Bump the npm_and_yarn group across 2 directories with 28 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
react-native	0.61.5	0.69.12
decode-uri-component	0.2.0	0.2.2
hosted-git-info	2.8.8	2.8.9
js-yaml	3.13.1	3.14.2
lodash	4.17.15	4.17.23
minimist	1.2.5	1.2.8
path-parse	1.0.6	1.0.7
serve-static	1.14.1	1.16.3
tmpl	1.0.4	1.0.5
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 11 updates in the /example directory:

Package	From	To
ansi-regex	4.0.0	4.1.1
ansi-regex	3.0.0	3.0.1
async	2.6.1	2.6.4
decode-uri-component	0.2.0	0.2.2
hosted-git-info	2.7.1	2.8.9
js-yaml	3.13.1	3.14.2
json-schema	0.2.3	0.4.0
lodash	4.17.15	4.17.23
minimist	1.2.0	1.2.8
path-parse	1.0.6	1.0.7
semver	5.6.0	5.7.2
min-document	2.19.0	2.19.2

Updates react-native from 0.61.5 to 0.69.12

Changelog

Sourced from react-native's changelog.

v0.69.12

Changed

• [0.69] Bump CLI to ^8.0.7, Metro to 0.70.4 (56807fadfa by @​robhogan)

iOS specific

• [0.69] Use Content-Location header in bundle response as JS source URL (#37501) (367fc7ad52 by @​robhogan)

Fixed

Android specific

• Prevent crash in runAnimationStep on OnePlus and Oppo devices (#37487) (4db7a10e25 by @​hsource)

v0.69.11

Fixed

iOS specific

• Make 0.69 compatible with Xcode 15 (thanks to @​AlexanderEggers for the commit in main) (37e8df1cdc)

v0.69.10

Fixed

Android specific

• Minimize EditText Spans 8/N: CustomStyleSpan (b384bb613b by @​NickGerleman)
• Minimize EditText Spans 6/N: letterSpacing (5791cf1f7b by @​NickGerleman)
• Minimize Spans 5/N: Strikethrough and Underline (0869ea29db by @​NickGerleman)
• Minimize Spans 4/N: ReactForegroundColorSpan (8c9c8ba5ad by @​NickGerleman)
• Minimize Spans 3/N: ReactBackgroundColorSpan (cc0ba57ea4 by @​NickGerleman)
• Minimize Spans 1/N: Fix precedence (1743dd7ab4 by @​NickGerleman)
• Fix measurement of uncontrolled TextInput after edit (8a0fe30591 by @​NickGerleman)

v0.69.9

Changed

iOS specific

• Relax Ruby requirements (4e015c69d6 by @​cipolleschi)

Fixed

iOS specific

• Fix React Codegen podspec to build on Xcode 14.3 (74ba411b55 by @​cipolleschi)
• Blob data is no longer prematurely deallocated when using blob.slice (36cc71ab36 by @​awinograd)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by react-native-bot, a new releaser for react-native since your current version.

Updates async from 2.6.3 to 3.2.6

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

v2.6.2

• Updated lodash to squelch a security warning (#1620)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates cross-spawn from 5.1.0 to 6.0.5

Changelog

Sourced from cross-spawn's changelog.

6.0.5 (2018-03-02)

Bug Fixes

• avoid using deprecated Buffer constructor (#94) (d5770df), closes /nodejs.org/api/deprecations.html#deprecations_dep0005

6.0.4 (2018-01-31)

Bug Fixes

• fix paths being incorrectly normalized on unix (06ee3c6), closes #90

6.0.3 (2018-01-23)

6.0.2 (2018-01-23)

6.0.1 (2018-01-23)

6.0.0 (2018-01-23)

Bug Fixes

• fix certain arguments not being correctly escaped or causing batch syntax error (900cf10), closes #82 #51
• fix commands as posix relatixe paths not working correctly, e.g.: ./my-command (900cf10)
• fix options argument being mutated (900cf10)
• fix commands resolution when PATH was actually Path (900cf10)

Features

• improve compliance with node's ENOENT errors (900cf10)
• improve detection of node's shell option support (900cf10)

... (truncated)

Commits

• 301187a chore(release): 6.0.5
• ae85d40 chore: fix linting errors
• d5770df fix: avoid using deprecated Buffer constructor (#94)
• 6b64987 chore(package): update lint-staged to version 7.0.0 (#93)
• 39166eb chore: update eslint-config-moxy dependency
• 213aa43 Merge pull request #92 from moxystudio/greenkeeper/eslint-config-moxy-5.0.0
• 35b1ff0 chore(package): update eslint-config-moxy to version 5.0.0
• 52e557e chore(release): 6.0.4
• 6f43a61 Merge pull request #91 from moxystudio/fix-unix-path-normalize
• 06ee3c6 fix: fix paths being incorrectly normalized on unix
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates hermes-engine from 0.2.1 to 0.11.0

Release notes

Sourced from hermes-engine's releases.

Release v0.4.1

This release fixes a memory leak related to WeakMaps. It's a drop-in replacement for v0.4.0 in react-native 0.62.0.

Release v0.3.0

This release is primarily to publish breaking source changes for integration with the next version of React Native. It is not compatible with existing builds of React Native, up to and including 0.61.4. Please wait for the next React Native release before trying out Hermes v0.3.0!

As always there are many bug fixes and performance improvements, including faster string concatenation and native support for ES6 spread operators.

Commits

• 2040453 Bump versions for 0.11.0 cut
• 6c53047 Run Hermes CMake from cargo
• 67fe974 Bump nanoid from 3.1.22 to 3.2.0 in /website (#666)
• 10d4945 Handle type params in methods
• bd64b09 Avoid parens around spread arguments
• deabbfd Use proper quotes in string literal type annotation
• ae61d74 Fix extra parens in property assignment
• 1ba8ef6 Store raw values for string literals as JSX attributes
• 46faa15 Enable some syscalls to resume after SIGPROF
• 8bebc9b fix handling of imports
• Additional commits viewable in compare view

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates js-yaml from 3.13.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• Additional commits viewable in compare view

Updates lodash from 4.17.15 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates logkitty from 0.6.1 to 0.7.1

Release notes

Sourced from logkitty's releases.

logkitty 0.7.1

Changelog

• huntr - Command Injection Fix (#18)
• chore(deps): bump acorn from 5.7.3 to 5.7.4 (#15)

logkitty 0.7.0

Changelog

• chore: update dependencies (2776322da88e8bd40ee9ec59805c75b2c490cd0c)
• chore: update yargs versions (#14)
• chore: remove package-lock.json (#11)

Commits

• 6ce971d v0.7.1
• ef2f673 huntr - Command Injection Fix (#18)
• e1e2296 chore(deps): bump acorn from 5.7.3 to 5.7.4 (#15)
• cf2cf28 v0.7.0
• 2776322 chore: update dependencies
• 4fa8f6c chore: update yargs versions (#14)
• bddbacf chore: remove package-lock.json (#11)
• See full diff in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Updates node-fetch from 1.7.3 to 2.6.0

Release notes

Sourced from node-fetch's releases.

v2.6.0

See CHANGELOG.

v2.5.0

See CHANGELOG.

v2.4.1

See CHANGELOG.

v2.4.0

See CHANGELOG.

v2.3.0

See CHANGELOG.

v2.2.1

See CHANGELOG.

Version 2.1.2

• Fix: allow Body methods to work on ArrayBuffer-backed Body` objects
• Fix: reject promise returned by Body methods when the accumulated Buffer exceeds the maximum size
• Fix: support custom Host headers with any casing
• Fix: support importing fetch() from TypeScript in browser.js
• Fix: handle the redirect response body properly

See CHANGELOG.

Version 2.1.1

See CHANGELOG.

Fix packaging errors in version 2.1.0.

Version 2.1.0

See CHANGELOG:

• Enhance: allow using ArrayBuffer as the body of a fetch() or Request
• Fix: store HTTP headers of a Headers object internally with the given case, for compatibility with older servers that incorrectly treated header names in a case-sensitive manner
• Fix: silently ignore invalid HTTP headers
• Fix: handle HTTP redirect responses without a Location header just like non-redirect responses
• Fix: include bodies when following a redirection when appropriate

Version 2.0.0

This is a major release. See upgrade guide on how to upgrade from v1.x, and the changelog for all changes.

v2.0.0-alpha.9

see changelog for details

v2.0.0-alpha.8

see changelog for details

... (truncated)

Changelog

Sourced from node-fetch's changelog.

v2.6.0

• Enhance: options.agent, it now accepts a function that returns custom http(s).Agent instance based on current URL, see readme for more information.
• Fix: incorrect Content-Length was returned for stream body in 2.5.0 release; note that node-fetch doesn't calculate content length for stream body.
• Fix: Response.url should return empty string instead of null by default.

v2.5.0

• Enhance: Response object now includes redirected property.
• Enhance: fetch() now accepts third-party Blob implementation as body.
• Other: disable package-lock.json generation as we never commit them.
• Other: dev dependency update.
• Other: readme update.

v2.4.1

• Fix: Blob import rule for node < 10, as Readable isn't a named export.

v2.4.0

• Enhance: added Brotli compression support (using node's zlib).
• Enhance: updated Blob implementation per spec.
• Fix: set content type automatically for URLSearchParams.
• Fix: Headers now reject empty header names.
• Fix: test cases, as node 12+ no longer accepts invalid header response.

v2.3.0

• Enhance: added AbortSignal support, with README example.
• Enhance: handle invalid Location header during redirect by rejecting them explicitly with FetchError.
• Fix: update browser.js to support react-native environment, where self isn't available globally.

v2.2.1

• Fix: compress flag shouldn't overwrite existing Accept-Encoding header.
• Fix: multiple import rules, where PassThrough etc. doesn't have a named export when using node <10 and --exerimental-modules flag.
• Other: Better README.

v2.2.0

• Enhance: Support all ArrayBuffer view types
• Enhance: Support Web Workers
• Enhance: Support Node.js' --experimental-modules mode; deprecate .es.js file
• Fix: Add __esModule property to the exports object
• Other: Better example in README for writing response to a file
• Other: More tests for Agent

v2.1.2

• Fix: allow Body methods to work on ArrayBuffer-backed Body objects

... (truncated)

Commits

• 95286f5 v2.6.0 (#638)
• bf8b4e8 Allow agent option to be a function (#632)
• 0c2294e 2.5.0 release (#630)
• 0fc414c Allow third party blob implementation (#629)
• d8f5ba0 build: disable generation of package-lock since it is not used (#623)
• 1fe1358 test: enable --throw-deprecation for tests (#625)
• a35dcd1 chore(deps): address deprecated url-search-params package (#622)
• b3ecba5 2.4.1 release (#619)
• 1a88481 Fix Blob for older node versions and webpack. (#618)
• c9805a2 2.4.0 release (#616)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates node-notifier from 5.4.3 to 6.0.0

Changelog

Sourced from node-notifier's changelog.

v6.0.0

Breaking Changes

• Dropped support for node v6. As of v6 we currently support node versions 8, 10, and 12 (latest).
• Updated to the latest version of SnoreToast. This removes support for the wait option in that environment as it is now always on. Prepares the way for other new features added to the WindowsToaster.

Other

• Update to latest version of dependencies.

v5.4.4

• Fixes potential security issue with non-escaping input parameters for notify-send.

Commits

• fdbe4bd v6.0.0
• 9101659 Moves huskey config
• 557a253 Updates dependencies
• 3141bdc Merge pull request #285 from mikaelbr/v6
• 8968b5d Add an initial changelog entry
• d377d09 Clarify default timeout in notificationCenter docs
• 62f005c Adjust to only send the error if the code is -1
• e9dc4a2 Merge pull request #288 from mikaelbr/snoretoast-upgrade
• ae9f88c Removes wait for new version of snoretoast
• 54ddb7f Upgrades snoretoast to 0.6.0
• Additional commits viewable in compare view

Updates path-parse from 1.0.6 to 1.0.7

Commits

• See full diff in compare view

Updates plist from 3.0.1 to 3.1.0

Changelog

Sourced from plist's changelog.

3.1.0 / 2023-07-06

• replace inlined xmldom with @​xmldom/xmldom

3.0.5 / 2022-03-23

• [96e2303d05] Prototype Pollution using .parse() #114 (mario-canva)
• update browserify from 16 to 17

3.0.4 / 2021-08-27

• inline xmldom@0.6.0 to eliminate security warning false positive (Mike Reinstein)

3.0.3 / 2021-08-04

• update xmldom to 0.6.0 to patch critical vulnerability (Mike Reinstein)
• remove flaky saucelabs teseting badge (Mike Reinstein)

3.0.2 / 2021-03-25

• update xmldom to 0.5.0 to patch critical vulnerability (Mike Reinstein)
• update saucelab credentials to point at mreinstein's saucelabs account (Mike Reinstein)
• remove a bunch of test versions from the matrix because they weren't working in zuul + sauce (Mike Reinstein)

Commits

• See full diff in compare view

Updates react-devtools-core from 3.6.3 to 4.24.0

Commits

• See full diff in compare view

Updates serve-static from 1.14.1 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1.16.3

What's Changed

• deps: send@~0.19.1 by @​Phillip9587 in expressjs/serve-static#227
• Release: 1.16.3 by @​UlisesGascon in expressjs/serve-static#229

Full Changelog: expressjs/serve-static@v1.16.2...v1.16.3

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

1.15.0

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

Changelog

Sourced from serve-static's changelog.

1.16.3 / 2024-12-15

• deps: send@~0.19.1
  • deps: encodeurl@~2.0.0

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

1.15.0 / 2022-03-24

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2 / 2021-12-15

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

Commits

• 9acad22 1.16.3 (#229)
• 52dc97d deps: send@~0.19.1 and upgrade Node.js versions on the CI (#227)
• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• 9b5a12a 1.15.0
• a39a0df docs: update CI link
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.

Updates tmpl from 1.0.4 to 1.0.5

Commits

• See full diff in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• 🔒 fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

• 207044eDescription has been truncated

  ---

  [!NOTE]
  Medium Risk
  Large react-native version jump plus many transitive dependency updates can introduce build/runtime incompatibilities and subtle behavior changes, even without code changes.

  Overview
  Dependency update PR: bumps the npm_and_yarn dependency set in both the root project and the example app, including upgrading react-native and refreshing a large set of transitive packages (e.g. lodash, js-yaml, minimist, serve-static).

  Review checklist: Linked issues: none referenced. Acceptance criteria: ⚠️ not provided in PR. Scope validation: ✅ changes appear limited to dependency/version updates. Test coverage: ⚠️ no evidence of CI/test run included; recommend running unit tests and a basic RN build/smoke test for iOS/Android. Blockers/concerns: ⚠️ react-native jump is large and may require follow-up config/code changes even if this diff is dependency-only.

  ^{Written by} Cursor Bugbot for commit bb2396fe470cbe62e9b794ff4c77b730a1b4a66e. This will update automatically on new commits. Configure here.

[kieranoreilly]

No reviewers assigned, converting to draft

[kieranoreilly]

Closing due to inactivity

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml