Bump the npm_and_yarn group across 2 directories with 11 updates #470

dependabot · 2025-01-21T09:41:56Z

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
body-parser	`1.20.2`	`1.20.3`
express	`4.19.2`	`4.20.0`
cross-spawn	`7.0.3`	`7.0.6`
micromatch	`4.0.7`	`4.0.8`
nanoid	`3.3.7`	`3.3.8`
rollup	`4.21.0`	`4.31.0`
svelte	`4.2.18`	`4.2.19`
undici	`5.28.4`	`5.28.5`

Bumps the npm_and_yarn group with 8 updates in the /client directory:

Package	From	To
cross-spawn	`7.0.3`	`7.0.6`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.7`	`3.3.8`
rollup	`3.20.0`	`3.29.5`
svelte	`4.2.7`	`4.2.19`
yaml	`2.5.0`	`2.7.0`
@sveltejs/kit	`1.27.6`	`2.8.3`
vite	`5.0.13`	`5.1.8`

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates rollup from 4.21.0 to 4.31.0

Release notes

Sourced from rollup's releases.

v4.31.0

4.31.0

2025-01-19

Features

Do not immediately quit when trying to use watch mode from within non-TTY environments (#5803)

Bug Fixes

Handle files with more than one UTF-8 BOM header (#5806)

Pull Requests

#5792: fix(deps): update rust crate swc_compiler_base to v8 (@renovate[bot])

#5793: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5794: chore(deps): lock file maintenance (@renovate[bot])

#5801: chore(deps): update dependency eslint-config-prettier to v10 (@renovate[bot])

#5802: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5803: Support watch mode in yarn, gradle and containers (@lukastaegert)

#5806: fix: strip all BOMs (@TrickyPi)

v4.30.1

4.30.1

2025-01-07

Bug Fixes

Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

#5786: fix: consider that literals cannot following switch case. (@TrickyPi)

v4.30.0

4.30.0

2025-01-06

Features

Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

#5775: feat: enhance the treehshaking for unary expression (@TrickyPi)

#5783: Improve CI caching for node_modules (@lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.31.0

2025-01-19

Features

Do not immediately quit when trying to use watch mode from within non-TTY environments (#5803)

Bug Fixes

Handle files with more than one UTF-8 BOM header (#5806)

Pull Requests

#5792: fix(deps): update rust crate swc_compiler_base to v8 (@renovate[bot])

#5793: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5794: chore(deps): lock file maintenance (@renovate[bot])

#5801: chore(deps): update dependency eslint-config-prettier to v10 (@renovate[bot])

#5802: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5803: Support watch mode in yarn, gradle and containers (@lukastaegert)

#5806: fix: strip all BOMs (@TrickyPi)

4.30.1

2025-01-07

Bug Fixes

Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

#5786: fix: consider that literals cannot following switch case. (@TrickyPi)

4.30.0

2025-01-06

Features

Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

#5775: feat: enhance the treehshaking for unary expression (@TrickyPi)

#5783: Improve CI caching for node_modules (@lukastaegert)

4.29.2

2025-01-05

... (truncated)

Commits

15c264d 4.31.0
b9eeec2 fix: strip all BOMs (#5806)
0e77fb7 Support watch mode in yarn, gradle and containers (#5803)
8e814a5 chore(deps): update dependency eslint-config-prettier to v10 (#5801)
1f09912 fix(deps): lock file maintenance minor/patch updates (#5802)
1f1e6c7 fix(deps): update rust crate swc_compiler_base to v8 (#5792)
7f4e904 chore(deps): lock file maintenance (#5794)
ad9d904 fix(deps): lock file maintenance minor/patch updates (#5793)
9491708 4.30.1
39b6a17 fix: consider that literals cannot following switch case. (#5786)
Additional commits viewable in compare view

Updates svelte from 4.2.18 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

fix: ensure typings for <svelte:options> are picked up (#12902)

fix: escape < in attribute strings (#12989)

Commits

d8b3133 Version Packages (#12990)
83e96e0 fix: escape < in attribute strings (#12989)
5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
See full diff in compare view

Updates undici from 5.28.4 to 5.28.5

Release notes

Sourced from undici's releases.

v5.28.5

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

Full Changelog: nodejs/undici@v5.28.4...v5.28.5

Commits

6139ed2 Bumped v5.28.5
711e207 Backport of c2d78cd
See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates rollup from 3.20.0 to 3.29.5

Release notes

Sourced from rollup's releases.

v4.31.0

4.31.0

2025-01-19

Features

Do not immediately quit when trying to use watch mode from within non-TTY environments (#5803)

Bug Fixes

Handle files with more than one UTF-8 BOM header (#5806)

Pull Requests

#5792: fix(deps): update rust crate swc_compiler_base to v8 (@renovate[bot])

#5793: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5794: chore(deps): lock file maintenance (@renovate[bot])

#5801: chore(deps): update dependency eslint-config-prettier to v10 (@renovate[bot])

#5802: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5803: Support watch mode in yarn, gradle and containers (@lukastaegert)

#5806: fix: strip all BOMs (@TrickyPi)

v4.30.1

4.30.1

2025-01-07

Bug Fixes

Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

#5786: fix: consider that literals cannot following switch case. (@TrickyPi)

v4.30.0

4.30.0

2025-01-06

Features

Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

#5775: feat: enhance the treehshaking for unary expression (@TrickyPi)

#5783: Improve CI caching for node_modules (@lukastaegert)

... (truncated)

Changelog

Sourced from rollup's changelog.

4.31.0

2025-01-19

Features

Do not immediately quit when trying to use watch mode from within non-TTY environments (#5803)

Bug Fixes

Handle files with more than one UTF-8 BOM header (#5806)

Pull Requests

#5792: fix(deps): update rust crate swc_compiler_base to v8 (@renovate[bot])

#5793: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5794: chore(deps): lock file maintenance (@renovate[bot])

#5801: chore(deps): update dependency eslint-config-prettier to v10 (@renovate[bot])

#5802: fix(deps): lock file maintenance minor/patch updates (@renovate[bot])

#5803: Support watch mode in yarn, gradle and containers (@lukastaegert)

#5806: fix: strip all BOMs (@TrickyPi)

4.30.1

2025-01-07

Bug Fixes

Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

#5786: fix: consider that literals cannot following switch case. (@TrickyPi)

4.30.0

2025-01-06

Features

Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

#5775: feat: enhance the treehshaking for unary expression (@TrickyPi)

#5783: Improve CI caching for node_modules (@lukastaegert)

4.29.2

2025-01-05

... (truncated)

Commits

15c264d 4.31.0
b9eeec2 fix: strip all BOMs (#5806)
0e77fb7 Support watch mode in yarn, gradle and containers (#5803)
8e814a5 chore(deps): update dependency eslint-config-prettier to v10 (#5801)
1f09912 fix(deps): lock file maintenance minor/patch updates (#5802)
1f1e6c7 fix(deps): update rust crate swc_compiler_base to v8 (#5792)
7f4e904 chore(deps): lock file maintenance (#5794)
ad9d904 fix(deps): lock file maintenance minor/patch updates (#5793)
9491708 4.30.1
39b6a17 fix: consider that literals cannot following switch case. (#5786)
Additional commits viewable in compare view

Updates svelte from 4.2.7 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

fix: ensure typings for <svelte:options> are picked up (#12902)

fix: escape < in attribute strings (#12989)

Commits

d8b3133 Version Packages (#12990)
83e96e0 fix: escape < in attribute strings (#12989)
5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
See full diff in compare view

Updates yaml from 2.5.0 to 2.7.0

Release notes

Sourced from yaml's releases.

v2.7.0

The library is now available on JSR as @eemeli/yaml and on deno.land/x as yaml. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.

Use .ts extension in all relative imports (#591)

Ignore newline after block seq indicator as space before value (#590)

Require Node.js 14.18 or later (was 14.6) (#598)

v2.6.1

Do not strip :00 seconds from !!timestamp values (#578, with thanks to @qraynaud)

Tighten regexp for JSON !!bool (#587, with thanks to @vra5107)

Default to literal block scalar if folded would overflow (#585)

v2.6.0

Use a proper tag for !!merge << keys (#580)

Add stringKeys parse option (#581)

Stringify a Document as a Document (#576)

Add sponsorship by Manifest

v2.5.1

Include range in flow sequence pair maps (#573)

Commits

8f512b5 2.7.0
8a7569a ci: Add jsr.jsonc & jsr-publish workflow
8ef085f docs: Fix API docs links
374c19c style: Really use explicit imports for process.env and Buffer
1ab037d style: Include explicit type declarations on all public APIs
4354c42 style: Use explicit imports for process.env and Buffer
2c55723 Merge pull request #591 from eemeli/import-ts
ab240c1 fix: Drop .ts extension from import & export paths in .d.ts files
c4c49f9 fix: Use separate rather than inline type keyword for TS compatibility
3bec004 ci: Add deno smoke test
Additional commits viewable in compare view

Updates @sveltejs/kit from 1.27.6 to 2.8.3

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.8.3

Patch Changes

fix: ensure error messages are escaped (#13050)

fix: escape values included in dev 404 page (#13039)

@sveltejs/kit@2.8.2

Patch Changes

fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

@sveltejs/kit@2.8.1

Patch Changes

fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (#11613)

fix: support HTTP/2 in dev and production. Revert the changes from #12907 to downgrade HTTP/2 to TLS as now being unnecessary (#12989)

@sveltejs/kit@2.8.0

Minor Changes

feat: add helper to identify ActionFailure objects (#12878)

@sveltejs/kit@2.7.7

Patch Changes

fix: update link in JSDoc (#12963)

@sveltejs/kit@2.7.6

Patch Changes

fix: update broken links in JSDoc (#12960)

@sveltejs/kit@2.7.5

Patch Changes

fix: warn on invalid cookie name characters (#12806)

fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#12907)

@sveltejs/kit@2.7.4

Patch Changes

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.8.3

Patch Changes

fix: ensure error messages are escaped (#13050)

fix: escape values included in dev 404 page (#13039)

2.8.2

Patch Changes

fix: prevent duplicate fetch request when using Request with load function's fetch (#13023)

fix: do not override default cookie decoder to allow users to override the cookie library version (#13037)

2.8.1

Patch Changes

fix: only add nonce to script-src-elem, style-src-attr and style-src-elem CSP directives when unsafe-inline is not present (

Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.20.0` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.7` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [rollup](https://github.com/rollup/rollup) | `4.21.0` | `4.31.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.18` | `4.2.19` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.28.5` | Bumps the npm_and_yarn group with 8 updates in the /client directory: | Package | From | To | | --- | --- | --- | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [rollup](https://github.com/rollup/rollup) | `3.20.0` | `3.29.5` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.7` | `4.2.19` | | [yaml](https://github.com/eemeli/yaml) | `2.5.0` | `2.7.0` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `1.27.6` | `2.8.3` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.0.13` | `5.1.8` | Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `micromatch` from 4.0.7 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.7...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `rollup` from 4.21.0 to 4.31.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.21.0...v4.31.0) Updates `svelte` from 4.2.18 to 4.2.19 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/[email protected]/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `undici` from 5.28.4 to 5.28.5 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.7...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `rollup` from 3.20.0 to 3.29.5 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.21.0...v4.31.0) Updates `svelte` from 4.2.7 to 4.2.19 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/[email protected]/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `yaml` from 2.5.0 to 2.7.0 - [Release notes](https://github.com/eemeli/yaml/releases) - [Commits](eemeli/yaml@v2.5.0...v2.7.0) Updates `@sveltejs/kit` from 1.27.6 to 2.8.3 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit) Updates `vite` from 5.0.13 to 5.1.8 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.1.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.1.8/packages/vite) --- updated-dependencies: - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: svelte dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: yaml dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner January 21, 2025 09:41

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 21, 2025

github-actions bot added the client Changes related to th client label Jan 21, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 11 updates #470

Bump the npm_and_yarn group across 2 directories with 11 updates #470

dependabot bot commented on behalf of github Jan 21, 2025

Bump the npm_and_yarn group across 2 directories with 11 updates #470

Are you sure you want to change the base?

Bump the npm_and_yarn group across 2 directories with 11 updates #470

Conversation

dependabot bot commented on behalf of github Jan 21, 2025

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.3 / 2024-09-10

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

4.0.8

[4.0.8] - 2024-08-22

3.3.8

v4.31.0

4.31.0

Features

Bug Fixes

Pull Requests

v4.30.1

4.30.1

Bug Fixes

Pull Requests

v4.30.0

4.30.0

Features

Pull Requests

4.31.0

Features

Bug Fixes

Pull Requests

4.30.1

Bug Fixes

Pull Requests

4.30.0

Features

Pull Requests

4.29.2

4.2.19

Patch Changes

v5.28.5

⚠️ Security Release ⚠️

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

4.0.8

[4.0.8] - 2024-08-22

3.3.8

v4.31.0

4.31.0

Features

Bug Fixes

Pull Requests

v4.30.1

4.30.1

Bug Fixes

Pull Requests

v4.30.0

4.30.0

Features

Pull Requests

4.31.0

Features

Bug Fixes

Pull Requests

`@sveltejs/kit@2`.8.3

`@sveltejs/kit@2`.8.2

`@sveltejs/kit@2`.8.1

`@sveltejs/kit@2`.8.0

`@sveltejs/kit@2`.7.7

`@sveltejs/kit@2`.7.6

`@sveltejs/kit@2`.7.5

`@sveltejs/kit@2`.7.4