chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates #572

dependabot · 2024-09-26T14:41:09Z

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
got	`6.7.1`	`11.8.5`
twilio	`3.80.0`	`5.3.2`
jsonwebtoken	`8.5.1`	`9.0.0`
jszip	`3.7.0`	`3.8.0`
body-parser	`1.19.0`	`1.20.3`
express	`4.17.1`	`4.21.0`
decode-uri-component	`0.2.0`	`0.2.2`
follow-redirects	`1.15.6`	`1.15.9`
ws	`8.17.0`	`8.18.0`

Bumps the npm_and_yarn group with 1 update in the /forward-message-sendgrid directory: got.
Bumps the npm_and_yarn group with 1 update in the /forward-message-sparkpost directory: got.
Bumps the npm_and_yarn group with 2 updates in the /patient-appointment-management directory: twilio and jsonwebtoken.
Bumps the npm_and_yarn group with 1 update in the /voice-client-javascript directory: twilio.
Bumps the npm_and_yarn group with 2 updates in the /voice-javascript-sdk directory: twilio and jsonwebtoken.

Updates got from 6.7.1 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

Backport security fix sindresorhus/got@861ccd9

CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

Bump cacheable-request dependency (#1921) 9463bb6

Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

v11.8.2

Make the dnsCache option lazy (#1529) 3bd245f This slightly improves Got startup performance and fixes an issue with Jest.

sindresorhus/got@v11.8.1...v11.8.2

v11.8.1

Do not throw on custom stack traces (#1491) 4c815c3a609eb74d0eb139414d9996b4f65dc3c0

v11.8.0

Fix for sending files with size 0 on stat (#1488) 7acd380

beforeRetry allows stream body if different from original (#1501) 3dd2273

Set default value for an options object (#1495) 390b145

sindresorhus/got@v11.7.0...v11.8.0

v11.7.0

Improvements

Add pfx HTTPS option (#1364) c33df7f

Update body after beforeRequest (#1453) e1c1844

Don't allocate buffer twice (#1403) 7bc69d9

Fixes

Fix a regression where body was sent after redirect 88b32ea

Fix destructure error on promise.json() c97ce7c

Do not ignore userinfo on a redirect to the same origin 52de13b

sindresorhus/got@v11.6.2...v11.7.0

v11.6.2

Bug fixes

Inherit the prefixUrl option from parent if it's undefined (#1448) a3da70a78aeb7f44dd3e0d0fa47cebe9541eb91e

Prepare a fix for hanging promise on Node.js 14.10.x 29d4e325b110ccf7571d4265d40760be4175f7ff

Prepare for Node.js 15.0.0 c126ff19c4e893975cbf6c2c8bebce6ed7631276

... (truncated)

Commits

5e17bb7 11.8.5
bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
8ced192 Fix build
670eb04 11.8.4
20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
0da732f 11.8.3
9463bb6 Bump cacheable-request dependency (#1921)
0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
f896aa5 11.8.2
3bd245f Instantiate CacheableLookup only when needed (#1529)
Additional commits viewable in compare view

Updates twilio from 3.80.0 to 5.3.2

Release notes

Sourced from twilio's releases.

5.3.2

Release Notes

Library - Chore

[PR #1037](twilio/twilio-node#1037): Sync for IoT has reached EOL; removing reference to Deployed Devices. Thanks to @wanjunsli!

Accounts

Update docs and mounts.

Change library visibility to public

Enable consent and contact bulk upsert APIs in prod.

Serverless

Add is_plugin parameter in deployments api to check if it is plugins deployment

Docs

5.3.1

Release Notes

Intelligence

Remove public from operator_type

Update operator_type to include general-availablity and deprecated

Numbers

Remove beta flag for bundle clone API

Docs

5.3.0

Release Notes

Library - Chore

[PR #1032](twilio/twilio-node#1032): upgrade axios from 1.6.8 to 1.7.4. Thanks to @jl-yang!

Iam

updated library_visibility public for new public apikeys

Numbers

Add new field in Error Codes for Regulatory Compliance.

Change typing of Port In Request date_created field to date_time instead of date (breaking change)

Docs

5.2.3

Release Notes

Library - Chore

... (truncated)

Changelog

Sourced from twilio's changelog.

[2024-09-25] Version 5.3.2

Library - Chore

[PR #1037](twilio/twilio-node#1037): Sync for IoT has reached EOL; removing reference to Deployed Devices. Thanks to @wanjunsli!

Accounts

Update docs and mounts.

Change library visibility to public

Enable consent and contact bulk upsert APIs in prod.

Serverless

Add is_plugin parameter in deployments api to check if it is plugins deployment

[2024-09-18] Version 5.3.1

Intelligence

Remove public from operator_type

Update operator_type to include general-availablity and deprecated

Numbers

Remove beta flag for bundle clone API

[2024-09-05] Version 5.3.0

Library - Chore

[PR #1032](twilio/twilio-node#1032): upgrade axios from 1.6.8 to 1.7.4. Thanks to @jl-yang!

Iam

updated library_visibility public for new public apikeys

Numbers

Add new field in Error Codes for Regulatory Compliance.

Change typing of Port In Request date_created field to date_time instead of date (breaking change)

[2024-08-26] Version 5.2.3

Library - Chore

[PR #1030](twilio/twilio-node#1030): removing preview_iam references. Thanks to @tiwarishubham635!

Api

Update documentation of error_code and error_message on the Message resource.

Remove generic parameters from transcription resource

Added public documentation for Payload Data retrieval API

Flex

Adding update Flex User api

... (truncated)

Upgrade guide

Sourced from twilio's upgrade guide.

Upgrade Guide

All MAJOR version bumps will have upgrade notes posted here.

[2024-03-07] 4.x.x to 5.x.x

Overview

Twilio Node Helper Library’s major version 5.0.0 is now available. We ensured that you can upgrade to Node helper Library 5.0.0 version without any breaking changes of existing apis

Behind the scenes Node Helper is now auto-generated via OpenAPI with this release. This enables us to rapidly add new features and enhance consistency across versions and languages. We're pleased to inform you that version 5.0.0 adds support for the application/json content type in the request body.

[2023-01-25] 3.x.x to 4.x.x
Supported Node.js versions updated

Upgrade to Node.js >= 14

Dropped support for Node.js < 14 (#791)

Added support for Node.js 18 (#794)

Lazy loading enabled by default (#752)

Required Twilio modules now lazy load by default

See the README for how to disable lazy loading

Type changes from object to Record (#873)

Certain response properties now use the Record type with string keys

Including the subresourceUris property for v2010 APIs and the links properties for non-v2010 APIs

Access Tokens

Creating an AccessToken requires an identity in the options (#875)

ConversationsGrant has been deprecated in favor of VoiceGrant (#783)

IpMessagingGrant has been removed (#784)
TwiML function deprecations (#788)
<Refer>

Refer.referSip() replaced by Refer.sip()
<Say>
Say.ssmlBreak() and Say.break_() replaced by Say.break()

Say.ssmlEmphasis() replaced by Say.emphasis()

Say.ssmlLang() replaced by Say.lang()

Say.ssmlP() replaced by Say.p()

Say.ssmlPhoneme() replaced by Say.phoneme()

Say.ssmlProsody() replaced by Say.prosody()

Say.ssmlS() replaced by Say.s()

Say.ssmlSayAs() replaced by Say.sayAs()

Say.ssmlSub() replaced by Say.sub()
Say.ssmlW() replaced by Say.w()

Old:

... (truncated)

Commits

64ca243 Release 5.3.2
7bf9c75 [Librarian] Regenerated @ 08245333f4a8c9235d547b189cd9c422f73e0e7e 7bb98153c2...
34e7fbc Sync for IoT has reached EOL; removing reference to Deployed Devices (#1037)
6033208 Release 5.3.1
5b49fe9 [Librarian] Regenerated @ 1b6718f23da76f150eac392860c66a26de9af713 ceb130295f...
8c2377f Release 5.3.0
34f9f35 [Librarian] Regenerated @ 78bf2bbef74e4846ca8353fbdee038a6b8080c59 2250ef3ba0...
7abbc1b upgrade axios from 1.6.8 to 1.7.4 (#1032)
1b854a6 Release 5.2.3
d61d2f2 [Librarian] Regenerated @ c8ce9820730ef3b2a48912311d45afb8c26b9ee7 2ee5b1fa49...
Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates jszip from 3.7.0 to 3.8.0

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

Fix build of dist files.

Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

Commits

3b98cfc 3.8.0
2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
1f631b0 Update contributing
459ff79 Add tests for utils that remove leading slash
d4702a7 Merge pull request #541 from PatricSteffen/patch-1
2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
85c4989 Merge pull request #796 from Stuk/ghci
40cc7f4 Add dependency caching
5ee321e Install deps needed for Playwright on Github Actions
eeb841e Remove code and dependencies used for Saucelabs
Additional commits viewable in compare view

Updates semver from 5.7.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
c83c18c 5.7.1
956e228 Correct typo in README
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: http-errors@2.0.0

deps: depd@2.0.0

deps: statuses@2.0.1

deps: on-finished@2.4.1

deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1 / 2022-10-06

deps: qs@6.11.0

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: http-errors@2.0.0

deps: depd@2.0.0

deps: statuses@2.0.1

deps: on-finished@2.4.1

deps: qs@6.10.3

deps: raw-body@2.5.1

deps: http-errors@2.0.0

1.19.2 / 2022-02-15

deps: bytes@3.1.2

deps: qs@6.9.7

Fix handling of __proto__ keys

deps: raw-body@2.4.3

deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.17.1 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

... (truncated)

Commits

7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
77ada90 Deprecate "back" magic string in redirects (#5935)
21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
54271f6 fix: don't render redirect values in anchor href
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates express from 4.17.1 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list by...
Description has been truncated

… updates Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [got](https://github.com/sindresorhus/got) | `6.7.1` | `11.8.5` | | [twilio](https://github.com/twilio/twilio-node) | `3.80.0` | `5.3.2` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` | | [jszip](https://github.com/Stuk/jszip) | `3.7.0` | `3.8.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.0` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.15.9` | | [ws](https://github.com/websockets/ws) | `8.17.0` | `8.18.0` | Bumps the npm_and_yarn group with 1 update in the /forward-message-sendgrid directory: [got](https://github.com/sindresorhus/got). Bumps the npm_and_yarn group with 1 update in the /forward-message-sparkpost directory: [got](https://github.com/sindresorhus/got). Bumps the npm_and_yarn group with 2 updates in the /patient-appointment-management directory: [twilio](https://github.com/twilio/twilio-node) and [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 1 update in the /voice-client-javascript directory: [twilio](https://github.com/twilio/twilio-node). Bumps the npm_and_yarn group with 2 updates in the /voice-javascript-sdk directory: [twilio](https://github.com/twilio/twilio-node) and [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Updates `got` from 6.7.1 to 11.8.5 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v6.7.1...v11.8.5) Updates `twilio` from 3.80.0 to 5.3.2 - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@3.80.0...5.3.2) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `jszip` from 3.7.0 to 3.8.0 - [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md) - [Commits](Stuk/jszip@v3.7.0...v3.8.0) Updates `semver` from 5.7.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.0...v5.7.2) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `express` from 4.17.1 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.17.1...4.21.0) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `express` from 4.17.1 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.17.1...4.21.0) Updates `follow-redirects` from 1.15.6 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.6...v1.15.9) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `ws` from 8.17.0 to 8.18.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.17.0...8.18.0) Updates `got` from 6.7.1 to 14.4.2 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v6.7.1...v11.8.5) Updates `got` from 6.7.1 to 14.4.2 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v6.7.1...v11.8.5) Updates `twilio` from 3.84.1 to 5.3.2 - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@3.80.0...5.3.2) Updates `jsonwebtoken` from 8.5.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `twilio` from 3.66.1 to 5.3.2 - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@3.80.0...5.3.2) Updates `jsonwebtoken` from 8.5.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `semver` from 5.7.1 to 7.6.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.0...v5.7.2) Updates `axios` from 0.21.4 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.4...v1.7.7) Updates `qs` from 6.10.1 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.10.1...v6.13.0) Updates `follow-redirects` from 1.14.8 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.6...v1.15.9) Updates `twilio` from 3.84.1 to 5.3.2 - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@3.80.0...5.3.2) Updates `jsonwebtoken` from 8.5.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) --- updated-dependencies: - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: twilio dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jszip dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: twilio dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: twilio dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: twilio dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

bnb · 2024-10-24T18:07:57Z

@dependabot rebase

dependabot · 2024-10-24T18:14:07Z

Superseded by #575.

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 26, 2024

dependabot bot closed this Oct 24, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-57d6f9752b branch October 24, 2024 18:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates #572

chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates #572

Uh oh!

dependabot bot commented on behalf of github Sep 26, 2024 •

edited

Loading

Uh oh!

bnb commented Oct 24, 2024

Uh oh!

dependabot bot commented on behalf of github Oct 24, 2024

Uh oh!

Uh oh!

chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates #572

chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates #572

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 26, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.8.5

v11.8.3

v11.8.2

v11.8.1

v11.8.0

v11.7.0

Improvements

Fixes

v11.6.2

Bug fixes

5.3.2

Release Notes

5.3.1

Release Notes

5.3.0

Release Notes

5.2.3

Release Notes

[2024-09-25] Version 5.3.2

[2024-09-18] Version 5.3.1

[2024-09-05] Version 5.3.0

[2024-08-26] Version 5.2.3

Upgrade Guide

[2024-03-07] 4.x.x to 5.x.x

Overview

Twilio Node Helper Library’s major version 5.0.0 is now available. We ensured that you can upgrade to Node helper Library 5.0.0 version without any breaking changes of existing apis

[2023-01-25] 3.x.x to 4.x.x

9.0.0 - 2022-12-21

Breaking changes

Security fixes

v3.8.0 2022-03-30

v3.7.1 2021-08-05

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v0.2.2

v0.2.1

dependabot bot commented on behalf of github Sep 26, 2024 •

edited

Loading