Bump the npm_and_yarn group across 1 directory with 20 updates #55

dependabot · 2025-03-14T02:52:59Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
@octokit/request-error	`5.0.1`	`5.1.1`
cookie-parser	`1.4.6`	`1.4.7`
express	`4.18.2`	`4.21.2`
http-proxy-middleware	`2.0.6`	`2.0.7`
next	`14.0.4`	`14.2.21`
lint-staged	`15.0.2`	`15.5.0`
tsx	`4.7.0`	`4.19.3`
@babel/runtime	`7.23.2`	`7.26.10`
@octokit/request	`8.1.4`	`8.4.1`
axios	`1.6.2`	`1.8.3`
nanoid	`3.3.6`	`3.3.9`
undici	`5.28.3`	`5.28.5`

Updates @octokit/request-error from 5.0.1 to 5.1.1

Release notes

Sourced from @octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

ReDos regex vulnerability, reported by @dayshift (12a14f0)

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

upgrade @octokit/types to v13 (3af20bd)

Features

security: Add provenance (#416) (94147e8)

Commits

b51ed27 test: ReDos regex vulnerability, reported by @dayshift
12a14f0 fix: ReDos regex vulnerability, reported by @dayshift
3af20bd fix: upgrade @octokit/types to v13
94147e8 feat(security): Add provenance (#416)
See full diff in compare view

Updates cookie-parser from 1.4.6 to 1.4.7

Release notes

Sourced from cookie-parser's releases.

1.4.7

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cookie-parser#103

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/cookie-parser#104

ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in expressjs/cookie-parser#100

deps: [email protected] by @SamChatfield in expressjs/cookie-parser#116

Release: 1.4.7 by @UlisesGascon in expressjs/cookie-parser#117

New Contributors

@inigomarquinez made their first contribution in expressjs/cookie-parser#103

@arunsathiya made their first contribution in expressjs/cookie-parser#100

@SamChatfield made their first contribution in expressjs/cookie-parser#116

@UlisesGascon made their first contribution in expressjs/cookie-parser#117

Full Changelog: expressjs/cookie-parser@1.4.6...1.4.7

Changelog

Sourced from cookie-parser's changelog.

1.4.7 / 2024-10-08

deps: [email protected]

Fix object assignment of hasOwnProperty

deps: [email protected]

Allow leading dot for domain

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing

deps: [email protected]

perf: parse cookies ~10% faster

fix: narrow the validation of cookies to match RFC6265

fix: add main to package.json for rspack

deps: [email protected]

Add partitioned option

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

deps: [email protected]

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

Commits

5d61e1e 1.4.7
ccf1f54 deps: [email protected] (#116)
429cfd4 ci: Use GITHUB_OUTPUT envvar instead of set-output command (#100)
ca4c97e ci: fix errors in ci pipeline for node 8 and 9 (#104)
97bdf39 ci: add support for OSSF scorecard reporting (#103)
e5862bd build: [email protected]
f0688d2 build: [email protected]
44ec541 build: [email protected]
695435a deps: [email protected]
f66e7e1 build: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cookie-parser since your current version.

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates http-proxy-middleware from 2.0.6 to 2.0.7

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates next from 14.0.4 to 14.2.21

Commits

2655f6e v14.2.21
8803d2b Backport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)
6e35243 chore(docs): add missing search: '' on remotePatterns (#73925) (#73927)
54919d2 chore(docs): update version history of next/image (#73926)
049a690 Backport: Fix unstable_allowDynamic when used with pnpm (#73765)
663fa9c Fix SWC and React versions for 14-2-1 branch (#73791)
ed78a4a v14.2.20
530421d [backport] Fix/dedupe fetch clone (#73532)
cbc62ad v14.2.19
92280dc [backport] Update max tag items limit in docs (#73445)
Additional commits viewable in compare view

Updates lint-staged from 15.0.2 to 15.5.0

Release notes

Sourced from lint-staged's releases.

v15.5.0

Minor Changes

#1526 630af5f Thanks @iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

Example with Prettier

By default Prettier prefers double quotes.

Previously

Stage file.js with only double quotes " changed to '

Run git commit -am "I don't like double quotes"

Lint-staged runs prettier --write file.js, converting all the ' back to "

Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state

Commit was not done, original state is restored and single quotes ' are staged

Now

Stage file.js with only double-quotes " changed to '

Run git commit -am "I don't like double quotes"

Lint-staged runs prettier --write file.js, converting all the ' back to "

Because there are now no changes, lint-staged fails and cancels the commit

Commit was not done, and there are no staged changes

v15.4.3

Patch Changes

#1512 cbfed1d Thanks @tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693.

v15.4.2

Patch Changes

#1509 8827ebf Thanks @iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

v15.4.1

Patch Changes

#1504 1c7a45e Thanks @iiroj! - Default TypeScript config filenames match JS equivalents.

#1504 9cc18c9 Thanks @iiroj! - Add missing conditional exports syntax for TypeScript types.

v15.4.0

Minor Changes
#1500 a8ec1dd Thanks @iiroj! - Lint-staged now provides TypeScript types for the configuration and main Node.js API. You can use the JSDoc syntax in your JS configuration files:
/**
 * @filename: lint-staged.config.js

... (truncated)

Changelog

Sourced from lint-staged's changelog.

15.5.0

Minor Changes

#1526 630af5f Thanks @iiroj! - Lint-staged no longer resets to the original state when preventing an empty git commit. This happens when your configured tasks reset all the staged changes, typically when trying to commit formatting changes which conflict with your linter setup like ESLint or Prettier.

Example with Prettier

By default Prettier prefers double quotes.

Previously

Stage file.js with only double quotes " changed to '

Run git commit -am "I don't like double quotes"

Lint-staged runs prettier --write file.js, converting all the ' back to "

Because there are now no changes, lint-staged fails, cancels the commit, and resets back to the original state

Commit was not done, original state is restored and single quotes ' are staged

Now

Stage file.js with only double-quotes " changed to '

Run git commit -am "I don't like double quotes"

Lint-staged runs prettier --write file.js, converting all the ' back to "

Because there are now no changes, lint-staged fails and cancels the commit

Commit was not done, and there are no staged changes

15.4.3

Patch Changes

#1512 cbfed1d Thanks @tarik02! - Adjust TypeScript types for the default export so that it can be used as a value without error TS2693.

15.4.2

Patch Changes

#1509 8827ebf Thanks @iiroj! - Change lint-staged's dependencies to use caret (^) ranges instead of tilde (~). This makes it easier for package managers to perform dependency management when minor-level updates are also permitted instead of just patch-level.

15.4.1

Patch Changes

#1504 1c7a45e Thanks @iiroj! - Default TypeScript config filenames match JS equivalents.

#1504 9cc18c9 Thanks @iiroj! - Add missing conditional exports syntax for TypeScript types.

15.4.0

Minor Changes

... (truncated)

Commits

7e6abe4 chore(changeset): release
0ebfa69 build(deps): update dependencies
630af5f feat: do not reset to original state when preventing empty commit
7b8be70 chore: update default branch references from "master" to "main"
362a78d docs: add workaround for tsc ignoring tsconfig.json issue to README FAQ (#1523)
e013823 fix: "node_modules" typo in eslint.config.js
67019ee test: add integration test to ensure unmodified merged files are not linted (...
366f8bd refactor: move TypeScript types to "index.d.ts" file
85ea6a4 docs: adjust readme regarding monorepo setup
e53f950 chore(changeset): release
Additional commits viewable in compare view

Updates tsx from 4.7.0 to 4.19.3

Release notes

Sourced from tsx's releases.

v4.19.3

4.19.3 (2025-02-19)

Bug Fixes

upgrade esbuild to ~0.25.0 to address vuln report (#698) (e04e6c6)

This release is also available on:

npm package (@latest dist-tag)

v4.19.2

4.19.2 (2024-10-26)

Bug Fixes

generate sourcesContent when Node.js debugger is enabled (#670) (7c47074)

This release is also available on:

npm package (@latest dist-tag)

v4.19.1

4.19.1 (2024-09-12)

Bug Fixes

cjs: patch module.path for accurate cache ID (0329bfc), closes privatenumber/tsx#651

cjs: resolve ts extensions from js when namespaced (44ed37f)

This release is also available on:

npm package (@latest dist-tag)

v4.19.0

4.19.0 (2024-08-27)

... (truncated)

Commits

e04e6c6 fix: upgrade esbuild to ~0.25.0 to address vuln report (#698)
28a3e7d docs: update links to npx (#680)
38b7135 docs: add carbon ads
7c47074 fix: generate sourcesContent when Node.js debugger is enabled (#670)
315d5f4 docs(watch): document --include flag
375e39a test: refactor enforce-timeout
524cb77 docs(cjs): add compilation caveats
7f8a051 chore(deps): update dependency node to v20.18.0 (#660)
97e8de0 chore: upgrade pnpm
95d2b0f chore: remove commit hooks
Additional commits viewable in compare view

Updates @babel/runtime from 7.23.2 to 7.26.10

Release notes

Sourced from @babel/runtime's releases.

v7.26.10 (2025-03-11)

Thanks @jordan-choi and @mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

babel-parser

#17159 Disallow decorator in array pattern (@JLHwung)

🐛 Bug Fix

babel-parser, babel-template

#17164 Fix: always initialize ExportDeclaration attributes (@JLHwung)

babel-core

#17142 fix: "Map maximum size exceeded" in deepClone (@liuxingbaoyu)

babel-parser, babel-plugin-transform-typescript

#17154 Update typescript parser tests (@JLHwung)

babel-traverse

#17151 fix: Should not evaluate vars in child scope (@liuxingbaoyu)

babel-generator

#17153 fix: Correctly generate abstract override (@liuxingbaoyu)

babel-parser

#17107 Fix source type detection when parsing TypeScript (@JLHwung)

babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

#17173 Fix processing of replacement pattern with named capture groups (@mmmsssttt404)

💅 Polish

babel-standalone

#17158 Avoid warnings when re-bundling @babel/standalone with webpack (@liuxingbaoyu)

🏠 Internal

babel-parser

#17160 Left-value parsing cleanup (@JLHwung)

Committers: 6

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Yunyoung Jordan Choi (@jordan-choi)

@liuxingbaoyu

@mmmsssttt404

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

babel-parser

#17159 Disallow decorator in array pattern (@JLHwung)

🐛 Bug Fix

babel-parser, babel-template

#17164 Fix: always initialize ExportDeclaration attributes (@JLHwung)

babel-core

#17142 fix: "Map maximum size exceeded" in deepClone (@liuxingbaoyu)

babel-parser, babel-plugin-transform-typescript

#17154 Update typescript parser tests (@JLHwung)

babel-traverse

#17151 fix: Should not evaluate vars in child scope (@liuxingbaoyu)

babel-generator

#17153 fix: Correctly generate abstract override (@liuxingbaoyu)

babel-parser

#17107 Fix source type detection when parsing TypeScript (@JLHwung)

babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

#17173 Fix processing of replacement pattern with named capture groups (@mmmsssttt404)

💅 Polish

babel-standalone

#17158 Avoid warnings when re-bundling @babel/standalone with webpack (@liuxingbaoyu)

🏠 Internal

babel-parser

#17160 Left-value parsing cleanup (@JLHwung)

v7.26.9 (2025-02-14)

🐛 Bug Fix

babel-types

#17103 fix: Definition for TSPropertySignature.kind (@liuxingbaoyu)

babel-generator, babel-types

#17062 Print TypeScript optional/definite in ClassPrivateProperty (@jamiebuilds-signal)

🏠 Internal

babel-types

#17130 Use .ts files with explicit reexports to solve name conflicts (@nicolo-ribaudo)

babel-core

#17127 Do not depend on @types/gensync in Babel 7 (@nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

babel-helpers, babel-preset-env, babel-runtime-corejs3

#17086 Make "object without properties" helpers ES6-compatible (@tquetano-netflix)

babel-plugin-transform-typeof-symbol

#17085 fix: Correctly handle typeof in arrow functions (@liuxingbaoyu)

... (truncated)

Commits

e1ce99d v7.26.10
d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
64bca7b v7.26.9
2d95140 v7.26.7
63d3038 v7.26.0
b07957e v7.25.9
af91759 fix: Accidentally publishing useless files (#16917)
2533cfb v7.25.7
69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
2f72b97 v7.25.6
Additional commits viewable in compare view

Updates @octokit/request from 8.1.4 to 8.4.1

Release notes

Sourced from @octokit/request's releases.

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (#741) (356411e)

v8.4.0

8.4.0 (2024-04-09)

Features

re-add redirect request option (#636) (abc4955), closes #599

v8.3.1

8.3.1 (2024-04-05)

Bug Fixes

upgrade @octokit/endpoint (4e7127c)

v8.3.0

8.3.0 (2024-04-05)

Bug Fixes

upgrade @octokit/types (6822e8b)

Features

security: Add provenance (#685) (2e67925)

v8.2.0

8.2.0 (2024-02-09)

Features

add documentation link in error message (#667) (dbfeab2)

v8.1.6

8.1.6 (2023-11-22)

Bug Fixes

... (truncated)

Commits

356411e fix: ReDos regex vulnerability, reported by @DayShift (#741)
abc4955 feat: re-add redirect request option (#636)
4e7127c fix: upgrade @octokit/endpoint
2e67925 feat(security): Add provenance (#685)
6822e8b fix: upgrade @octokit/types
dbfeab2 feat: add documentation link in error message (#667)
c013de4 docs: fix spelling errors (#671)
3d22c38 chore(deps): update dependency prettier to v3.2.5
984ec17 chore(deps): update dependency esbuild to ^0.20.0
2a9cf78 ci(action): update peter-evans/create-or-update-comment action to v4
Additional commits viewable in compare view

Updates axios from 1.6.2 to 1.8.3

Release notes

Sourced from axios's releases.

Release v1.8.3

Release notes:

Bug Fixes

add missing type for allowAbsoluteUrls (#6818) (10fa70e)

xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Ashcon Partovi

StefanBRas

Marc Hassan

Release v1.8.2

Release notes:

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.3 (2025-03-10)

Bug Fixes

add missing type for allowAbsoluteUrls (#6818) (10fa70e)

xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

Ashcon Partovi

StefanBRas

Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (

sourcery-ai · 2025-03-14T02:53:05Z

Reviewer's Guide by Sourcery

This pull request updates multiple npm dependencies in package.json and package-lock.json to their latest versions. This includes updates to @octokit/request-error, cookie-parser, express, http-proxy-middleware, next, lint-staged, tsx, @babel/runtime, @octokit/request, axios, nanoid, and undici.

Sequence diagram for lint-staged execution flow

sequenceDiagram
    participant User
    participant Git
    participant lint-staged
    participant Tasks

    User->>Git: git commit
    Git->>lint-staged: pre-commit hook
    lint-staged->>Tasks: Run configured tasks
    alt Tasks modify staged files
        Tasks-->>Git: add changes
    end
    Tasks-->>lint-staged: Task results
    lint-staged->>Git: Allow or prevent commit
    Git->>User: Commit completed or aborted

Updated class diagram for package.json dependencies

classDiagram
  class PackageJson {
    - "@octokit/request-error": string
    - "cookie-parser": string
    - "express": string
    - "http-proxy-middleware": string
    - "next": string
    - "lint-staged": string
    - "tsx": string
    - "@babel/runtime": string
    - "@octokit/request": string
    - "axios": string
    - "nanoid": string
    - "undici": string
  }

  PackageJson : contains updated dependency versions

File-Level Changes

Change	Details	Files
Updated multiple dependencies to their newer versions.	Bumped @octokit/request-error from 5.0.1 to 5.1.1 Bumped cookie-parser from 1.4.6 to 1.4.7 Bumped express from 4.18.2 to 4.21.2 Bumped http-proxy-middleware from 2.0.6 to 2.0.7 Bumped next from 14.0.4 to 14.2.21 Bumped lint-staged from 15.0.2 to 15.5.0 Bumped tsx from 4.7.0 to 4.19.3 Bumped @babel/runtime from 7.23.2 to 7.26.10 Bumped @octokit/request from 8.1.4 to 8.4.1 Bumped axios from 1.6.2 to 1.8.3 Bumped nanoid from 3.3.6 to 3.3.9 Bumped undici from 5.28.3 to 5.28.5	`package.json` `package-lock.json`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!
Generate a plan of action for an issue: Comment @sourcery-ai plan on
an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

