Bump the npm_and_yarn group across 1 directory with 18 updates #23

dependabot · 2025-06-05T14:53:09Z

Bumps the npm_and_yarn group with 14 updates in the /client directory:

Package	From	To
axios	`1.4.0`	`1.8.2`
@adobe/css-tools	`4.2.0`	`4.4.3`
@babel/traverse	`7.22.1`	`7.27.4`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
ejs	`3.1.9`	`3.1.10`
express	`4.18.2`	`4.21.2`
http-proxy-middleware	`2.0.6`	`2.0.9`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.6`	`3.3.11`
rollup	`2.79.1`	`2.79.2`
tough-cookie	`4.1.2`	`4.1.4`
webpack-dev-middleware	`5.3.3`	`5.3.4`
webpack	`5.84.1`	`5.99.9`

Updates axios from 1.4.0 to 1.8.2

Release notes

Sourced from axios's releases.

Release v1.8.2

Release notes:

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL

feat: add config option for allowing absolute URLs

fix: add default value for allowAbsoluteUrls in buildFullPath

fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.2 (2025-03-07)

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL

feat: add config option for allowing absolute URLs

fix: add default value for allowAbsoluteUrls in buildFullPath

... (truncated)

Commits

a9f7689 chore(release): v1.8.2 (#6812)
fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
9812045 chore(sponsor): update sponsor block (#6804)
72acf75 chore(sponsor): update sponsor block (#6794)
2e64afd chore(release): v1.8.1 (#6800)
36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
cceb7b1 chore(release): v1.8.0 (#6795)
23a25af fix(utils): replace getRandomValues with crypto module (#6788)
32c7bcc feat: Add config for ignoring absolute URLs (#5902) (#6192)
4a3e26c chore(config): adjust rollup config to preserve license header to minified Ja...
Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.4.3

Changelog

Sourced from @adobe/css-tools's changelog.

4.4.3 / 2025-05-15

Refactoring of the code to allow security static analysis from GitHub

Fix Polynomial regular expression used on uncontrolled data

Improve performance (very low improvement)

Switch some regex to string search (indexOf based)

Add new utils function with their corresponding unit-tests

Add nicer format of template areas #283 by @jogibear9988

Fix typescript error on ConstructorParameters (parcel) #444

4.4.2 / 2025-02-12

Fix regular expression for quoted values in parentheses

4.4.0 / 2024-06-05

add support for @starting-style #319

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

Commits

See full diff in compare view

Updates @babel/traverse from 7.22.1 to 7.27.4

Release notes

Sourced from @babel/traverse's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

babel-parser

#17312 fix(parser): properly handle optional markers in generator class methods (@magic-akari)

#17307 fix(parser): Terminate modifier parsing at newline (@magic-akari)

babel-generator, babel-parser

#17308 Improve import phase parsing (@JLHwung)

Committers: 7

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Vik R (@vikr01)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

babel-parser

#17312 fix(parser): properly handle optional markers in generator class methods (@magic-akari)

#17307 fix(parser): Terminate modifier parsing at newline (@magic-akari)

babel-generator, babel-parser

#17308 Improve import phase parsing (@JLHwung)

v7.27.2 (2025-05-06)

🐛 Bug Fix

babel-parser

#17289 fix: @babel/parser/bin/index.js contains node: protocol require (@liuxingbaoyu)

#17291 fix: Private class method not found when TS and estree (@liuxingbaoyu)

babel-plugin-transform-object-rest-spread

#17281 Fix: improve object rest handling in array pattern (@JLHwung)

babel-plugin-transform-modules-commonjs, babel-template

#17284 fix(babel-template): Properly handle empty string replacements (@magic-akari)

🏃‍♀️ Performance

babel-cli

... (truncated)

Commits

7d06930 v7.27.4
05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
da5e371 v7.27.3
2d0c76e Improve integrations of using declaration with other transforms (#17330)
eebd3a0 v7.27.1
62af1a6 fix: do expressions should allow early exit (#17137)
8e23272 [Babel 8] perf: Improve traverse performance (#16965)
9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
4d39e9d Harden variable declarator validations (#17217)
6cd1c60 Reduce generated names size for the 10th-11th (#17221)
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
458ca8e Fix native URL test for Node 20.
ca49e44 Handle KeepAlive connections in tests.
f3711d7 Test on Node 20 and 22.
fda0faf Fix typo.
760757f Release version 1.15.7 of the npm package.
Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.6 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

3.3.7

Fixed node16 TypeScript support (by Saadi Myftija).

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

640e694 0.1.12
f01c26a Merge commit from fork
0c71192 0.1.11
8f09549 Add error on bad input values
c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
Description has been truncated

Summary by Sourcery

Bump multiple client‐side dependencies to their latest patch and minor releases

Enhancements:
- Upgrade core libraries (axios, express, webpack, rollup, Babel traverse) to current versions
- Update utility and middleware packages (ejs, cross-spawn, http-proxy-middleware, tough-cookie, follow-redirects) for bug fixes and compatibility
- Patch security issues by bumping pattern-matching modules (micromatch, braces, path-to-regexp)
- Refresh Yarn lockfile to synchronize the updated dependency tree
Chores:
- Update client package lockfile after dependency upgrades

Bumps the npm_and_yarn group with 14 updates in the /client directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.4.0` | `1.8.2` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.2.0` | `4.4.3` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.22.1` | `7.27.4` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.11` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `4.1.2` | `4.1.4` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [webpack](https://github.com/webpack/webpack) | `5.84.1` | `5.99.9` | Updates `axios` from 1.4.0 to 1.8.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.4.0...v1.8.2) Updates `@adobe/css-tools` from 4.2.0 to 4.4.3 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `@babel/traverse` from 7.22.1 to 7.27.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-traverse) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.15.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.6 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.11) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `rollup` from 2.79.1 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.79.2) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `tough-cookie` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.2...v4.1.4) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `webpack` from 5.84.1 to 5.99.9 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.84.1...v5.99.9) --- updated-dependencies: - dependency-name: axios dependency-version: 1.8.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-version: 4.4.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.27.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 4.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.99.9 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2025-06-05T14:53:12Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
mi-libro	❌ Failed (Inspect)			Jun 5, 2025 3:38pm

sourcery-ai · 2025-06-05T14:53:15Z

Reviewer's Guide

This PR applies automated version bumps for 18 client-side npm packages by updating package.json entries and regenerating the yarn.lock file to align with the new dependency versions.

File-Level Changes

Change	Details	Files
Batch bump of client-side dependencies	Upgrade 18 packages in client/package.json to their latest patch or minor versions Include major improvements, bug fixes and security patches from upstream releases	`client/package.json`
Regenerate lock file to match updated versions	Reconcile and lock all bumped dependency versions Ensure yarn.lock reflects the new dependency tree	`client/yarn.lock`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2025

dependabot bot mentioned this pull request Jun 5, 2025

Bump tough-cookie from 4.1.2 to 4.1.3 in /client #11

Closed

vercel bot had a problem deploying to Preview June 5, 2025 15:38 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Bump the npm_and_yarn group across 1 directory with 18 updates #23

Bump the npm_and_yarn group across 1 directory with 18 updates #23

Uh oh!

dependabot bot commented on behalf of github Jun 5, 2025 •

edited by sourcery-ai bot

Loading

Uh oh!

vercel bot commented Jun 5, 2025 •

edited

Loading

Uh oh!

sourcery-ai bot commented Jun 5, 2025 •

edited

Loading

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Bump the npm_and_yarn group across 1 directory with 18 updates #23

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 18 updates #23

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 5, 2025 • edited by sourcery-ai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release v1.8.2

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.0

Release notes:

Bug Fixes

Features

Reverts

BREAKING CHANGES

Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes

Contributors to this release

1.8.1 (2025-02-26)

Bug Fixes

Contributors to this release

1.8.0 (2025-02-25)

Bug Fixes

Features

Reverts

BREAKING CHANGES

4.4.3 / 2025-05-15

4.4.2 / 2025-02-12

4.4.0 / 2024-06-05

4.3.3 / 2024-01-24

4.3.2 / 2023-11-28

4.3.1 / 2023-03-14

4.3.0 / 2023-03-07

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

Committers: 4

v7.27.3 (2025-05-27)

🐛 Bug Fix

Committers: 7

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

v7.27.3 (2025-05-27)

🐛 Bug Fix

v7.27.2 (2025-05-06)

🐛 Bug Fix

🏃‍♀️ Performance

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

v3.1.10

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

dependabot bot commented on behalf of github Jun 5, 2025 •

edited by sourcery-ai bot

Loading

Support named matching groups in `RegExp`

vercel bot commented Jun 5, 2025 •

edited

Loading

sourcery-ai bot commented Jun 5, 2025 •

edited

Loading