Bump the npm_and_yarn group across 1 directory with 40 updates by dependabot[bot] · Pull Request #1 · stefanhar/keystone

dependabot · 2025-02-08T08:20:48Z

Bumps the npm_and_yarn group with 25 updates in the / directory:

Package	From	To
express	`4.17.1`	`4.20.0`
knex	`0.20.6`	`2.4.0`
luxon	`1.11.4`	`1.28.1`
mjml	`4.4.1`	`4.15.3`
pug	`2.0.4`	`3.0.3`
tinymce	`5.2.0`	`7.2.0`
mongoose	`5.9.5`	`6.13.6`
webpack-dev-middleware	`3.7.2`	`5.3.4`
next	`9.2.1`	`14.2.21`
nuxt	`2.11.0`	`3.12.4`
rollup	`1.32.0`	`2.79.2`
node-fetch	`2.6.0`	`3.3.2`
cookie	`0.3.1`	`0.7.0`
semver	`5.7.1`	`5.7.2`
gatsby	`2.13.25`	`4.25.7`
gatsby-plugin-sharp	`2.4.5`	`4.25.1`
gatsby-transformer-remark	`2.6.6`	`5.25.1`
apollo-server-core	`2.10.1`	`2.26.2`
browserify-sign	`4.0.4`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
elliptic	`6.4.1`	`6.6.1`
fsevents	`1.2.9`	`1.2.13`
lodash-es	`4.17.15`	`4.17.21`
ua-parser-js	`0.7.20`	`0.7.40`
word-wrap	`1.2.3`	`1.2.5`

Updates express from 4.17.1 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

path-to-regexp@0.1.10 by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: body-parser@1.20.1

... (truncated)

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 path-to-regexp@0.1.10 (#5902)
2a980ad merge-descriptors@1.0.3 (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: path-to-regexp@0.1.8 (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates knex from 0.20.6 to 2.4.0

Release notes

Sourced from knex's releases.

2.4.0

New features:

Support partial unique indexes #5316

Make compiling SQL in error message optional #5282

Bug fixes

Insert array into json column #5321

Fix unexpected max acquire-timeout #5377

Fix: orWhereJson #5361

MySQL: Add assertion for basic where clause not to be object or array #1227

SQLite: Fix changing the default value of a boolean column in SQLite #5319

Typings:

add missing type for 'expirationChecker' on PgConnectionConfig #5334

2.3.0

New features:

PostgreSQL: Explicit jsonb support for custom pg clients #5201

SQLite: Support returning with sqlite3 and better-sqlite3 #5285

MSSQL: Implement mapBinding mssql dialect option #5292

Typings:

Update types for TS 4.8 #5279

Fix typo #5267

Fix WhereJsonObject withCompositeTableType #5306

Fix AnalyticFunction type #5304

Infer specific column value type in aggregations #5297

2.2.0

New features:

Inline primary key creation for postgres flavours #5233

SQLite: Add warning for undefined connection file #5223

MSSQL: Add JSON parameter support for connection #5200

Bug fixes:

PostgreSQL: add primaryKey option for uuid #5212

Typings:

Add promisable and better types #5222

Update raw query bind parameter type #5208

2.1.0 - 26 May, 2022

... (truncated)

Changelog

Sourced from knex's changelog.

2.4.0 - 06 January, 2023

New features:

Support partial unique indexes #5316

Make compiling SQL in error message optional #5282

Bug fixes

Insert array into json column #5321

Fix unexpected max acquire-timeout #5377

Fix: orWhereJson #5361

MySQL: Add assertion for basic where clause not to be object or array #1227

SQLite: Fix changing the default value of a boolean column in SQLite #5319

Typings:

add missing type for 'expirationChecker' on PgConnectionConfig #5334

2.3.0 - 31 August, 2022

New features:

PostgreSQL: Explicit jsonb support for custom pg clients #5201

SQLite: Support returning with sqlite3 and better-sqlite3 #5285

MSSQL: Implement mapBinding mssql dialect option #5292

Typings:

Update types for TS 4.8 #5279

Fix typo #5267

Fix WhereJsonObject withCompositeTableType #5306

Fix AnalyticFunction type #5304

Infer specific column value type in aggregations #5297

2.2.0 - 19 July, 2022

New features:

Inline primary key creation for postgres flavours #5233

SQLite: Add warning for undefined connection file #5223

MSSQL: Add JSON parameter support for connection #5200

Bug fixes:

PostgreSQL: add primaryKey option for uuid #5212

Typings:

Add promisable and better types #5222

... (truncated)

Commits

3475d81 Prepare to release 2.4.0
e97f922 Bump tsd from 0.24.1 to 0.25.0 (#5396)
e145322 1227: add assertion for basic where clause values (#5417)
962bb0a Bump sinon from 14.0.2 to 15.0.1 (#5413)
ab45314 Add JSDoc (TS Flavour) to mjs stub file (#5390)
72bd1f7 Fix: orWhereJson (#5361)
4fc939a Fixes unexpected max acquire-timeout (#5377)
5c4837c Fix lib/.gitignore path separator on Windows. (#5325)
7dbbd00 Bump actions/setup-node from 3.4.1 to 3.5.1 (#5356)
d39051f fix: add missing type for 'expirationChecker' on PgConnectionConfig (#5334)
Additional commits viewable in compare view

Updates luxon from 1.11.4 to 1.28.1

Changelog

Sourced from luxon's changelog.

Changelog

3.5.0 (2024-08-03)

Various performance improvements

throwOnInvalid causes the constructor to throw if the year is invalid

3.4.4 (2023-11-12)

Localized week support (#1454)

Added custom inspect for Node (#1526)

Fix sorting in Interval.splitAt (#1524)

3.4.3 (2023-09-05)

Fixes another regression from 3.4.0 (#1496)

3.4.2 (2023-08-26)

Fixes regression from 3.4.1 (#1493)

3.4.1 (2023-08-23)

Fixes for regressions from 3.4.0 (#1482 and #1488)

3.4.0 (2023-08-08)

Fix type checking on input zones

Fix Islamic months listing

Fix normalize() for negative inputs

3.3.0 (2023-03-03)

Fix off-by-one in Interval#count (#1308)

Support formatting for custom zones (#1377)

Fix parsing for narrow spaces (#1369)

Handle leap year issue with AD 100 (#1390)

Allow parsing of just an offset

3.2.1 (2023-01-04)

Fix for RFC-2822 regex vulnerability

Better handling of BCP tags with -x- extensions

3.2.0 (2022-12-29)

Allow timeZone to be specified as an intl option

Fix for diff's handling of end-of-month when crossing leap years (#1340)

Add Interval.toLocaleString() (#1320)

... (truncated)

Commits

16a1aa3 bump to 1.38.1
612e0c7 fix rfc2822 regex
9dcec8c bump to 1.28.0
a0f42a2 Fixed small typo (#952)
307b135 Docs typo on dst weirdness (#962)
1f99fdd fix ISO year-ordinal strings with offsets (#966)
e0c8f87 .toSeconds() returns seconds.milliseconds (#944)
2d66ce4 Clarify toFormat docs (#938)
043f2b9 bump to 1.27.0
6ae0524 update node install instructions. Closes #682
Additional commits viewable in compare view

Updates mjml from 4.4.1 to 4.15.3

Release notes

Sourced from mjml's releases.

v4.15.2

Full Changelog: mjmlio/mjml@v4.15.1...v4.15.2

v4.15.0

What's Changed

fix(mjml-core): prevent empty style tags in head by @anthony-j-castro in mjmlio/mjml#2682

Add mjml-python to ports section in documentation by @caseyjhol in mjmlio/mjml#2732

fix: remove invalid vertical-align property from column by @garrettjohnson in mjmlio/mjml#2728

Add Easy-Email editor to the documentation. by @m-Ryan in mjmlio/mjml#2730

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in mjmlio/mjml#2714

fix(mjml-core): add print to media queries by @jimmyfortinx in mjmlio/mjml#2677

fix(mjml-core): close negative condition by @jdrouet in mjmlio/mjml#2704

Adding gradle plugin to documentation by @Frisch12 in mjmlio/mjml#2735

Improve Accessibility by @garrettjohnson in mjmlio/mjml#2738

fix: allow getShorthandAttrValue to parse borders by @garrettjohnson in mjmlio/mjml#2729

Bump get-func-name from 2.0.0 to 2.0.2 by @dependabot in mjmlio/mjml#2759

docs: add npm link by @louix in mjmlio/mjml#2756

fix mjml-navbar documentation by @ravigupta-art in mjmlio/mjml#2799

Automatic component dependencies registration by @Freezystem in mjmlio/mjml#2793

add x social network in socialelements.js with correct path to img by @npracht in mjmlio/mjml#2777

[CHORE] Overdue dep update by @iRyusa in mjmlio/mjml#2818

New Contributors

@anthony-j-castro made their first contribution in mjmlio/mjml#2682

@garrettjohnson made their first contribution in mjmlio/mjml#2728

@m-Ryan made their first contribution in mjmlio/mjml#2730

@jimmyfortinx made their first contribution in mjmlio/mjml#2677

@jdrouet made their first contribution in mjmlio/mjml#2704

@Frisch12 made their first contribution in mjmlio/mjml#2735

@louix made their first contribution in mjmlio/mjml#2756

@ravigupta-art made their first contribution in mjmlio/mjml#2799

@Freezystem made their first contribution in mjmlio/mjml#2793

@npracht made their first contribution in mjmlio/mjml#2777

Full Changelog: mjmlio/mjml@v4.14.1...v4.15.0

v4.14.1

What's Changed

Update cheerio and htmlparser2 by @Semigradsky in mjmlio/mjml#2669

New Contributors

@Semigradsky made their first contribution in mjmlio/mjml#2669

Full Changelog: mjmlio/mjml@v4.14.0...v4.14.1

v4.14.0

What's Changed

New

[ADD] padding-direction to social element by @JorenBassleer in mjmlio/mjml#2572

... (truncated)

Commits

1c2f459 v4.15.3
ced6179 v4.15.2
d276bf8 [FIX] Lockfile didn't update package.json
d53d73d v4.15.1
af922bd v4.15.0
988819d v4.14.1
d155945 Update cheerio and htmlparser2
9600817 v4.14.0
8b8089f Update description of useMjmlConfigOptions
77c9a78 Fix doc about the fonts option. (#2522)
Additional commits viewable in compare view

Updates pug from 2.0.4 to 3.0.3

Release notes

Sourced from pug's releases.

pug-code-gen@3.0.3

Bug Fixes

Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options (#3438)

pug@3.0.3

Bug Fixes

Update pug-code-gen with the following fix: (#3438)

Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

pug-code-gen@3.0.2

Bug Fixes

Sanitise the pretty option (#3314)

If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

pug@3.0.2

Bug Fixes

Serialize Buffers to strings when storing sources for use with compileDebug: true (#3269)

pug-code-gen@3.0.1

Bug Fixes

Update with to resolve core-js deprecation notice (#3259)

pug-runtime@3.0.1

Bug Fixes

Properly handle non-string values when rethrowing errors (#3269)

pug@3.0.1

Bug Fixes

Sanitise the pretty option (#3314)

If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

pug-attrs@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

pug-code-gen@3.0.0

Breaking Changes

Drop support for node 6 and 8 (#3243)

... (truncated)

Commits

32acfe8 fix: ensure template names are valid identifiers (#3438)
4767caf refactor: convert pug-error to TypeScript (#3355)
a724446 chore: update character-parser (#3354)
6cca8f7 docs: fix GitHub format in README (#3335)
d4b7f60 Properly handle errors originating from included files when compileDebug is e...
d6f0615 fix capture groups for "each" statements (#3274)
73ea7cf fix: keep lexer plugins inside tag interpolation (#3296)
29a53c5 fix: Fix pug-lexer parsed escaped interpolations incorrectly (#3299)
60b1b15 chore: update supported versions (#3315)
991e78f fix: sanitise and escape the pretty option (#3314)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pug-bot, a new releaser for pug since your current version.

Updates tinymce from 5.2.0 to 7.2.0

Changelog

Sourced from tinymce's changelog.

7.2.0 - 2024-06-19

Added

Added options.debug API that logs the initial raw editor options to console. #TINY-10605

Added referrerpolicy as a valid attribute for an iframe element. #TINY-10374

New onInit and stretched properties to the HtmlPanel dialog component. #TINY-10900

Added support for querying the state of the mceTogglePlainTextPaste command. #TINY-10938

Added for option to dialog label components to improve accessibility. The value must be another component on the same dialog. #TINY-10971

Improved

Dialog slider components now emit an onChange event when using arrow keys. #TINY-10428

Accessibility for element path buttons, added tooltip to describe the button and removed incorrect aria-level attribute. #TINY-10891

Improve merging of inserted inline elements by removing nodes with redundant inheritable styles. #TINY-10869

Improved Find & Replace dialog accessibility by changing placeholders to labels. #TINY-10871

Changed

Replaced tiny branding logo with Build with TinyMCE text and logo. #TINY-11001

Fixed

Deleting in a div with preceeding br elements would sometimes throw errors. #TINY-10840

autoresize_bottom_margin was not reliably applied in some situations. #TINY-10793

Fixed cases where adding a newline around a br, table or img would not move the cursor to a new line. #TINY-10384

Focusing on contenteditable="true" element when using editable_root: false and inline mode causing selection to be shifted. #TINY-10820

Corrected the role attribute on listbox dialog components to combobox when there are no nested menu items. #TINY-10807

HTML entities that were double decoded in noscript elements caused an XSS vulnerability. #TINY-11019

It was possible to inject XSS HTML that was not matching the regexp when using the noneditable_regexp option. #TINY-11022

7.1.2 - 2024-06-05

Fixed

CSS color values set to transparent were incorrectly converted to '#000000`. #TINY-10916

7.1.1 - 2024-05-22

Fixed

Insert/Edit image dialog lost focus after the image upload completed. #TINY-10885

Deleting into a list from a paragraph that has an img tag could cause extra inline styles to be added. #TINY-10892

Resolved an issue where emojis configured with the emojiimages database were not loading correctly due to a broken CDN. #TINY-10878

Iframes in dialogs were not rendering rounded borders correctly. #TINY-10901

Autocompleter possible values are no longer capped at a length of 10. #TINY-10942

7.1.0 - 2024-05-08

Added

Parser support for math elements. #TINY-10809

New math-equation icon. #TINY-10804

Improved

Included itemprop, itemscope and itemtype as valid HTML5 attributes in the core schema. #TINY-9932

Notification accessibility improvements: added tooltips, keyboard navigation and shortcut to focus on notifications. #TINY-6925

... (truncated)

Commits

754e390 TINY-10860: Prepare for 7.2 release (#9715)
a9fb858 TINY-11019 & TINY-11022: Fixed issues with noscript encoding and noneditable_...
3fae00c TINY-10807: Use role="combobox" for flat ListBox components (#9665)
e7ef3b6 TINY-10871: replace placeholders with labels in Find & Replace dialog (#9689)
6ce11b6 TINY-10936: Merge release to main (#9685)
5fa376a TINY-11001: Replaced tiny branding logo (#9683)
c42efc2 TINY-10938: Added query command for paste as plaintext status. (#9651)
70cff12 TINY-10971: introduce optional label for property (#9681)
054671e TINY-10891: Add tooltips to element path (#9676)
465fbbe TINY-10869: Improve merging inserted nested inline elements (#9658)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tinymce, a new releaser for tinymce since your current version.

Updates mongoose from 5.9.5 to 6.13.6

Release notes

Sourced from mongoose's releases.

6.13.6 / 2025-01-13

fix: disallow nested $where in populate match

6.10.1 / 2023-03-03

fix: avoid removing empty query filters in $and and $or #13086 #12898

fix(schematype): fixed validation for required UUID field #13018 lpizzinidev

fix(types): add missing Paths generic param to Model.populate() #13070

docs(migrating_to_6): added info about removal of reconnectTries and reconnectInterval options #13083 lpizzinidev

docs: fix code in headers for migrating_to_5 #13077 hasezoey

docs: backport misc documentation changes into 6.x #13091 hasezoey

6.10.0 / 2023-02-22

feat: upgrade to mongodb driver 4.14.0 #13036

feat: added Schema.prototype.omit() function #12939 #12931 lpizzinidev

feat(index): added createInitialConnection option to Mongoose constructor #13021 #12965 lpizzinidev

6.9.3 / 2023-02-22

fix(connection): delay calculating autoCreate and autoIndex until after initial connection established #13007 #12940 lpizzinidev

fix(discriminator): allows update doc with discriminatorKey #13056 #13055 abarriel

fix(query): avoid sending unnecessary empty projection to MongoDB server #13059 #13050

fix(model): avoid sending null session option with document operations #13053 #13052 lpizzinidev

fix(types): use MergeTypes for type overrides in HydratedDocument #13066 #13040

docs(middleware): list validate as a potential query middleware #13057 #12680

docs(getters-setters): explain that getters do not run by default on toJSON() #13058 #13049

docs: refactor docs generation scripts #13044 hasezoey

6.9.2 / 2023-02-16

fix(model): fixed post('save') callback parameter #13030 #13026 lpizzinidev

fix(UUID): added null check to prevent error on binaryToString conversion #13034 #13032 #13029 lpizzinidev Freezystem

fix(query): revert breaking changes introduced by #12797 #12999 lpizzinidev

fix(document): make array $shift() use $pop instead of overwriting array #13004

docs: update & remove old links #13019 hasezoey

docs(middleware): describe how to access model from document middleware #13031 AxeOfMen

docs: update broken & outdated links #13001 hasezoey

chore: change deno tests to also use MMS #12918 hasezoey

Changelog

Sourced from mongoose's changelog.

