Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 5 updates #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 5 updates #4

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 7, 2024

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
debug 2.2.0 4.3.6
ejs 2.7.4 3.1.10
express 4.13.4 4.19.2
log4js 0.6.38 6.9.1
morgan 1.6.1 1.10.0

Updates debug from 2.2.0 to 4.3.6

Release notes

Sourced from debug's releases.

4.3.6

What's Changed

New Contributors

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

  • cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

New Contributors

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.


Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

Updates express from 4.13.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates log4js from 0.6.38 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

6.9.0

6.8.0

6.7.1

... (truncated)

Commits
  • 26dcec6 6.9.1
  • 63ae5b9 Merge pull request #1379 from log4js-node/update-docs
  • 185fa66 docs: updated changelog for 6.9.1
  • ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
  • 2628688 fix(7922e82): regex for stacktrace
  • b3919d8 6.9.0
  • 7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
  • f89e7b6 docs: updated changelog for 6.9.0
  • 0082928 Merge pull request #1375 from log4js-node/update-docs
  • c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.


Updates morgan from 1.6.1 to 1.10.0

Release notes

Sourced from morgan's releases.

1.10.0

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
    • deps: safe-buffer@5.1.2
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

1.8.1

  • deps: debug@2.6.1
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

1.8.0

  • Fix sending unnecessary undefined argument to token functions
  • deps: basic-auth@~1.1.0
  • deps: debug@2.6.0
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • perf: enable strict mode in compiled functions

1.7.0

  • Add digits argument to response-time token
  • deps: depd@~1.1.0
    • Enable strict mode in more places
    • Support web browser loading

... (truncated)

Changelog

Sourced from morgan's changelog.

1.10.0 / 2020-03-20

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
    • deps: safe-buffer@5.1.2
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0 / 2017-09-26

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

1.8.1 / 2017-02-04

  • deps: debug@2.6.1
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

  • Fix sending unnecessary undefined argument to token functions
  • deps: basic-auth@~1.1.0
  • deps: debug@2.6.0

... (truncated)

Commits
  • c68d2ea 1.10.0
  • aa718d7 Add :total-time token
  • ce15462 build: remove deprecated Travis CI directive
  • e13e0d3 build: Node.js@13.11
  • f023828 build: use nyc for test coverage
  • 30c0871 build: mocha@7.1.1
  • 8114639 docs: document success color in dev format
  • 5d8176f docs: update rotating-file-stream usage for 2.x
  • c54194c tests: ignore branch coverage that varies
  • 5659d2f build: Node.js@12.16
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 5 updates
d7410d2 
Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [debug](https://github.com/debug-js/debug) | `2.2.0` | `4.3.6` |
| [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.13.4` | `4.19.2` |
| [log4js](https://github.com/log4js-node/log4js-node) | `0.6.38` | `6.9.1` |
| [morgan](https://github.com/expressjs/morgan) | `1.6.1` | `1.10.0` |



Updates `debug` from 2.2.0 to 4.3.6
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@2.2.0...4.3.6)

Updates `ejs` from 2.7.4 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v2.7.4...v3.1.10)

Updates `express` from 4.13.4 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.13.4...4.19.2)

Updates `log4js` from 0.6.38 to 6.9.1
- [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md)
- [Commits](log4js-node/log4js-node@v0.6.38...v6.9.1)

Updates `morgan` from 1.6.1 to 1.10.0
- [Release notes](https://github.com/expressjs/morgan/releases)
- [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md)
- [Commits](expressjs/morgan@1.6.1...1.10.0)

---
updated-dependencies:
- dependency-name: debug
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: log4js
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: morgan
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 7, 2024
This was referenced Aug 7, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants