TypeMonPress icon indicating copy to clipboard operation
TypeMonPress copied to clipboard
verified publisher icon xeoneux

Bump debug, body-parser, compression, express, express-session, helmet, mongoose, morgan and mocha

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps debug to 2.6.9 and updates ancestor dependencies debug, body-parser, compression, express, express-session, helmet, mongoose, morgan and mocha. These dependencies need to be updated together.

Updates debug from 2.6.8 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

  • Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

  • remove ReDoS regexp in %o formatter (#504)
Commits

Updates body-parser from 1.18.1 to 1.20.1

Release notes

Sourced from body-parser's releases.

1.20.0

1.19.2

1.19.1

1.19.0

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.1 / 2022-10-06

1.20.0 / 2022-04-02

1.19.2 / 2022-02-15

1.19.1 / 2021-12-10

1.19.0 / 2019-04-25

... (truncated)

Commits

Updates compression from 1.7.0 to 1.7.4

Release notes

Sourced from compression's releases.

1.7.4

  • deps: compressible@~2.0.16
    • Mark text/less as compressible
    • deps: mime-db@'>= 1.38.0 < 2'
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value
  • perf: prevent unnecessary buffer copy

1.7.3

  • deps: accepts@~1.3.5
    • deps: mime-types@~2.1.18
  • deps: compressible@~2.0.14
    • Mark all XML-derived types as compressible
    • deps: mime-db@'>= 1.34.0 < 2'
  • deps: [email protected]

1.7.2

  • deps: compressible@~2.0.13
    • deps: mime-db@'>= 1.33.0 < 2'

1.7.1

  • deps: accepts@~1.3.4
    • deps: mime-types@~2.1.16
  • deps: [email protected]
  • deps: compressible@~2.0.11
    • deps: mime-db@'>= 1.29.0 < 2'
  • deps: [email protected]
  • deps: vary@~1.1.2
    • perf: improve header token parsing speed
Changelog

Sourced from compression's changelog.

1.7.4 / 2019-03-18

  • deps: compressible@~2.0.16
    • Mark text/less as compressible
    • deps: mime-db@'>= 1.38.0 < 2'
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value
  • perf: prevent unnecessary buffer copy

1.7.3 / 2018-07-15

  • deps: accepts@~1.3.5
    • deps: mime-types@~2.1.18
  • deps: compressible@~2.0.14
    • Mark all XML-derived types as compressible
    • deps: mime-db@'>= 1.34.0 < 2'
  • deps: [email protected]

1.7.2 / 2018-02-18

  • deps: compressible@~2.0.13
    • deps: mime-db@'>= 1.33.0 < 2'

1.7.1 / 2017-09-26

  • deps: accepts@~1.3.4
    • deps: mime-types@~2.1.16
  • deps: [email protected]
  • deps: compressible@~2.0.11
    • deps: mime-db@'>= 1.29.0 < 2'
  • deps: [email protected]
  • deps: vary@~1.1.2
    • perf: improve header token parsing speed
Commits

Updates express from 4.15.4 to 4.18.2

Release notes

Sourced from express's releases.

4.18.2

4.18.1

  • Fix hanging on large stack of sync routes

4.18.0

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

... (truncated)

Commits

Updates express-session from 1.15.5 to 1.17.3

Release notes

Sourced from express-session's releases.

1.17.3

1.17.2

1.17.1

  • Fix internal method wrapping error on failed reloads

1.17.0

1.16.2

  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3

1.16.1

  • Fix error passing data option to Cookie constructor
  • Fix uncaught error from bad session data

1.16.0

  • Catch invalid cookie.maxAge value earlier
  • Deprecate setting cookie.maxAge to a Date object
  • Fix issue where resave: false may not save altered sessions
  • Remove utils-merge dependency
  • Use safe-buffer for improved Buffer API
  • Use Set-Cookie as cookie header name for compatibility
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
    • perf: remove argument reassignment
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.15.6

  • deps: [email protected]
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: uid-safe@~2.1.5
    • perf: remove only trailing =
  • deps: [email protected]
Changelog

Sourced from express-session's changelog.

