Bump the npm_and_yarn group across 1 directory with 25 updates by dependabot[bot] · Pull Request #1 · kushmanmb-org/MyCrypto

dependabot · 2026-02-05T14:35:23Z

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
axios	`0.24.0`	`0.30.2`
lodash	`4.17.21`	`4.17.23`
ws	`7.5.3`	`7.5.10`
webpack-dev-server	`3.10.1`	`5.2.1`
@babel/runtime	`7.12.18`	`7.28.6`
@babel/traverse	`7.12.17`	`7.29.0`
base-x	`3.0.8`	`3.0.11`
browserify-sign	`4.2.1`	`4.2.5`
cipher-base	`1.0.4`	`1.0.7`
cookiejar	`2.1.3`	`2.1.4`
decode-uri-component	`0.2.0`	`0.2.2`
min-document	`2.19.0`	`2.19.2`
replicator	`1.0.3`	`1.0.5`
requirejs	`2.3.6`	`2.3.8`
sha.js	`2.4.11`	`2.4.12`
store2	`2.12.0`	`2.14.4`
tar-fs	`2.1.1`	`2.1.4`

Updates axios from 0.24.0 to 0.30.2

Release notes

Sourced from axios's releases.

v0.30.2

What's Changed

Backport maxContentLength vulnerability fix to v0.x by @FeBe95 in axios/axios#7034

New Contributors

@FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @wolandec in axios/axios#6978

Contributors to this release

@wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @thatguyinabeanie in axios/axios#6829

fix: add allowAbsoluteUrls type by @thatguyinabeanie in axios/axios#6849

Contributors to this release

@mori5321 made their first contribution in axios/axios#4917

@TehZarathustra made their first contribution in axios/axios#6271

@nafeger made their first contribution in axios/axios#6787

@thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @Sean-Powell in axios/axios#6402

fix: omit nulls in params by @Willshaw in axios/axios#6394

fix(backport): fix paramsSerializer function validation by @solonzhu in axios/axios#6361

fix: Regular Expression Denial of Service (ReDoS) by @qiongshusheng in axios/axios#6708

Contributors to this release

@Sean-Powell made their first contribution in axios/axios#6402

@Willshaw made their first contribution in axios/axios#6394

@solonzhu made their first contribution in axios/axios#6361

... (truncated)

Commits

2fcb4ec chore: v0.30.2
153f483 chore: preversion
ee548ff fix: tests failing
a1b1d3f fix: backport maxContentLength vulnerability fix to v0.x (#7034)
b17c4de chore: build latest version
ad6b82a chore: build latest version
da447d5 chore(deps): bump form-data from 4.0.0 to 4.0.4 (#6978)
6e922e4 chore: added build artifacts
a06ed1e chore: added pre-release artifacts
c010622 feat: add type for allowAbsoluteUrls (#6849)
Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates ws from 7.5.3 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

Backported 0fdcc0af to the 7.x release line (2758ed35).

Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

Backported b8186dd1 to the 7.x release line (73dec34b).

Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

Backported 6a72da3e to the 7.x release line (76087fbf).

Backported 869c9892 to the 7.x release line (27997933).

Commits

d962d70 [dist] 7.5.10
22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
8a78f87 [dist] 7.5.9
0435e6e [security] Fix same host check for ws+unix: redirects
4271f07 [dist] 7.5.8
dc1781b [security] Drop sensitive headers when following insecure redirects
2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
a370613 [dist] 7.5.7
1f72e2e [security] Drop sensitive headers when following redirects (#2013)
8ecd890 [dist] 7.5.6
Additional commits viewable in compare view

