cdba5af398a002c22528c74dcd70e","after":"2c0b7ee795ed094c37cbd5b1c1f894daa90b79e6","ref":"refs/heads/master","pushedAt":"2024-09-12T13:47:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump express from 4.18.2 to 4.20.0 in /monolith (#89)\n\nBumps [express](https://github.com/expressjs/express) from 4.18.2 to\r\n4.20.0.\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
  • docs: specify new instructions for question and\r\ndiscuss by @​IamLizu in expressjs/express#5835
    • \r\n
  • 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
    • \r\n
  • path-to-regexp@0.1.10 by @​blakeembrey in\r\nexpressjs/express#5902
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​marco-ippolito\r\nmade their first contribution in expressjs/express#5565
    • \r\n
  • @​inigomarquinez\r\nmade their first contribution in expressjs/express#5590
    • \r\n
  • @​mertcanaltin\r\nmade their first contribution in expressjs/express#5627
    • \r\n
  • @​ctcpip made\r\ntheir first contribution in expressjs/express#5690
    • \r\n
  • @​bjohansebas\r\nmade their first contribution in expressjs/express#5814
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.20.0

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    • deps: raw-body@2.5.2
      • \r\n
    \r\n
    • \r\n
  • deps: cookie@0.6.0\r\n
      \r\n
    • Add partitioned option
      • \r\n
    \r\n
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • 125bb74\r\npath-to-regexp@0.1.10 (#5902)
    • \r\n
  • 2a980ad\r\nmerge-descriptors@1.0.3 (#5781)
    • \r\n
  • a3e7e05\r\ndocs: specify new instructions for question and\r\ndiscuss
    • \r\n
  • c5addb9\r\ndeps: path-to-regexp@0.1.8 (#5603)
    • \r\n
  • e35380a\r\ndocs: add @​IamLizu to the\r\ntriage team (#5836)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by ulisesgascon, a new\r\nreleaser for express since your current version.

\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.18.2&new-version=4.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump express from 4.18.2 to 4.20.0 in /monolith (#89)"}},{"before":"a1a28211154d8b694c568bea26e384bdc6d6c05a","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/react-app/multi-d66d039ac5","pushedAt":"2024-09-12T13:46:51.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"5b326316362663e4739986e90fccc904addf6008","after":"d79b5a2bec9cdba5af398a002c22528c74dcd70e","ref":"refs/heads/master","pushedAt":"2024-09-12T13:46:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump serve-static and express in /react-app (#91)\n\nBumps [serve-static](https://github.com/expressjs/serve-static) to\r\n1.16.2 and updates ancestor dependency\r\n[express](https://github.com/expressjs/express). These dependencies need\r\nto be updated together.\r\n\r\nUpdates `serve-static` from 1.15.0 to 1.16.2\r\n
\r\nRelease notes\r\n

Sourced from serve-static's\r\nreleases.

\r\n
\r\n

1.16.0

\r\n

What's Changed

\r\n
    \r\n
  • Remove link renderization in html while redirecting (expressjs/serve-static#173)
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​UlisesGascon\r\nmade their first contribution in expressjs/serve-static#173
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from serve-static's\r\nchangelog.

\r\n
\r\n

1.16.2 / 2024-09-11

\r\n
    \r\n
  • deps: encodeurl@~2.0.0
    • \r\n
\r\n

1.16.1 / 2024-09-11

\r\n
    \r\n
  • deps: send@0.19.0
    • \r\n
\r\n

1.16.0 / 2024-09-10

\r\n
    \r\n
  • Remove link renderization in html while redirecting
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • ec9c5ec\r\n1.16.2
    • \r\n
  • f454d37\r\nfix(deps): encodeurl@~2.0.0
    • \r\n
  • 77a8255\r\n1.16.1
    • \r\n
  • 4263f49\r\nfix(deps): send@0.19.0
    • \r\n
  • 48c7397\r\n1.16.0
    • \r\n
  • 0c11fad\r\nMerge commit from fork
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor serve-static since your current version.

