build(deps): bump the npm_and_yarn group across 1 directory with 43 updates #34

dependabot · 2024-09-26T02:38:24Z

Bumps the npm_and_yarn group with 27 updates in the / directory:

Package	From	To
body-parser	`1.9.0`	`1.20.3`
dustjs-linkedin	`2.5.0`	`3.0.0`
ejs	`1.0.0`	`3.1.10`
express	`4.12.4`	`4.20.0`
express-fileupload	`0.0.5`	`1.4.0`
hbs	`4.0.4`	`4.2.0`
jquery	`2.2.4`	`3.5.0`
marked	`0.3.5`	`4.0.10`
moment	`2.15.1`	`2.29.4`
mongoose	`4.2.4`	`5.13.20`
ms	`0.7.3`	`2.1.3`
humanize-ms	`1.0.1`	`1.2.1`
typeorm	`0.2.24`	`0.3.0`
validator	`13.5.2`	`13.7.0`
snyk	`1.278.1`	`1.1064.0`
ajv	`6.10.2`	`6.12.6`
browserify-sign	`4.0.4`	`4.2.3`
cached-path-relative	`1.0.2`	`1.1.0`
ini	`1.3.5`	`1.3.8`
npmconf	`0.0.24`	`2.1.3`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.1`	`1.4.2`
minimist	`0.0.8`	`1.2.8`
tap	`11.1.5`	`21.0.1`
shell-quote	`1.6.1`	`1.8.1`
underscore	`1.9.1`	`1.12.1`
cfenv	`1.2.2`	`1.2.4`

Updates body-parser from 1.9.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1

deps: [email protected]

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1 / 2022-10-06

deps: [email protected]

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.19.2 / 2022-02-15

deps: [email protected]

deps: [email protected]

Fix handling of __proto__ keys

deps: [email protected]

deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates dustjs-linkedin from 2.5.0 to 3.0.0

Release notes

Sourced from dustjs-linkedin's releases.

v3.0.0

What's Changed

Bump deps by @sethkinast in linkedin/dustjs#734

Prioritize resolution of .then by @brianmhunt in linkedin/dustjs#736

Don't use instanceof to determine if a Context is a Context by @sethkinast in linkedin/dustjs#744

place location provided by peg 0.9 onto the AST by @jimmyhchan in linkedin/dustjs#706

{?exists} and {^exists} now supports values from a promise by @samuelms1 in linkedin/dustjs#753

Decrease security vulnerabilities by upgrading cli dependency (#754 #748) by @danactive in linkedin/dustjs#756

fix: Security bug about prototype pollution by @sumeetkakkar in linkedin/dustjs#805

New Contributors

@brianmhunt made their first contribution in linkedin/dustjs#736

@samuelms1 made their first contribution in linkedin/dustjs#753

@danactive made their first contribution in linkedin/dustjs#756

@sumeetkakkar made their first contribution in linkedin/dustjs#805

Full Changelog: linkedin/dustjs@v2.7.2...v3.0.0

v2.7.2

Notable Changes

Filters

Dust filter functions previously took one argument, the string to filter. They now accept a second argument, which is the current context.

Helpers

Dust helpers can now return primitives.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.
{@return value="" filters="|s" /} 
{@return value=""}{.} World{/return}
v2.7.1

Notable Changes

dust.config.cache

In previous versions, setting dust.config.cache to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used. Setting it back to true means that previously-cached templates will be ready to use.

dust.onLoad

We have added a callback(null, compiledTemplate) signature to dust.onLoad.

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

You can still call the callback with uncompiled template source and Dust will compile and store it, while respecting your dust.config.cache setting.

... (truncated)

Changelog

Sourced from dustjs-linkedin's changelog.

v3.0.0 (2021/10/20 22:56 +00:00)

#805 fix: Security bug about prototype pollution (@sumeetkakkar)

list (2016/12/08 20:15 +00:00)

#756 Decrease security vulnerabilities by upgrading cli dependency (#754 #748) (@danactive)

#753 {?exists} and {^exists} resolve Promises and check if the result exists (#753) (@samuelms1)

v2.7.4 (2016/09/13 02:52 +00:00)

#744 Don't use instanceof to determine if a Context is a Context. Instead use a flag on the instance itself so it can survive object merges. (@sethkinast)

v2.6.3 (2016/07/26 18:03 +00:00)

#736 Prioritize resolution of .then (@brianmhunt)

#735 Prioritize .then on thenable functios (#735) (@brianmhunt)

#734 Bump deps (@sethkinast)

#703 Upgrade to peg.js 0.9 (@sethkinast)

#705 When rendering with a Context object, use the templateName provided by the template (@sethkinast)

#701 Fix stacktrace logging for IE8 (@sethkinast)

#700 At DEBUG loglevel, log the full stack trace on errors (@r1b)

#690 Update deps (@sethkinast)

#689 Make the AMD loader pass the template directly rather than communicating via the cache (@aredridel)

v2.7.2 (2015/06/08 20:41 +00:00)

#673 Pass the current context to filters (@sethkinast)

#676 If a Promise is resolved with an array, iterate over it instead of rendering the whole array at once.

Closes #674 (@sethkinast)

#647 Allow helpers to return primitives

Previously returning a primitive would crash rendering with no way to recover. You can still return a Chunk and do more complex work if you need to.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@return value="" filters="|s" /} {@return value=""}{.} World{/return}

Closes #645 (@sethkinast)

#664 Be slightly pickier about what Dust thinks a Stream is.

Closes #663 (@sethkinast)

#661 Add saucelabs integration (@sethkinast)

#658 Refactor testing frameworks

Closes #649 Closes #602 Closes #642 (@sethkinast)

#660 Grammar: s/char/character/ to avoid using a reserved name

Closes #659 (@sethkinast)

v2.7.1 (2015/04/30 20:32 +00:00)

#655 Update CommonJS example to make use of new onLoad behavior (@sethkinast)

#653 Fix array iteration when context is undefined (@sethkinast)

#641 Add a cb(null, compiledTemplate) signature to dust.onLoad

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

dust.cache behavior has been changed slightly. Before, setting it to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used, but if it's set to true again previously-cached templates will be ready to use. (@sethkinast)

#650 Pin [email protected] for grunt-jasmine-nodejs (@sethkinast)

#646 Update AMD and CommonJS examples (@sethkinast)

#637 CommonJS example (@sethkinast)

#638 Preserve compiler backwards compatibility with pre-2.7 versions (@sethkinast)

#639 Fix failing test on Windows (@sethkinast)

v2.7.0 (2015/04/17 23:23 +00:00)

#636 Fix failing tests in IE8 (@sethkinast)

#633 Drop Node 0.8 (@sethkinast)

#635 Resolve dynamic partial names via original context (@sethkinast)

#631 Try to avoid creating Stacks with no content when possible (@sethkinast)

#613 Refactor template compilation

dust.render and dust.stream now accept a compiled template function in addition to a template name.
dust.compile no longer requires a template name, and will compile an anonymous template without one (so --name is no longer required for dustc either)
dust.load is removed from the public API
dust.renderSource is moved to the compiler, so it's only included in dust-full now (Fixes #412)
dust.compileFn is moved to the compiler, so it's only included in dust-full now
add dust.isTemplateFn
add dust.config.cache = true, set to false to disable caching and load templates again every time (Fixes #451)
add dust.config.cjs = false, set to true to compile templates as CommonJS modules
add --cjs flag to dustc
Move a bunch of exposed compiler stuff under dust.compiler (but leave it exposed until 2.8) (@sethkinast)

#624 dustc always creates templates with forward slashes (@sethkinast)

#617 Add chunk.stream to allow streamables in context (@sethkinast)

#610 clean up PEG grammar a little bit (@sethkinast)

#622 Fix behavior of Context#resolve when resolving a context function that returns a Chunk (@sethkinast)

... (truncated)

Commits

2e8795c Release v3.0.0
6f98371 merge from 2.7
db6d8b9 Merge pull request #805 from sumeetkakkar/fix/proto-pollution
ddb6523 fix for prototype pollution vulnerability
822222e Release v2.7.5
d0f955d Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
e0e25f7 Merge pull request #756 from danactive/master
eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (#753)
9a08207 Release v2.7.4
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by krakenjs, a new releaser for dustjs-linkedin since your current version.

Updates ejs from 1.0.0 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

v2.7.4

Bug fixes

Fixed Node 4 support, which broke in v2.7.3 (mde/ejs@5e42d6c, @mde)

v2.7.3

Bug fixes

Made the post-install message more discreet by following the example of opencollective-postinstall (mde/ejs@228d8e4, @mde)

v2.7.2

Features

Added support for destructuring locals (#452, @ExE-Boss)

Added support for disabling legacy include directives (#458, #459, @ExE-Boss)

Compiled functions are now shown in the debugger (#456, @S2-)

function.name is now set to the file base name in environments that support this (#466, @ExE-Boss)

Bug Fixes

The error message when async != true now correctly mention the existence of the async option (#460, @ExE-Boss)

Improved performance of HTML output generation (#470, @nwoltman)

v2.7.1

Deprecated:

Added deprecation notice for use of require.extensions (@mde)

v2.6.2

Correctly pass custom escape function to includes (@alecgibson)

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by mde, a new releaser for ejs since your current version.

Updates express from 4.12.4 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

... (truncated)

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates express-fileupload from 0.0.5 to 1.4.0

Release notes

Sourced from express-fileupload's releases.

v1.4.0

What's Changed

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in richardgirges/express-fileupload#310

Upgrade busboy version by @duterte in richardgirges/express-fileupload#315

New Contributors

@dependabot made their first contribution in richardgirges/express-fileupload#310

@duterte made their first contribution in richardgirges/express-fileupload#315

Full Changelog: richardgirges/express-fileupload@v1.3.1...v1.4.0

1.3.1

Updates

Have promiseCallback make callbacks and promises behave the same (#302)

Fix prototype pollution in utilities.js (#301)

Switch to CircleCI (ddf553060a1041c1f36a696b1ae8b52d24083140)

End support for Node versions < 12 (ab3d252a28c8eb1c003528fecc5e1ef38f8954c3)

1.2.1

Updates:

(Fix) Stopped additional responses from being sent if a limit handler exists (#264)

Unhandled promise rejection warning (#257)

Changed example (#255)

Passing a Buffer body will pollute req.body when used along with processNested (#291)

1.2.0

Bug Fixes

#241 Cleanup temporary files - @nusu

1.1.10

Updates:

Additional prototype-pollution security fix when using processNested (#239)

1.1.9

Updates:

Second prototype pollution security vulnerability fix when using processNested (#236)

1.1.8

Updates:

Fixed prototype pollution security vulnerability when using processNested (#236)

1.1.7-alpha.4

Updates:

Updated README.md thanks to @tycrek , @eartharoid, @Code42Cate

Some code refactoring to make it lighter and more readable.

Updated dependencies.

Fixes:

Fix empty file issue(#226)

Fix temp file write timing issue(#184). Thanks to @somewind

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by richardgirges, a new releaser for express-fileupload since your current version.

Updates hbs from 4.0.4 to 4.2.0

Changelog

Sourced from hbs's changelog.

4.2.0 / 2021-11-16

Add rename option to registerPartials

Ensure all partials are registered before rendering

Fix function context in async helpers

deps: [email protected]

4.1.2 / 2021-04-15

deps: [email protected]

4.1.1 / 2020-04-03

deps: [email protected]

4.1.0 / 2020-01-14

deps: [email protected]

Add handlebars.parseWithoutProcessing

Add support for iterable objects in #each helper

Block access to non-enumerable special properties on objects

Fix error when helper defined with array properties

Fix parsing of empty raw blocks

Fix work-around for constructor blocking

Validate arguments to #if, #unless and #with helpers

4.0.6 / 2019-10-09

deps: [email protected]

Fix error object inheritance

Fix work-around for constructor blocking

4.0.5 / 2019-09-27

Fix async helpers not working when cache enabled

Fix handling of exceptions from layout

Fix handling of exceptions when cache enabled

deps: [email protected]

Block calling helperMissing and blockHelperMissing from templates

Fix work-around for constructor blocking

deps: [email protected]

Commits

5790e5e v4.2.0
1ef46ee build: [email protected]
9771a6f build: [email protected]
e501201 build: update CI for npm TLS upgrade
9f1fee2 docs: fix linux build badge
9bd9de2 docs: add preamble to install section
73559c1 Add rename option to registerPartials
3b34543 build: [email protected]
df4fd3d build: [email protected]
e5e6e39 deps: [email protected]
Additional commits viewable in compare view

Updates jquery from 2.2.4 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

7a0a850 3.5.0
8570a08 Release: Update AUTHORS.txt
da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
065143c Ajax: Overwrite s.contentType with content-type header value, if any
1a4f10d Tests: Blacklist one focusin test in IE
9e15d6b Event: Use only one focusin/out handler per matching window & document
966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
7506c9c Build: Resolve Travis config warnings
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates marked from 0.3.5 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

retain line breaks in tokens properly (#2341) (a9696e2)

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

spaces on a newline after a table (#2319) (f82ea2c)

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

Fix every third list item broken (#2318) (346b162), closes #2314

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

speed up parsing long lists (#2302) (e0005d8)

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

ae01170 chore(release): 4.0.10 [skip ci]
fceda57 🗜️ build [skip ci]
8f80657 fix(security): fix redos vulnerabilities
c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
98996b8 chore(deps-dev): Bump @babel/preset-env from 7.16.5 to 7.16.7 (#2353)
ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
e5171a9 chore(release): 4.0.9 [skip ci]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for marked since your current version.

Updates moment from 2.15.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

Release Jul 6, 2022

#6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

Release Apr 17, 2022

#5995 [bugfix] Remove const usage

#5990 misc: fix advisory link

2.29.2 See full changelog

Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link:

…pdates Bumps the npm_and_yarn group with 27 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.9.0` | `1.20.3` | | [dustjs-linkedin](https://github.com/linkedin/dustjs) | `2.5.0` | `3.0.0` | | [ejs](https://github.com/mde/ejs) | `1.0.0` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.12.4` | `4.20.0` | | [express-fileupload](https://github.com/richardgirges/express-fileupload) | `0.0.5` | `1.4.0` | | [hbs](https://github.com/pillarjs/hbs) | `4.0.4` | `4.2.0` | | [jquery](https://github.com/jquery/jquery) | `2.2.4` | `3.5.0` | | [marked](https://github.com/markedjs/marked) | `0.3.5` | `4.0.10` | | [moment](https://github.com/moment/moment) | `2.15.1` | `2.29.4` | | [mongoose](https://github.com/Automattic/mongoose) | `4.2.4` | `5.13.20` | | [ms](https://github.com/vercel/ms) | `0.7.3` | `2.1.3` | | [humanize-ms](https://github.com/node-modules/humanize-ms) | `1.0.1` | `1.2.1` | | [typeorm](https://github.com/typeorm/typeorm) | `0.2.24` | `0.3.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.5.2` | `13.7.0` | | [snyk](https://github.com/snyk/snyk) | `1.278.1` | `1.1064.0` | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.2` | `6.12.6` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [cached-path-relative](https://github.com/ashaffer/cached-path-relative) | `1.0.2` | `1.1.0` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [npmconf](https://github.com/npm/npmconf) | `0.0.24` | `2.1.3` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [minimist](https://github.com/minimistjs/minimist) | `0.0.8` | `1.2.8` | | [tap](https://github.com/tapjs/tapjs) | `11.1.5` | `21.0.1` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.6.1` | `1.8.1` | | [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.12.1` | | [cfenv](https://github.com/cloudfoundry-community/node-cfenv) | `1.2.2` | `1.2.4` | Updates `body-parser` from 1.9.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.9.0...1.20.3) Updates `dustjs-linkedin` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/linkedin/dustjs/releases) - [Changelog](https://github.com/linkedin/dustjs/blob/master/CHANGELOG.md) - [Commits](linkedin/dustjs@v2.5.0...v3.0.0) Updates `ejs` from 1.0.0 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](https://github.com/mde/ejs/commits/v3.1.10) Updates `express` from 4.12.4 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.12.4...4.20.0) Updates `express-fileupload` from 0.0.5 to 1.4.0 - [Release notes](https://github.com/richardgirges/express-fileupload/releases) - [Commits](https://github.com/richardgirges/express-fileupload/commits/v1.4.0) Updates `hbs` from 4.0.4 to 4.2.0 - [Changelog](https://github.com/pillarjs/hbs/blob/master/HISTORY.md) - [Commits](pillarjs/hbs@v4.0.4...v4.2.0) Updates `jquery` from 2.2.4 to 3.5.0 - [Release notes](https://github.com/jquery/jquery/releases) - [Changelog](https://github.com/jquery/jquery/blob/main/changelog.md) - [Commits](jquery/jquery@2.2.4...3.5.0) Updates `marked` from 0.3.5 to 4.0.10 - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v0.3.5...v4.0.10) Updates `moment` from 2.15.1 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.15.1...2.29.4) Updates `mongoose` from 4.2.4 to 5.13.20 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@4.2.4...5.13.20) Updates `ms` from 0.7.3 to 2.1.3 - [Release notes](https://github.com/vercel/ms/releases) - [Commits](vercel/ms@0.7.3...2.1.3) Updates `humanize-ms` from 1.0.1 to 1.2.1 - [Changelog](https://github.com/node-modules/humanize-ms/blob/master/History.md) - [Commits](node-modules/humanize-ms@1.0.1...1.2.1) Updates `typeorm` from 0.2.24 to 0.3.0 - [Release notes](https://github.com/typeorm/typeorm/releases) - [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md) - [Commits](typeorm/typeorm@0.2.24...0.3.0) Updates `validator` from 13.5.2 to 13.7.0 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.5.2...13.7.0) Updates `snyk` from 1.278.1 to 1.1064.0 - [Release notes](https://github.com/snyk/snyk/releases) - [Commits](snyk/cli@v1.278.1...v1.1064.0) Updates `ajv` from 6.10.2 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.2...v6.12.6) Updates `async` from 0.9.0 to 1.5.2 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@0.9.0...v1.5.2) Updates `braces` from 2.3.2 to 1.8.5 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/1.8.5) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `bson` from 0.4.23 to 1.1.6 - [Release notes](https://github.com/mongodb/js-bson/releases) - [Changelog](https://github.com/mongodb/js-bson/blob/v1.1.6/HISTORY.md) - [Commits](mongodb/js-bson@V0.4.23...v1.1.6) Updates `cached-path-relative` from 1.0.2 to 1.1.0 - [Commits](https://github.com/ashaffer/cached-path-relative/commits) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `npmconf` from 0.0.24 to 2.1.3 - [Commits](https://github.com/npm/npmconf/commits) Updates `debug` from 2.2.0 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.2.0...2.6.9) Updates `xml2js` from 0.4.19 to 0.4.23 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits) Updates `elliptic` from 6.4.1 to 6.5.7 - [Commits](indutny/elliptic@v6.4.1...v6.5.7) Updates `qs` from 2.2.4 to 6.5.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v2.2.4...v6.5.2) Updates `got` from 6.7.1 to 9.6.0 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v6.7.1...v9.6.0) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2) Updates `minimist` from 0.0.8 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v0.0.8...v1.2.8) Updates `tap` from 11.1.5 to 21.0.1 - [Release notes](https://github.com/tapjs/tapjs/releases) - [Commits](https://github.com/tapjs/tapjs/compare/[email protected]) Updates `mpath` from 0.1.1 to 0.8.4 - [Changelog](https://github.com/mongoosejs/mpath/blob/master/History.md) - [Commits](mongoosejs/mpath@0.1.1...0.8.4) Updates `mquery` from 1.6.3 to 3.2.5 - [Changelog](https://github.com/mongoosejs/mquery/blob/master/History.md) - [Commits](mongoosejs/mquery@1.6.3...3.2.5) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `micromatch` from 3.1.10 to 2.3.11 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@3.1.10...2.3.11) Updates `set-value` from 0.4.3 to 2.0.1 - [Commits](jonschlinkert/set-value@0.4.3...2.0.1) Updates `path-to-regexp` from 0.1.3 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.3...v0.1.10) Updates `send` from 0.12.3 to 0.18.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.12.3...0.18.0) Updates `serve-static` from 1.9.3 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.9.3...1.16.0) Updates `shell-quote` from 1.6.1 to 1.8.1 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.6.1...v1.8.1) Updates `underscore` from 1.9.1 to 1.12.1 - [Commits](jashkenas/underscore@1.9.1...1.12.1) Updates `cfenv` from 1.2.2 to 1.2.4 - [Commits](cloudfoundry-community/node-cfenv@1.2.2...1.2.4) --- updated-dependencies: - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dustjs-linkedin dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express-fileupload dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hbs dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jquery dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: marked dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ms dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: humanize-ms dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: typeorm dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: validator dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: snyk dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bson dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cached-path-relative dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: npmconf dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: debug dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tap dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mpath dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mquery dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: set-value dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: underscore dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cfenv dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 1 directory with 43 updates #34

build(deps): bump the npm_and_yarn group across 1 directory with 43 updates #34

dependabot bot commented on behalf of github Sep 26, 2024

build(deps): bump the npm_and_yarn group across 1 directory with 43 updates #34

Are you sure you want to change the base?

build(deps): bump the npm_and_yarn group across 1 directory with 43 updates #34

Conversation

dependabot bot commented on behalf of github Sep 26, 2024

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

v3.0.0

What's Changed

New Contributors

v2.7.2

Notable Changes

Filters

Helpers

v2.7.1

Notable Changes

dust.config.cache

dust.onLoad

v3.0.0 (2021/10/20 22:56 +00:00)

list (2016/12/08 20:15 +00:00)

v2.7.4 (2016/09/13 02:52 +00:00)

v2.6.3 (2016/07/26 18:03 +00:00)

v2.7.2 (2015/06/08 20:41 +00:00)

v2.7.1 (2015/04/30 20:32 +00:00)

v2.7.0 (2015/04/17 23:23 +00:00)

v3.1.10

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.0.2

v2.7.4

Bug fixes

v2.7.3

Bug fixes

v2.7.2

Features

Bug Fixes

v2.7.1

Deprecated:

v2.6.2

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

v1.4.0

What's Changed

New Contributors

1.3.1

Updates

1.2.1

Updates:

1.2.0

Bug Fixes

1.1.10

Updates:

1.1.9

Updates:

1.1.8

Updates:

`dust.config.cache`

`dust.onLoad`