chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #58

dependabot · 2025-04-30T16:43:46Z

Bumps the npm_and_yarn group with 11 updates in the /tests directory:

Package	From	To
@babel/runtime	`7.24.8`	`7.27.1`
@octokit/endpoint	`9.0.5`	`9.0.6`
@octokit/plugin-paginate-rest	`9.2.1`	`9.2.2`
@octokit/request-error	`5.1.0`	`5.1.1`
@octokit/request	`8.4.0`	`8.4.1`
base-x	`4.0.0`	`4.0.1`
jsonpath-plus	`10.1.0`	`10.3.0`
micromatch	`4.0.7`	`4.0.8`
nanoid	`3.3.7`	`3.3.11`
prismjs	`1.29.0`	`1.30.0`
undici	`6.20.1`	`6.21.2`

Updates @babel/runtime from 7.24.8 to 7.27.1

Release notes

Sourced from @babel/runtime's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
296cdc5 Remove unused regenerator-runtime dep in @babel/runtime (#17263)
fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
5c350ea v7.27.0
ca4865a Fix: align behaviour to tsc rewriteRelativeImportExtensions (#17118)
e1ce99d v7.26.10
d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
64bca7b v7.26.9
2d95140 v7.26.7
63d3038 v7.26.0
Additional commits viewable in compare view

Updates @octokit/endpoint from 9.0.5 to 9.0.6

Release notes

Sourced from @octokit/endpoint's releases.

v9.0.6

9.0.6 (2025-02-14)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (#515) (599ff4f)

Commits

599ff4f fix: ReDos regex vulnerability, reported by @DayShift (#515)
See full diff in compare view

Updates @octokit/plugin-paginate-rest from 9.2.1 to 9.2.2

Release notes

Sourced from @octokit/plugin-paginate-rest's releases.

v9.2.2

9.2.2 (2025-02-15)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (#660) (e1e4489)

Commits

e1e4489 fix: ReDos regex vulnerability, reported by @DayShift (#660)
See full diff in compare view

Updates @octokit/request-error from 5.1.0 to 5.1.1

Release notes

Sourced from @octokit/request-error's releases.

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

ReDos regex vulnerability, reported by @dayshift (12a14f0)

Commits

b51ed27 test: ReDos regex vulnerability, reported by @dayshift
12a14f0 fix: ReDos regex vulnerability, reported by @dayshift
See full diff in compare view

Updates @octokit/request from 8.4.0 to 8.4.1

Release notes

Sourced from @octokit/request's releases.

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

ReDos regex vulnerability, reported by @DayShift (#741) (356411e)

Commits

356411e fix: ReDos regex vulnerability, reported by @DayShift (#741)
See full diff in compare view

Updates base-x from 4.0.0 to 4.0.1

Commits

7c17e51 4.0.1
e848733 Prohibit char codes that would overflow the BASE_MAP
See full diff in compare view

Updates cross-spawn from 6.0.5 to 6.0.6

Changelog

Sourced from cross-spawn's changelog.

6.0.6 (2024-11-18)

Bug Fixes

disable regexp backtracking (#160) (ba5aaef)

core: support worker threads (#127) (f4af31c)

Commits

d35c865 chore(release): 6.0.6
5a37e19 chore: update package.json and package.lock
ba5aaef fix: disable regexp backtracking (#160)
f4af31c fix(core): support worker threads (#127)
See full diff in compare view

Updates image-size from 1.1.1 to 1.2.1

Release notes

Sourced from image-size's releases.

v1.2.1

Fixes

fix potential Denial of Service via specially crafted payloads in image-size/image-size@640a67d

Full Changelog: image-size/image-size@v1.2.0...v1.2.1

v1.2.0

This release adds support for JPEG-XL ( #409 )

Commits

a4178fb 1.2.1
640a67d fix potential Denial of Service via specially crafted payloads
9d41448 1.2.0
405a244 fixups
76c5c9a mention jpeg-xl in the readme
a10262c Add support for JPEG XL (#409)
a7a24a3 (app): Fix typo in comments (#411)
9f48213 update dependencies, and reformat code with eslint 9
64dda84 refactor formats that use a ISO-BMFF container
e3ea538 no need to create hex strings in j2c
Additional commits viewable in compare view

Updates jsonpath-plus from 10.1.0 to 10.3.0

Release notes

Sourced from jsonpath-plus's releases.

v10.3.0

What's Changed

fix(eval): rce using non-string prop names by @80avin in JSONPath-Plus/JSONPath#237

feat(demo): make demo link shareable by @80avin in JSONPath-Plus/JSONPath#238

Full Changelog: JSONPath-Plus/JSONPath@v10.2.0...v10.3.0

Changelog

Sourced from jsonpath-plus's changelog.

10.3.0

fix(eval): rce using non-string prop names (#237)

feat(demo): make demo link shareable (#238)

chore: update deps. and devDeps.

10.2.0

fix(eval): improve security of safe-eval (#233)

chore: update deps. and devDeps.

Commits

9754e4b chore: bump version
f690da1 chore: update deps and devDeps
313a9b4 Merge pull request #238 from 80avin/shareable-demo
39a0d03 Merge pull request #237 from 80avin/fix-10.2.0-rce
1c532fc feat(demo): make demo link shareable
3094289 fix(eval): rce using non-string prop names
8e4acf8 chore: bump version
f0708a4 chore: update deps. and devDeps.
0bfda55 build(deps): bump @eslint/plugin-kit from 0.2.0 to 0.2.3 (#234)
73ad72e fix(eval): improve security of safe-eval (#233)
See full diff in compare view

Maintainer changes

This version was pushed to npm by 80avin, a new releaser for jsonpath-plus since your current version.

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

check that currentScript is set by a script tag by @lkuechler in PrismJS/prism#3863

New Contributors

@lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

76dde18 Release 1.30.0
93cca40 npm pkg fix
99c5ca9 Add release script
8e8b935 check that currentScript is set by a script tag (#3863)
f894dc2 Fix logo in the footer
ac38dce Delete CNAME
9b5b09a Enable CORS
See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

encodeurl@~2.0.0 by @wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

bump send to 0.19 by @tommasini in expressjs/serve-static#176

New Contributors

@tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: [email protected]

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): [email protected]
48c7397 1.16.0
0c11fad Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates undici from 6.20.1 to 6.21.2

Release notes

Sourced from undici's releases.

v6.21.2

What's Changed

fix(types): add missing DNS interceptor by @slagiewka in nodejs/undici#4024

[v6.x] fix wpts on windows by @mcollina in nodejs/undici#4093

Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

New Contributors

@slagiewka made their first contribution in nodejs/undici#4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

fix(#3736): back-port 183f8e9 to v6.x by @ggoodman in nodejs/undici#3855

fix(#3817): send servername for SNI on TLS (#3821) [backport] by @metcoder95 in nodejs/undici#3864

fix: sending formdata bodies with http2 (#3863) [backport] by @metcoder95 in nodejs/undici#3866

[Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @github-actions in nodejs/undici#3877

types: [backport] Update return type of RetryCallback (#3851) by @metcoder95 in nodejs/undici#3876

Full Changelog: nodejs/undici@v6.21.0...v6.21.1

v6.21.0

What's Changed

[Backport v6.x] web: mark as uncloneable when possible (#3709) by @jazelly in nodejs/undici#3744

[Backport v6.x] fetch: fix content-encoding order by @github-actions in nodejs/undici#3764

[Backport v6.x] fix: handle undefined deref() of WeakRef(socket) by @github-actions in nodejs/undici#3822

[Backport v6.x] fix: range end is zero-indexed by @github-actions in nodejs/undici#3827

Full Changelog: nodejs/undici@v6.20.1...v6.21.0

Commits

b63d939 Bumped v6.21.2
de1e4b8 [v6.x] fix wpts on windows (#4093)
4e07dda test: fix windows wpt (#4050)
1333871 Removed clients with unrecoverable errors from the Pool (#4088)
a0e76c7 fix(types): add missing DNS interceptor (#4024)
e260e7b Bumped v6.21.1
c3acc60 Merge commit from fork
2414bc9 Update return type of RetryCallback (#3851) (#3876)
be8cd0a [Backport v6.x] fix: Fixed the issue that there is no running request when ht...
ee6176c fix: sending formdata bodies with http2 (#3863) [backport] (#3866)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…pdates Bumps the npm_and_yarn group with 11 updates in the /tests directory: | Package | From | To | | --- | --- | --- | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.24.8` | `7.27.1` | | [@octokit/endpoint](https://github.com/octokit/endpoint.js) | `9.0.5` | `9.0.6` | | [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) | `9.2.1` | `9.2.2` | | [@octokit/request-error](https://github.com/octokit/request-error.js) | `5.1.0` | `5.1.1` | | [@octokit/request](https://github.com/octokit/request.js) | `8.4.0` | `8.4.1` | | [base-x](https://github.com/cryptocoinjs/base-x) | `4.0.0` | `4.0.1` | | [jsonpath-plus](https://github.com/s3u/JSONPath) | `10.1.0` | `10.3.0` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.7` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | | [prismjs](https://github.com/PrismJS/prism) | `1.29.0` | `1.30.0` | | [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.21.2` | Updates `@babel/runtime` from 7.24.8 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-runtime) Updates `@octokit/endpoint` from 9.0.5 to 9.0.6 - [Release notes](https://github.com/octokit/endpoint.js/releases) - [Commits](octokit/endpoint.js@v9.0.5...v9.0.6) Updates `@octokit/plugin-paginate-rest` from 9.2.1 to 9.2.2 - [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases) - [Commits](octokit/plugin-paginate-rest.js@v9.2.1...v9.2.2) Updates `@octokit/request-error` from 5.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v5.1.0...v5.1.1) Updates `@octokit/request` from 8.4.0 to 8.4.1 - [Release notes](https://github.com/octokit/request.js/releases) - [Commits](octokit/request.js@v8.4.0...v8.4.1) Updates `base-x` from 4.0.0 to 4.0.1 - [Commits](cryptocoinjs/base-x@v4.0.0...v4.0.1) Updates `cross-spawn` from 6.0.5 to 6.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/v6.0.6/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v6.0.5...v6.0.6) Updates `image-size` from 1.1.1 to 1.2.1 - [Release notes](https://github.com/image-size/image-size/releases) - [Commits](image-size/image-size@v1.1.1...v1.2.1) Updates `jsonpath-plus` from 10.1.0 to 10.3.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.1.0...v10.3.0) Updates `micromatch` from 4.0.7 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.7...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `prismjs` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md) - [Commits](PrismJS/prism@v1.29.0...v1.30.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `undici` from 6.20.1 to 6.21.2 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.20.1...v6.21.2) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/endpoint" dependency-version: 9.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/plugin-paginate-rest" dependency-version: 9.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request-error" dependency-version: 5.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@octokit/request" dependency-version: 8.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 6.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: image-size dependency-version: 1.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonpath-plus dependency-version: 10.3.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: prismjs dependency-version: 1.30.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.21.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from ilbertt as a code owner April 30, 2025 16:43

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #58

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #58

Uh oh!

dependabot bot commented on behalf of github Apr 30, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #58

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates #58

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 30, 2025

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v9.0.6

9.0.6 (2025-02-14)

Bug Fixes

v9.2.2

9.2.2 (2025-02-15)

Bug Fixes

v5.1.1

5.1.1 (2025-02-14)

Bug Fixes

v8.4.1

8.4.1 (2025-02-15)

Bug Fixes

6.0.6 (2024-11-18)

Bug Fixes

v1.2.1

Fixes

v1.2.0

v10.3.0

What's Changed

10.3.0

10.2.0

4.0.8

[4.0.8] - 2024-08-22

3.3.11

3.3.10

3.3.9

3.3.11

3.3.10

3.3.9

3.3.8

v1.30.0

What's Changed

New Contributors

Prism Changelog

v1.16.2

What's Changed

v1.16.1

What's Changed

New Contributors

1.16.0

What's Changed

New Contributors

1.16.2 / 2024-09-11

1.16.1 / 2024-09-11

1.16.0 / 2024-09-10

v6.21.2

What's Changed

New Contributors

v6.21.1

⚠️ Security Release ⚠️

What's Changed

v6.21.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants