Bump the npm_and_yarn group across 1 directory with 19 updates #1

dependabot · 2025-01-21T23:56:42Z

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
@grpc/grpc-js	`1.7.3`	`1.8.22`
axios	`0.28.1`	`0.29.0`
express	`4.19.2`	`4.20.0`
mysql2	`3.9.7`	`3.9.8`
nanoid	`3.3.7`	`3.3.8`
dompurify	`3.0.11`	`3.1.3`
vite	`5.2.10`	`5.4.14`
@azure/identity	`2.1.0`	`4.6.0`
mssql	`8.1.4`	`11.0.1`
braces	`3.0.2`	`3.0.3`
cookie	`0.4.2`	`0.7.1`
express	`4.20.0`	`4.21.2`
socket.io	`4.6.2`	`4.8.1`
cross-spawn	`7.0.3`	`7.0.6`
undici	`5.28.3`	`5.28.5`

Updates @grpc/grpc-js from 1.7.3 to 1.8.22

Release notes

Sourced from @grpc/grpc-js's releases.

@grpc/grpc-js 1.8.22

Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@grpc/grpc-js@1.8.21

Fix propagation of UNIMPLEMENTED error messages (#2528)

@grpc/grpc-js 1.8.20

Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@grpc/grpc-js 1.8.19

Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@grpc/grpc-js 1.8.18

Fix reporting of call stacks in unary request errors (#2503)

Fix reporting of proxy info in channelz socket responses (#2503)

@grpc/grpc-js 1.8.17

Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@grpc/grpc-js 1.8.16

Fix missing transport trace logs (#2470)

@grpc/grpc-js 1.8.15

Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)

Ensure status and error events are consistently emitted asynchronously (#2456)

@grpc/grpc-js 1.8.14

Fix sequencing of some events related to connectivity state changes (#2421)

@grpc/grpc-js 1.8.13

Fix memory leak in channelz socket tracking (#2394)

@grpc/grpc-js@1.8.12

Fix an occasional type error when receiving DNS updates (#2380)

Fix ordering of events when handing requests on the server (#2376 contributed by @phoenix741)

@grpc/grpc-js 1.8.11

Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@grpc/grpc-js 1.8.10

Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@grpc/grpc-js 1.8.9

Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@grpc/grpc-js 1.8.8

Remove progress field in returned status object (#2350)

Export InterceptingListener and NextCall types (#2351)

Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

... (truncated)

Commits

a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
3b110cd grpc-js: Bump to 1.8.22
8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
Additional commits viewable in compare view

Updates axios from 0.28.1 to 0.29.0

Release notes

Sourced from axios's releases.

v0.29.0

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @Sean-Powell in axios/axios#6402

fix: omit nulls in params by @Willshaw in axios/axios#6394

fix(backport): fix paramsSerializer function validation by @solonzhu in axios/axios#6361

fix: Regular Expression Denial of Service (ReDoS) by @qiongshusheng in axios/axios#6708

Contributors to this release

@Sean-Powell made their first contribution in axios/axios#6402

@Willshaw made their first contribution in axios/axios#6394

@solonzhu made their first contribution in axios/axios#6361

@qiongshusheng made their first contribution in axios/axios#6708

Changelog

Sourced from axios's changelog.

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 (#6402)

fix: omit nulls in params (#6394)

fix(backport): fix paramsSerializer function validation (#6361)

fix: regular expression denial of service (ReDoS) (#6708)

Commits

7750b8c chore(release): prep release v0.29.0
4840cb2 fix: regular expression denial of service issues (#6708)
2e36cdb fix(backport): fix paramsSerializer function validation (#6361)
3936f44 Fix: omit nulls in params (#6394)
146848f fix: backported commit #6167 and #6163 (#6402)
See full diff in compare view

Updates express from 4.19.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Updates mysql2 from 3.9.7 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

security: sanitize fields and tables when using nestTables (#2702) (efe3db5)

support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)

typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

security: sanitize fields and tables when using nestTables (#2702) (efe3db5)

support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)

typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

Commits

f637d3f chore(master): release 3.9.8 (#2700)
efe3db5 fix(security): sanitize fields and tables when using nestTables (#2702)
2e03694 fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...
8b5f691 fix(typings): typo from jonServerPublicKey to onServerPublicKey (#2699)
5c75802 build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)
179769f build(deps): bump @easyops-cn/docusaurus-search-local in /website (#2696)
56289e2 build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)
b029308 build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)
539acb8 build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)
dc80580 build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 i...
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates dompurify from 3.0.11 to 3.1.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.1.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK

Added better configurability for comment scrubbing default behavior

Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu

Added better handling and readability of the nodeType property, thanks @ssi02014

Fixed some smaller issues in README and other documentation

DOMPurify 3.1.2

Addressed and fixed a mXSS variation found by @kevin-mizu

Addressed and fixed a mXSS variation found by Adam Kues of Assetnote

Updated tests for older Safari and Chrome versions

DOMPurify 3.1.1

Fixed an mXSS sanitiser bypass reported by @icesfont

Added new code to track element nesting depth

Added new code to enforce a maximum nesting depth of 255

Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

DOMPurify 3.1.0

Added new setting SAFE_FOR_XML to enable better control over comment scrubbing

Updated README to warn about happy-dom not being safe for use with DOMPurify yet

Updated the LICENSE file to show the accurate year number

Updated several build and test dependencies

Commits

3fe78d7 chore: Preparing 3.1.3 release
b20ce99 fix: Added smaller-than-null check for __depth hardening code
1e52026 fix: Hardened the depth tracking code against prototype pollution
8df72f1 fix: Made the regex for comment scrubbing a bit stricter
ae517d6 fix: Expanded the comment scrubbing regex matching a bit further
b6818ce fix: Added better configurability for new comment behavior
aafd7a8 docs: Changed inline comments slightly to be more accurate
a377bf8 test: Fixed the tests
d1d5d22 fix: Added experiemental comment scrubbing inside attributes
dc61232 fix #949
Additional commits viewable in compare view

Updates vite from 5.2.10 to 5.4.14

Release notes

Sourced from vite's releases.

v5.4.14

Please refer to CHANGELOG.md for details.

v5.4.13

Please refer to CHANGELOG.md for details.

v5.4.12

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

5.4.13 (2025-01-20)

fix: try parse server.origin URL (#19241) (5946215), closes #19241

5.4.12 (2025-01-20)

fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (9da4abc)

fix!: default server.cors: false to disallow fetching from untrusted origins (dfea38f)

fix: verify token for HMR WebSocket connection (b71a5c8)

chore: add deps update changelog (ecd2375)

5.4.11 (2024-11-11)

fix(deps): update dependencies of postcss-modules (ceb15db), closes #18617

5.4.10 (2024-10-23)

fix: backport #18367,augment hash for CSS files to prevent chromium erroring by loading previous fil (7d1a3bc), closes #18367 #18412

5.4.9 (2024-10-14)

fix: bump launch-editor-middleware to v2.9.1 (#18348) (508d9ab), closes #18348

fix(css): fix lightningcss dep url resolution with custom root (#18125) (eae00b5), closes #18125

fix(data-uri): only match ids starting with data: (#18241) (96084d6), closes #18241

fix(deps): bump tsconfck (#18322) (dc5434c), closes #18322

fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252) (851b258), closes #18252

fix(ssr): (backport #18150) fix source map remapping with multiple sources (#18204) (262a879), closes #18204

chore: update all url references of vitejs.dev to vite.dev (#18276) (c23558a), closes #18276

chore: update license copyright (#18278) (1864eb1), closes #18278

docs: update homepage (#18274) (ae44163), closes #18274

5.4.8 (2024-09-25)

... (truncated)

Commits

e7eb3c5 release: v5.4.14
7d1699c fix: allow CORS from loopback addresses by default (#19249)
9df6e6b fix: preview.allowedHosts with specific values was not respected (#19246)
a1824c5 release: v5.4.13
5946215 fix: try parse server.origin URL (#19241)
f428aa9 release: v5.4.12
9da4abc fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
b71a5c8 fix: verify token for HMR WebSocket connection
dfea38f fix!: default server.cors: false to disallow fetching from untrusted origins
ecd2375 chore: add deps update changelog
Additional commits viewable in compare view

Updates @azure/identity from 2.1.0 to 4.6.0

Commits

b244783 port over 5af10dfcf532175409ecce6bbb820ec440ccf139
0babd49 fix changelog
09391c5 [identity] Update msal-browser to 4.0.1 (#32569)
57b8380 feat(playwrighttesting): Added runName in service config (#31379)
258b4b1 Sync eng/common directory with azure-sdk-tools for PR 9177 (#31432)
97e9849 Handle missing artifacts without exception (#31437)
d0b70a8 [ServiceBus] expose omitMessagesBody option under ./experimental subpath (#31...
24d7877 Sync .github/workflows directory with azure-sdk-tools for PR 9199 (#31438)
20f3c84 Sync eng/common directory with azure-sdk-tools for PR 9202 (#31439)
3e11a2e Sync eng/common directory with azure-sdk-tools for PR 9147 (#31440)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @azure/identity since your current version.