6.13.6 / 2025-01-13

fix: disallow nested $where in populate match CVE-2025-23061

8.9.4 / 2025-01-09

fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI

fix(model): make Model.validate() static correctly cast document arrays #15169 #15164

fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156

fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120

types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158

docs: fix <code> in header ids #15159

docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109

fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075

fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071

fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126

perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449

types: make BufferToBinary avoid Document instances #15123 #15122

types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111

types(schema): add missing removeIndex #15134

types: add cleanIndexes() to IndexManager interface #15127

docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109

fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108

fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI

types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057

types: add UUID to RefType #15115 #15101

docs: remove link to Mongoose 5.x docs from dropdown #15116

docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812

fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092

fix(model): handle discriminators in castObject() #15096 #15075

fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056

fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048

fix(document+schema): improve error message for get() on invalid path #15098 #15071

docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13
...
Description has been truncated

Bumps the npm_and_yarn group with 25 updates in the / directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.20.0` | | [knex](https://github.com/knex/knex) | `0.20.6` | `2.4.0` | | [luxon](https://github.com/moment/luxon) | `1.11.4` | `1.28.1` | | [mjml](https://github.com/mjmlio/mjml/tree/HEAD/packages/mjml) | `4.4.1` | `4.15.3` | | [pug](https://github.com/pugjs/pug) | `2.0.4` | `3.0.3` | | [tinymce](https://github.com/tinymce/tinymce/tree/HEAD/modules/tinymce) | `5.2.0` | `7.2.0` | | [mongoose](https://github.com/Automattic/mongoose) | `5.9.5` | `6.13.6` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `3.7.2` | `5.3.4` | | [next](https://github.com/vercel/next.js) | `9.2.1` | `14.2.21` | | [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) | `2.11.0` | `3.12.4` | | [rollup](https://github.com/rollup/rollup) | `1.32.0` | `2.79.2` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.0` | `3.3.2` | | [cookie](https://github.com/jshttp/cookie) | `0.3.1` | `0.7.0` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [gatsby](https://github.com/gatsbyjs/gatsby) | `2.13.25` | `4.25.7` | | [gatsby-plugin-sharp](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-plugin-sharp) | `2.4.5` | `4.25.1` | | [gatsby-transformer-remark](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-transformer-remark) | `2.6.6` | `5.25.1` | | [apollo-server-core](https://github.com/apollographql/apollo-server/tree/HEAD/packages/apollo-server-core) | `2.10.1` | `2.26.2` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.4.1` | `6.6.1` | | [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` | | [lodash-es](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `0.7.20` | `0.7.40` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `express` from 4.17.1 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.20.0) Updates `knex` from 0.20.6 to 2.4.0 - [Release notes](https://github.com/knex/knex/releases) - [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md) - [Commits](knex/knex@0.20.6...2.4.0) Updates `luxon` from 1.11.4 to 1.28.1 - [Changelog](https://github.com/moment/luxon/blob/master/CHANGELOG.md) - [Commits](moment/luxon@1.11.4...1.28.1) Updates `mjml` from 4.4.1 to 4.15.3 - [Release notes](https://github.com/mjmlio/mjml/releases) - [Commits](https://github.com/mjmlio/mjml/commits/v4.15.3/packages/mjml) Updates `pug` from 2.0.4 to 3.0.3 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.3) Updates `tinymce` from 5.2.0 to 7.2.0 - [Changelog](https://github.com/tinymce/tinymce/blob/main/modules/tinymce/CHANGELOG.md) - [Commits](https://github.com/tinymce/tinymce/commits/7.2.0/modules/tinymce) Updates `mongoose` from 5.9.5 to 6.13.6 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@5.9.5...6.13.6) Updates `webpack-dev-middleware` from 3.7.2 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v3.7.2...v5.3.4) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `next` from 9.2.1 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v9.2.1...v14.2.21) Updates `nuxt` from 2.11.0 to 3.12.4 - [Release notes](https://github.com/nuxt/nuxt/releases) - [Commits](https://github.com/nuxt/nuxt/commits/v3.12.4/packages/nuxt) Updates `rollup` from 1.32.0 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v1.32.0...v2.79.2) Updates `node-fetch` from 2.6.0 to 3.3.2 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.0...v3.3.2) Updates `cookie` from 0.3.1 to 0.7.0 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.3.1...v0.7.0) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `gatsby` from 2.13.25 to 4.25.7 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/compare/gatsby@2.13.25...gatsby@4.25.7) Updates `gatsby-plugin-sharp` from 2.4.5 to 4.25.1 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-sharp/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-plugin-sharp@4.25.1/packages/gatsby-plugin-sharp) Updates `gatsby-transformer-remark` from 2.6.6 to 5.25.1 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-transformer-remark/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-transformer-remark@5.25.1/packages/gatsby-transformer-remark) Updates `@babel/traverse` from 7.7.4 to 7.26.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.7/packages/babel-traverse) Updates `apollo-server-core` from 2.10.1 to 2.26.2 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Commits](https://github.com/apollographql/apollo-server/commits/apollo-server-core@2.26.2/packages/apollo-server-core) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `elliptic` from 6.4.1 to 6.6.1 - [Commits](indutny/elliptic@v6.4.1...v6.6.1) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `follow-redirects` from 1.5.10 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.5.10...v1.15.9) Updates `fsevents` from 1.2.9 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) Updates `http-cache-semantics` from 3.8.1 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v3.8.1...v4.1.1) Updates `lodash-es` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `postcss` from 6.0.23 to 7.0.27 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@6.0.23...7.0.27) Updates `pug-code-gen` from 2.0.2 to 3.0.3 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug-code-gen@2.0.2...pug-code-gen@3.0.3) Updates `sanitize-html` from 1.19.3 to 1.27.5 - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `socket.io-parser` from 3.3.0 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@3.3.0...4.2.4) Updates `socket.io` from 2.2.0 to 4.5.4 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.5.4/CHANGELOG.md) - [Commits](socketio/socket.io@2.2.0...4.5.4) Updates `tar` from 4.4.10 to 5.0.5 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.10...v5.0.5) Updates `ua-parser-js` from 0.7.20 to 0.7.40 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@0.7.20...0.7.40) Updates `vue` from 2.6.11 to 3.5.13 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/commits/v3.5.13) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: knex dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: luxon dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mjml dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: pug dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tinymce dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nuxt dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: node-fetch dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: gatsby dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: gatsby-plugin-sharp dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: gatsby-transformer-remark dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: apollo-server-core dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash-es dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pug-code-gen dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sanitize-html dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ua-parser-js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vue dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 8, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 40 updates#1

Bump the npm_and_yarn group across 1 directory with 40 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-85b76633df

dependabot bot commented on behalf of github Feb 8, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 8, 2025

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

2.4.0

New features:

Bug fixes

Typings:

2.3.0

New features:

Typings:

2.2.0

New features:

Bug fixes:

Typings:

2.1.0 - 26 May, 2022

2.4.0 - 06 January, 2023

New features:

Bug fixes

Typings:

2.3.0 - 31 August, 2022

New features:

Typings:

2.2.0 - 19 July, 2022

New features:

Bug fixes:

Typings:

Changelog

3.5.0 (2024-08-03)

3.4.4 (2023-11-12)

3.4.3 (2023-09-05)

3.4.2 (2023-08-26)

3.4.1 (2023-08-23)

3.4.0 (2023-08-08)

3.3.0 (2023-03-03)

3.2.1 (2023-01-04)

3.2.0 (2022-12-29)

v4.15.2

v4.15.0

What's Changed

New Contributors

v4.14.1

What's Changed

New Contributors

v4.14.0

What's Changed

New

pug-code-gen@3.0.3

Bug Fixes

pug@3.0.3

Bug Fixes

pug-code-gen@3.0.2

Bug Fixes

pug@3.0.2

Bug Fixes

pug-code-gen@3.0.1

Bug Fixes

pug-runtime@3.0.1

Bug Fixes

pug@3.0.1

Bug Fixes

pug-attrs@3.0.0

Breaking Changes

pug-code-gen@3.0.0

Breaking Changes

7.2.0 - 2024-06-19

Added

Improved

Changed

Fixed

7.1.2 - 2024-06-05