Bump the npm_and_yarn group across 1 directory with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package	From	To
body-parser	1.19.0	1.20.3
express	4.17.2	4.21.2
pm2	5.3.0	6.0.8
ws	8.13.0	8.18.3
ws	7.5.9	7.5.10
base-x	3.0.9	3.0.11
brace-expansion	1.1.11	1.1.12
brace-expansion	2.0.1	2.0.2
braces	3.0.2	3.0.3
cipher-base	1.0.4	1.0.6
cookie	0.4.1	0.7.2
cookie-parser	1.4.6	1.4.7
cross-spawn	7.0.3	7.0.6
elliptic	6.5.4	6.6.1
form-data	4.0.0	4.0.4
micromatch	4.0.5	4.0.8
pbkdf2	3.1.2	3.1.3
secp256k1	4.0.3	4.0.4
sha.js	2.4.11	2.4.12
tar-fs	2.1.1	2.1.3

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.17.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates pm2 from 5.3.0 to 6.0.8

Release notes

Sourced from pm2's releases.

v6.0.8

• fix: package-lock update

v6.0.7

• fix: ansis-node10 Unitech/pm2@99d9224 @
  webdiscus

v6.0.6

• refactor: replace chalk with ansis by @​webdiscus fix #5976 #5247

v6.0.5

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA
• Fix treekil on FreeBSD #5896 @​skeyby
• fix allowing to update namespaced pm2 NPM module (@​org/module-name) #5915 @​endelendel

v5.4.2

• Unitech/pm2#5833
• keymetrics/pm2-io-apm#301

5.4.1

Update websocket dependency in pm2/agent submodule

5.4.0

• drop old uuid sub dependency
• #5782 add autostart true||false feature by @​ultimate-tester
• update modules

5.3.1

• Fix terminal width when condensed Unitech/pm2@cac8393
• Auto run tsx/ts files with bun binary instead of ts-node Unitech/pm2@f122aab
• #5686 Switch from Travis CI to Github Actions
• #5680 Fixed reserved keyword for ES6 Strict Mode when Bundling @​juaneth
• #5683 update badges
• #5684 auto switch light and dark mode logos
• #5678 Bugfix/deploy ecosystem filename extension / esm module default ecosystem config name @​TeleMediaCC
• #5660 Fix matching logic for logs from namespace when lines = 0 @​bawjensen
• fix "vulnerabilities" in axios module

Changelog

Sourced from pm2's changelog.

6.0.8

• fix: package-lock update

6.0.7

• fix: ansis-node10 Unitech/pm2@99d9224 @​webdiscus

6.0.6

• refactor: replace chalk with smaller alternative by @​webdiscus

6.0.5

• Bun support - Fixes #5893 #5774 #5682 #5675 #5777
• Disable git parsing by default #5909 #2182 #5801 #5051 #5696
• Add WEBP content type for pm2 serve #5900 @​tbo47
• Enable PM2 module update from tarball #5906 @​AYOKINYA
• Fix treekil on FreeBSD #5896 @​skeyby
• fix allowing to update namespaced pm2 NPM module (@​org/module-name) #5915 @​endelendel

5.4.3

• Update sub packages

5.4.2

• Update sub packages

5.4.1

• @​pm2/io DeprecationWarning: The util._extend API is deprecated keymetrics/pm2-io-apm#301 @​egoroof

5.4.0

• #5782 add autostart true||false feature by @​ultimate-tester
• fix UUID deprecation
• updates modules

5.3.1

• #5686 Switch from Travis CI to Github Actions
• #5680 Fixed reserved keyword for ES6 Strict Mode when Bundling @​juaneth
• #5683 update badges
• #5684 auto switch light and dark mode logos
• #5678 Bugfix/deploy ecosystem filename extension / esm module default ecosystem config name @​TeleMediaCC
• #5660 Fix matching logic for logs from namespace when lines = 0 @​bawjensen
• fix "vulnerabilities" in axios module

Commits

• 3b3b547 pm2@6.0.8
• acacda0 pm2@6.0.7
• 4666629 Update README.md
• 795c28a package lock updates
• 1f97eb4 workflow test change
• d3bcdca merge / add new workflow
• 99d9224 Merge pull request #5986 from webdiscus/fix-ansis-node10
• 478fe49 Update README.md
• d4bbe91 fix: cannot find module ansis on Node.js < 14
• e71120a pm2@6.0.6
• Additional commits viewable in compare view

Updates ws from 8.13.0 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

• Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (33f5dbaf).

