Bump the npm_and_yarn group across 1 directory with 10 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
axios	0.21.1	0.31.1
vue	2.6.14	3.0.0
vuetify	2.5.8	3.0.0
vue-template-compiler	2.6.14	2.7.16
express	4.17.1	4.22.2
js-yaml	3.14.1	3.14.2
picomatch	2.3.0	2.3.2
yaml	1.10.2	1.10.3

Updates axios from 0.21.1 to 0.31.1

Release notes

Sourced from axios's releases.

v0.31.1

This release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed dist/ artefacts along with Bower support.

⚠️ Breaking Changes & Deprecations

• Bower & Committed dist/ Removed: dist/ bundles are no longer committed to the repo, and bower.json plus the Grunt package2bower task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (#10747)

🔒 Security Fixes

• Prototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9): Tightened isFormData to reject plain/null-prototype objects and require append, and guarded the Node HTTP adapter so data.getHeaders() is only merged when it is not inherited from Object.prototype. Blocks injected headers via polluted getHeaders. (#10750)
• Prototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf): mergeConfig, defaults resolution, and the HTTP adapter now uses own-property checks for transport, env, Blob, formSerializer, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (#10752)
• FormData / Params Recursion DoS: Added a configurable maxDepth (default 100, Infinity disables) to toFormData and params serialisation, throwing AxiosError with code ERR_FORM_DATA_DEPTH_EXCEEDED when exceeded. Circular-reference detection is preserved. (#10728)
• Null-Byte Injection in Query Strings: Removed the unsafe %00 → null-byte substitution from AxiosURLSearchParams.encode so %00 is preserved as-is. Other encoding behaviour (including %20 → +) unchanged. (#10737)
• Consolidated v1 Security Backport: Rolls up remaining v1 hardenings into v0.x: maxContentLength enforcement for responseType: 'stream' via a guarded transform with deferred piping, maxBodyLength enforcement for streamed uploads on native http/https with maxRedirects: 0, and stricter withXSRFToken handling so only own boolean true enables cross-origin XSRF headers. (#10764)

🔧 Maintenance & Chores

• CODEOWNERS: Added .github/CODEOWNERS with * @jasonsaayman to set a default reviewer for all paths. (#10740)

Full Changelog

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

• Header Injection & Proxy Bypass: Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper NO_PROXY/no_proxy enforcement covering wildcards, explicit ports, loopback aliases (localhost, 127.0.0.1, ::1), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and parsed.host is used for correct port and IPv6 handling. (#10688)

• CI Security: SHA-pins all actions and disables credential persistence in v0.x CI, introduces zizmor security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required npm-publish GitHub Environment with configurable reviewer protections. (#10638, #10639, #10667)

🐛 Bug Fixes

• TypeScript — AxiosInstance Return Types: Fixes return types in AxiosInstance methods to correctly resolve to Promise<R> (matching AxiosPromise<T> semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (#6253, #7328)

• Performance: Fixes a performance regression in isEmptyObject() that caused excessive computation when the argument was a large string. (#6484)

🔧 Maintenance & Chores

• Versioning & CI Workflow: Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (#10690, #10691, #10692)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​nakataki17 (#6253)
• @​gmasclet (#6484)
• @​shaanmajid (#10638, #10639, #10667)
• @​ivan-churakov (#7328)

Full Changelog

... (truncated)

Commits

• a589dc5 chore: bump version to v0.31.1 (#10766)
• b0c632f fix: backport security issues (#10764)
• b52187f fix: harden config merging (#10752)
• e3ddeb4 fix: header security issues (#10750)
• f4f2d76 chore: stop committing dist/ and remove bower (#10747)
• 1f2f644 chore: add CODEOWNERS (#10740)
• 44bca90 fix: improve regex in AxiosURLSearchParams (#10737)
• 4c4f07f fix: form data recursion (#10728)
• 5073eca chore: release v0.31.0 (#10697)
• b57eb1a ci: update branch name (#10692)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Updates vue from 2.6.14 to 3.0.0

Changelog

Sourced from vue's changelog.

3.0.0 (2020-09-18)

3.0.0-rc.13 (2020-09-18)

Bug Fixes

• hmr: make hmr working with class components (#2144) (422f05e)
• reactivity: avoid length mutating array methods causing infinite updates (#2138) (f316a33), closes #2137
• suspense: should discard unmount effects of invalidated pending branch (5bfcad1)
• types: component instance inference without props (#2145) (57bdaa2)

Code Refactoring

• watch APIs default to trigger pre-flush (49bb447), closes vuejs/vue-next#1706

Features

• runtime-core: support using inject() inside props default functions (58c31e3)
• watch: support dot-delimited path in watch option (1c9a0b3)

BREAKING CHANGES

• watch APIs now default to use flush: 'pre' instead of flush: 'post'. This change affects watch, watchEffect, the watch component option, and this.$watch. See (49bb447) for more details.

3.0.0-rc.12 (2020-09-16)

Bug Fixes

• reactivity: effect should only recursively self trigger with explicit options (3810de7), closes #2125
• runtime-core: ensure root stable fragments inherit elements for moving (bebd44f), closes #2134
• runtime-core: should still do full traverse of stable fragment children in dev + hmr (dd40ad8)
• runtime-core/async-component: fix error component when there are no error handlers (c7b4a37), closes #2129
• types/tsx: optional props from Mixin/Extends are treated as required (#2048) (89e9ab8)

Features

• compiler-sfc: additionalData support for css preprocessors (#2126) (066d514)

3.0.0-rc.11 (2020-09-15)

... (truncated)

Commits

• See full diff in compare view

Updates vuetify from 2.5.8 to 3.0.0

Commits

• 3122b69 chore(release): publish v3.0.0
• fce23d1 fix(types): add shims to UMD types
• e23e92c fix(types): remove UMD package export
• 3a2dbd3 fix(types): expose LocaleMessages interface
• 48ef134 feat(VList): add keyboard navigation (#15998)
• 18537d3 feat(theme): rename code/kbd variables to match conventions
• 6c5b180 fix(VTabs): respect height prop
• e6b0d7a fix: don't destroy components when transition value changes
• fa841a3 fix(VIcon): add collapse alias for mdi-svg (#15963)
• be3ceca fix(VDialog): explicit prop definitions (#15971)
• Additional commits viewable in compare view

Updates vue-template-compiler from 2.6.14 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

v2.7.15

Please refer to CHANGELOG.md for details.

v2.7.14

Please refer to CHANGELOG.md for details.

v2.7.13

Please refer to CHANGELOG.md for details.

v2.7.12

Please refer to CHANGELOG.md for details.

v2.7.11

Please refer to CHANGELOG.md for details.

v2.7.10

Please refer to CHANGELOG.md for details.

v2.7.9

Please refer to CHANGELOG.md for details.

v2.7.8

Please refer to CHANGELOG.md for details.

v2.7.7

Please refer to CHANGELOG.md for details.

v2.7.6

Please refer to CHANGELOG.md for details.

v2.7.5

Please refer to CHANGELOG.md for details.

v2.7.4

Please refer to CHANGELOG.md for details.

v2.7.3

... (truncated)

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

• lifecycle: ensure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

• account for nested render calls (db9c566), closes #13131
• types: export more types for v3 alignment (jsx / component options) (895669f), closes #13078 #13128

2.7.16-beta.1 (2023-12-08)

Bug Fixes

• compiler-sfc: check template ref usage, (#12985) (83d9535), closes #12984
• compiler-sfc: fix rewriteDefault edge cases (25f97a5), closes #13060 #12892 #12906
• keep-alive: fix keep-alive memory leak (2632249), closes #12827
• keep-alive: fix memory leak without breaking transition tests (e0747f4)
• props: should not unwrap props that are raw refs (08382f0), closes #12930
• shallowReactive: should track value if already reactive when set in shallowReactive (0ad8e8d)
• style: always set new styles (f5ef882), closes #12901 #12946
• types: fix shallowRef's return type (#12979) (a174c29), closes #12978
• types: fix type augmentation and compiler-sfc types w/moduleResolution: bundler (#13107) (de0b97b), closes #13106
• types: provide types for built-in components (3650c12), closes #13002
• types: type VNodeChildren should allow type number (#13067) (24fcf69), closes #12973
• utils: unwrap refs when stringifying values in template (ae3e4b1), closes #12884 #12888
• watch: new property addition should trigger deep watcher with getter (6d857f5), closes #12967 #12972

2.7.15 (2023-10-23)

Bug Fixes

• compiler-sfc: add semicolon after defineProps statement (#12879) (51fef2c)
• compiler-sfc: fix macro usage in multi-variable declaration (#12873) (d27c128)
• compiler-sfc: Optimize the value of emitIdentifier (#12851) (bb59751)
• compiler-sfc: Resolve object expression parsing errors in v-on (#12862) (b8c8b3f)
• lifecycle: scope might changed when call hook (#13070) (74ca5a1)

... (truncated)

Commits

• 13f4e7d release: v2.7.16
• 56ce7f8 fix(lifecycle): esnure component effect scopes are disconnected
• 305e4ae release: v2.7.16-beta.2
• 3e1037e chore: bump vitest to 1.0.4
• db9c566 fix: account for nested render calls
• 895669f fix(types): export more types for v3 alignment (jsx / component options)
• 73bdf14 release: v2.7.16-beta.1
• e0747f4 fix(keep-alive): fix memory leak without breaking transition tests
• 2632249 fix(keep-alive): fix keep-alive memory leak
• 3650c12 fix(types): provide types for built-in components
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

• fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
  • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
• deps: qs@~6.15.1
• deps: body-parser@~1.20.5

New Contributors

• @​suuuuuuminnnnnn made their first contribution in expressjs/express#7021
• @​SAY-5 made their first contribution in expressjs/express#7181

Full Changelog: expressjs/express@v4.22.1...v4.22.2

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

• fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
  • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
• deps: qs@~6.15.1
• deps: body-parser@~1.20.5

4.22.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0

... (truncated)

Commits

• df0abc9 4.22.2
• 836d366 4.x update qs to 6.15.1, body-parser 1.20.5 (#7224)
• 8d09bfe fix: restore array parsing for req.query repeated keys (#7181)
• d39e8ad deps: body-parser@~1.20.4 (#7021)
• efe85d9 deps: qs@^6.14.1 (#6972)
• f62378e 📝 add note to history
• 12fae14 4.22.1
• 5ddf311 Revert "sec: security patch for CVE-2024-51999"
• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates picomatch from 2.3.0 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

• fix: exception when glob pattern contains constructor by @​Jason3S in micromatch/picomatch#144
• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

2.3.1

Fixed

• Fixes bug when a pattern containing an expression after the closing parenthesis (/!(*.d).{ts,tsx}) was incorrectly converted to regexp (9f241ef).

Changed

• Some documentation improvements (f81d236, 421e0e7).

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

• Fix bad text values in parse #126, thanks to @​connor4312

Changed

• Remove process global to work outside of node #129, thanks to @​styfle
• Add sideEffects to package.json #128, thanks to @​frandiox
• Removed os, make compatible browser environment. See #124, thanks to @​gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

• 81cba8d Publish 2.3.2
• fc1f6b6 Merge commit from fork
• eec17ae Merge commit from fork
• 78f8ca4 Merge pull request #156 from micromatch/backport-144
• 3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
• 5467a5a 2.3.1
• 9f241ef Merge pull request #102 from micromatch/ISSUE-93_incorrect_extglob_expanding
• ac3cb66 fix: support stars in negation extglobs with expression after closing parenth...
• 719d348 Merge pull request #85 from XhmikosR/codeql
• ac74e57 Merge pull request #91 from XhmikosR/patch-1
• Additional commits viewable in compare view

Updates send from 0.17.1 to 0.19.2

Release notes

Sourced from send's releases.

0.19.2

What's Changed

• deps: use tilde notation and update certain dependencies by @​Phillip9587 in pillarjs/send#279
• Release: 0.19.2 by @​UlisesGascon in pillarjs/send#280

Full Changelog: pillarjs/send@0.19.1...0.19.2

0.19.1

What's Changed

• fix(deps): encodeurl@~2.0.0 by @​wesleytodd in pillarjs/send#240

Full Changelog: pillarjs/send@0.19.0...0.19.1

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.2 / 2025-12-15

• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: statuses@~2.0.2

0.19.1 / 2024-10-09

• deps: encodeurl@~2.0.0

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

0.18.0 / 2022-03-23

• Fix emitted 416 error missing headers property
• Limit the headers removed for 304 response
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: destroy@1.2.0
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: statuses@2.0.1

0.17.2 / 2021-12-11

• pref: ignore empty http tokens
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: ms@2.1.3

Commits

• 34ba03b 0.19.2 (#280)
• e53e4e5 deps: use tilde notation and update certain dependencies (#279)
• 19efaa3 0.19.1
• 0a9fa80 fix(deps): encodeurl@~2.0.0 (#240)
• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• b69cbb3 0.18.0
• f53edbb Limit the headers removed for 304 response
• 706d6dd docs: add security policy
• b690ba4 docs: fix linux build badge link
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.14.1 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1.16.3

What's Changed

• deps: send@~0.19.1 by @​Phillip9587 in expressjs/serve-static#227
• Release: 1.16.3 by @​UlisesGascon in expressjs/serve-static#229

Full Changelog: expressjs/serve-static@v1.16.2...v1.16.3

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

1.15.0

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

Changelog

Sourced from serve-static's changelog.

1.16.3 / 2024-12-15

• deps: send@~0.19.1
  • deps: encodeurl@~2.0.0

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

1.15.0 / 2022-03-24

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2 / 2021-12-15

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

Commits

• 9acad22 1.16.3 (#229)
• 52dc97d deps: send@~0.19.1 and upgrade Node.js versions on the CI (#227)
• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• 9b5a12a 1.15.0
• a39a0df docs: update CI link
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.

Updates yaml from 1.10.2 to 1.10.3

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any ...

Description has been truncated