\r\n
\r\n
\r\n\r\nUpdates `express` from 4.18.2 to 4.21.0\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.21.0

\r\n

What's Changed

\r\n
    \r\n
  • Deprecate "back" magic string in redirects by\r\n@​blakeembrey\r\nin expressjs/express#5935
    • \r\n
  • finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
    • \r\n
  • fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
    • \r\n
  • Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93\r\nin expressjs/express#5946
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​agadzinski93\r\nmade their first contribution in expressjs/express#5946
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.21.0 / 2024-09-11

\r\n
    \r\n
  • Deprecate res.location("back") and\r\nres.redirect("back") magic string
    • \r\n
  • deps: serve-static@1.16.2\r\n
      \r\n
    • includes send@0.19.0
      • \r\n
    \r\n
    • \r\n
  • deps: finalhandler@1.3.1
    • \r\n
  • deps: qs@6.13.0
    • \r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 7e562c6\r\n4.21.0
    • \r\n
  • 1bcde96\r\nfix(deps): qs@6.13.0 (#5946)
    • \r\n
  • 7d36477\r\nfix(deps): serve-static@1.16.2 (#5951)
    • \r\n
  • 40d2d8f\r\nfix(deps): finalhandler@1.3.1
    • \r\n
  • 77ada90\r\nDeprecate "back" magic string in redirects (#5935)
    • \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.

\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump serve-static and express in /react-app (#91)"}},{"before":"8addc887241c0dd93d5852dc46562c31995720de","after":"a1a28211154d8b694c568bea26e384bdc6d6c05a","ref":"refs/heads/dependabot/npm_and_yarn/react-app/multi-d66d039ac5","pushedAt":"2024-09-12T13:45:37.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump serve-static and express in /react-app\n\nBumps [serve-static](https://github.com/expressjs/serve-static) to 1.16.2 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.\n\n\nUpdates `serve-static` from 1.15.0 to 1.16.2\n- [Release notes](https://github.com/expressjs/serve-static/releases)\n- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)\n- [Commits](https://github.com/expressjs/serve-static/compare/v1.15.0...v1.16.2)\n\nUpdates `express` from 4.18.2 to 4.21.0\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.21.0)\n\n---\nupdated-dependencies:\n- dependency-name: serve-static\n dependency-type: indirect\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump serve-static and express in /react-app"}},{"before":"3b2d26ff07b3ba0688c1edb3bb1722171ed78b01","after":"b454100d202f33a0e78eadd298d7127486a9519a","ref":"refs/heads/dependabot/npm_and_yarn/monolith/express-4.20.0","pushedAt":"2024-09-12T13:45:34.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump express from 4.18.2 to 4.20.0 in /monolith\n\nBumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.20.0.\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/master/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.20.0)\n\n---\nupdated-dependencies:\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump express from 4.18.2 to 4.20.0 in /monolith"}},{"before":"f9e419e35053dac7cb80a49eacbea96cd46bf317","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/multi-ceff1a497b","pushedAt":"2024-09-12T13:45:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"d6186ced250444e8d93aafa98c041cff6ec08f12","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/src/frontend/multi-27a054522e","pushedAt":"2024-09-12T13:45:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"abf4df1535fd5f26f5840bba412b0efb019adf5f","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/multi-cf87d80143","pushedAt":"2024-09-12T13:44:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"5fd82270d6f9069dd182186480775fb78c2178c3","after":"5b326316362663e4739986e90fccc904addf6008","ref":"refs/heads/master","pushedAt":"2024-09-12T13:44:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump send and express in /microservices (#90)\n\nBumps [send](https://github.com/pillarjs/send) to 0.19.0 and updates\r\nancestor dependency [express](https://github.com/expressjs/express).\r\nThese dependencies need to be updated together.\r\n\r\nUpdates `send` from 0.18.0 to 0.19.0\r\n
\r\nRelease notes\r\n

Sourced from send's\r\nreleases.

\r\n
\r\n

0.19.0

\r\n

What's Changed

\r\n
    \r\n
  • Remove link renderization in html while redirecting (pillarjs/send#235)
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​UlisesGascon\r\nmade their first contribution in pillarjs/send#235
    • \r\n
\r\n

Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from send's\r\nchangelog.

\r\n
\r\n

0.19.0 / 2024-09-10

\r\n
    \r\n
  • Remove link renderization in html while redirecting
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 9d2db99\r\n0.19.0
    • \r\n
  • ae4f298\r\nMerge commit from fork
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by ulisesgascon, a new\r\nreleaser for send since your current version.

\r\n
\r\n
\r\n\r\nUpdates `express` from 4.18.2 to 4.21.0\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.21.0

\r\n

What's Changed

\r\n
    \r\n
  • Deprecate "back" magic string in redirects by\r\n@​blakeembrey\r\nin expressjs/express#5935
    • \r\n
  • finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
    • \r\n
  • fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
    • \r\n
  • Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93\r\nin expressjs/express#5946
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​agadzinski93\r\nmade their first contribution in expressjs/express#5946
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.21.0 / 2024-09-11

\r\n
    \r\n
  • Deprecate res.location("back") and\r\nres.redirect("back") magic string
    • \r\n
  • deps: serve-static@1.16.2\r\n
      \r\n
    • includes send@0.19.0
      • \r\n
    \r\n
    • \r\n
  • deps: finalhandler@1.3.1
    • \r\n
  • deps: qs@6.13.0
    • \r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 7e562c6\r\n4.21.0
    • \r\n
  • 1bcde96\r\nfix(deps): qs@6.13.0 (#5946)
    • \r\n
  • 7d36477\r\nfix(deps): serve-static@1.16.2 (#5951)
    • \r\n
  • 40d2d8f\r\nfix(deps): finalhandler@1.3.1
    • \r\n
  • 77ada90\r\nDeprecate "back" magic string in redirects (#5935)
    • \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.

\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump send and express in /microservices (#90)"}},{"before":null,"after":"8addc887241c0dd93d5852dc46562c31995720de","ref":"refs/heads/dependabot/npm_and_yarn/react-app/multi-d66d039ac5","pushedAt":"2024-09-12T13:43:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump serve-static and express in /react-app\n\nBumps [serve-static](https://github.com/expressjs/serve-static) to 1.16.2 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.\n\n\nUpdates `serve-static` from 1.15.0 to 1.16.2\n- [Release notes](https://github.com/expressjs/serve-static/releases)\n- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)\n- [Commits](https://github.com/expressjs/serve-static/compare/v1.15.0...v1.16.2)\n\nUpdates `express` from 4.18.2 to 4.21.0\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.21.0)\n\n---\nupdated-dependencies:\n- dependency-name: serve-static\n dependency-type: indirect\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump serve-static and express in /react-app"}},{"before":null,"after":"abf4df1535fd5f26f5840bba412b0efb019adf5f","ref":"refs/heads/dependabot/npm_and_yarn/microservices/multi-cf87d80143","pushedAt":"2024-09-12T13:43:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump send and express in /microservices\n\nBumps [send](https://github.com/pillarjs/send) to 0.19.0 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.\n\n\nUpdates `send` from 0.18.0 to 0.19.0\n- [Release notes](https://github.com/pillarjs/send/releases)\n- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)\n- [Commits](https://github.com/pillarjs/send/compare/0.18.0...0.19.0)\n\nUpdates `express` from 4.18.2 to 4.21.0\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.21.0)\n\n---\nupdated-dependencies:\n- dependency-name: send\n dependency-type: indirect\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump send and express in /microservices"}},{"before":null,"after":"3b2d26ff07b3ba0688c1edb3bb1722171ed78b01","ref":"refs/heads/dependabot/npm_and_yarn/monolith/express-4.20.0","pushedAt":"2024-09-12T13:43:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump express from 4.18.2 to 4.20.0 in /monolith\n\nBumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.20.0.\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/master/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.18.2...4.20.0)\n\n---\nupdated-dependencies:\n- dependency-name: express\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump express from 4.18.2 to 4.20.0 in /monolith"}},{"before":"a9f3e85b9b122d0692e4d3fcb27f854a05fde2f6","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/src/orders/multi-d66d039ac5","pushedAt":"2024-09-12T13:42:59.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"6f268e4290b69080c0c592d2c6e2b4a92ebd8160","after":"5fd82270d6f9069dd182186480775fb78c2178c3","ref":"refs/heads/master","pushedAt":"2024-09-12T13:42:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump serve-static and express in /microservices/src/orders (#87)\n\nBumps [serve-static](https://github.com/expressjs/serve-static) to\r\n1.16.2 and updates ancestor dependency\r\n[express](https://github.com/expressjs/express). These dependencies need\r\nto be updated together.\r\n\r\nUpdates `serve-static` from 1.14.1 to 1.16.2\r\n
\r\nRelease notes\r\n

Sourced from serve-static's\r\nreleases.