1.17.3 / 2022-05-11

1.17.2 / 2021-05-19

1.17.1 / 2020-04-16

  • Fix internal method wrapping error on failed reloads

1.17.0 / 2019-10-10

1.16.2 / 2019-06-12

  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3

1.16.1 / 2019-04-11

  • Fix error passing data option to Cookie constructor
  • Fix uncaught error from bad session data

1.16.0 / 2019-04-10

  • Catch invalid cookie.maxAge value earlier
  • Deprecate setting cookie.maxAge to a Date object
  • Fix issue where resave: false may not save altered sessions
  • Remove utils-merge dependency
  • Use safe-buffer for improved Buffer API
  • Use Set-Cookie as cookie header name for compatibility
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
    • perf: remove argument reassignment

... (truncated)

Commits

Updates helmet from 3.8.1 to 3.23.3

Changelog

Sourced from helmet's changelog.

3.23.3 - 2020-06-26

Changed

  • helmet.expectCt is no longer a separate package. This should have no effect on end users.
  • helmet.frameguard is no longer a separate package. This should have no effect on end users.

3.23.2 - 2020-06-23

Changed

  • helmet.dnsPrefetchControl is no longer a separate package. This should have no effect on end users.

3.23.1 - 2020-06-16

Changed

  • helmet.ieNoOpen is no longer a separate package. This should have no effect on end users.

3.23.0 - 2020-06-12

Deprecated

  • helmet.featurePolicy is deprecated. Use the feature-policy module instead.

3.22.1 - 2020-06-10

Changed

  • Rewrote internals in TypeScript. This should have no effect on end users.

3.22.0 - 2020-03-24

Changed

  • Updated helmet-csp to v2.10.0
    • Add support for the allow-downloads sandbox directive. See helmet-csp#103

Deprecated

  • helmet.noCache is deprecated. Use the nocache module instead. See #215

3.21.3 - 2020-02-24

Changed

  • Updated helmet-csp to v2.9.5
    • Updated bowser subdependency from 2.7.0 to 2.9.0
    • Fixed an issue some people were having when importing the bowser subdependency. See helmet-csp#96 and #101

... (truncated)

Commits
  • 3edd5e1 3.23.3
  • 8662052 Include expect-ct and x-frame-options in npm package
  • 5c4a499 Update changelog for 3.23.3 release
  • 35b3e6d Proofread of SECURITY.md
  • 04d446c Update Jest and @​types/jest to their latest versions
  • 7906601 Import X-Frame-Options (frameguard) middleware
  • 837765d Minor formatting changes in license
  • d03c555 Import Expect-CT (expect-ct) middleware
  • 16243e6 3.23.2
  • 223edeb Update changelog for 3.23.2 release
  • Additional commits viewable in compare view

Updates mongoose from 4.11.12 to 4.13.21

Changelog

Sourced from mongoose's changelog.

4.13.21 / 2020-07-12

  • fix(query): delete top-level _bsontype property in queries to prevent silent empty queries #8222

5.9.23 / 2020-07-10

  • fix(model): fix syncIndexes() error when db index has a collation but Mongoose index does not #9224 clhuang
  • fix(array): only cast array to proper depth if it contains an non-array value #9217 #9215 cyrilgandon
  • docs(schematype): document the transform option #9211
  • docs(mongoose): fix typo #9212 JNa0

5.9.22 / 2020-07-06

  • fix(schema): treat { type: mongoose.Schema.Types.Array } as equivalent to { type: Array } #9194
  • fix: revert fix for #9107 to avoid issues when calling connect() multiple times #9167
  • fix(update): respect storeSubdocValidationError option with update validators #9172
  • fix: upgrade to safe-buffer 5.2 #9198
  • docs: add a note about SSL validation to migration guide #9147
  • docs(schemas): fix inconsistent header #9196 samtsai15

5.9.21 / 2020-07-01

  • fix: propagate typeKey option to implicitly created schemas from typePojoToMixed #9185 joaoritter
  • fix(populate): handle embedded discriminator refPath with multiple documents #9153
  • fix(populate): handle deselected foreign field with perDocumentLimit and multiple documents #9175
  • fix(document): disallow transform functions that return promises #9176 #9163 AbdelrahmanHafez
  • fix(document): use strict equality when checking mixed paths for modifications #9165
  • docs: add target="_blank" to all edit links #9058

5.9.20 / 2020-06-22

  • fix(populate): handle populating primitive array under document array discriminator #9148
  • fix(connection): make sure to close previous connection when calling openUri() on an already open connection #9107
  • fix(model): fix conflicting $setOnInsert default values with update values in bulkWrite #9160 #9157 AbdelrahmanHafez
  • docs(validation): add note about validateBeforeSave and invalidate #9144 dandv
  • docs: specify the array field syntax for invalidate #9137 dandv
  • docs: fix several typos and broken references #9024 AbdelrahmanHafez
  • docs: fix minor typo #9143 dandv

5.9.19 / 2020-06-15

  • fix: upgrade mongodb driver -> 3.5.9 #9124 AbdelrahmanHafez
  • fix: copy required validator on single nested subdoc correctly when calling Schema#clone() #8819
  • fix(discriminator): handle tiedValue when casting update on nested paths #9108
  • fix(model): allow empty arrays for bulkWrite #9132 #9131 AbdelrahmanHafez
  • fix(schema): correctly set partialFilterExpression for nested schema indexes #9091
  • fix(castArrayFilters): handle casting on all fields of array filter #9122 lafeuil
  • fix(update): handle nested path createdAt when overwriting parent path #9105
  • docs(subdocs): add some notes on the difference between single nested subdocs and nested paths #9085
  • docs(subdocs): improve docs on typePojoToMixed #9085

... (truncated)

Commits
  • f88eb25 fix(query): delete top-level _bsontype property in queries to prevent silen...
  • 1db031c test(schema): clean up messy tests re: #8459
  • 8fa8012 test: test cleanup re: #8459
  • 4a55040 chore: remove problematic mongoose-long dep and use mongodb 3.4 in tests
  • 91f95da chore: run consistent mongod version in tests
  • 0e65e6e chore: release 4.13.20
  • 803090d fix(schema): make aliases handle mongoose-lean-virtuals
  • 6a8b381 chore: add .config.js to gitignore and npmignore
  • f51c4aa chore: release 4.13.19
  • 2aeeaa8 Merge pull request #7950 from cdimitroulas/backport-aggregate-options-bugfix
  • Additional commits viewable in compare view

Updates morgan from 1.8.2 to 1.10.0

Release notes

Sourced from morgan's releases.

1.10.0

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: [email protected]
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading
Changelog

Sourced from morgan's changelog.

1.10.0 / 2020-03-20

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0 / 2017-09-26

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: [email protected]
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading
Commits

Updates mocha from 3.5.3 to 10.2.0

Release notes

Sourced from mocha's releases.

v10.2.0

10.2.0 / 2022-12-11

:tada: Enhancements

:bug: Fixes

:book: Documentation

v10.1.0

10.1.0 / 2022-10-16

:tada: Enhancements

:nut_and_bolt: Other

v10.0.0

10.0.0 / 2022-05-01

:boom: Breaking Changes

:nut_and_bolt: Other

... (truncated)

Changelog

Sourced from mocha's changelog.

10.2.0 / 2022-12-11

:tada: Enhancements

:bug: Fixes

:book: Documentation

10.1.0 / 2022-10-16

:tada: Enhancements

:nut_and_bolt: Other

10.0.0 / 2022-05-01

:boom: Breaking Changes

:nut_and_bolt: Other

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by juergba, a new releaser for mocha since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Jan 12 '23 08:01 dependabot[bot]