Skip to content

Bump the default group across 1 directory with 14 updates #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the default group across 1 directory with 14 updates #132

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025

Bumps the default group with 14 updates in the / directory:

Package From To
bcryptjs 2.4.3 3.0.3
body-parser 1.20.4 2.2.1
config 3.3.12 4.1.1
express 4.22.1 5.2.1
nano 9.0.5 11.0.3
uuid 8.3.2 13.0.0
chai 4.5.0 6.2.1
eslint 7.32.0 9.39.1
eslint-config-airbnb-base 14.2.1 15.0.0
mocha 9.2.2 11.7.5
nodemon 2.0.22 3.1.11
nyc 15.1.0 17.1.0
sinon 12.0.1 21.0.0
supertest 6.3.4 7.1.4

Updates bcryptjs from 2.4.3 to 3.0.3

Release notes

Sourced from bcryptjs's releases.

v3.0.3

Bug fixes

  • Always yield to event loop before nextTick for async versions (#164) (1211e9a2213e0b3ee232a204b3ce899beebce31a)

v3.0.2

Bug fixes

  • Use upstream fix to emit interop helpers (28e510389374f5736c447395443d4a6687325048)

v3.0.1

Bug fixes

  • Separate ESM and UMD type definitions (e7055caf0c723cbcf8bc3f0784b8c30ee332380f)

v3.0.0

Breaking changes

  • Modernize project structure (2f45985738604c743c4b8cc8464e3e7d3e04c73d) The project now exports an ECMAScript module by default, albeit with an UMD fallback, ships with types, the dist/ directory no longer exists in version control, and Closure Compiler externs have been removed.
  • Generate 2b hashes by default (d36bfb42fa642b6d6986a84ce106a7110e5824db) This library was not affected by the bug that led to incrementing the bcrypt version from 2a to 2b, but nowadays most implementations use 2b, including the native bcrypt binding, so this change aligns with them. Existing hashes will continue to work, but test logic that generates hashes and compares them literally might need to be updated to account for the new default.

Features

  • Add helper to check for password input length (d5656b39e2e368c87724a312e4e454456a4e5d1b)

Other

  • Update publish workflow (2a9bea9e276e6be04dbd403f9695937788b3b10a)
  • Add note on using the ESM variant in the browser (e09eb9afb14170069aaea19631b763307ee7b480)
  • Update types (58333a1533dd53838e2697628f84b98d54a5c079)
  • Merge lint and test workflows (2e3b17659e8856696acfe3015631ce2989eb3084)
  • Fix tests (ec02e8a0ada7a8f6c71a91df164db8c25bbbb7b4)
  • Update legacy fallback to handle crypto dependency (9db275fa10b1b40da4a6844480d7f8ae8df27fb8)
  • Update lint workflow title (ac70ac57c2f99ad5639eddf54578e5fdd07b9c4c)
  • Adapt crypto module usage for ESM environments (574d690d4972bcebbd5ca07880a62abab9ae3c0b)
  • Format with prettier (e7465479282d8155852ce88d6407eccb14adc106)
  • Rename default branch to 'main' (548559d032d7dd5ac3e4e16d7afd87b36ebe96ca)
  • Update description to mention TypeScript support (4977df0849eaf8cad5b0d0b543fe452432a2d761)
  • Add stale action for issues and PRs (a84d4e45487df0972d8781feafa477d5db4c1dbd)
  • Fix typo (c8c9c01799bbc13092fcbb20cfab4d9015d14c61)
  • Fix Node.js version in CI (1b54cc48d4120b50e1d9058e5a67f326102fd744)

Backlog from v2

  • Added externs to .npmignore (#124) (7e2e93af99df2952253f9cf32db29aefa8f272f7) The npm package does not need externs as it is needed only for closure compiler. Added it in .npmignore since bcryptjs overrides global module and process in WebStorm IDE.
  • Make sure the bin script uses LF (684fac6814a81d974c805a15e22fd69922c7ca6e)
  • Post-merge; Clean up a bit (b09f7f266a7015456b7b36deeb026dc636f64542)

... (truncated)

Commits
  • 1211e9a fix: Always yield to event loop before nextTick for async versions (#164)
  • 28e5103 fix: Use upstream fix to emit interop helpers
  • e7055ca fix: Separate ESM and UMD type definitions
  • 2a9bea9 Update publish workflow
  • d5656b3 Add helper to check for password input length
  • e09eb9a Add note on using the ESM variant in the browser
  • 58333a1 Update types
  • 2e3b176 Merge lint and test workflows
  • ec02e8a Fix tests
  • 9db275f Update legacy fallback to handle crypto dependency
  • Additional commits viewable in compare view

Updates body-parser from 1.20.4 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

2.0.2 / 2024-10-31

  • remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

  • Restore expected behavior extended to false

2.0.0 / 2024-09-10

Breaking Changes

  • Node.js 18 is the minimum supported version
  • req.body is no longer always initialized to {}
    • it is left undefined unless a body is parsed
  • Remove deprecated bodyParser() combination middleware
  • urlencoded parser now defaults extended to false as released, this is not the case, fixed in 2.0.1
  • urlencoded simple parser now uses qs module instead of querystring module

... (truncated)

Commits
  • d96b63d 2.2.1 (#659)
  • b204886 sec: security patch for CVE-2025-13466
  • e20e351 feat: remove history.md from being packaged on publish (#660)
  • 0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
  • 168afff ci: also test on first supported node.js version (#646)
  • e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
  • 9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
  • 57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
  • a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
  • 10a114d test: add test for urlencoded invalid defaultCharset (#643)
  • Additional commits viewable in compare view

Updates config from 3.3.12 to 4.1.1

Release notes

Sourced from config's releases.

v4.1.1

What's Changed

This release includes only test and devDependency changes

Full Changelog: node-config/node-config@v4.1.0...v4.1.1

v4.1.0

Breaking Changes

Several bugs were fixed that a user code might theoretically rely on, but most likely not:

  • Config.getSources() no longer contains files read by parseFile outside of the load process
  • when setModuleDefaults('modulename', ...) is called twice, the second call can overwrite values from the first
  • Config.getSources() now agrees with setModuleDefaults, no matter how often it is called

What's Changed

Bugs fixed:

  • #687 - you can now have deferConfig lines in submodules
  • #822 - setModuleDefaults calls are now additive (slightly higher memory usage for defaults as a consequence)
  • #827 - more accurate tracking of sources

v4.0.1

This release finalizes some work to extract 'util' functionality from lib/config.js into lib/util.js.

Breaking Changes

None known

What's Changed

  • Finished extraction of util functions to lib/util.js
  • Documentation of how to utilize this code for testing, or to drive setModuleDefaults()

v4.0.0

This release adds support for .jsonc and .mjs files. Note that MJS support requires Node 24 or recent patch releases of 20 or 22.

Breaking Changes

  • removes the unused stripComments() function
  • removes deprecated support for loading runtime.[ext] files.
  • changes the load order of APP_INSTANCE files to match other file sets

What's Changed

... (truncated)

Commits
  • 29a7bfd Merge pull request #854 from jdmarshall/avow
  • eada383 remove vows
  • 5aacc72 Convert the last test file to nodejs test framework.
  • 6a3ade1 Adding strict and cleaning up warnings.
  • 9fb5524 Convert 2-config-test and deal with issues detailed in #853
  • 3374d74 Convert more tests
  • 5e1e5dc Convert util tests. Fix a couple of broken tests.
  • 45af5ef Finish off the medium sized test files, converting to node:test
  • c0c4985 Convert another block of tests to node:test
  • 758fbf1 Convert 0-util.js to node:test
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jdmarshall, a new releaser for config since your current version.


Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: [email protected]
  • deps: [email protected]

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: [email protected]
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

... (truncated)

Commits

Updates nano from 9.0.5 to 11.0.3

Release notes

Sourced from nano's releases.

11.0.3

  • add missing TypeScript definition for findAsStream

11.0.2

Added headers to TypeScript definition of the object that can be supplied when instantiating Nano.

11.0.1

Fix up response object so that Bun (and Node) users get sensible error messages. Thanks @​digitalextremist

11.0.0

  • Replaces axios with the Node.js's built-in fetch for HTTP requests. 🕸️
  • Replaces nock and jest with Node.js's build in testing framework. 🧪
  • Removes support for callbacks. 📞
  • Nano becomes a zero-dependency library. 👏
  • Desiged for Node.js 20 and above (if you are still running older versions of Node then stick with Nano 10)

The vast majority of the API stays the same but there are some breaking changes. See Nano v10 to v11 Migration Guide.

Some background.

fetch

Originally Nano was built on top of the request library which was later deprecated. At this point I reworked it to use axios instead. This PR eliminates axios and other axios-related dependencies and instead uses the new kid on the block: the fetch API.

The fetch feature has found widespread adoption in web browsers as a means of handling outbound HTTP requests. It has found its way into Node.js as a global function and is marked as an experimental feature in Node 18/19 and is mainstream in Node 20 and beyond.

Node.js's fetch capability is powered by the undici package which is bundled with Node.js and in turn uses Node's low-level network libraries instead of being based on the higher-level http/https built-in modules. It purports to be significantly faster (according to its own benchmarks) than traffic routed through http/https modules, as is the case with other HTTP libraries like axios & request.

10.1.4

10.1.3

Maintenance release to update axios

10.1.2

  • Bug fix for cookie refresh handling

10.1.1

  • bug fix for session persistence when using nano.auth

10.1.0

  • update dependencies, including using the latest, post v1, Axios
  • aborting in-flight HTTP requests initiated by ChangesReader when stop is called. cc @​insidewhy
  • remove axios-cookiejar-support dependency which causes some users problems
  • ensure callbacks are called with Error objects cc @​revington
  • various small typos and Typescript fixes from @​lukashass @​insidewhy @​DougReeder

... (truncated)

Commits

Updates uuid from 8.3.2 to 13.0.0

Release notes

Sourced from uuid's releases.

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

v12.0.0

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

Features

Bug Fixes

v11.1.0

11.1.0 (2025-02-19)

Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

v11.0.5

11.0.5 (2025-01-09)

Bug Fixes

... (truncated)

Changelog

Sourced from uuid's changelog.

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

Features

Bug Fixes

11.1.0 (2025-02-19)

Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

11.0.5 (2025-01-09)

Bug Fixes

11.0.4 (2025-01-05)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by broofa, a new releaser for uuid since your current version.


Updates chai from 4.5.0 to 6.2.1

Release notes

Sourced from chai's releases.

v6.2.1

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

v6.2.0

What's Changed

Full Changelog: chaijs/chai@v6.1.0...v6.2.0

v6.1.0

What's Changed

Full Changelog: chaijs/chai@v6.0.2...v6.1.0

v6.0.1

What's Changed

... (truncated)

Commits

@dependabot
Bump the default group across 1 directory with 14 updates
c31d8b2 
Bumps the default group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [bcryptjs](https://github.com/dcodeIO/bcrypt.js) | `2.4.3` | `3.0.3` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.4` | `2.2.1` |
| [config](https://github.com/node-config/node-config) | `3.3.12` | `4.1.1` |
| [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` |
| [nano](https://github.com/apache/couchdb-nano) | `9.0.5` | `11.0.3` |
| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `13.0.0` |
| [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.1` |
| [eslint](https://github.com/eslint/eslint) | `7.32.0` | `9.39.1` |
| [eslint-config-airbnb-base](https://github.com/airbnb/javascript) | `14.2.1` | `15.0.0` |
| [mocha](https://github.com/mochajs/mocha) | `9.2.2` | `11.7.5` |
| [nodemon](https://github.com/remy/nodemon) | `2.0.22` | `3.1.11` |
| [nyc](https://github.com/istanbuljs/nyc) | `15.1.0` | `17.1.0` |
| [sinon](https://github.com/sinonjs/sinon) | `12.0.1` | `21.0.0` |
| [supertest](https://github.com/ladjs/supertest) | `6.3.4` | `7.1.4` |



Updates `bcryptjs` from 2.4.3 to 3.0.3
- [Release notes](https://github.com/dcodeIO/bcrypt.js/releases)
- [Commits](dcodeIO/bcrypt.js@2.4.3...v3.0.3)

Updates `body-parser` from 1.20.4 to 2.2.1
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.4...v2.2.1)

Updates `config` from 3.3.12 to 4.1.1
- [Release notes](https://github.com/node-config/node-config/releases)
- [Changelog](https://github.com/node-config/node-config/blob/master/History.md)
- [Commits](node-config/node-config@v3.3.12...v4.1.1)

Updates `express` from 4.22.1 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.1...v5.2.1)

Updates `nano` from 9.0.5 to 11.0.3
- [Release notes](https://github.com/apache/couchdb-nano/releases)
- [Commits](apache/couchdb-nano@v9.0.5...v11.0.3)

Updates `uuid` from 8.3.2 to 13.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v8.3.2...v13.0.0)

Updates `chai` from 4.5.0 to 6.2.1
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](chaijs/chai@v4.5.0...v6.2.1)

Updates `eslint` from 7.32.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v7.32.0...v9.39.1)

Updates `eslint-config-airbnb-base` from 14.2.1 to 15.0.0
- [Commits](airbnb/javascript@eslint-config-airbnb-base-v14.2.1...eslint-config-airbnb-base-v15.0.0)

Updates `mocha` from 9.2.2 to 11.7.5
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md)
- [Commits](mochajs/mocha@v9.2.2...v11.7.5)

Updates `nodemon` from 2.0.22 to 3.1.11
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v2.0.22...v3.1.11)

Updates `nyc` from 15.1.0 to 17.1.0
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/main/CHANGELOG.md)
- [Commits](istanbuljs/nyc@v15.1.0...nyc-v17.1.0)

Updates `sinon` from 12.0.1 to 21.0.0
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/commits)

Updates `supertest` from 6.3.4 to 7.1.4
- [Release notes](https://github.com/ladjs/supertest/releases)
- [Commits](forwardemail/supertest@v6.3.4...v7.1.4)

---
updated-dependencies:
- dependency-name: bcryptjs
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: body-parser
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: config
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: nano
  dependency-version: 11.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: uuid
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: chai
  dependency-version: 6.2.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: eslint
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: eslint-config-airbnb-base
  dependency-version: 15.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: mocha
  dependency-version: 11.7.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: nodemon
  dependency-version: 3.1.11
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: nyc
  dependency-version: 17.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: sinon
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
- dependency-name: supertest
  dependency-version: 7.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: default
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@github-actions github-actions bot enabled auto-merge December 8, 2025 19:22
@cesine cesine mentioned this pull request Dec 8, 2025
Merged
@cesine cesine closed this in #125 Dec 8, 2025
auto-merge was automatically disabled December 8, 2025 19:32

Pull request was closed

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/default-4bcae72d84 branch December 8, 2025 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant