Skip to content

Bump the npm_and_yarn group across 2 directories with 10 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/node/npm_and_yarn-96de92fff1
Open

Bump the npm_and_yarn group across 2 directories with 10 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/node/npm_and_yarn-96de92fff1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Jul 22, 2025

Bumps the npm_and_yarn group with 3 updates in the /node directory: body-parser, ejs and express.
Bumps the npm_and_yarn group with 3 updates in the /quick-start directory: body-parser, express and request.

Updates body-parser from 1.20.3 to 2.2.0

Release notes

Sourced from body-parser's releases.

v2.2.0

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.1.0...v2.2.0

v2.1.0

What's Changed

Full Changelog: expressjs/body-parser@2.0.1...v2.1.0

2.0.2

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

2.0.2 / 2024-10-31

  • remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

  • Restore expected behavior extended to false

2.0.0 / 2024-09-10

  • Propagate changes from 1.20.3
  • add brotli support #406
  • Breaking Change: Node.js 18 is the minimum supported version

2.0.0-beta.2 / 2023-02-23

This incorporates all changes after 1.19.1 up to 1.20.2.

  • Remove deprecated bodyParser() combination middleware
  • deps: debug@3.1.0
    • Add DEBUG_HIDE_DATE environment variable
    • Change timer to per-namespace instead of global
    • Change non-TTY date format
    • Remove DEBUG_FD environment variable support
    • Support 256 namespace colors
  • deps: iconv-lite@0.5.2
    • Add encoding cp720
    • Add encoding UTF-32
  • deps: raw-body@3.0.0-beta.1

... (truncated)

Commits

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0

... (truncated)

Commits

Updates body-parser from 1.18.3 to 1.20.3

Release notes

Sourced from body-parser's releases.

v2.2.0

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.1.0...v2.2.0

v2.1.0

What's Changed

Full Changelog: expressjs/body-parser@2.0.1...v2.1.0

2.0.2

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

2.0.2 / 2024-10-31

  • remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

  • Restore expected behavior extended to false

2.0.0 / 2024-09-10

  • Propagate changes from 1.20.3
  • add brotli support #406
  • Breaking Change: Node.js 18 is the minimum supported version

2.0.0-beta.2 / 2023-02-23

This incorporates all changes after 1.19.1 up to 1.20.2.

  • Remove deprecated bodyParser() combination middleware
  • deps: debug@3.1.0
    • Add DEBUG_HIDE_DATE environment variable
    • Change timer to per-namespace instead of global
    • Change non-TTY date format
    • Remove DEBUG_FD environment variable support
    • Support 256 namespace colors
  • deps: iconv-lite@0.5.2
    • Add encoding cp720
    • Add encoding UTF-32
  • deps: raw-body@3.0.0-beta.1

... (truncated)

Commits

Updates express from 4.16.4 to 4.20.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: debug@4.3.6
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: qs@6.13.0
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0

... (truncated)

Commits

Updates request from 2.88.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

Commits

Updates ajv from 6.7.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (<...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 2 directories with 10 updates
fd6108c 
Bumps the npm_and_yarn group with 3 updates in the /node directory: [body-parser](https://github.com/expressjs/body-parser), [ejs](https://github.com/mde/ejs) and [express](https://github.com/expressjs/express).
Bumps the npm_and_yarn group with 3 updates in the /quick-start directory: [body-parser](https://github.com/expressjs/body-parser), [express](https://github.com/expressjs/express) and [request](https://github.com/request/request).


Updates `body-parser` from 1.20.3 to 2.2.0
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.3...v2.2.0)

Updates `ejs` from 2.7.4 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v2.7.4...v3.1.10)

Updates `express` from 4.21.2 to 5.1.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.21.2...v5.1.0)

Updates `body-parser` from 1.18.3 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.3...v2.2.0)

Updates `express` from 4.16.4 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.21.2...v5.1.0)

Updates `request` from 2.88.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Updates `ajv` from 6.7.0 to 6.12.6
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.7.0...v6.12.6)

Updates `cookie` from 0.3.1 to 0.6.0
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Changelog](https://github.com/jshttp/cookie/blob/v0.6.0/HISTORY.md)
- [Commits](jshttp/cookie@v0.3.1...v0.6.0)

Updates `path-to-regexp` from 0.1.7 to 0.1.10
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10)

Updates `send` from 0.16.2 to 0.18.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.16.2...0.18.0)

Updates `serve-static` from 1.13.2 to 1.16.0
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.13.2...1.16.0)

Updates `tough-cookie` from 2.4.3 to 2.5.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.4.3...v2.5.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 5.1.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.20.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-version: 2.88.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.12.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.6.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.18.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-version: 2.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants