Bump the npm_and_yarn group across 1 directory with 24 updates #470

dependabot · 2025-12-09T20:21:41Z

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
axios	`0.27.2`	`1.13.2`
summernote	`0.8.20`	`0.9.0`
vue-template-compiler	`2.7.15`	`2.7.16`
postcss	`7.0.39`	`8.4.31`
body-parser	`1.20.1`	`1.20.4`
express	`4.18.2`	`4.22.1`
cipher-base	`1.0.4`	`1.0.7`
cookie	`0.4.2`	`0.7.2`
elliptic	`6.5.4`	`6.6.1`
http-proxy-middleware	`2.0.6`	`2.0.9`
nanoid	`3.3.7`	`3.3.11`
node-forge	`1.3.1`	`1.3.3`
on-headers	`1.0.2`	`1.1.0`
pbkdf2	`3.1.2`	`3.1.5`
serialize-javascript	`6.0.1`	`6.0.2`
webpack	`5.89.0`	`5.103.0`
webpack-dev-middleware	`5.3.3`	`5.3.4`

Updates axios from 0.27.2 to 1.13.2

Release notes

Sourced from axios's releases.

Release v1.13.2

Release notes:

Bug Fixes

http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)

http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

Dmitriy Mozgovoy

Kasper Isager Dalsgarð

Release v1.13.1

Release notes:

Bug Fixes

http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

Anchal Singh

Dmitriy Mozgovoy

Release v1.13.0

Release notes:

Bug Fixes

fetch: prevent TypeError when config.env is undefined (#7155) (015faec)

resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

Aviraj2929

prasoon patel

Samyak Dandge

Anchal Singh

Rahul Kumar

Amit Verma

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.2 (2025-11-04)

Bug Fixes

http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)

http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

Dmitriy Mozgovoy

Kasper Isager Dalsgarð

1.13.1 (2025-10-28)

Bug Fixes

http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

Anchal Singh

Dmitriy Mozgovoy

1.13.0 (2025-10-27)

Bug Fixes

fetch: prevent TypeError when config.env is undefined (#7155) (015faec)

resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

Dmitriy Mozgovoy

Noritaka Kobayashi

Aviraj2929

prasoon patel

Samyak Dandge

... (truncated)

Commits

08b84b5 chore(release): v1.13.2 (#7207)
8d37233 fix(http): fix 'socket hang up' bug for keep-alive requests when using timeou...
12c314b perf(http): fix early loop exit; (#7202)
f6d79e7 chore(sponsor): update sponsor block (#7203)
0588880 fix(http): use default export for http2 module to support stubs; (#7196)
1ef8e72 chore(release): v1.13.1 (#7194)
bcd5581 fix(http): fixed a regression that caused the data stream to be interrupted f...
c9b3371 chore: enhance styling and responsiveness in client.html (#7173)
9ead04d [Release] v1.13.0 (#7189)
d000fbf fix(http2): fix possible race condition when handling http2 stream on almost ...
Additional commits viewable in compare view

Updates summernote from 0.8.20 to 0.9.0

Release notes

Sourced from summernote's releases.

v0.9.0

New feature

#4281: Add noreferrer and noopener link options (@simialbi)

#4510: Add paste clipboard image behind the config flag (@yadue)

#4587: Add supports for YouTube shorts and live (@alvinmatias69)

Improvement

#4276: Optimize isfontinstalled function (@sjw-pc)

#4373: Allow resize the statusbar on touch devices (@lestcape)

#4405: Improve images pasting from clipboard (@gl-pv)

#4491: Add variable to font path (@rafaeldev)

#4509: Trigger change when AutoLink replaces link (@yadue)

#4566: Add protocol automatically (@daiki0381)

#4580: Adapt YouTube regex + restore YouTube regex for start (hour min sec) (@gerardmorte)

Bug Fix

#4182: Remove optional chaining (@ljhyeok)

#4190: Fix typo in settings (@ddazal)

#4224: Fixed classname of popover content area in bs5 (@kyungjaepark)

#4236: Fix newline problem with style (@sjw-pc)

#4240: Change mouseup to mousedown in Button (@Djunnni)

#4257: First matched item not active when using delayed ajax call (@pandamouse)

#4278: Fixed bs5 issues (@dmx-patrick)

#4279: Fixed click removing active state in lite style (@dmx-patrick)

#4283: Fix image handle (@dmx-patrick)

#4292: Apply suggested bug fix and add two extra tests (@ritwik1233)

#4294: Fix additional blank lines added when Enter key is pressed (@sjw-pc)

#4311: Fix alignment not working with or without sequences (@gzchun)

#4312: Prohibit paste content when disabled (@sjw-pc)

#4318: Fix pasteHTML auto adding unused   (@pandamouse)

#4340: Fix AirPopover Position to cursor on key events (@sebsoftware)

#4411: Escape text link content to prevent HTML injection (@yadue)

#4450: Fix removeMedia-setLangRange after remove image (@quoctienkt)

#4472: Bug fix traversing using walkPoint() and nextPointWithEmptyNode() (@DuncanHouston)

#4506: Correctly close tags in summernote-bs5.js (@mikewest)

#4516: Fix intentation of bullet point list error when <ul> and <li> are separated by line breaks (@HoffmannTom)

#4528: Update Bullet.js (@HoffmannTom)

#4532: Fix further problems with indentation and pretty printed HTML code (@HoffmannTom)

#4540: Fix insert YouTube links with video dialog (@gerardmorte)

#4560: Fix outdent issue with whitespaces (@HoffmannTom)

#4571: Fix escaping inserted link text (@Quess)

#4584: Fix pressing enter on last LI element to create a new line (@HoffmannTom)

#4585: Fix error Thrown from compiled function (@DennisSuitters)

#4592: Fix custom keyMap containing 'TAB':'indent' creating two lines on indentation (@HoffmannTom)

#4596: Fix jQuery lower/uppercase issue (@HoffmannTom)

#4597: Fix Instagram video insertion regex (@DennisSuitters)

#4606: Fix problem when pressing return two times on the last li element (@HoffmannTom)

#4667: Fix null error when styling all text selected with ctrl+a (@youen-dev)

#4684: Fix unintended   insertion during bullet indentation (@hackerwins)

... (truncated)

Changelog

Sourced from summernote's changelog.

v0.9.0

New feature

#4281: Add noreferrer and noopener link options (@simialbi)

#4510: Add paste clipboard image behind the config flag (@yadue)

#4587: Add supports for YouTube shorts and live (@alvinmatias69)

Improvement

#4276: Optimize isfontinstalled function (@sjw-pc)

#4373: Allow resize the statusbar on touch devices (@lestcape)

#4405: Improve images pasting from clipboard (@gl-pv)

#4491: Add variable to font path (@rafaeldev)

#4509: Trigger change when AutoLink replaces link (@yadue)

#4566: Add protocol automatically (@daiki0381)

#4580: Adapt YouTube regex + restore YouTube regex for start (hour min sec) (@gerardmorte)

Bug Fix

#4182: Remove optional chaining (@ljhyeok)

#4190: Fix typo in settings (@ddazal)

#4224: Fixed classname of popover content area in bs5 (@kyungjaepark)

#4236: Fix newline problem with style (@sjw-pc)

#4240: Change mouseup to mousedown in Button (@Djunnni)

#4257: First matched item not active when using delayed ajax call (@pandamouse)

#4278: Fixed bs5 issues (@dmx-patrick)

#4279: Fixed click removing active state in lite style (@dmx-patrick)

#4283: Fix image handle (@dmx-patrick)

#4292: Apply suggested bug fix and add two extra tests (@ritwik1233)

#4294: Fix additional blank lines added when Enter key is pressed (@sjw-pc)

#4311: Fix alignment not working with or without sequences (@gzchun)

#4312: Prohibit paste content when disabled (@sjw-pc)

#4318: Fix pasteHTML auto adding unused   (@pandamouse)

#4340: Fix AirPopover Position to cursor on key events (@sebsoftware)

#4411: Escape text link content to prevent HTML injection (@yadue)

#4450: Fix removeMedia-setLangRange after remove image (@quoctienkt)

#4472: Bug fix traversing using walkPoint() and nextPointWithEmptyNode() (@DuncanHouston)

#4506: Correctly close tags in summernote-bs5.js (@mikewest)

#4516: Fix intentation of bullet point list error when <ul> and <li> are separated by line breaks (@HoffmannTom)

#4528: Update Bullet.js (@HoffmannTom)

#4532: Fix further problems with indentation and pretty printed HTML code (@HoffmannTom)

#4540: Fix insert YouTube links with video dialog (@gerardmorte)

#4560: Fix outdent issue with whitespaces (@HoffmannTom)

#4571: Fix escaping inserted link text (@Quess)

#4584: Fix pressing enter on last LI element to create a new line (@HoffmannTom)

#4585: Fix error Thrown from compiled function (@DennisSuitters)

#4592: Fix custom keyMap containing 'TAB':'indent' creating two lines on indentation (@HoffmannTom)

#4596: Fix jQuery lower/uppercase issue (@HoffmannTom)

#4597: Fix Instagram video insertion regex (@DennisSuitters)

#4606: Fix problem when pressing return two times on the last li element (@HoffmannTom)

#4667: Fix null error when styling all text selected with ctrl+a (@youen-dev)

... (truncated)

Commits

a29875b Update changelog for v0.9.0 (#4694)
7c19d62 Update build workflow and add npm-publish workflow (#4693)
60bab8d Update branch name in codeql-analysis.yml and node.js.yml (#4689)
e5c2ae5 Merge pull request #4688 from summernote/develop
bbd8df4 Update copyright information and fix lint warnings (#4687)
dff14b4 Update README.md and CONTRIBUTING.md
9e127fd Update CONTRIBUTING.md (#4686)
1d1bb18 Fix unintended br insertion during bullet indentation (#4684)
e00991e Bump serve-static from 1.15.0 to 1.16.0 (#4682)
07fe496 Update summernote-uk-UA.js (#4678)
Additional commits viewable in compare view

Updates vue-template-compiler from 2.7.15 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

lifecycle: ensure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

account for nested render calls (db9c566), closes #13131

types: export more types for v3 alignment (jsx / component options) (895669f), closes #13078 #13128

2.7.16-beta.1 (2023-12-08)

Bug Fixes

compiler-sfc: check template ref usage, (#12985) (83d9535), closes #12984

compiler-sfc: fix rewriteDefault edge cases (25f97a5), closes #13060 #12892 #12906

keep-alive: fix keep-alive memory leak (2632249), closes #12827

keep-alive: fix memory leak without breaking transition tests (e0747f4)

props: should not unwrap props that are raw refs (08382f0), closes #12930

shallowReactive: should track value if already reactive when set in shallowReactive (0ad8e8d)

style: always set new styles (f5ef882), closes #12901 #12946

types: fix shallowRef's return type (#12979) (a174c29), closes #12978

types: fix type augmentation and compiler-sfc types w/moduleResolution: bundler (#13107) (de0b97b), closes #13106

types: provide types for built-in components (3650c12), closes #13002

types: type VNodeChildren should allow type number (#13067) (24fcf69), closes #12973

utils: unwrap refs when stringifying values in template (ae3e4b1), closes #12884 #12888

watch: new property addition should trigger deep watcher with getter (6d857f5), closes #12967 #12972

Commits

13f4e7d release: v2.7.16
56ce7f8 fix(lifecycle): esnure component effect scopes are disconnected
305e4ae release: v2.7.16-beta.2
3e1037e chore: bump vitest to 1.0.4
db9c566 fix: account for nested render calls
895669f fix(types): export more types for v3 alignment (jsx / component options)
73bdf14 release: v2.7.16-beta.1
e0747f4 fix(keep-alive): fix memory leak without breaking transition tests
2632249 fix(keep-alive): fix keep-alive memory leak
3650c12 fix(types): provide types for built-in components
Additional commits viewable in compare view

Updates postcss from 7.0.39 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

8.4.21

Fixed Input#error types (by @hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by @romainmenke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by @KingSora).

8.4.17

Fixed Node.before() unexpected behavior (by @romainmenke).

Added TOC to docs (by @muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

Fixed Node.before() unexpected behavior (by Romain Menke).

Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
45c5501 Release 8.4.30 version
bc3c341 Update linter
b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.18.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for [email protected] by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: [email protected] by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: [email protected]

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depthDescription has been truncated

Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.27.2` | `1.13.2` | | [summernote](https://github.com/summernote/summernote) | `0.8.20` | `0.9.0` | | [vue-template-compiler](https://github.com/vuejs/vue) | `2.7.15` | `2.7.16` | | [postcss](https://github.com/postcss/postcss) | `7.0.39` | `8.4.31` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.1` | `1.20.4` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.1` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `0.7.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.4` | `6.6.1` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.103.0` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | Updates `axios` from 0.27.2 to 1.13.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v1.13.2) Updates `summernote` from 0.8.20 to 0.9.0 - [Release notes](https://github.com/summernote/summernote/releases) - [Changelog](https://github.com/summernote/summernote/blob/main/CHANGES.md) - [Commits](summernote/summernote@v0.8.20...v0.9.0) Updates `vue-template-compiler` from 2.7.15 to 2.7.16 - [Release notes](https://github.com/vuejs/vue/releases) - [Changelog](https://github.com/vuejs/vue/blob/main/CHANGELOG.md) - [Commits](vuejs/vue@v2.7.15...v2.7.16) Updates `postcss` from 7.0.39 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.31) Updates `body-parser` from 1.20.1 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.4) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `cookie` from 0.4.2 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.2) Updates `eazy-logger` from 4.0.1 to 4.1.0 - [Commits](shakyShane/eazy-logger@v4.0.1...v4.1.0) Updates `elliptic` from 6.5.4 to 6.6.1 - [Commits](indutny/elliptic@v6.5.4...v6.6.1) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `send` from 0.16.2 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.16.2...0.19.0) Updates `serve-static` from 1.13.2 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.13.2...v1.16.2) Updates `follow-redirects` from 1.15.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.11) Updates `form-data` from 4.0.0 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.5) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `on-headers` from 1.0.2 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.2...v1.1.0) Updates `pbkdf2` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.1.2...v3.1.5) Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.1...v6.0.2) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `webpack` from 5.89.0 to 5.103.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.89.0...v5.103.0) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: summernote dependency-version: 0.9.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vue-template-compiler dependency-version: 2.7.16 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.4.31 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eazy-logger dependency-version: 4.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-version: 6.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.103.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 9, 2025

dependabot bot requested a review from a team as a code owner December 9, 2025 20:21

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 9, 2025

dependabot bot had a problem deploying to Build December 9, 2025 20:21 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 24 updates #470

Bump the npm_and_yarn group across 1 directory with 24 updates #470

Uh oh!

dependabot bot commented on behalf of github Dec 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 1 directory with 24 updates #470

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 24 updates #470

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 9, 2025

Release v1.13.2

Release notes:

Bug Fixes

Performance Improvements

Contributors to this release

Release v1.13.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.13.0

Release notes:

Bug Fixes

Features

Contributors to this release

1.13.2 (2025-11-04)

Bug Fixes

Performance Improvements

Contributors to this release

1.13.1 (2025-10-28)

Bug Fixes

Contributors to this release

1.13.0 (2025-10-27)

Bug Fixes

Features

Contributors to this release

v0.9.0

New feature

Improvement

Bug Fix

v0.9.0

New feature

Improvement

Bug Fix

v2.7.16 "Swan Song"

v2.7.16-beta.2

v2.7.16-beta.1

2.7.16 Swan Song (2023-12-24)

Bug Fixes

2.7.16-beta.2 (2023-12-14)

Bug Fixes

2.7.16-beta.1 (2023-12-08)

Bug Fixes

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

8.4.18

8.4.17

8.4.16

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

8.4.18

8.4.17

8.4.16