Updates mssql from 8.1.4 to 11.0.1

Release notes

Sourced from mssql's releases.

v11.0.1

11.0.1 (2024-07-03)

Bug Fixes

handle bigint types separately to int to avoid TypeError with BigInt param (b774084)

v11.0.0

11.0.0 (2024-06-18)

⚠ BREAKING CHANGES

Node JS min support upgraded to >=18 & tedious version updated

Features

drop node 16.x support (b5efe2f)

Bug Fixes

support use of native bigint from tedious (421e78f)

v10.0.4

10.0.4 (2024-06-18)

Bug Fixes

revert tedious upgrade (2b35ef3), closes #1665

v10.0.3

10.0.3 (2024-06-18)

Bug Fixes

support use of native bigint from tedious (c56a458)

v10.0.2

10.0.2 (2024-01-16)

Bug Fixes

from now _acquire return always a promise to avoid uncatchable exception (55f5a9f)

v10.0.1

... (truncated)

Changelog

Sourced from mssql's changelog.

v11.0.1 (2024-07-03)

[fix] handle bigint types separately to int to avoid TypeError with BigInt param (#1677)

v11.0.0 (2024-06-19)

[removed] Removed NodeJS 16 support (#1667) [feat] support use of native bigint from tedious (#1664)

v10.0.4 (2024-06-18)

[fix] revert accidental upgrade of tedious & bigint support (#1665)

v10.0.3 (2024-06-18)

[fix] support use of native bigint from tedious (#1664)

v10.0.2 (2024-01-16)

[fix] from now _acquire return always a promise to avoid uncatchable exception (#1592)

v10.0.1 (2023-09-12)

[perf] use node: prefix to bypass require.cache call for builtins (#1550)

v10.0.0 (2023-09-06)

[change] Upgrade tedious to v16 (#1547) [removed] Removed NodeJS 14 support (#1547)

v9.3.2 (2023-09-06)

[fix] Fix bug with msnodesqlv8 connection strings ((#1525)[https://redirect.github.com/tediousjs/node-mssql/pull/1525])

v9.3.1 (2023-09-05)

Revoked - contained breaking changes

v9.3.0 (2023-09-04)

[new] Add AAD connection support to connection strings ((#1461)[https://redirect.github.com/tediousjs/node-mssql/pull/1461])

v9.2.1 (2023-09-05)

[fix] Fix bug with msnodesqlv8 connection strings ((#1525)[https://redirect.github.com/tediousjs/node-mssql/pull/1525])

v9.2.0 (2023-08-28)

[new] Use @tediousjs/connection-string library to build msnodesqlv8 connection strings ((#1525)[https://redirect.github.com/tediousjs/node-mssql/pull/1525])

... (truncated)

Commits

9e5aef4 Merge pull request #1678 from dhensby/pulls/bigint-inputs
0199ae5 test: make sure bigint intputs do not throw
8931bcf Merge pull request #1677 from paulish/bigint_fix
b774084 fix: handle bigint types separately to int to avoid TypeError with BigInt param
e5205fb Merge pull request #1676 from tediousjs/dependabot/npm_and_yarn/test-tools-97...
b832900 chore(deps-dev): bump mocha in the test-tools group
3108080 Merge pull request #1672 from tediousjs/dependabot/github_actions/tediousjs/s...
92761a4 Merge pull request #1674 from tediousjs/dependabot/npm_and_yarn/test-tools-e6...
1b1fe27 chore(deps-dev): bump mocha in the test-tools group
8c9ff5e chore(deps): bump tediousjs/setup-sqlserver from 1 to 2
Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)

Bumps the npm_and_yarn group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.7.3` | `1.8.22` | | [axios](https://github.com/axios/axios) | `0.28.1` | `0.29.0` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.20.0` | | [mysql2](https://github.com/sidorares/node-mysql2) | `3.9.7` | `3.9.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.0.11` | `3.1.3` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.2.10` | `5.4.14` | | [@azure/identity](https://github.com/Azure/azure-sdk-for-js) | `2.1.0` | `4.6.0` | | [mssql](https://github.com/tediousjs/node-mssql) | `8.1.4` | `11.0.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.1` | | [express](https://github.com/expressjs/express) | `4.20.0` | `4.21.2` | | [socket.io](https://github.com/socketio/socket.io) | `4.6.2` | `4.8.1` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [undici](https://github.com/nodejs/undici) | `5.28.3` | `5.28.5` | Updates `@grpc/grpc-js` from 1.7.3 to 1.8.22 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `axios` from 0.28.1 to 0.29.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.29.0/CHANGELOG.md) - [Commits](axios/axios@v0.28.1...v0.29.0) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Updates `mysql2` from 3.9.7 to 3.9.8 - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v3.9.7...v3.9.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `dompurify` from 3.0.11 to 3.1.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.0.11...3.1.3) Updates `vite` from 5.2.10 to 5.4.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.14/packages/vite) Updates `@azure/identity` from 2.1.0 to 4.6.0 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_2.1.0...@azure/identity_4.6.0) Updates `mssql` from 8.1.4 to 11.0.1 - [Release notes](https://github.com/tediousjs/node-mssql/releases) - [Changelog](https://github.com/tediousjs/node-mssql/blob/master/CHANGELOG.txt) - [Commits](tediousjs/node-mssql@v8.1.4...v11.0.1) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.2 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.1) Updates `express` from 4.20.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Updates `socket.io` from 4.6.2 to 4.8.1 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `rollup` from 4.13.0 to 4.31.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.13.0...v4.31.0) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `undici` from 5.28.3 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.3...v5.28.5) --- updated-dependencies: - dependency-name: "@grpc/grpc-js" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mysql2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@azure/identity" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mssql dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 19 updates #1

Bump the npm_and_yarn group across 1 directory with 19 updates #1

dependabot bot commented on behalf of github Jan 21, 2025

Bump the npm_and_yarn group across 1 directory with 19 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 19 updates #1

Conversation

dependabot bot commented on behalf of github Jan 21, 2025

@​grpc/grpc-js 1.8.22

@​grpc/grpc-js@​1.8.21

@​grpc/grpc-js 1.8.20

@​grpc/grpc-js 1.8.19

@​grpc/grpc-js 1.8.18

@​grpc/grpc-js 1.8.17

@​grpc/grpc-js 1.8.16

@​grpc/grpc-js 1.8.15

@​grpc/grpc-js 1.8.14

@​grpc/grpc-js 1.8.13

@​grpc/grpc-js@​1.8.12

@​grpc/grpc-js 1.8.11

@​grpc/grpc-js 1.8.10

@​grpc/grpc-js 1.8.9

@​grpc/grpc-js 1.8.8

v0.29.0

Release notes:

Bug Fixes

Contributors to this release

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

3.9.8 (2024-05-26)

Bug Fixes

3.3.8

DOMPurify 3.1.3

DOMPurify 3.1.2

DOMPurify 3.1.1

DOMPurify 3.1.0

v5.4.14

v5.4.13

v5.4.12

v5.4.11

v5.4.10

v5.4.9

v5.4.8

v5.4.7

v5.4.6

v5.4.5

v5.4.4

v5.4.3

[email protected]

[email protected]

v5.4.2

[email protected]

5.4.14 (2025-01-21)

5.4.13 (2025-01-20)

5.4.12 (2025-01-20)

5.4.11 (2024-11-11)

5.4.10 (2024-10-23)

5.4.9 (2024-10-14)

5.4.8 (2024-09-25)

v11.0.1

11.0.1 (2024-07-03)

Bug Fixes

v11.0.0

11.0.0 (2024-06-18)

⚠ BREAKING CHANGES

Features

Bug Fixes

v10.0.4

10.0.4 (2024-06-18)

Bug Fixes

v10.0.3

10.0.3 (2024-06-18)

Bug Fixes

`@grpc/grpc-js` 1.8.22

`@grpc/grpc-js@1`.8.21

`@grpc/grpc-js` 1.8.20

`@grpc/grpc-js` 1.8.19

`@grpc/grpc-js` 1.8.18

`@grpc/grpc-js` 1.8.17

`@grpc/grpc-js` 1.8.16

`@grpc/grpc-js` 1.8.15

`@grpc/grpc-js` 1.8.14

`@grpc/grpc-js` 1.8.13

`@grpc/grpc-js@1`.8.12

`@grpc/grpc-js` 1.8.11

`@grpc/grpc-js` 1.8.10

`@grpc/grpc-js` 1.8.9

`@grpc/grpc-js` 1.8.8