sourcery-ai

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `5.0.1` | `5.1.1` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.4.6` | `1.4.7` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.7` | | [next](https://github.com/vercel/next.js) | `14.0.4` | `14.2.21` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `15.0.2` | `15.5.0` | | [tsx](https://github.com/privatenumber/tsx) | `4.7.0` | `4.19.3` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.23.2` | `7.26.10` | | [@octokit/request](https://github.com/octokit/request.js) | `8.1.4` | `8.4.1` | | [axios](https://github.com/axios/axios) | `1.6.2` | `1.8.3` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.9` | | [undici](https://github.com/nodejs/undici) | `5.28.3` | `5.28.5` | Updates `@octokit/request-error` from 5.0.1 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v5.0.1...v5.1.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.4.6...1.4.7) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `http-proxy-middleware` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.7) Updates `next` from 14.0.4 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.4...v14.2.21) Updates `lint-staged` from 15.0.2 to 15.5.0 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v15.0.2...v15.5.0) Updates `tsx` from 4.7.0 to 4.19.3 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.7.0...v4.19.3) Updates `@babel/runtime` from 7.23.2 to 7.26.10 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) Updates `@octokit/request` from 8.1.4 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v8.1.4...v8.4.1) Updates `axios` from 1.6.2 to 1.8.3 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.2...v1.8.3) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.1) Updates `esbuild` from 0.19.11 to 0.25.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md) - [Commits](evanw/esbuild@v0.19.11...v0.25.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `follow-redirects` from 1.15.4 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.9) Updates `nanoid` from 3.3.6 to 3.3.9 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.9) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `undici` from 5.28.3 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.3...v5.28.5) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lint-staged dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: tsx dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: esbuild dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

Graysonbarton

Signed-off-by: Grayson Barton [email protected]

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2025

sourcery-ai bot reviewed Mar 14, 2025

View reviewed changes

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-4fae721435 branch from 6558abe to 1d1c7ab Compare April 2, 2025 05:14

Graysonbarton added this to the Superproject milestone Apr 2, 2025

Graysonbarton self-assigned this Apr 2, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-4fae721435 branch from 1d1c7ab to 55643a2 Compare April 2, 2025 05:41

Graysonbarton approved these changes May 5, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 20 updates #55

Bump the npm_and_yarn group across 1 directory with 20 updates #55

Uh oh!

dependabot bot commented on behalf of github Mar 14, 2025 •

edited

Loading

Example with Prettier

Previously

Now

Example with Prettier

Previously

Now

Uh oh!

sourcery-ai bot commented Mar 14, 2025 •

edited

Loading

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

sourcery-ai bot left a comment

Uh oh!

Graysonbarton left a comment

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 20 updates #55

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 20 updates #55

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v5.1.0

5.1.0 (2024-04-05)

Bug Fixes

Features

1.4.7

What's Changed

New Contributors

1.4.7 / 2024-10-08

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.7

v15.5.0

Minor Changes

Example with Prettier

Previously

Now

v15.4.3

Patch Changes

v15.4.2

Patch Changes

v15.4.1

Patch Changes

v15.4.0

Minor Changes

15.5.0

Minor Changes

Example with Prettier

Previously

Now

15.4.3

Patch Changes

15.4.2

Patch Changes

15.4.1

Patch Changes

15.4.0

Minor Changes

v4.19.3

4.19.3 (2025-02-19)

Bug Fixes

v4.19.2

4.19.2 (2024-10-26)

Bug Fixes

v4.19.1

4.19.1 (2024-09-12)

Bug Fixes

v4.19.0

4.19.0 (2024-08-27)

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

dependabot bot commented on behalf of github Mar 14, 2025 •

edited

Loading

sourcery-ai bot commented Mar 14, 2025 •

edited

Loading