⬆️ Bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
graphql	16.6.0	16.8.1
postcss	8.4.24	8.4.31
semver	5.7.1	5.7.2
@babel/traverse	7.22.4	7.24.7
node-fetch	2.6.11	2.7.0
@solana/web3.js	1.77.3	1.93.0
zod	3.21.4	3.22.3
@shopify/cli	3.45.0	3.61.2
@shopify/cli-hydrogen	4.2.1	8.1.0
axios	0.21.4	removed
wagmi	1.2.0	1.4.13
express	4.18.2	4.19.2
jose	4.14.4	4.15.5
tar	6.1.15	6.2.1
word-wrap	1.2.3	1.2.5

Updates graphql from 16.6.0 to 16.8.1

Release notes

Sourced from graphql's releases.

v16.8.1 (2023-09-19)

Bug Fix 🐞

• #3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Committers: 1

• Aaron Moat(@​AaronMoat)

v16.8.0 (2023-08-14)

New Feature 🚀

• #3950 Support fourfold nested lists (@​gschulze)

Committers: 1

• Gunnar Schulze(@​gschulze)

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

• #3923 instanceOf: workaround bundler issue with process.env (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.7.0 (2023-06-21)

New Feature 🚀

• #3887 check "globalThis.process" before accessing it (@​kettanaito)

Bug Fix 🐞

• #3707 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@​chrskrchr)
• #3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@​stenreijers)

Committers: 3

• Artem Zakharchenko(@​kettanaito)
• Chris Karcher(@​chrskrchr)
• Sten Reijers(@​stenreijers)

Commits

• 8a95335 16.8.1
• 8f4c64e OverlappingFieldsCanBeMergedRule: Fix performance degradation (#3967)
• e4f759d 16.8.0
• bec1b49 Support fourfold nested lists (#3950)
• bf6a9f0 16.7.1
• a08aaee instanceOf: workaround bundler issue with process.env (#3923)
• 1519fda 16.7.0
• 84bb146 check "globalThis.process" before accessing it (#3887)
• 076972e Fix/invalid error propagation custom scalars (backport for 16.x.x) (#3838)
• 4a82557 Fix crash in node when mixing sync/async resolvers (backport of #3706) (#3707)
• See full diff in compare view

Updates postcss from 8.4.24 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.22.4 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #16466 Migrate import assertions syntax (@​JLHwung)

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• 07bd000 Improve getBindingIdentifiers (#16544)
• 17a5502 [Babel 8] Remove extra.shorthand (#16521)
• 7934963 Use type: module in all package.jsons (#16535)
• 9630250 v7.24.6
• 1f010df Explicitly define NodePath.prototype.* (#16488)
• 6e3539b [babel 8] Publish .d.ts files for every package (#16416)
• e37e64d Use eslint v9 (#16479)
• 3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
• Additional commits viewable in compare view

Updates node-fetch from 2.6.11 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• See full diff in compare view

Updates @solana/web3.js from 1.77.3 to 1.93.0

Release notes

Sourced from @​solana/web3.js's releases.

v1.93.0

1.93.0 (2024-06-12)

Features

• upgrade to rpc-websockets v9 (#2800) (b20731d)

v1.92.3

1.92.3 (2024-06-06)

Bug Fixes

• Rewrite the message printer as a parser to avoid problems with regexes in old browsers (#2785) (4f19842)

v1.92.2

1.92.2 (2024-06-05)

Bug Fixes

• Add getter for logs to sendTransactionError (#2771) (327dc9d)

v1.92.1

1.92.1 (2024-06-04)

Bug Fixes

• rename transactionLogs back to logs (#2769) (c736773)

v1.92.0

1.92.0 (2024-06-04)

Features

• added transaction logs to send transaction functions (#2736) (9369269)

v1.91.9

1.91.9 (2024-06-03)

Bug Fixes

• library-legacy/deps: rpc-websockets@^7.11.0->^7.11.1 (#2758) (5527b0e)

v1.91.8

1.91.8 (2024-05-03)

Bug Fixes

... (truncated)

Commits

• 1a54096 chore: repair broken lockfile no thanks to Dependabot
• c12c726 chore: bump tslib from 2.6.2 to 2.6.3 (#2802)
• b20731d feat: upgrade to rpc-websockets v9 (#2800)
• 0445a81 Revert "chore: bump turbo from 1.13.3 to 2.0.3 (#2798)"
• 9344bbf chore: convert GitHub repository URL in npm task to https version
• dd0a601 chore: convert repository URL in semantic release config to https version
• e535eaa chore: bump all semantic-release dependencies
• cd2c4a3 chore: bump turbo from 1.13.3 to 2.0.3 (#2798)
• ec3a540 Tidy up versions that we forgot to bump to preview.3
• bfe6329 chore: bump tsx from 4.11.0 to 4.15.2 (#2796)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lorisleiva, a new releaser for @​solana/web3.js since your current version.

Updates zod from 3.21.4 to 3.22.3

Release notes

Sourced from zod's releases.

v3.22.3

Commits:

• 1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit
• 9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)
• f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)
• 64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors
• 18115a8f128680b4526df58ce96deab7dce93b93 Formatting
• 28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors
• ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)
• 2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)
• 1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

• 13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint
• 0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)
• 8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)
• 792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)

• 932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)
• 0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

Commits

• 1e61d76 3.22.3
• 2ba00fe [2609] fix ReDoS vulnerability in email regex (#2824)
• ae0f7a2 docs: update ref to discriminated-unions docs (#2485)
• ad2ee9c 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• 28c1927 Update sponsors
• 18115a8 Formatting
• 64dcc8e Update sponsors
• f59be09 clarify datetime ISO 8601 (#2673)
• 9bd3879 docs: remove obsolete text about readonly types (#2676)
• 1e23990 Commit
• Additional commits viewable in compare view

Updates @shopify/cli from 3.45.0 to 3.61.2

Release notes

Sourced from @​shopify/cli's releases.

3.61.2

What's Changed

• Fix some minor hydrogen bugs

Full Changelog: Shopify/cli@3.61.1...3.61.2

3.61.1

• Fix validation for Pub/Sub URLs in webhook trigger Shopify/cli#3972
• Update the minimun Node version to ^18.20 or >=20.10 Shopify/cli#3992
• Remove punycode warning in Node 22 Shopify/cli#3976
• Improve text wrapping in dev log Shopify/cli#3960
• Update hydrogen version Shopify/cli#3994

3.61.0

shopify now includes Hydrogen commands without needing a separate installation

3.60.1

What's Changed

Bug Fixes

• Fix issue when dev'ing flow extensions Shopify/cli#3885
• Include theme-check-docs-updater data folder in final bundled dist Shopify/cli#3865

Full Changelog: Shopify/cli@3.60.0...3.60.1

3.60.0

@​shopify/cli@​3.60.0

• Adds validations for editor extension collection Shopify/cli#3728
• Adds localization support for editor extension collection Shopify/cli#3717
• Webhook trigger now reads from the configuration instead of .env and accepts more flags Shopify/cli#3727
• Fix bug with plugins installation Shopify/cli#3853

@​shopify/cli-kit@​3.60.0

• Introduce .json support for theme app extensions Shopify/cli#3842

@​shopify/theme@​3.60.0

• Render progress bar for theme uploads to stderr Shopify/cli#3765
• Fix the shopify theme dev proxy to use the development theme, even when users have a browser session with the live theme loaded Shopify/cli#3791
• Fix unpublished themes being marked as development themes Shopify/cli#3798
• Fix issue that prevents shopify theme console from evaluating results when another 'preview_theme_id' is set Shopify/cli#3811
• Fix the shopify theme dev/shopify theme console proxy to handle cookies as expected, and ensure they no longer render the live theme instead of the development theme Shopify/cli#3851

3.59.3

What's Changed

... (truncated)

Changelog

Sourced from @​shopify/cli's changelog.

3.61.2

Patch Changes

• 3c7a211c2: Update hydrogen
  • @​shopify/app@​3.61.2
  • @​shopify/cli-kit@​3.61.2
  • @​shopify/theme@​3.61.2
  • @​shopify/plugin-cloudflare@​3.61.2
  • @​shopify/plugin-did-you-mean@​3.61.2

3.61.1

Patch Changes

• ffdd867cc: Update the minimun Node version to ^18.20 or >=20.10
• 357d76ade: Update hydrogen version
• ffdd867cc: Remove punycode warning in Node 22
• Updated dependencies [ffdd867cc]
• Updated dependencies [4fb2b9212]
  • @​shopify/plugin-did-you-mean@​3.61.1
  • @​shopify/plugin-cloudflare@​3.61.1
  • @​shopify/cli-kit@​3.61.1
  • @​shopify/theme@​3.61.1
  • @​shopify/app@​3.61.1

3.61.0

Minor Changes

• 95d534387: Rename unreleased default_placement_reference extension property to default_placement.
• d85e7adb4: Include hydrogen commands in the bundle

Patch Changes

• Updated dependencies [caa015042]
• Updated dependencies [79a951f3c]
• Updated dependencies [79a951f3c]
• Updated dependencies [87a6cc590]
• Updated dependencies [0c117d0f4]
• Updated dependencies [009a43078]
• Updated dependencies [b2b041f56]
  • @​shopify/app@​3.61.0
  • @​shopify/cli-kit@​3.61.0
  • @​shopify/plugin-cloudflare@​3.61.0
  • @​shopify/plugin-did-you-mean@​3.61.0
  • @​shopify/theme@​3.61.0

3.60.0

... (truncated)

Commits

• d6f0aa4 Version Packages
• 3d4623e Update hydrogen
• 7fc2d07 Version Packages
• b4806d0 Merge pull request #3991 from Shopify/fix-pubsub-url-validation
• ef8775b Update hydrogen and remove init hook
• 149c548 Update Node engines
• 6f07023 Version Packages
• 049b5f3 Merge pull request #3930 from Shopify/hydrogen-bundling
• fe9808e Update hydrogen version
• eded762 remove console.log
• Additional commits viewable in compare view

Updates @shopify/cli-hydrogen from 4.2.1 to 8.1.0

Commits

• See full diff in compare view

Removes axios

Updates wagmi from 1.2.0 to 1.4.13

Changelog

Sourced from wagmi's changelog.

1.4.13

Patch Changes

• Updated dependencies []:
  • @​wagmi/core@​1.4.13

1.4.12

Patch Changes

• 53ca1f7e Thanks @​tmm! - Removed LedgerConnector due to security vulnerability

• Updated dependencies [53ca1f7e]:

  • @​wagmi/core@​1.4.12

1.4.11

Patch Changes

• #3299 b02020b3 Thanks @​dasanra! - Fixed issue with Safe SDK by bumping @safe-global/[email protected]

• Updated dependencies [b02020b3]:

  • @​wagmi/core@​1.4.11

1.4.10

Patch Changes

• Updated dependencies []:
  • @​wagmi/core@​1.4.10

1.4.9

Patch Changes

• #3276 83223a06 Thanks @​glitch-txs! - Removed required namespaces from WalletConnect connector

• Updated dependencies [83223a06]:

  • @​wagmi/core@​1.4.9

1.4.8

Patch Changes

• Updated dependencies []:
  • @​wagmi/core@​1.4.8

1.4.7

... (truncated)

Commits

• c7dccba chore: version packages (#3364)
• 16eacd0 chore: version packages (#3309)
• 53ca1f7 fix(connectors): remove ledger due to security vulnerability
• e69f317 chore: version packages (#3303)
• 552ed59 chore: version packages (#3283)
• ec5543b chore: version packages (#3282)
• 4fc987e chore: version packages (#3274)
• 68c18f9 Merge branch 'main' of https://github.com/wagmi-dev/wagmi
• 71ebcec chore: username
• dc893d1 chore: version packages (#3223)
• Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5Description has been truncated