Bump the npm_and_yarn group across 1 directory with 19 updates #191

dependabot · 2025-11-19T04:00:42Z

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
axios	`1.6.7`	`1.12.0`
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.21.2`
cookie	`0.6.0`	`1.0.2`
mongoose	`8.2.0`	`8.20.0`
multer	`1.4.5-lts.1`	`2.0.2`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
ejs	`3.1.9`	`3.1.10`
glob	`10.3.10`	`10.5.0`
js-yaml	`4.1.0`	`4.1.1`
micromatch	`4.0.5`	`4.0.8`
on-headers	`1.0.2`	`1.1.0`
ws	`8.11.0`	`8.17.1`

Updates axios from 1.6.7 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

Release v1.11.0

Release notes:

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

1.11.0 (2025-07-22)

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

... (truncated)

Commits

0d8ad6e chore(release): v1.12.0 (#7013)
fd7f404 fix: release pr run
a2edc36 fix: dont add dist on release
9ec86de fix: adding build artifacts
945435f fix(node): enforce maxContentLength for data: URLs (#7011)
28e5e30 chore(sponsor): update sponsor block (#7005)
d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
a0bc911 chore: removing dist files from src (#7002)
c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates cookie from 0.6.0 to 1.0.2

Release notes

Sourced from cookie's releases.

v1.0.2

Fixed

Loosen cookie name/value validation (#210)

fix: options.priority used incorrect fallback (#207) by @jonchurch

Added

Add import example to README (#190) by @isnifer

jshttp/cookie@v1.0.1...v1.0.2

v1.0.1

Added

Allow case insensitive options (#194) 3bed080

jshttp/cookie@v1.0.0...v1.0.1

v1.0.0

Breaking changes

Use modern JS features, ship TypeScript definition (#175) 1cc64ff

Adds __esModule marker, imports need to use import { parse, serialize } or import * as cookie

Minimum node.js v18

Uses null prototype object for parse return value

Changes strict and priority to match the lower case strings (i.e. low, not LOW or Low)

Require maxAge to be an integer using Number.isInteger check

Delegates decode implementation details to decode option (i.e. error handling and quote parsing is defined by decode)

Delegate quote parsing to decode (#180) c4a2597

Shift try/catch to decode (#179) 93a5b97

Improve arg/option error messages (#162) e206fd5 @MaoShizhong

Other

Remove hasOwnProperty, use undefined check for performance (#183) 8f3ee9e @gurgunday

jshttp/cookie@v0.7.2...v1.0.0

v0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

... (truncated)

Commits

e739f41 1.0.2
8be4b82 Loosen cookie name/value validation (#210)
94ba436 Fix codecov workflow in PRs (#209)
4898ba2 fix: options.priority used incorrect fallback (#207)
408c2b4 Add import example to README (#190)
ba9e677 1.0.1
3bed080 Allow case insensitive options (#194)
bc66a7e Generate cookie outside benchmarks (#187)
c69cef6 1.0.0
42025f7 Use workflow status for badge
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

[email protected] by @wesleytodd in expressjs/express#5954

fix(deps): [email protected] by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
7e562c6 4.21.0
1bcde96 fix(deps): [email protected] (#5946)
7d36477 fix(deps): [email protected] (#5951)
40d2d8f fix(deps): [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates mongoose from 8.2.0 to 8.20.0

Release notes

Sourced from mongoose's releases.

8.20.0 / 2025-11-17

feat: cast id parameter based on schema _id type in DocumentArray.id() #15733 #15725 #15724 https://github.com/Automattic/mongoose/blob/HEAD/Lex-Ashu

fix: pass parent schema to SchemaType constructors in interpretAsType to make implementing custom container types easier #15700

types(models): default _id type to ObjectId for Document #15688 Catwallon

docs: add FAQ entry about DivergentArrayError #15743 Mario5T

docs: update browser.md with Mongoose limitations #15744 YashSharma64

chore: add benchmark for large nested array documents (related to #9588) #15742 Kundan-CR7

8.19.4 / 2025-11-14

fix(schema): avoid throwing error on array of unions #15720 #15718

fix: store original index on insertMany validation errors #15735 Jadu07

types: correct return type of discriminator to Model #15726 twentytwo777

docs: improve Next.js integration guide with comprehensive examples #15730 adarsh-priydarshi-5646

docs: add documentation for Union Schema Type #15721 TechGenie-awake

docs: removed the outdated callback and replaced them with async/await pattern #15723 hk2166

docs: fix lingering remove() call in statics docs #15737 Gautam-Bharadwaj

docs: fix inline doc typo in schematypes.d.ts #15738 hagid786

8.19.3 / 2025-11-04

fix(model+plugins): correctly apply shard key on deleteOne() #15705 #15701

fix(schema): correctly cache text indexes as 'text' not 1 #15695

types: make inferRawDocType correctly infer empty array type [] as any[] #15704 #15699

8.19.2 / 2025-10-20

perf(setDefaultsOnInsert): avoid computing all modified paths when running setDefaultsOnInsert and update validators, only calculate if there are defaults to set #15691 #15672

fix: correct handling of relative vs absolute paths with maps and subdocuments #15682 #15678 #15350

ci: add publish script with provenance #15684 #15680

8.19.1 / 2025-10-06

perf: avoid getting all modified paths in update when checking if versionKey needs to be set #15677 #15672

perf: Avoid needless path translation #15679 orgads

fix(query): throw error if using update operator with modifier and no path #15670 #15642

types: avoid making FilterQuery a conditional type because of how typescript handles distributed conditional unions #15676 #15671

docs: update installation instructions #15675 aalok-y

8.19.0 / 2025-10-02

feat: upgrade mongodb driver to 6.20.0 #15651 #15656

feat(model): add virtuals option to Model.hydrate() to set virtuals #15638 #15627

fix(schema): handle casting array filters underneath maps of Mixed #15655 #15653

types: optimize InferRawDocType #15588 ssalbdivad

types(schema): add lean schema option to TypeScript types #15646 #15583 #10090

8.18.3 / 2025-09-29

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.20.0 / 2025-11-17

feat: cast id parameter based on schema _id type in DocumentArray.id() #15733 #15725 #15724 https://github.com/Automattic/mongoose/blob/master/Lex-Ashu

fix: pass parent schema to SchemaType constructors in interpretAsType to make implementing custom container types easier #15700

types(models): default _id type to ObjectId for Document #15688 Catwallon

docs: add FAQ entry about DivergentArrayError #15743 Mario5T

docs: update browser.md with Mongoose limitations #15744 YashSharma64

chore: add benchmark for large nested array documents (related to #9588) #15742 Kundan-CR7

8.19.4 / 2025-11-14

fix(schema): avoid throwing error on array of unions #15720 #15718

fix: store original index on insertMany validation errors #15735 Jadu07

types: correct return type of discriminator to Model #15726 twentytwo777

docs: improve Next.js integration guide with comprehensive examples #15730 adarsh-priydarshi-5646

docs: add documentation for Union Schema Type #15721 TechGenie-awake

docs: removed the outdated callback and replaced them with async/await pattern #15723 hk2166

docs: fix lingering remove() call in statics docs #15737 Gautam-Bharadwaj

docs: fix inline doc typo in schematypes.d.ts #15738 hagid786

8.19.3 / 2025-11-04

fix(model+plugins): correctly apply shard key on deleteOne() #15705 #15701

fix(schema): correctly cache text indexes as 'text' not 1 #15695

types: make inferRawDocType correctly infer empty array type [] as any[] #15704 #15699

8.19.2 / 2025-10-20

perf(setDefaultsOnInsert): avoid computing all modified paths when running setDefaultsOnInsert and update validators, only calculate if there are defaults to set #15691 #15672

fix: correct handling of relative vs absolute paths with maps and subdocuments #15682 #15678 #15350

ci: add publish script with provenance #15684 #15680

8.19.1 / 2025-10-06

perf: avoid getting all modified paths in update when checking if versionKey needs to be set #15677 #15672

perf: Avoid needless path translation #15679 orgads

fix(query): throw error if using update operator with modifier and no path #15670 #15642

types: avoid making FilterQuery a conditional type because of how typescript handles distributed conditional unions #15676 #15671

docs: update installation instructions #15675 aalok-y

8.19.0 / 2025-10-02

feat: upgrade mongodb driver to 6.20.0 #15651 #15656

feat(model): add virtuals option to Model.hydrate() to set virtuals #15638 #15627

fix(schema): handle casting array filters underneath maps of Mixed #15655 #15653

types: optimize InferRawDocType #15588 ssalbdivad

types(schema): add lean schema option to TypeScript types #15646 #15583 #10090

8.18.3 / 2025-09-29

... (truncated)

Commits

753d975 chore: release 8.20.0

Bumps the npm_and_yarn group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.6.7` | `1.12.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2` | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `1.0.2` | | [mongoose](https://github.com/Automattic/mongoose) | `8.2.0` | `8.20.0` | | [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [glob](https://github.com/isaacs/node-glob) | `10.3.10` | `10.5.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [ws](https://github.com/websockets/ws) | `8.11.0` | `8.17.1` | Updates `axios` from 1.6.7 to 1.12.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.12.0) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.19.2...4.21.2) Updates `cookie` from 0.6.0 to 1.0.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v1.0.2) Updates `express` from 4.19.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.19.2...4.21.2) Updates `mongoose` from 8.2.0 to 8.20.0 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@8.2.0...8.20.0) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `glob` from 10.3.10 to 10.5.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.10...v10.5.0) Updates `form-data` from 4.0.0 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.5) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `tar` from 6.2.0 to 7.5.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v7.5.1) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `ws` from 8.11.0 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.11.0...8.17.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 1.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 8.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.17.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2026-01-18T17:39:37Z

Stale pull request message

dependabot · 2026-01-25T17:40:19Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 19, 2025

github-actions bot added the no-pr-activity label Jan 18, 2026

github-actions bot closed this Jan 25, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-46238d8cd6 branch January 25, 2026 17:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 19 updates #191

Bump the npm_and_yarn group across 1 directory with 19 updates #191

Uh oh!

dependabot bot commented on behalf of github Nov 19, 2025

Uh oh!

github-actions bot commented Jan 18, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 1 directory with 19 updates #191

Bump the npm_and_yarn group across 1 directory with 19 updates #191

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 19, 2025

Release v1.12.0

Release notes:

Bug Fixes

Features

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

Contributors to this release

1.12.0 (2025-09-11)

Bug Fixes

Features

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

Contributors to this release

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.3 / 2024-09-10

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

v1.0.2

v1.0.1

v1.0.0

v0.7.2

0.7.1

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

8.20.0 / 2025-11-17

8.19.4 / 2025-11-14

8.19.3 / 2025-11-04

8.19.2 / 2025-10-20

8.19.1 / 2025-10-06

8.19.0 / 2025-10-02

8.18.3 / 2025-09-29

8.20.0 / 2025-11-17

8.19.4 / 2025-11-14

8.19.3 / 2025-11-04

8.19.2 / 2025-10-20

8.19.1 / 2025-10-06

8.19.0 / 2025-10-02

8.18.3 / 2025-09-29

Uh oh!

github-actions bot commented Jan 18, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 25, 2026