8.18.2

Bug fixes

• Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

</tr></table>

... (truncated)

Commits

• dabbdec [dist] 8.18.3
• 33f5dba [fix] Respond with the supported protocol versions (#2291)
• 22a5a17 [ci] Test on node 24
• e67eb7a [ci] Do not test on node 23
• fa670f2 [ci] Run the lint step on node 22
• 0eb8535 [dist] 8.18.2
• 4f20aed [fix] Handle oversized messages with designated error (#2285)
• aa998e3 [pkg] Update globals to version 16.0.0
• cf25954 [minor] Fix nit in error message
• b92745a [dist] 8.18.1
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

• Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (33f5dbaf).

8.18.2

Bug fixes

• Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

</tr></table>

... (truncated)

Commits

• dabbdec [dist] 8.18.3
• 33f5dba [fix] Respond with the supported protocol versions (#2291)
• 22a5a17 [ci] Test on node 24
• e67eb7a [ci] Do not test on node 23
• fa670f2 [ci] Run the lint step on node 22
• 0eb8535 [dist] 8.18.2
• 4f20aed [fix] Handle oversized messages with designated error (#2285)
• aa998e3 [pkg] Update globals to version 16.0.0
• cf25954 [minor] Fix nit in error message
• b92745a [dist] 8.18.1
• Additional commits viewable in compare view

Updates base-x from 3.0.9 to 3.0.11

Commits

• 043a888 3.0.11
• 2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
• 3d43c0e 3.0.10
• 0a35446 Improve decoding performance
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cipher-base from 1.0.4 to 1.0.6

Changelog

Sourced from cipher-base's changelog.

v1.0.6 - 2024-11-26

Commits

• [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

• [Tests] standard -> eslint, make test dir, etc ae02fd6
• [Tests] migrate from travis to GHA 66387d7
• [meta] fix package.json indentation 5c02918
• [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
• [meta] add auto-changelog 88dc806
• [meta] add npmignore and safe-publish-latest 7a137d7
• Only apps should have lockfiles 42528f2
• [Deps] update inherits, safe-buffer 0e7a2d9
• [meta] add missing engines.node f2dc13e

Commits

• f5249f9 v1.0.6
• b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
• f03cebf v1.0.5
• 88dc806 [meta] add auto-changelog
• 7a137d7 [meta] add npmignore and safe-publish-latest
• 5c02918 [meta] fix package.json indentation
• 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
• 66387d7 [Tests] migrate from travis to GHA
• f2dc13e [meta] add missing engines.node
• 0e7a2d9 [Deps] update inherits, safe-buffer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Updates cookie from 0.4.1 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

• Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

Commits

• d19eaa1 0.7.2
• bc38ffd Fix object assignment of hasOwnProperty (#177)
• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates cookie-parser from 1.4.6 to 1.4.7

Release notes

Sourced from cookie-parser's releases.

1.4.7

What's Changed

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/cookie-parser#103
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/cookie-parser#104
• ci: Use GITHUB_OUTPUT envvar instead of set-output command by @​arunsathiya in expressjs/cookie-parser#100
• deps: cookie@0.7.2 by @​SamChatfield in expressjs/cookie-parser#116
• Release: 1.4.7 by @​UlisesGascon in expressjs/cookie-parser#117

New Contributors

• @​inigomarquinez made their first contribution in expressjs/cookie-parser#103
• @​arunsathiya made their first contribution in expressjs/cookie-parser#100
• @​SamChatfield made their first contribution in expressjs/cookie-parser#116
• @​UlisesGascon made their first contribution in expressjs/cookie-parser#117

Full Changelog: expressjs/cookie-parser@1.4.6...1.4.7

Changelog

Sourced from cookie-parser's changelog.

1.4.7 / 2024-10-08

• deps: cookie@0.7.2
  • Fix object assignment of hasOwnProperty
• deps: cookie@0.7.1
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: cookie@0.7.0
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack
• deps: cookie@0.6.0
  • Add partitioned option
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
• deps: cookie@0.4.2
  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

Commits

• 5d61e1e 1.4.7
• ccf1f54 deps: cookie@0.7.2 (#116)
• 429cfd4 ci: Use GITHUB_OUTPUT envvar instead of set-output command (#100)
• ca4c97e ci: fix errors in ci pipeline for node 8 and 9 (#104)
• 97bdf39 ci: add support for OSSF scorecard reporting (#103)
• e5862bd build: Node.js@17.6
• f0688d2 build: Node.js@14.19
• 44ec541 build: Node.js@16.14
• 695435a deps: cookie@0.4.2
• f66e7e1 build: mocha@9.2.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cookie-parser since your current version.

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6