Bump the npm_and_yarn group across 1 directory with 20 updates #65

dependabot · 2025-06-18T19:44:45Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
body-parser	`1.13.3`	`1.20.3`
debug	`2.2.0`	`2.6.9`
ejs	`2.7.4`	`3.1.10`
express	`4.13.4`	`4.20.0`
log4js	`0.6.38`	`6.4.0`
morgan	`1.6.1`	`1.9.1`
pg-promise	`4.8.1`	`11.5.5`
cookie	`0.1.3`	`0.7.2`
cookie-parser	`1.3.5`	`1.4.7`
express	`4.20.0`	`4.21.2`
express-session	`1.17.2`	`1.18.1`
fresh	`0.3.0`	`0.5.2`
serve-favicon	`2.3.2`	`2.5.1`

Updates body-parser from 1.13.3 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1

deps: [email protected]

perf: remove unnecessary object clone

1.20.0

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

1.20.1 / 2022-10-06

deps: [email protected]

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

1.19.2 / 2022-02-15

deps: [email protected]

deps: [email protected]

Fix handling of __proto__ keys

deps: [email protected]

deps: [email protected]

1.19.1 / 2021-12-10

... (truncated)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

Fix: Check for undefined on browser globals (#462, @marbemac)

2.6.7 / 2017-05-16

Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @hubdotcom)

Fix: Inline extend function in node implementation (#452, @dougwilson)

Docs: Fix typo (#455, @msasad)

2.6.5 / 2017-04-27

Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @thebigredgeek)

Misc: clean up browser reference checks (#447, @thebigredgeek)

Misc: add npm-debug.log to .gitignore (@thebigredgeek)

2.6.4 / 2017-04-20

Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @LucianBuzzo)

Chore: ignore bower.json in npm installations. (#437, @joaovieira)

Misc: update "ms" to v0.7.3 (@tootallnate)

2.6.3 / 2017-03-13

Fix: Electron reference to process.env.DEBUG (#431, @paulcbetts)

Docs: Changelog fix (@thebigredgeek)

2.6.2 / 2017-03-10

Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @slavaGanzin)

Docs: Add backers and sponsors from Open Collective (#422, @piamancini)

Docs: Add Slackin invite badge (@tootallnate)

2.6.1 / 2017-02-10

Fix: Module's export default syntax fix for IE8 Expected identifier error

Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @pi0)

... (truncated)

Commits

13abeae Release 2.6.9
f53962e remove ReDoS regexp in %o formatter (#504)
52e1f21 Release 2.6.8
2482e08 Check for undefined on browser globals (#462)
6bb07f7 release 2.6.7
15850cb Fix Regular Expression Denial of Service (ReDoS)
4a6c85c update "debug" to v1.0.0 (#454)
b68dbf8 Fix typo (#455)
1351d2f Inline extend function in node implementation (#452)
c211947 update version for component
Additional commits viewable in compare view

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates express from 4.13.4 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

... (truncated)

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates log4js from 0.6.38 to 6.4.0

Changelog

Sourced from log4js's changelog.

6.4.0 - BREAKING CHANGE 💥

New default file permissions may cause external applications unable to read logs. A manual code/configuration change is required.

feat: added warnings when log() is used with invalid levels before fallbacking to INFO - thanks @abernh

feat: exposed Recording - thanks @polo-language

fix: default file permission to be 0o600 instead of 0o644 - thanks ranjit-git and @lamweili

docs: updated fileSync.md and misc comments - thanks @lamweili

fix: file descriptor leak if repeated configure() - thanks @lamweili

fix: MaxListenersExceededWarning from NodeJS - thanks @lamweili

test: added assertion for increase of SIGHUP listeners on log4js.configure() - thanks @lamweili

