Bump the npm_and_yarn group across 1 directory with 24 updates #192

dependabot · 2026-01-28T22:07:56Z

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package	From	To
axios	`1.6.7`	`1.12.0`
body-parser	`1.20.2`	`1.20.4`
express	`4.19.2`	`4.22.1`
cookie	`0.6.0`	`1.1.1`
mongoose	`8.2.0`	`8.22.0`
multer	`1.4.5-lts.1`	`2.0.2`
brace-expansion	`1.1.11`	`1.1.12`
@smithy/config-resolver	`2.1.4`	`2.2.0`
braces	`3.0.2`	`3.0.3`
diff	`4.0.2`	`4.0.4`
ejs	`3.1.9`	`3.1.10`
glob	`10.3.10`	`10.5.0`
js-yaml	`4.1.0`	`4.1.1`
jws	`3.2.2`	`3.2.3`
lodash	`4.17.21`	`4.17.23`
micromatch	`4.0.5`	`4.0.8`
on-headers	`1.0.2`	`1.1.0`
ws	`8.11.0`	`8.18.3`

Updates axios from 1.6.7 to 1.12.0

Release notes

Sourced from axios's releases.

Release v1.12.0

Release notes:

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

Release v1.11.0

Release notes:

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.0 (2025-09-11)

Bug Fixes

adding build artifacts (9ec86de)

dont add dist on release (a2edc36)

fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)

node: enforce maxContentLength for data: URLs (#7011) (945435f)

package exports (#5627) (aa78ac2)

params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)

release pr run (fd7f404)

types: change the type guard on isCancel (#5595) (0dbb7fd)

Features

adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)

fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)

support reviver on JSON.parse (#5926) (2a97634), closes #5924

types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

Willian Agostini

Dmitriy Mozgovoy

khani

Ameer Assadi

Emiedonmokumo Dick-Boro

Zeroday BYTE

Jason Saayman

최예찬

Gligor Kotushevski

Aleksandar Dimitrov

1.11.0 (2025-07-22)

Bug Fixes

form-data npm pakcage (#6970) (e72c193)

prevent RangeError when using large Buffers (#6961) (a2214ca)

types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

izzy goldman

Manish Sahani

Noritaka Kobayashi

James Nail

Tejaswi1305

1.10.0 (2025-06-14)

... (truncated)

Commits

0d8ad6e chore(release): v1.12.0 (#7013)
fd7f404 fix: release pr run
a2edc36 fix: dont add dist on release
9ec86de fix: adding build artifacts
945435f fix(node): enforce maxContentLength for data: URLs (#7011)
28e5e30 chore(sponsor): update sponsor block (#7005)
d03f245 chore(CI): fixed release info script to use npm registry instead of git as fi...
a0bc911 chore: removing dist files from src (#7002)
c959ff2 feat(fetch): add fetch, Request, Response env config variables for the adapte...
a9f47af fix(fetch-adapter): set correct Content-Type for Node FormData (#6998)
Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

... (truncated)

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates cookie from 0.6.0 to 1.1.1

Release notes

Sourced from cookie's releases.

v1.1.1

Fixed

Overwrite value in passed in options (#253) c66147c

When value was provided in serialize(key, value, { value }) the value in options was used instead of the value passed as an argument

jshttp/cookie@v1.1.0...v1.1.1

v1.1.0

Added:

Add stringifyCookie and parseSetCookie methods (#244, #214)

Rename existing methods for clarity (old method names remain for backward compatibility)

parse → parseCookie

serialize → stringifySetCookie

Add side effects field (#245) 00b0327

jshttp/cookie@v1.0.2...v1.1.0

v1.0.2

Fixed

Loosen cookie name/value validation (#210)

fix: options.priority used incorrect fallback (#207) by @jonchurch

Added

Add import example to README (#190) by @isnifer

jshttp/cookie@v1.0.1...v1.0.2

v1.0.1

Added

Allow case insensitive options (#194) 3bed080

jshttp/cookie@v1.0.0...v1.0.1

v1.0.0

Breaking changes

Use modern JS features, ship TypeScript definition (#175) 1cc64ff

Adds __esModule marker, imports need to use import { parse, serialize } or import * as cookie

Minimum node.js v18

Uses null prototype object for parse return value

Changes strict and priority to match the lower case strings (i.e. low, not LOW or Low)

... (truncated)

Commits

1b89eec 1.1.1
c66147c Overwrite value in passed in options (#253)
09cec9f 1.1.0
05ebd34 Add tests for parsing top sites (#249)
6214eaf Add benchmark for parseSetCookie (#247)
71798d7 Fix skip over of boolean attributes (#248)
9e41cf1 build(deps): bump the npm_and_yarn group across 1 directory with 4 updates (#...
6fea506 Add parse method for set-cookie (#244)
00b0327 Add side effects field (#245)
94586de feat: remove dependabot from repo (#242)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.19.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

... (truncated)

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates mongoose from 8.2.0 to 8.22.0

Release notes

Sourced from mongoose's releases.

8.22.0 / 2026-01-27

feat(model): allow passing strict option to hydrate() #15944 #15940

8.21.1

fix(clone): fix parent doc for map subdocuments and array subdocuments #15958 AbdelrahmanHafez

fix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc #15904 #15901

fix: respect currentTime schema option in bulkWrite updates #15976 sderrow

types(models): support Mongoose query casting in AnyBulkWriteOperation filter property #15910

types: add toBSON() to documents #15927

8.21.0 / 2025-12-29

feat(document): add support for getAtomics() to allow custom container types to utilize atomics #15817

feat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks #15908 #15870

fix: add support for typescript style enums #15914 #15913 mjfwebb

8.20.4 / 2025-12-18

fix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully #15898

fix(document): use bitwise OR to accumulate version mode flags #15893 #15888 AbdelrahmanHafez

8.20.3 / 2025-12-15

perf: use Object.hasOwn instead of Object#hasOwnProperty #15875 AbdelrahmanHafez

fix: improve error when calling Document.prototype.init() with null/undefined #15812 Vegapunk-debug

types(schema): avoid treating paths with default: null as required #15889

types(schema): allow partial statics to schema.statics() #15780

8.20.2 / 2025-12-05

fix(model): bump version if necessary after successful bulkSave() #15809 #15800

fix(bulkWrite): pass overwriteImmutable option to castUpdate fixes #15789 #15782 #15781

types(schema): allow calling schema.static() with as TStatics #15794 #15780

8.20.1 / 2025-11-20

types: correct Model.schema type and fix unknown check for this param type in schema.methods #15750 #15693

docs: add detailed loadClass() TypeScript usage guide #15731 #12813 Necro-Rohan

docs: update version support documentation for Mongoose #15761 ManmathX

docs: add copy-to-clipboard feature for code blocks in docs #15759 vedansha07

8.20.0 / 2025-11-17

feat: cast id parameter based on schema _id type in DocumentArray.id() #15733 #15725 #15724 https://github.com/Automattic/mongoose/blob/HEAD/Lex-Ashu

fix: pass parent schema to SchemaType constructors in interpretAsType to make implementing custom container types easier #15700

types(models): default _id type to ObjectId for Document #15688 Catwallon

docs: add FAQ entry about DivergentArrayError #15743 Mario5T

docs: update browser.md with Mongoose limitations #15744 YashSharma64

chore: add benchmark for large nested array documents (related to #9588) #15742 Kundan-CR7

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.22.0 / 2026-01-27

feat(model): allow passing strict option to hydrate() #15944 #15940

8.21.1 / 2026-01-23

fix(clone): fix parent doc for map subdocuments and array subdocuments #15958 AbdelrahmanHafez

fix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc #15904 #15901

fix: respect currentTime schema option in bulkWrite updates #15976 sderrow

types(models): support Mongoose query casting in AnyBulkWriteOperation filter property #15910

types: add toBSON() to documents #15927

8.21.0 / 2025-12-29

feat(document): add support for getAtomics() to allow custom container types to utilize atomics #15817

feat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks #15908 #15870

fix: add support for typescript style enums #15914 #15913 mjfwebb

8.20.4 / 2025-12-18

fix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully #15898

fix(document): use bitwise OR to accumulate version mode flags #15893 #15888 AbdelrahmanHafez

