Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump the npm_and_yarn group across 1 directory with 3 updates (#623)
Bumps the npm_and_yarn group with 3 updates in the / directory: [express](https://github.com/expressjs/express), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [tar](https://github.com/isaacs/node-tar). Updates `express` from 4.18.2 to 4.19.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.19.2</h2> <h2>What's Changed</h2> <ul> <li><a href="https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94">Improved fix for open redirect allow list bypass</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.19.1...4.19.2">https://github.com/expressjs/express/compare/4.19.1...4.19.2</a></p> <h2>4.19.1</h2> <h2>What's Changed</h2> <ul> <li>Fix ci after location patch by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5552">expressjs/express#5552</a></li> <li>fixed un-edited version in history.md for 4.19.0 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5556">expressjs/express#5556</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.19.0...4.19.1">https://github.com/expressjs/express/compare/4.19.0...4.19.1</a></p> <h2>4.19.0</h2> <h2>What's Changed</h2> <ul> <li>fix typo in release date by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5527">expressjs/express#5527</a></li> <li>docs: nominating <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> to be project captian by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5511">expressjs/express#5511</a></li> <li>docs: loosen TC activity rules by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5510">expressjs/express#5510</a></li> <li>Add note on how to update docs for new release by <a href="https://github.com/crandmck"><code>@crandmck</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li> <li><a href="https://redirect.github.com/expressjs/express/pull/5551/commits/660ccf5fa33dd0baab069e5c8ddd9ffe7d8bbff1">Prevent open redirect allow list bypass due to encodeurl</a></li> <li>Release 4.19.0 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5551">expressjs/express#5551</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/crandmck"><code>@crandmck</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.18.3...4.19.0">https://github.com/expressjs/express/compare/4.18.3...4.19.0</a></p> <h2>4.18.3</h2> <h2>Main Changes</h2> <ul> <li>Fix routing requests without method</li> <li>deps: [email protected] <ul> <li>Fix strict json error message on Node.js 19+</li> <li>deps: content-type@~1.0.5</li> <li>deps: [email protected]</li> </ul> </li> </ul> <h2>Other Changes</h2> <ul> <li>Use https: protocol instead of deprecated git: protocol by <a href="https://github.com/vcsjones"><code>@vcsjones</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5032">expressjs/express#5032</a></li> <li>build: [email protected] and [email protected] by <a href="https://github.com/abenhamdine"><code>@abenhamdine</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5034">expressjs/express#5034</a></li> <li>ci: update actions/checkout to v3 by <a href="https://github.com/armujahid"><code>@armujahid</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5027">expressjs/express#5027</a></li> <li>test: remove unused function arguments in params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5124">expressjs/express#5124</a></li> <li>Remove unused originalIndex from acceptParams by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5119">expressjs/express#5119</a></li> <li>Fixed typos by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5117">expressjs/express#5117</a></li> <li>examples: remove unused params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5113">expressjs/express#5113</a></li> <li>fix: parameter str is not described in JSDoc by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5130">expressjs/express#5130</a></li> <li>fix: typos in History.md by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5131">expressjs/express#5131</a></li> <li>build : add [email protected] by <a href="https://github.com/abenhamdine"><code>@abenhamdine</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5028">expressjs/express#5028</a></li> <li>test: remove unused function arguments in params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5137">expressjs/express#5137</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/master/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.19.2 / 2024-03-25</h1> <ul> <li>Improved fix for open redirect allow list bypass</li> </ul> <h1>4.19.1 / 2024-03-20</h1> <ul> <li>Allow passing non-strings to res.location with new encoding handling checks</li> </ul> <h1>4.19.0 / 2024-03-20</h1> <ul> <li>Prevent open redirect allow list bypass due to encodeurl</li> <li>deps: [email protected]</li> </ul> <h1>4.18.3 / 2024-02-29</h1> <ul> <li>Fix routing requests without method</li> <li>deps: [email protected] <ul> <li>Fix strict json error message on Node.js 19+</li> <li>deps: content-type@~1.0.5</li> <li>deps: [email protected]</li> </ul> </li> <li>deps: [email protected] <ul> <li>Add <code>partitioned</code> option</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/expressjs/express/commit/04bc62787be974874bc1467b23606c36bc9779ba"><code>04bc627</code></a> 4.19.2</li> <li><a href="https://github.com/expressjs/express/commit/da4d763ff6ba9df6dbd8f1f0b1d05412dda934d5"><code>da4d763</code></a> Improved fix for open redirect allow list bypass</li> <li><a href="https://github.com/expressjs/express/commit/4f0f6cc67d531431c096ea006c2191b92931bbc3"><code>4f0f6cc</code></a> 4.19.1</li> <li><a href="https://github.com/expressjs/express/commit/a003cfab034fbadb1c78ae337ee8ab389adda217"><code>a003cfa</code></a> Allow passing non-strings to res.location with new encoding handling checks f...</li> <li><a href="https://github.com/expressjs/express/commit/a1fa90fcea7d8e844e1c9938ad095d62669c3abd"><code>a1fa90f</code></a> fixed un-edited version in history.md for 4.19.0</li> <li><a href="https://github.com/expressjs/express/commit/11f2b1db227fd42c2508c427032c1ec671b306be"><code>11f2b1d</code></a> build: fix build due to inconsistent supertest behavior in older versions</li> <li><a href="https://github.com/expressjs/express/commit/084e36506a18774f85206a65d8da04dc1107fc1b"><code>084e365</code></a> 4.19.0</li> <li><a href="https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"><code>0867302</code></a> Prevent open redirect allow list bypass due to encodeurl</li> <li><a href="https://github.com/expressjs/express/commit/567c9c665d0de4c344b8e160146050770233783c"><code>567c9c6</code></a> Add note on how to update docs for new release (<a href="https://redirect.github.com/expressjs/express/issues/5541">#5541</a>)</li> <li><a href="https://github.com/expressjs/express/commit/69a4cf2819c4449ec6ea45649691fb43a528d5d1"><code>69a4cf2</code></a> deps: [email protected]</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.18.2...4.19.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~wesleytodd">wesleytodd</a>, a new releaser for express since your current version.</p> </details> <br /> Updates `follow-redirects` from 1.15.4 to 1.15.6 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/b1677ce00110ee50dc5da576751d39b281fc4944"><code>b1677ce</code></a> Release version 1.15.5 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/d8914f7982403ea096b39bd594a00ee9d3b7e224"><code>d8914f7</code></a> Preserve fragment in responseUrl.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6">compare view</a></li> </ul> </details> <br /> Updates `tar` from 6.1.11 to 6.2.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/releases">tar's releases</a>.</em></p> <blockquote> <h2>v6.1.13</h2> <h2><a href="https://github.com/npm/node-tar/compare/v6.1.12...v6.1.13">6.1.13</a> (2022-12-07)</h2> <h3>Dependencies</h3> <ul> <li><a href="https://github.com/npm/node-tar/commit/cc4e0ddfe523a0bce383846a67442c637a65d486"><code>cc4e0dd</code></a> <a href="https://redirect.github.com/npm/node-tar/pull/343">#343</a> bump minipass from 3.3.6 to 4.0.0</li> </ul> <h2>v6.1.12</h2> <h2><a href="https://github.com/npm/node-tar/compare/v6.1.11...v6.1.12">6.1.12</a> (2022-10-31)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github.com/npm/node-tar/commit/57493ee66ece50d62114e02914282fc37be3a91a"><code>57493ee</code></a> <a href="https://redirect.github.com/npm/node-tar/pull/332">#332</a> ensuring close event is emited after stream has ended (<a href="https://github.com/webark"><code>@webark</code></a>)</li> <li><a href="https://github.com/npm/node-tar/commit/b003c64f624332e24e19b30dc011069bb6708680"><code>b003c64</code></a> <a href="https://redirect.github.com/npm/node-tar/pull/314">#314</a> replace deprecated String.prototype.substr() (<a href="https://redirect.github.com/isaacs/node-tar/issues/314">#314</a>) (<a href="https://github.com/CommanderRoot"><code>@CommanderRoot</code></a>, <a href="https://github.com/lukekarrys"><code>@lukekarrys</code></a>)</li> </ul> <h3>Documentation</h3> <ul> <li><a href="https://github.com/npm/node-tar/commit/f12992932f171ea248b27fad95e7d489a56d31ed"><code>f129929</code></a> <a href="https://redirect.github.com/npm/node-tar/pull/313">#313</a> remove dead link to benchmarks (<a href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>) (<a href="https://github.com/yetzt"><code>@yetzt</code></a>)</li> <li><a href="https://github.com/npm/node-tar/commit/c1faa9f44001dfb0bc7638b2850eb6058bd56a4a"><code>c1faa9f</code></a> add examples/explanation of using tar.t (<a href="https://github.com/isaacs"><code>@isaacs</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.0</h2> <ul> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul> <h2>6.2</h2> <ul> <li>Add support for brotli compression</li> <li>Add <code>maxDepth</code> option to prevent extraction into excessively deep folders.</li> </ul> <h2>6.1</h2> <ul> <li>remove dead link to benchmarks (<a href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>) (<a href="https://github.com/yetzt"><code>@yetzt</code></a>)</li> <li>add examples/explanation of using tar.t (<a href="https://github.com/isaacs"><code>@isaacs</code></a>)</li> <li>ensure close event is emited after stream has ended (<a href="https://github.com/webark"><code>@webark</code></a>)</li> <li>replace deprecated String.prototype.substr() (<a href="https://github.com/CommanderRoot"><code>@CommanderRoot</code></a>, <a href="https://github.com/lukekarrys"><code>@lukekarrys</code></a>)</li> </ul> <h2>6.0</h2> <ul> <li>Drop support for node 6 and 8</li> <li>fix symlinks and hardlinks on windows being packed with <code>\</code>-style path targets</li> </ul> <h2>5.0</h2> <ul> <li>Address unpack race conditions using path reservations</li> <li>Change large-numbers errors from TypeError to Error</li> <li>Add <code>TAR_*</code> error codes</li> <li>Raise <code>TAR_BAD_ARCHIVE</code> warning/error when there are no valid entries found in an archive</li> <li>do not treat ignored entries as an invalid archive</li> <li>drop support for node v4</li> <li>unpack: conditionally use a file mapping to write files on Windows</li> <li>Set more portable 'mode' value in portable mode</li> <li>Set <code>portable</code> gzip option in portable mode</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/isaacs/node-tar/commit/bef7b1e4ffab822681fea2a9b22187192ed14717"><code>bef7b1e</code></a> 6.2.1</li> <li><a href="https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7"><code>fe8cd57</code></a> prevent extraction in excessively deep subfolders</li> <li><a href="https://github.com/isaacs/node-tar/commit/fe7ebfdcede1f8a2e65db12e19ecc4b3a9934648"><code>fe7ebfd</code></a> remove security.md</li> <li><a href="https://github.com/isaacs/node-tar/commit/5bc9d404e88c39870e0fbb55655a53de6fbf0a04"><code>5bc9d40</code></a> 6.2.0</li> <li><a href="https://github.com/isaacs/node-tar/commit/fe1ef5ec87156ddadcec8b70cdec201f26665681"><code>fe1ef5e</code></a> changelog 6.2</li> <li><a href="https://github.com/isaacs/node-tar/commit/e483220935d931cf6b09292aba62170e68f36205"><code>e483220</code></a> get rid of npm lint stuff</li> <li><a href="https://github.com/isaacs/node-tar/commit/689928a0ba7d9b9014d88a5fa35261f9ae4ef2f3"><code>689928a</code></a> ci that works outside of npm org</li> <li><a href="https://github.com/isaacs/node-tar/commit/db6f53928650a04b340ecdc01db2d49937e5d63c"><code>db6f539</code></a> file inference improvements for .tbr and .tgz</li> <li><a href="https://github.com/isaacs/node-tar/commit/336fa8f27c44bec70d46a6482096af24c668ee16"><code>336fa8f</code></a> refactor: dry and other pr comments</li> <li><a href="https://github.com/isaacs/node-tar/commit/eeba22238736ed0832488efb3c515ada98073424"><code>eeba222</code></a> chore: lint fixes</li> <li>Additional commits viewable in <a href="https://github.com/isaacs/node-tar/compare/v6.1.11...v6.2.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mitre/vulcan/network/alerts). </details>
- Loading branch information