Bump the npm_and_yarn group across 5 directories with 27 updates by dependabot[bot] · Pull Request #2 · Simon-Terrien/faction

dependabot · 2025-10-23T07:38:46Z

Bumps the npm_and_yarn group with 14 updates in the /WebContent directory:

Package	From	To
bootstrap	`3.4.1`	`5.3.8`
webpack	`5.75.0`	`5.102.1`
body-parser	`1.20.1`	`1.20.3`
express	`4.18.2`	`4.21.2`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
browserify-sign	`4.2.1`	`4.2.5`
cipher-base	`1.0.4`	`1.0.7`
cookie	`0.4.1`	`0.7.1`
get-func-name	`2.0.0`	`2.0.2`
nanoid	`3.3.4`	`3.3.11`
tar	`6.1.11`	`removed`
on-headers	`1.0.2`	`1.1.0`
postcss	`8.4.21`	`8.5.6`

Bumps the npm_and_yarn group with 1 update in the /WebContent/plugins/ice directory: grunt.
Bumps the npm_and_yarn group with 3 updates in the /WebContent/plugins/Chart.js-2.1.6 directory: jquery, semver and karma.
Bumps the npm_and_yarn group with 1 update in the /WebContent/fileupload2 directory: bootstrap.
Bumps the npm_and_yarn group with 2 updates in the /WebContent/codemirror directory: node-static and phantomjs.

Updates bootstrap from 3.4.1 to 5.3.8

Release notes

Sourced from bootstrap's releases.

v5.3.8

What's Changed

Streamline release prep script by @mdo in twbs/bootstrap#41539

Docs: restore local dev port to 9001 by @chalin in twbs/bootstrap#41545

Docs: use Example shortcode instead of divs with only .bd-example class by @julien-deramond in twbs/bootstrap#41556

Docs: fix scss autorecompile in dev mode by @MaxLardenois in twbs/bootstrap#41574

Fix color-contrast() function for WCAG 2.1 compliance by @julien-deramond in twbs/bootstrap#41585

OSSF Scorecard by @mdo in twbs/bootstrap#41571

Workflows: Use SHA-1 for third-party actions by @julien-deramond in twbs/bootstrap#41595

Docs: unminify downloadable example HTML files by @julien-deramond in twbs/bootstrap#41637

Docs: Add tooltips to buttons when <Example> is used, not just <Code> by @louismaximepiton in twbs/bootstrap#41582

Set cursor pointer on input search cancel button by @mdo in twbs/bootstrap#41639

CSS: Prevent spinner distortion in flex containers with multiline content by @julien-deramond in twbs/bootstrap#41654

Migrate MyGet script to GH actions by @supergibbs in twbs/bootstrap#41583

Revert "Attempt to return focus explicitly to dropdown trigger" by @mdo in twbs/bootstrap#41668

docs: Minor range example code optimization by @coliff in twbs/bootstrap#41665

Remove Themes from docs by @mdo in twbs/bootstrap#41671

Release v5.3.8 by @mdo in twbs/bootstrap#41669

Dependencies

Build(deps-dev): Bump the development-dependencies group with 3 updates by @julien-deramond in twbs/bootstrap#41540

Build(deps-dev): Bump the development-dependencies group with 2 updates by @julien-deramond in twbs/bootstrap#41544

Build(deps-dev): Bump stylelint-config-twbs-bootstrap from 16.0.0 to 16.1.0 by @julien-deramond in twbs/bootstrap#41546

Build(deps-dev): Bump the development-dependencies group with 5 updates by @julien-deramond in twbs/bootstrap#41552

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41560

Build(deps-dev): Bump the development-dependencies group with 3 updates by @julien-deramond in twbs/bootstrap#41566

Build(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in twbs/bootstrap#41594

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41599

Build(deps-dev): Bump the development-dependencies group with 2 updates by @julien-deramond in twbs/bootstrap#41609

Build(deps): Bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in twbs/bootstrap#41611

Build(deps): Bump streetsidesoftware/cspell-action from 7.1.1 to 7.1.2 by @dependabot[bot] in twbs/bootstrap#41610

Build(deps-dev): Bump the development-dependencies group with 4 updates by @julien-deramond in twbs/bootstrap#41621

Build(deps): Bump streetsidesoftware/cspell-action from 7.1.2 to 7.2.0 by @dependabot[bot] in twbs/bootstrap#41625

Build(deps): Bump actions-cool/issues-helper from 3.6.0 to 3.6.2 by @dependabot[bot] in twbs/bootstrap#41623

Build(deps): Bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in twbs/bootstrap#41624

Build(deps-dev): Bump the development-dependencies group across 1 directory with 3 updates by @dependabot[bot] in twbs/bootstrap#41626

Build(deps): Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in twbs/bootstrap#41640

Build(deps): Bump tmp from 0.2.3 to 0.2.4 by @dependabot[bot] in twbs/bootstrap#41649

Build(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in twbs/bootstrap#41657

Build(deps): Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in twbs/bootstrap#41655

Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 by @dependabot[bot] in twbs/bootstrap#41664

New Contributors

@chalin made their first contribution in twbs/bootstrap#41545

Full Changelog: twbs/bootstrap@v5.3.7...v5.3.8

v5.3.7

📚 Documentation

... (truncated)

Commits

25aa8cc Release v5.3.8 (#41669)
122bff5 Remove Themes from docs (#41671)
320f713 docs: Minor range example code optimization (#41665)
ac5f51c Revert "Attempt to return focus explicitly to dropdown trigger (#41365)" (#41...
4bd8b6c Migrate MyGet script to GH actions (#41583)
f50f38b CSS: Fix spinner deformation in flex boxes when content is multiline (#41654)
47c75b8 Set cursor pointer on input search cancel button (#41639)
26c86ba Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 (#41664)
099b02b Build(deps-dev): Bump rollup from 4.46.2 to 4.46.3
4b8a2c9 Build(deps-dev): bump dependencies
Additional commits viewable in compare view

Updates webpack from 5.75.0 to 5.102.1

Release notes

Sourced from webpack's releases.

v5.102.1

Fixes

Supported extends with env for browserslist

Supported JSONP fragment format for web workers.

Fixed dynamic import support in workers using browserslist.

Fixed default defer import mangling.

Fixed default import of commonjs externals for SystemJS format.

Fixed context modules to the same file with different import attributes.

Fixed typescript types.

Improved import.meta warning messages to be more clear when used directly.

[CSS] Fixed CC_UPPER_U parsing (E -> U) in tokenizer.

v5.102.0

Features

Added static analyze for dynamic imports

Added support for import file from "./file.ext" with { type: "bytes" } to get the content as Uint8Array (look at example)

Added support for import file from "./file.ext" with { type: "text" } to get the content as text (look at example)

Added the snapshot.contextModule to configure snapshots options for context modules

Added the extractSourceMap option to implement the capabilities of loading source maps by comment, you don't need source-map-loader (look at example)

The topLevelAwait experiment is now stable (you can remove experiments.topLevelAwait from your webpack.config.js)

The layers experiment is now stable (you can remove experiments.layers from your webpack.config.js)

Added function matcher support in rule options

Fixes

Fixed conflicts caused by multiple concatenate modules

Ignore import failure during HMR update with ES modules output

Keep render module order consistent

Prevent inlining modules that have this exports

Removed unused timeout attribute of script tag

Supported UMD chunk format to work in web workers

Improved CommonJs bundle to ES module library

Use es-lexer for mjs files for build dependencies

Fixed support __non_webpack_require__ for ES modules

Properly handle external modules for CSS

AssetsByChunkName included assets from chunk.auxiliaryFiles

Use createRequire only when output is ES module and target is node

Typescript types

Performance Improvements

Avoid extra calls for snapshot

A avoid extra jobs for build dependencies

Move import attributes to own dependencies

v5.101.3

... (truncated)

Commits

c7ebdbd chore(release): 5.102.1
b7530c2 fix(css): correct CC_UPPER_U typo (E -> U) (#19989)
f3ef142 fix: defer import mangling (#19988)
d32f171 fix: hash options types (#19987)
436fc7d chore(deps): bump CodSpeedHQ/action from 4.1.0 to 4.1.1 (#19986)
c7dd066 fix: context modules with import attributes (#19984)
85bacbd fix: default import of commonjs externals for SystemJS format
7634cd2 docs: update examples (#19982)
9f98d80 fix: javascript parser options types (#19980)
8804459 chore(deps): bump CodSpeedHQ/action from 4.0.1 to 4.1.0 (#19977)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.5

Changelog

Sourced from browserify-sign's changelog.

v4.2.5 - 2025-09-24

Commits

[Tests] clean up tests and convert console info skips to tape skips 37b083c

[Fix] restore node 0.10 support faade86

[Deps] update parse-asn1 5a0f159

[actions] drop unsupported nodes from CI 106be97

v4.2.4 - 2025-09-22

Commits

[actions] split out node 10-20, and 20+ 17920d9

[meta] remove files field 6d5b280

[Deps] update bn.js, browserify-rsa, elliptic 31be0c2

[Dev Deps] update @ljharb/eslint-config, auto-changelog, semver, tape 5f66982

[Tests] replace aud with npm audit d44b24d

[Dev Deps] add missing peer dep ab975f4

[Deps] revert 9e2bf12, now that v3.1.1 is out 428cf7f

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

... (truncated)

Commits

d3a7458 v4.2.5
37b083c [Tests] clean up tests and convert console info skips to tape skips
faade86 [Fix] restore node 0.10 support
5a0f159 [Deps] update parse-asn1
106be97 [actions] drop unsupported nodes from CI
9c37172 v4.2.4
6d5b280 [meta] remove files field
17920d9 [actions] split out node 10-20, and 20+
31be0c2 [Deps] update bn.js, browserify-rsa, elliptic
ab975f4 [Dev Deps] add missing peer dep
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

[Refactor] use to-buffer fd1e5ee

[Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

[Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

[Tests] standard -> eslint, make test dir, etc ae02fd6

[Tests] migrate from travis to GHA 66387d7

[meta] fix package.json indentation 5c02918

[Fix] return valid values on multi-byte-wide TypedArray input 8fd1364

[meta] add auto-changelog 88dc806

[meta] add npmignore and safe-publish-latest 7a137d7

Only apps should have lockfiles 42528f2

[Deps] update inherits, safe-buffer 0e7a2d9

[meta] add missing engines.node f2dc13e

Commits

0056718 v1.0.7
fd1e5ee [Refactor] use to-buffer
08ba803 [Dev Deps] update @ljharb/eslint-config
f5249f9 v1.0.6
b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
f03cebf v1.0.5
88dc806 [meta] add auto-changelog
7a137d7 [meta] add npmignore and safe-publish-latest
5c02918 [meta] fix package.json indentation
8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates cookie from 0.4.1 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

0.4.2

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates elliptic from 6.5.4 to 6.6.1

Commits

9b77436 6.6.1
04cb6f5 Merge commit from fork
b8a7edd 6.6.0
34c8534 fix: signature verification due to leading zeros
3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by

Bumps the npm_and_yarn group with 14 updates in the /WebContent directory: | Package | From | To | | --- | --- | --- | | [bootstrap](https://github.com/twbs/bootstrap) | `3.4.1` | `5.3.8` | | [webpack](https://github.com/webpack/webpack) | `5.75.0` | `5.102.1` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.1` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.1` | | [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` | | [nanoid](https://github.com/ai/nanoid) | `3.3.4` | `3.3.11` | | [tar](https://github.com/isaacs/node-tar) | `6.1.11` | `removed` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [postcss](https://github.com/postcss/postcss) | `8.4.21` | `8.5.6` | Bumps the npm_and_yarn group with 1 update in the /WebContent/plugins/ice directory: [grunt](https://github.com/gruntjs/grunt). Bumps the npm_and_yarn group with 3 updates in the /WebContent/plugins/Chart.js-2.1.6 directory: [jquery](https://github.com/jquery/jquery), [semver](https://github.com/npm/node-semver) and [karma](https://github.com/karma-runner/karma). Bumps the npm_and_yarn group with 1 update in the /WebContent/fileupload2 directory: [bootstrap](https://github.com/twbs/bootstrap). Bumps the npm_and_yarn group with 2 updates in the /WebContent/codemirror directory: [node-static](https://github.com/cloudhead/node-static) and [phantomjs](https://github.com/Medium/phantomjs). Updates `bootstrap` from 3.4.1 to 5.3.8 - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](twbs/bootstrap@v3.4.1...v5.3.8) Updates `webpack` from 5.75.0 to 5.102.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.75.0...v5.102.1) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `browserify-sign` from 4.2.1 to 4.2.5 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.1) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `get-func-name` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) Updates `nanoid` from 3.3.4 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.11) Updates `semver` from 7.3.7 to 1.1.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v3.0.1...v7.7.3) Removes `tar` Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `pbkdf2` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.5) Updates `postcss` from 8.4.21 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.5.6) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `grunt` from 0.4.5 to 1.6.1 - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG) - [Commits](gruntjs/grunt@v0.4.5...v1.6.1) Updates `jquery` from 2.2.4 to 3.7.1 - [Release notes](https://github.com/jquery/jquery/releases) - [Changelog](https://github.com/jquery/jquery/blob/main/changelog.md) - [Commits](jquery/jquery@2.2.4...3.7.1) Updates `semver` from 3.0.1 to 7.7.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v3.0.1...v7.7.3) Updates `karma` from 0.12.37 to 6.4.4 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v0.12.37...v6.4.4) Updates `bootstrap` from 3.4.1 to 5.3.8 - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](twbs/bootstrap@v3.4.1...v5.3.8) Updates `node-static` from 0.6.0 to 0.7.11 - [Changelog](https://github.com/cloudhead/node-static/blob/master/CHANGES.md) - [Commits](https://github.com/cloudhead/node-static/commits) Updates `phantomjs` from 1.9.2-5 to 2.1.7 - [Release notes](https://github.com/Medium/phantomjs/releases) - [Commits](https://github.com/Medium/phantomjs/commits/v2.1.7) --- updated-dependencies: - dependency-name: bootstrap dependency-version: 5.3.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.102.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: get-func-name dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 1.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: grunt dependency-version: 1.6.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: jquery dependency-version: 3.7.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.7.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: karma dependency-version: 6.4.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: bootstrap dependency-version: 5.3.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-static dependency-version: 0.7.11 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: phantomjs dependency-version: 2.1.7 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 5 directories with 27 updates#2

Bump the npm_and_yarn group across 5 directories with 27 updates#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/WebContent/npm_and_yarn-cb11f80c2a

dependabot Bot commented on behalf of github Oct 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Oct 23, 2025

v5.3.8

What's Changed

Dependencies

New Contributors

v5.3.7

📚 Documentation

v5.102.1

Fixes

v5.102.0

Features

Fixes

Performance Improvements

v5.101.3

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

v1.1.12

v4.2.5 - 2025-09-24

Commits

v4.2.4 - 2025-09-22

Commits

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v1.0.7 - 2025-09-24

Commits

v1.0.6 - 2024-11-26

Commits

v1.0.5 - 2024-11-17

Commits

0.7.1

0.7.0

0.6.0

0.5.0

0.4.2

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!