\r\n
\r\n

1.16.0

\r\n

What's Changed

\r\n
    \r\n
  • Remove link renderization in html while redirecting (expressjs/serve-static#173)
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​UlisesGascon\r\nmade their first contribution in expressjs/serve-static#173
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0

\r\n

1.15.0

\r\n
    \r\n
  • deps: send@0.18.0\r\n
      \r\n
    • Fix emitted 416 error missing headers property
      • \r\n
    • Limit the headers removed for 304 response
      • \r\n
    • deps: depd@2.0.0
      • \r\n
    • deps: destroy@1.2.0
      • \r\n
    • deps: http-errors@2.0.0
      • \r\n
    • deps: on-finished@2.4.1
      • \r\n
    • deps: statuses@2.0.1
      • \r\n
    \r\n
    • \r\n
\r\n

1.14.2

\r\n
    \r\n
  • deps: send@0.17.2\r\n
      \r\n
    • deps: http-errors@1.8.1
      • \r\n
    • deps: ms@2.1.3
      • \r\n
    • pref: ignore empty http tokens
      • \r\n
    \r\n
    • \r\n
\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from serve-static's\r\nchangelog.

\r\n
\r\n

1.16.2 / 2024-09-11

\r\n
    \r\n
  • deps: encodeurl@~2.0.0
    • \r\n
\r\n

1.16.1 / 2024-09-11

\r\n
    \r\n
  • deps: send@0.19.0
    • \r\n
\r\n

1.16.0 / 2024-09-10

\r\n
    \r\n
  • Remove link renderization in html while redirecting
    • \r\n
\r\n

1.15.0 / 2022-03-24

\r\n
    \r\n
  • deps: send@0.18.0\r\n
      \r\n
    • Fix emitted 416 error missing headers property
      • \r\n
    • Limit the headers removed for 304 response
      • \r\n
    • deps: depd@2.0.0
      • \r\n
    • deps: destroy@1.2.0
      • \r\n
    • deps: http-errors@2.0.0
      • \r\n
    • deps: on-finished@2.4.1
      • \r\n
    • deps: statuses@2.0.1
      • \r\n
    \r\n
    • \r\n
\r\n

1.14.2 / 2021-12-15

\r\n
    \r\n
  • deps: send@0.17.2\r\n
      \r\n
    • deps: http-errors@1.8.1
      • \r\n
    • deps: ms@2.1.3
      • \r\n
    • pref: ignore empty http tokens
      • \r\n
    \r\n
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • ec9c5ec\r\n1.16.2
    • \r\n
  • f454d37\r\nfix(deps): encodeurl@~2.0.0
    • \r\n
  • 77a8255\r\n1.16.1
    • \r\n
  • 4263f49\r\nfix(deps): send@0.19.0
    • \r\n
  • 48c7397\r\n1.16.0
    • \r\n
  • 0c11fad\r\nMerge commit from fork
    • \r\n
  • 9b5a12a\r\n1.15.0
    • \r\n
  • a39a0df\r\ndocs: update CI link
    • \r\n
  • d702ea2\r\nbuild: Node.js@17.8
    • \r\n
  • ff1510a\r\ndeps: send@0.18.0
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor serve-static since your current version.

\r\n
\r\n
\r\n\r\nUpdates `express` from 4.17.1 to 4.21.0\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.21.0

\r\n

What's Changed

\r\n
    \r\n
  • Deprecate "back" magic string in redirects by\r\n@​blakeembrey\r\nin expressjs/express#5935
    • \r\n
  • finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
    • \r\n
  • fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
    • \r\n
  • Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93\r\nin expressjs/express#5946
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​agadzinski93\r\nmade their first contribution in expressjs/express#5946
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.21.0 / 2024-09-11

\r\n
    \r\n
  • Deprecate res.location("back") and\r\nres.redirect("back") magic string
    • \r\n
  • deps: serve-static@1.16.2\r\n
      \r\n
    • includes send@0.19.0
      • \r\n
    \r\n
    • \r\n
  • deps: finalhandler@1.3.1
    • \r\n
  • deps: qs@6.13.0
    • \r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 7e562c6\r\n4.21.0
    • \r\n
  • 1bcde96\r\nfix(deps): qs@6.13.0 (#5946)
    • \r\n
  • 7d36477\r\nfix(deps): serve-static@1.16.2 (#5951)
    • \r\n
  • 40d2d8f\r\nfix(deps): finalhandler@1.3.1
    • \r\n
  • 77ada90\r\nDeprecate "back" magic string in redirects (#5935)
    • \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.

\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump serve-static and express in /microservices/src/orders (#87)"}},{"before":"e44fdf82c063d5d3e5f1faee59c0dcd1a0267fad","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/microservices/src/frontend/multi-cf87d80143","pushedAt":"2024-09-12T13:42:38.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"}},{"before":"94eaed3be1d65064cb9d457eed3bc9016322799a","after":"6f268e4290b69080c0c592d2c6e2b4a92ebd8160","ref":"refs/heads/master","pushedAt":"2024-09-12T13:42:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"verbanicm","name":"Mike Verbanic","path":"/verbanicm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5046972?s=80&v=4"},"commit":{"message":"Bump send and express in /microservices/src/frontend (#88)\n\nBumps [send](https://github.com/pillarjs/send) to 0.19.0 and updates\r\nancestor dependency [express](https://github.com/expressjs/express).\r\nThese dependencies need to be updated together.\r\n\r\nUpdates `send` from 0.17.1 to 0.19.0\r\n
\r\nRelease notes\r\n

Sourced from send's\r\nreleases.

\r\n
\r\n

0.19.0

\r\n

What's Changed

\r\n
    \r\n
  • Remove link renderization in html while redirecting (pillarjs/send#235)
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​UlisesGascon\r\nmade their first contribution in pillarjs/send#235
    • \r\n
\r\n

Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from send's\r\nchangelog.

\r\n
\r\n

0.19.0 / 2024-09-10

\r\n
    \r\n
  • Remove link renderization in html while redirecting
    • \r\n
\r\n

0.18.0 / 2022-03-23

\r\n
    \r\n
  • Fix emitted 416 error missing headers property
    • \r\n
  • Limit the headers removed for 304 response
    • \r\n
  • deps: depd@2.0.0\r\n
      \r\n
    • Replace internal eval usage with Function\r\nconstructor
      • \r\n
    • Use instance methods on process to check for\r\nlisteners
      • \r\n
    \r\n
    • \r\n
  • deps: destroy@1.2.0
    • \r\n
  • deps: http-errors@2.0.0\r\n
      \r\n
    • deps: depd@2.0.0
      • \r\n
    • deps: statuses@2.0.1
      • \r\n
    \r\n
    • \r\n
  • deps: on-finished@2.4.1
    • \r\n
  • deps: statuses@2.0.1
    • \r\n
\r\n

0.17.2 / 2021-12-11

\r\n
    \r\n
  • pref: ignore empty http tokens
    • \r\n
  • deps: http-errors@1.8.1\r\n
      \r\n
    • deps: inherits@2.0.4
      • \r\n
    • deps: toidentifier@1.0.1
      • \r\n
    • deps: setprototypeof@1.2.0
      • \r\n
    \r\n
    • \r\n
  • deps: ms@2.1.3
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 9d2db99\r\n0.19.0
    • \r\n
  • ae4f298\r\nMerge commit from fork
    • \r\n
  • b69cbb3\r\n0.18.0
    • \r\n
  • f53edbb\r\nLimit the headers removed for 304 response
    • \r\n
  • 706d6dd\r\ndocs: add security policy
    • \r\n
  • b690ba4\r\ndocs: fix linux build badge link
    • \r\n
  • fed09ff\r\ndocs: update copyright
    • \r\n
  • aee1a65\r\ndeps: destroy@1.2.0
    • \r\n
  • 6060bda\r\ndeps: on-finished@2.4.1
    • \r\n
  • 8055f78\r\nbuild: Node.js@17.7
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by ulisesgascon, a new\r\nreleaser for send since your current version.

\r\n
\r\n
\r\n\r\nUpdates `express` from 4.17.1 to 4.21.0\r\n
\r\nRelease notes\r\n

Sourced from express's\r\nreleases.

\r\n
\r\n

4.21.0

\r\n

What's Changed

\r\n
    \r\n
  • Deprecate "back" magic string in redirects by\r\n@​blakeembrey\r\nin expressjs/express#5935
    • \r\n
  • finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
    • \r\n
  • fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
    • \r\n
  • Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93\r\nin expressjs/express#5946
    • \r\n
\r\n

New Contributors

\r\n
    \r\n
  • @​agadzinski93\r\nmade their first contribution in expressjs/express#5946
    • \r\n
\r\n

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

\r\n

4.20.0

\r\n

What's Changed

\r\n

Important

\r\n
    \r\n
  • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
\r\n

Other Changes

\r\n
    \r\n
  • 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
    • \r\n
  • remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
    • \r\n
  • feat: document beta releases expectations by @​marco-ippolito\r\nin expressjs/express#5565
    • \r\n
  • Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
    • \r\n
  • Add a Threat Model by @​UlisesGascon\r\nin expressjs/express#5526
    • \r\n
  • Assign captain of encodeurl by @​blakeembrey in\r\nexpressjs/express#5579
    • \r\n
  • Nominate jonchurch as repo captain for http-errors,\r\nexpressjs.com, morgan, cors,\r\nbody-parser by @​jonchurch in expressjs/express#5587
    • \r\n
  • docs: update Security.md by @​inigomarquinez\r\nin expressjs/express#5590
    • \r\n
  • docs: update triage nomination policy by @​UlisesGascon\r\nin expressjs/express#5600
    • \r\n
  • Add CodeQL (SAST) by @​UlisesGascon\r\nin expressjs/express#5433
    • \r\n
  • docs: add UlisesGascon as triage initiative captain by @​UlisesGascon\r\nin expressjs/express#5605
    • \r\n
  • deps: encodeurl@~2.0.0 by @​blakeembrey in\r\nexpressjs/express#5569
    • \r\n
  • skip QUERY method test by @​jonchurch in expressjs/express#5628
    • \r\n
  • ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
    • \r\n
  • add support Node.js@22 in the CI by @​mertcanaltin\r\nin expressjs/express#5627
    • \r\n
  • doc: add table of contents, tc/triager lists to readme by @​mertcanaltin\r\nin expressjs/express#5619
    • \r\n
  • List and sort all projects, add captains by @​blakeembrey in\r\nexpressjs/express#5653
    • \r\n
  • docs: add @​UlisesGascon\r\nas captain for cookie-parser by @​UlisesGascon\r\nin expressjs/express#5666
    • \r\n
  • ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
    • \r\n
  • [v4] Deprecate res.clearCookie accepting\r\noptions.maxAge and options.expires by @​jonchurch in expressjs/express#5672
    • \r\n
  • skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
    • \r\n
  • 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
    • \r\n
  • remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
    • \r\n
  • Fix link variable use in attribution section of CODE OF CONDUCT by\r\n@​IamLizu in expressjs/express#5762
    • \r\n
  • Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
    • \r\n
  • Add OSSF Scorecard badge by @​UlisesGascon\r\nin expressjs/express#5436
    • \r\n
  • update scorecard link by @​bjohansebas in\r\nexpressjs/express#5814
    • \r\n
  • Nominate @​IamLizu to the\r\ntriage team by @​UlisesGascon\r\nin expressjs/express#5836
    • \r\n
  • deps: path-to-regexp@0.1.8 by @​blakeembrey in\r\nexpressjs/express#5603
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from express's\r\nchangelog.

\r\n
\r\n

4.21.0 / 2024-09-11

\r\n
    \r\n
  • Deprecate res.location("back") and\r\nres.redirect("back") magic string
    • \r\n
  • deps: serve-static@1.16.2\r\n
      \r\n
    • includes send@0.19.0
      • \r\n
    \r\n
    • \r\n
  • deps: finalhandler@1.3.1
    • \r\n
  • deps: qs@6.13.0
    • \r\n
\r\n

4.20.0 / 2024-09-10

\r\n
    \r\n
  • deps: serve-static@0.16.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: send@0.19.0\r\n
      \r\n
    • Remove link renderization in html while redirecting
      • \r\n
    \r\n
    • \r\n
  • deps: body-parser@0.6.0\r\n
      \r\n
    • add depth option to customize the depth level in the\r\nparser
      • \r\n
    • IMPORTANT: The default depth level for parsing\r\nURL-encoded data is now 32 (previously was\r\nInfinity)
      • \r\n
    \r\n
    • \r\n
  • Remove link renderization in html while using\r\nres.redirect
    • \r\n
  • deps: path-to-regexp@0.1.10\r\n
      \r\n
    • Adds support for named matching groups in the routes using a\r\nregex
      • \r\n
    • Adds backtracking protection to parameters without regexes\r\ndefined
      • \r\n
    \r\n
    • \r\n
  • deps: encodeurl@~2.0.0\r\n
      \r\n
    • Removes encoding of \\, |, and\r\n^ to align better with URL spec
      • \r\n
    \r\n
    • \r\n
  • Deprecate passing options.maxAge and\r\noptions.expires to res.clearCookie\r\n
      \r\n
    • Will be ignored in v5, clearCookie will set a cookie with an expires\r\nin the past to instruct clients to delete the cookie
      • \r\n
    \r\n
    • \r\n
\r\n

4.19.2 / 2024-03-25

\r\n
    \r\n
  • Improved fix for open redirect allow list bypass
    • \r\n
\r\n

4.19.1 / 2024-03-20

\r\n
    \r\n
  • Allow passing non-strings to res.location with new encoding handling\r\nchecks
    • \r\n
\r\n

4.19.0 / 2024-03-20

\r\n
    \r\n
  • Prevent open redirect allow list bypass due to encodeurl
    • \r\n
  • deps: cookie@0.6.0
    • \r\n
\r\n

4.18.3 / 2024-02-29

\r\n
    \r\n
  • Fix routing requests without method
    • \r\n
  • deps: body-parser@1.20.2\r\n
      \r\n
    • Fix strict json error message on Node.js 19+
      • \r\n
    • deps: content-type@~1.0.5
      • \r\n
    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 7e562c6\r\n4.21.0
    • \r\n
  • 1bcde96\r\nfix(deps): qs@6.13.0 (#5946)
    • \r\n
  • 7d36477\r\nfix(deps): serve-static@1.16.2 (#5951)
    • \r\n
  • 40d2d8f\r\nfix(deps): finalhandler@1.3.1
    • \r\n
  • 77ada90\r\nDeprecate "back" magic string in redirects (#5935)
    • \r\n
  • 21df421\r\n4.20.0
    • \r\n
  • 4c9ddc1\r\nfeat: upgrade to serve-static@0.16.0
    • \r\n
  • 9ebe5d5\r\nfeat: upgrade to send@0.19.0 (#5928)
    • \r\n
  • ec4a01b\r\nfeat: upgrade to body-parser@1.20.3 (#5926)
    • \r\n
  • 54271f6\r\nfix: don't render redirect values in anchor href
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\nMaintainer changes\r\n

This version was pushed to npm by wesleytodd, a new releaser\r\nfor express since your current version.

\r\n
\r\n
\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/googlecodelabs/monolith-to-microservices/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump send and express in /microservices/src/frontend (#88)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMlQxNjoxMzozMy4wMDAwMDBazwAAAAS0mucn","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMlQxNjoxMzozMy4wMDAwMDBazwAAAAS0mucn","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMlQxMzo0MjozNi4wMDAwMDBazwAAAAS0cMAz"}},"title":"Activity · googlecodelabs/monolith-to-microservices"}