8.20.3 / 2025-12-15

perf: use Object.hasOwn instead of Object#hasOwnProperty #15875 AbdelrahmanHafez

fix: improve error when calling Document.prototype.init() with null/undefined #15812 Vegapunk-debug

types(schema): avoid treating paths with default: null as required #15889

types(schema): allow partial statics to schema.statics() #15780

8.20.2 / 2025-12-05

fix(model): bump version if necessary after successful bulkSave() #15809 #15800

fix(bulkWrite): pass overwriteImmutable option to castUpdate fixes #15789 #15782 #15781

types(schema): allow calling schema.static() with as TStatics #15794 #15780

7.8.8 / 2025-12-04

fix(bulkWrite): pass overwriteImmutable option to castUpdate fixes #15789 #15782

Bumps the npm_and_yarn group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.6.7` | `1.12.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.4` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.22.1` | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `1.1.1` | | [mongoose](https://github.com/Automattic/mongoose) | `8.2.0` | `8.22.0` | | [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `2.1.4` | `2.2.0` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [glob](https://github.com/isaacs/node-glob) | `10.3.10` | `10.5.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [ws](https://github.com/websockets/ws) | `8.11.0` | `8.18.3` | Updates `axios` from 1.6.7 to 1.12.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.12.0) Updates `body-parser` from 1.20.2 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.4) Updates `express` from 4.19.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.19.2...v4.22.1) Updates `cookie` from 0.6.0 to 1.1.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v1.1.1) Updates `express` from 4.19.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.19.2...v4.22.1) Updates `mongoose` from 8.2.0 to 8.22.0 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/8.22.0/CHANGELOG.md) - [Commits](Automattic/mongoose@8.2.0...8.22.0) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `qs` from 6.11.2 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.2...v6.14.1) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `@smithy/config-resolver` from 2.1.4 to 2.2.0 - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@2.2.0/packages/config-resolver) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Changelog](https://github.com/mde/ejs/blob/main/RELEASE_NOTES_v4.md) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `glob` from 10.3.10 to 10.5.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.3.10...v10.5.0) Updates `form-data` from 4.0.0 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.5) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `tar` from 6.2.0 to 7.5.4 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v7.5.4) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `ws` from 8.11.0 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.11.0...8.18.3) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 1.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 8.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@smithy/config-resolver" dependency-version: 2.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 8.18.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 24 updates #192

Bump the npm_and_yarn group across 1 directory with 24 updates #192

Uh oh!

dependabot bot commented on behalf of github Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Bump the npm_and_yarn group across 1 directory with 24 updates #192

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 24 updates #192

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 28, 2026

Release v1.12.0

Release notes:

Bug Fixes

Features

Contributors to this release

Release v1.11.0

Release notes:

Bug Fixes

Contributors to this release

1.12.0 (2025-09-11)

Bug Fixes

Features

Contributors to this release

1.11.0 (2025-07-22)

Bug Fixes

Contributors to this release

1.10.0 (2025-06-14)

1.20.4

What's Changed

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.4 / 2025-12-01

1.20.3 / 2024-09-10

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

8.22.0 / 2026-01-27

8.21.1

8.21.0 / 2025-12-29

8.20.4 / 2025-12-18

8.20.3 / 2025-12-15

8.20.2 / 2025-12-05

8.20.1 / 2025-11-20

8.20.0 / 2025-11-17

8.22.0 / 2026-01-27

8.21.1 / 2026-01-23

8.21.0 / 2025-12-29

8.20.4 / 2025-12-18

8.20.3 / 2025-12-15