fix: missing TCP appender with Webpack and Typescript - thanks @techmunk

fix: dateFile appender exiting NodeJS on error - thanks @4eb0da

refactor: using writer.writable instead of alive for checking - thanks @lamweili

fix: TCP appender exiting NodeJS on error - thanks @jhonatanTeixeira

fix: multiprocess appender exiting NodeJS on error - thanks @harlentan

test: update fakeFS.read as graceful-fs uses it - thanks @lamweili

test: update fakeFS.realpath as fs-extra uses it - thanks @lamweili

test: added tap.tearDown() to clean up test files

test: #1143 - thanks @lamweili

test: #1022 - thanks @abetomo

type: improved @types for AppenderModule - thanks @nicobao

type: Updated fileSync appender types - thanks @lamweili

type: Removed erroneous type in file appender - thanks @vdmtrv

type: Updated Logger.log type - thanks @ZLundqvist

type: Updated Logger._log type - thanks @lamweili

type: Updated Logger.level type - thanks @lamweili

type: Updated Levels.getLevel type - thanks @saulzhong

chore(deps): bump streamroller from 3.0.1 to 3.0.2 - thanks @lamweili

chore(deps): bump date-format from 4.0.2 to 4.0.3 - thanks @lamweili

chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0 - thanks @lamweili

chore(deps-dev): bump nyc from 14.1.1 to 15.1.0 - thanks @lamweili

chore(deps-dev): bump eslint from 5.16.0 to 8.6.0 - thanks @lamweili

chore(deps): bump flatted from 2.0.2 to 3.2.4 - thanks @lamweili

chore(deps-dev): bump fs-extra from 8.1.0 to 10.0.0 - thanks @lamweili

chore(deps): bump streamroller from 2.2.4 to 3.0.1 - thanks @lamweili

fix: compressed file ignores dateFile appender "mode" - thanks @rnd-debug

fix: #1039 where there is an additional separator in filename ([email protected] changelog)

fix: #1035, #1080 for daysToKeep naming confusion ([email protected] changelog)

refactor: migrated from daysToKeep to numBackups due to streamroller@^3.0.0 - thanks @lamweili

feat: allows for zero backups - thanks @lamweili

chore(deps): bump date-format from 3.0.0 to 4.0.2 - thanks @lamweili

chore(deps): updated dependencies - thanks @lamweili

chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0

chore(deps-dev): bump eslint-plugin-prettier from 3.4.1 to 4.0.0

chore(deps-dev): bump husky from 3.1.0 to 7.0.4

chore(deps-dev): bump prettier from 1.19.0 to 2.5.1

chore(deps-dev): bump typescript from 3.9.10 to 4.5.4

chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0 - thanks @lamweili

... (truncated)

Commits

9fdbed5 6.4.0
788c7a8 Merge pull request #1150 from log4js-node/update-changelog
7fdb141 chore: updated changelog for 6.4.0
e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
ac599e4 allow for zero backup - in sync with https://github.com/log4js-node/streamrol...
53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
436d9b4 Merge pull request #1148 from log4js-node/update-docs
d6b017e chore(docs): updated fileSync.md and misc comments
d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
0ad0133 Merge pull request #1147 from log4js-node/update-deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates morgan from 1.6.1 to 1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

Fix using special characters in format

deps: depd@~1.1.2

perf: remove argument reassignment

1.9.0

Use res.headersSent when available

deps: basic-auth@~2.0.0

Use safe-buffer for improved Buffer API

deps: [email protected]

deps: depd@~1.1.1

Remove unnecessary Buffer loading

1.8.2

deps: [email protected]

Fix DEBUG_MAX_ARRAY_LENGTH

deps: [email protected]

1.8.1

deps: [email protected]

Fix deprecation messages in WebStorm and other editors

Undeprecate DEBUG_FD set to 1 or 2

1.8.0

Fix sending unnecessary undefined argument to token functions

deps: basic-auth@~1.1.0

deps: [email protected]