Updates webpack-dev-server from 3.10.1 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

add visual progress indicators (a8f40b7)

added the app option to be Function (by default only with connect compatibility frameworks) (3096148)

allow the server option to be Function (#5275) (02a1c6d)

http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

check the platform property to determinate the target (#5269) (c3b532c)

ipv6 output (#5270) (06005e7)

replace rimraf with rm (#5162) (1a1561f)

replace default gateway (#5255) (f5f0902)

support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header

requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)

take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

add visual progress indicators (a8f40b7)

added the app option to be Function (by default only with connect compatibility frameworks) (3096148)

allow the server option to be Function (#5275) (02a1c6d)

http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

check the platform property to determinate the target (#5269) (c3b532c)

ipv6 output (#5270) (06005e7)

replace rimraf with rm (#5162) (1a1561f)

replace default gateway (#5255) (f5f0902)

support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

0d22a08 chore(release): 5.2.1
6045b1e chore(deps): update (#5444)
ffd0b86 fix: take the first network found instead of the last one, this restores the ...
9ea7b08 ci: update dependency-review-action (#5442)
5c9378b Merge commit from fork
d2575ad Merge commit from fork
8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
5a39c70 ci: update codecov/codecov-action to v5 (#5406)
55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
Additional commits viewable in compare view

Updates @babel/runtime from 7.12.18 to 7.28.6

Release notes

Sourced from @babel/runtime's releases.

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-react-jsx

#17555 perf: Use lighter traversal for jsx __source,__self (@liuxingbaoyu)

Committers: 7

Babel Bot (@babel-bot)

Eliot Pontarelli (@kolvian)

Huáng Jùnliàng (@JLHwung)

Kadhirash Sivakumar (@kadhirash)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits

d7f4008 v7.28.6
35055e3 v7.28.4
ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/runtime since your current version.

Updates @babel/traverse from 7.12.17 to 7.29.0

Release notes

Sourced from @babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

... (truncated)

Commits

aa8394e v7.29.0
84366a8 fix(traverse): provide a hub when traversing a File or Program and no parentP...
229eb45 [7.x backport] fix: Rename switch discriminant references when body creates s...
d7f4008 v7.28.6
905bc22 fix: lint errors in main branch (#17612)
a03e2b6 fix: path.evaluate correctly returns confident (#17584)
aac2c37 chore: Use Gulpfile.mts (#17579)
65c4a6b [Babel 8] fix: Improve traverse types (#17574)
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/traverse since your current version.

Updates base-x from 3.0.8 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
4c10d33 3.0.9
c9dcddd Merge pull request #78 from cryptocoinjs/fix/space-alphabets
6c54632 Fix alphabets with space in them
69c09ed Merge pull request #73 from terrierscript/patch-1
1dd3795 Update README.md
See full diff in compare view

Updates body-parser from 1.19.0 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

1.20.1 / 2022-10-06

deps: qs@6.11.0

perf: remove unnecessary object clone

1.20.0 / 2022-04-02

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: http-errors@2.0.0

deps: depd@2.0.0

deps: statuses@2.0.1

deps: on-finished@2.4.1

deps: qs@6.10.3

deps: raw-body@2.5.1

deps: http-errors@2.0.0

1.19.2 / 2022-02-15

... (truncated)

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
1752951 1.20.3
39744cf chore: linter (#534)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates browserify-sign from 4.2.1 to 4.2.5

Changelog

Sourced from browserify-sign's changelog.

v4.2.5 - 2025-09-24

Commits

[Tests] clean up tests and convert console info skips to tape skips 37b083c

[Fix] restore node 0.10 support faade86

[Deps] update parse-asn1 5a0f159

[actions] drop unsupported nodes from CI 106be97

v4.2.4 - 2025-09-22

Commits

[actions] split out node 10-20, and 20+ 17920d9

[meta] remove files field 6d5b280

[Deps] update bn.js, browserify-rsa, elliptic 31be0c2

[Dev Deps] update @ljharb/eslint-config, auto-changelog, semver, tape 5f66982

[Tests] replace aud with npm audit d44b24d

[Dev Deps] add missing peer dep ab975f4

[Deps] revert 9e2bf12, now that v3.1.1 is out 428cf7f

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

... (truncated)

Commits

d3a7458 v4.2.5
37b083c [Tests] clean up tests and convert console info skips to tape skips

Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.24.0` | `0.30.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [ws](https://github.com/websockets/ws) | `7.5.3` | `7.5.10` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `3.10.1` | `5.2.1` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.12.18` | `7.28.6` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.17` | `7.29.0` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.8` | `3.0.11` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.5` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [cookiejar](https://github.com/bmeck/node-cookiejar) | `2.1.3` | `2.1.4` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` | | [replicator](https://github.com/inikulin/replicator) | `1.0.3` | `1.0.5` | | [requirejs](https://github.com/jrburke/r.js) | `2.3.6` | `2.3.8` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` | | [store2](https://github.com/nbubna/store) | `2.12.0` | `2.14.4` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` | Updates `axios` from 0.24.0 to 0.30.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.24.0...v0.30.2) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `ws` from 7.5.3 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.3...7.5.10) Updates `webpack-dev-server` from 3.10.1 to 5.2.1 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v3.10.1...v5.2.1) Updates `@babel/runtime` from 7.12.18 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-runtime) Updates `@babel/traverse` from 7.12.17 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse) Updates `base-x` from 3.0.8 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.8...v3.0.11) Updates `body-parser` from 1.19.0 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.4) Updates `browserify-sign` from 4.2.1 to 4.2.5 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.5) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `cookie` from 0.4.0 to 0.4.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Changelog](https://github.com/jshttp/cookie/blob/v0.4.1/HISTORY.md) - [Commits](jshttp/cookie@v0.4.0...v0.4.1) Updates `cookiejar` from 2.1.3 to 2.1.4 - [Commits](https://github.com/bmeck/node-cookiejar/commits) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `express` from 4.17.1 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.17.1...v4.22.1) Updates `follow-redirects` from 1.14.8 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.11) Updates `min-document` from 2.19.0 to 2.19.2 - [Commits](Raynos/min-document@v2.19.0...v2.19.2) Updates `node-forge` from 0.10.0 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@0.10.0...v1.3.3) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `replicator` from 1.0.3 to 1.0.5 - [Release notes](https://github.com/inikulin/replicator/releases) - [Commits](inikulin/replicator@v1.0.3...v1.0.5) Updates `requirejs` from 2.3.6 to 2.3.8 - [Commits](requirejs/r.js@2.3.6...2.3.8) Updates `send` from 0.17.1 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.2) Updates `serve-static` from 1.14.1 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.3) Updates `sha.js` from 2.4.11 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.11...v2.4.12) Updates `store2` from 2.12.0 to 2.14.4 - [Commits](nbubna/store@2.12.0...2.14.4) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) --- updated-dependencies: - dependency-name: axios dependency-version: 0.30.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookiejar dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: min-document dependency-version: 2.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: replicator dependency-version: 1.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: requirejs dependency-version: 2.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: store2 dependency-version: 2.14.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-02-05T14:36:05Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Prototype Pollution in npm `minimist` CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 0.2.4 From: `?` → `npm/minimist@0.0.8` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/minimist@0.0.8`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot · 2026-02-10T14:11:24Z

Superseded by #2.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026

dependabot bot had a problem deploying to STAGING February 5, 2026 14:35 Failure

dependabot bot closed this Feb 10, 2026

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-c91f139caf branch February 10, 2026 14:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 25 updates#1

Bump the npm_and_yarn group across 1 directory with 25 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-c91f139caf

dependabot bot commented on behalf of github Feb 5, 2026

Uh oh!

socket-security bot commented Feb 5, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 10, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 5, 2026

v0.30.2

What's Changed

New Contributors

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Release v0.30.0

Release notes:

Bug Fixes

Contributors to this release

v0.29.0

Release notes:

Bug Fixes

Contributors to this release

7.5.10

Bug fixes

7.5.9

Bug fixes

7.5.8

Bug fixes

7.5.7

Bug fixes

7.5.6

Bug fixes

7.5.5

Bug fixes

7.5.4

Bug fixes

v5.2.1

5.2.1 (2025-03-26)

Security

Bug Fixes

v5.2.0

5.2.0 (2024-12-11)

Features

Bug Fixes

v5.1.0

5.1.0 (2024-09-03)

Features

Bug Fixes

v5.0.4

5.0.4 (2024-03-19)

5.2.1 (2025-03-26)

Security

Bug Fixes

5.2.0 (2024-12-11)

Features

Bug Fixes

5.1.0 (2024-09-03)

Features

Bug Fixes

5.0.4 (2024-03-19)

Bug Fixes

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 7

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

1.20.4

What's Changed

1.20.3

What's Changed

Important

Other changes