Allow colors in workers

Deprecated DEBUG_FD environment variable

Fix error when running under React Native

Use same color for same namespace

deps: [email protected]

perf: enable strict mode in compiled functions

1.7.0

Add digits argument to response-time token

deps: depd@~1.1.0

Enable strict mode in more places

Support web browser loading

deps: on-headers@~1.0.1

perf: enable strict mode

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

Fix using special characters in format

deps: depd@~1.1.2

perf: remove argument reassignment

1.9.0 / 2017-09-26

Use res.headersSent when available

deps: basic-auth@~2.0.0

Use safe-buffer for improved Buffer API

deps: [email protected]

deps: depd@~1.1.1

Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

deps: [email protected]

Fix DEBUG_MAX_ARRAY_LENGTH

deps: [email protected]

1.8.1 / 2017-02-04

deps: [email protected]

Fix deprecation messages in WebStorm and other editors

Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

Fix sending unnecessary undefined argument to token functions

deps: basic-auth@~1.1.0

deps: [email protected]

Allow colors in workers

Deprecated DEBUG_FD environment variable

Fix error when running under React Native

Use same color for same namespace

deps: [email protected]

perf: enable strict mode in compiled functions

1.7.0 / 2016-02-18

Add digits argument to response-time token

deps: depd@~1.1.0

Enable strict mode in more places

... (truncated)

Commits

572dd93 1.9.1
e02de38 lint: apply standard 12 style
e329663 Fix using special characters in format
eb1968a tests: use strict equality checks
310b206 build: use yaml eslint configuration
5810937 build: [email protected]
f60afd5 build: [email protected]
5295b0c build: [email protected]
178daaf build: [email protected]
7b08641 build: [email protected]
Additional commits viewable in compare view

Updates pg-promise from 4.8.1 to 11.5.5

Release notes

Sourced from pg-promise's releases.

11.5.5

Addressing sql injection issue; All negative numbers are now wrapped in parentheses.

Dev dependencies updated.

Thanks to @paul-gerste-sonarsource!

11.5.4

Dependencies updated, including the driver, to v8.11.3

11.5.3

Following up on driver fix-update, see issue #888

11.5.2

This update is to clarify the full range of environments officially supported:

PostgreSql v10 - v15

NodeJS v14 - v18

It is worth noting that:

It may work with PostgreSql v9, but it is no longer officially supported.

It should work with NodeJS v20, but it is not officially supported yet (we support LTS versions of NodeJS only).

The CI has been updated accordingly. No functional changes.

11.5.1

Updated dependencies, including the driver, to v8.11.1

Fixed #884 - CI build issue in test

11.5.0

Many dependencies updated, including Postgres driver.

Minor documentation updates.

Please note that at the time of publishing this, GitHub CI started showing problems again, unrelated to the project. All tests pass locally fine, disregard Failed Build status for the time being.

11.4.3

Updated dependencies

Marked method batch as deprecated.

11.4.2

Dev dependencies updated

Semantic refactoring of the code

11.4.1

Corrected TypeScript signature for the Pool's property log.

11.4.0

Updated dependencies: "pg" -> "8.10.0" and "pg-query-stream" -> "4.4.0"

Extended IPool TypeScript declaration with properties expiredCount + log. The latter in case you want to log what the pool is doing:

... (truncated)

Commits

1a4dfe6 Fixing issue Vulnerability: SQL Injection via Line Comment Creation vitaly-t/pg-promise#911 (comment)...
79199d4 update the package
8f30428 Fix node-postgres.com/apis/... links (#912)
8343d4b update deps
00cd486 updating deps
e86ef61 update node ver
40311c3 add version check
ab150f2 add pg11 tests
b58bfcc downgrade supported pg to v10
7b71768 Update README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vitaly.tomilov, a new releaser for pg-promise since your current version.

Updates cookie from 0.1.3 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

0.4.2

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

0.4.1

Fix maxAge option to reject invalid values

0.4.0

Add SameSite=None support

0.3.1

Fix sameSite: true to work with draft-7 clients

true now sends SameSite=Strict instead of SameSite

0.3.0

Add sameSite option

Replaces firstPartyOnly option, never implemented by browsers

Improve error message when encode is not a function

... (truncated)

Commits

d19eaa1 0.7.2
bc38ffd Fix object assignment of hasOwnProperty (#177)
cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates cookie-parser from 1.3.5 to 1.4.7

Release notes

Sourced from cookie-parser's releases.

1.4.7

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cookie-parser#103

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/cookie-parser#104

ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in expressjs/cookie-parser#100

deps: [email protected] by @SamChatfield in expressjs/cookie-parser#116

Release: 1.4.7 by @UlisesGascon in expressjs/cookie-parser#117

New Contributors

@inigomarquinez made their first contribution in expressjs/cookie-parser#103

@arunsathiya made their first contribution in expressjs/cookie-parser#100

@SamChatfield made their first contribution in expressjs/cookie-parser#116

@UlisesGascon made their first contribution in expressjs/cookie-parser#117

Full Changelog: expressjs/cookie-parser@1.4.6...1.4.7

1.4.6

deps: [email protected]

1.4.5

deps: [email protected]

1.4.4

perf: normalize secret argument only once

1.4.3

deps: [email protected]

perf: use for loop in parse

1.4.2

deps: [email protected]

perf: enable strict mode

perf: use for loop in parse

perf: use string concatination for serialization

1.4.1

deps: [email protected]

perf: enable strict mode

Changelog

Sourced from cookie-parser's changelog.

1.4.7 / 2024-10-08

deps: [email protected]

Fix object assignment of hasOwnProperty

deps: [email protected]

Allow leading dot for domain

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing

deps: [email protected]

perf: parse cookies ~10% faster

fix: narrow the validation of cookies to match RFC6265

fix: add main to package.json for rspack

deps: [email protected]

Add partitioned option

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

deps: [email protected]

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

1.4.6 / 2021-11-16

deps: [email protected]

1.4.5 / 2020-03-14

deps: [email protected]

1.4.4 / 2019-02-12

perf: normalize secret argument only onceDescription has been truncated

Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.13.3` | `1.20.3` | | [debug](https://github.com/debug-js/debug) | `2.2.0` | `2.6.9` | | [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.13.4` | `4.20.0` | | [log4js](https://github.com/log4js-node/log4js-node) | `0.6.38` | `6.4.0` | | [morgan](https://github.com/expressjs/morgan) | `1.6.1` | `1.9.1` | | [pg-promise](https://github.com/vitaly-t/pg-promise) | `4.8.1` | `11.5.5` | | [cookie](https://github.com/jshttp/cookie) | `0.1.3` | `0.7.2` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.3.5` | `1.4.7` | | [express](https://github.com/expressjs/express) | `4.20.0` | `4.21.2` | | [express-session](https://github.com/expressjs/session) | `1.17.2` | `1.18.1` | | [fresh](https://github.com/jshttp/fresh) | `0.3.0` | `0.5.2` | | [serve-favicon](https://github.com/expressjs/serve-favicon) | `2.3.2` | `2.5.1` | Updates `body-parser` from 1.13.3 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.13.3...1.20.3) Updates `debug` from 2.2.0 to 2.6.9 - [Release notes](https://github.com/debug-js/debug/releases) - [Changelog](https://github.com/debug-js/debug/blob/2.6.9/CHANGELOG.md) - [Commits](debug-js/debug@2.2.0...2.6.9) Updates `ejs` from 2.7.4 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v2.7.4...v3.1.10) Updates `express` from 4.13.4 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.13.4...4.20.0) Updates `log4js` from 0.6.38 to 6.4.0 - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v0.6.38...v6.4.0) Updates `morgan` from 1.6.1 to 1.9.1 - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.6.1...1.9.1) Updates `pg-promise` from 4.8.1 to 11.5.5 - [Release notes](https://github.com/vitaly-t/pg-promise/releases) - [Commits](vitaly-t/pg-promise@v.4.8.1...11.5.5) Updates `cookie` from 0.1.3 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.1.3...v0.7.2) Updates `cookie-parser` from 1.3.5 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.3.5...1.4.7) Updates `express` from 4.20.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.13.4...4.20.0) Updates `express-session` from 1.17.2 to 1.18.1 - [Release notes](https://github.com/expressjs/session/releases) - [Changelog](https://github.com/expressjs/session/blob/master/HISTORY.md) - [Commits](expressjs/session@v1.17.2...v1.18.1) Updates `ms` from 0.7.1 to 0.7.2 - [Release notes](https://github.com/vercel/ms/releases) - [Commits](vercel/ms@0.7.1...0.7.2) Updates `fresh` from 0.3.0 to 0.5.2 - [Changelog](https://github.com/jshttp/fresh/blob/master/HISTORY.md) - [Commits](jshttp/fresh@v0.3.0...v0.5.2) Updates `serve-favicon` from 2.3.2 to 2.5.1 - [Release notes](https://github.com/expressjs/serve-favicon/releases) - [Changelog](https://github.com/expressjs/serve-favicon/blob/master/HISTORY.md) - [Commits](expressjs/serve-favicon@v2.3.2...2.5.1) Updates `mime` from 1.3.4 to 1.6.0 - [Release notes](https://github.com/broofa/mime/releases) - [Changelog](https://github.com/broofa/mime/blob/v1.6.0/CHANGELOG.md) - [Commits](broofa/mime@v1.3.4...v1.6.0) Updates `negotiator` from 0.5.3 to 0.6.3 - [Release notes](https://github.com/jshttp/negotiator/releases) - [Changelog](https://github.com/jshttp/negotiator/blob/master/HISTORY.md) - [Commits](jshttp/negotiator@0.5.3...0.6.3) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `pg` from 5.1.0 to 8.11.3 - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/[email protected]/packages/pg) Updates `qs` from 4.0.0 to 6.13.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v4.0.0...v6.13.0) Updates `send` from 0.13.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.13.1...0.19.0) Updates `serve-static` from 1.10.3 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.10.3...v1.16.2) --- updated-dependencies: - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: debug dependency-version: 2.6.9 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: log4js dependency-version: 6.4.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: morgan dependency-version: 1.9.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pg-promise dependency-version: 11.5.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-version: 1.4.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express-session dependency-version: 1.18.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ms dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fresh dependency-version: 0.5.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-favicon dependency-version: 2.5.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mime dependency-version: 1.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: negotiator dependency-version: 0.6.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pg dependency-version: 8.11.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.13.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from austenstone-alt as a code owner June 18, 2025 19:44

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 20 updates #65

Bump the npm_and_yarn group across 1 directory with 20 updates #65

Uh oh!

dependabot bot commented on behalf of github Jun 18, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Bump the npm_and_yarn group across 1 directory with 20 updates #65

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 20 updates #65

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 18, 2025

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.1

1.20.0

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

2.6.9

Patches

Credits

release 2.6.7

release 2.6.6

release 2.6.5

release 2.6.4

release 2.6.3

release 2.6.2

release 2.6.1

release 2.6.0

release 2.5.2

release 2.5.1

release 2.4.5

release 2.4.4

release 2.4.3

release 2.4.2

2.6.9 / 2017-09-22

2.6.8 / 2017-05-18

2.6.7 / 2017-05-16

2.6.5 / 2017-04-27

2.6.4 / 2017-04-20

2.6.3 / 2017-03-13

2.6.2 / 2017-03-10

2.6.1 / 2017-02-10

v3.1.10

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.0.2

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

6.4.0 - BREAKING CHANGE 💥

1.9.1

1.9.0

1.8.2

1.8.1

1.8.0

1.7.0

1.9.1 / 2018-09-10

1.9.0 / 2017-09-26

1.8.2 / 2017-05-23

1.8.1 / 2017-02-04

1.8.0 / 2017-02-04

1.7.0 / 2016-02-18

11.5.5

11.5.4

11.5.3