Skip to content

Bump the npm_and_yarn group across 1 directory with 28 updates#2

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-d7cd541f7f
Open

Bump the npm_and_yarn group across 1 directory with 28 updates#2
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-d7cd541f7f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package From To
express 4.16.3 4.22.0
mongoose 5.2.8 6.13.9
socket.io 2.1.1 2.5.0
codecov 3.0.4 3.6.2
flatted 0.2.3 3.4.2
chownr 1.0.1 1.1.4
cookiejar 2.1.2 2.1.4
decode-uri-component 0.2.0 0.2.2
fsevents 1.2.4 1.2.13
get-func-name 2.0.0 2.0.2
jws 3.1.5 3.2.3
lodash 4.17.10 4.18.1
moment-timezone 0.5.21 0.5.48
pathval 1.1.0 1.1.1
semver 5.5.0 5.7.2

Updates express from 4.16.3 to 4.22.0

Release notes

Sourced from express's releases.

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Updates mongoose from 5.2.8 to 6.13.9

Release notes

Sourced from mongoose's releases.

6.13.9 / 2026-02-04

  • fix: handle other top-level query operators in sanitizeFilter
  • types(aggregate): add $firstN, $lastN, $bottom, $bottomN, $minN and $maxN operators #15303 #15299
  • docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x #15427

6.13.8 / 2025-01-20

  • chore: remove coverage output from bundle

6.13.7 / 2025-01-20

  • chore: re-release to force npm audit to pick up 6.x fix for CVE-2025-23061

6.13.6 / 2025-01-13

  • fix: disallow nested $where in populate match
Changelog

Sourced from mongoose's changelog.

6.13.9 / 2026-02-04

  • fix: handle other top-level query operators in sanitizeFilter
  • types(aggregate): add $firstN, $lastN, $bottom, $bottomN, $minN and $maxN operators #15303 #15299
  • docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x #15427

6.13.8 / 2025-01-20

  • chore: remove coverage output from bundle

6.13.7 / 2025-01-20

  • chore: re-release to force npm audit to pick up 6.x fix for CVE-2025-23061

6.13.6 / 2025-01-13

6.13.5 / 2024-11-26

  • fix: disallow using $where in match

6.13.4 / 2024-11-15

  • fix: save execution stack in query as string #15043 #15039
  • docs: clarify strictQuery default will flip-flop in "Migrating to 6.x" #14998 markstos

6.13.3 / 2024-09-23

  • docs(migrating_to_6): document that Lodash _.isEmpty() with ObjectId() as a parameter returns true in Mongoose 6 #11152

6.13.2 / 2024-09-12

  • fix(document): make set() respect merge option on deeply nested objects #14870 #14878

6.13.1 / 2024-09-06

  • fix: remove empty $and, $or, $not that were made empty by scrict mode #14749 #13086 0x0a0d

6.13.0 / 2024-06-06

  • feat(model): add throwOnValidationError option for opting into getting MongooseBulkWriteError if all valid operations succeed in bulkWrite() and insertMany() #14599 #14587 #14572 #13410

6.12.9 / 2024-05-24

  • fix(cast): cast $comment to string in query filters #14590 #14576
  • types(model): allow passing strict type checking override to create() #14571 #14548

6.12.8 / 2024-04-10

... (truncated)

Commits
  • 473a92e style: fix lint
  • 40e1af0 quick fix for no elvis operator in node 12
  • 068ee25 chore: release 6.13.9
  • 3b0c5c0 fix: handle other top-level query operators in sanitizeFilter
  • b331eac Merge pull request #15434 from Automattic/vkarpov15/gh-15427
  • 2097837 chore: remove upload-artifact
  • 8045783 chore: bump ubuntu versions in GitHub actions
  • 5235028 docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x
  • 1448c67 Merge pull request #15303 from Automattic/vkarpov15/gh-15299
  • 17d1bd6 fix ts benchmark by bumping max instantiations
  • Additional commits viewable in compare view

Updates socket.io from 2.1.1 to 2.5.0

Changelog

Sourced from socket.io's changelog.

2.5.0 (2022-06-26)

Bug Fixes

  • fix race condition in dynamic namespaces (05e1278)
  • ignore packet received after disconnection (22d4bdf)
  • only set 'connected' to true after middleware execution (226cc16)
  • prevent the socket from joining a room after disconnection (f223178)

2.4.1 (2021-01-07)

Reverts

  • fix(security): do not allow all origins by default (a169050)

2.4.0 (2021-01-04)

Bug Fixes

  • security: do not allow all origins by default (f78a575)
  • properly overwrite the query sent in the handshake (d33a619)
Commits
  • baa6804 chore(release): 2.5.0
  • f223178 fix: prevent the socket from joining a room after disconnection
  • 226cc16 fix: only set 'connected' to true after middleware execution
  • 05e1278 fix: fix race condition in dynamic namespaces
  • 22d4bdf fix: ignore packet received after disconnection
  • dfded53 chore: update engine.io version to 3.6.0
  • e6b8697 chore(release): 2.4.1
  • a169050 revert: fix(security): do not allow all origins by default
  • 873fdc5 chore(release): 2.4.0
  • f78a575 fix(security): do not allow all origins by default
  • Additional commits viewable in compare view

Updates codecov from 3.0.4 to 3.6.2

Release notes

Sourced from codecov's releases.

v3.6.2

command line args sanitised

v3.6.1

Fix for Semaphore

v3.6.0

AWS CodeBuild Semaphore v2

v3.3.0

Added pipe --pipe, -l

v3.1.0

Custom Yaml file Token from .codecov.yml

Changelog

Sourced from codecov's changelog.

3.6.2

  • Command line args sanitized fix

3.6.1

  • Fix for Semaphore

3.6.0

  • Added AWS CodeBuild and Semaphore2

3.5.0

  • Added TeamCity support

3.4.0

  • Added Heroku CI support

3.3.0

  • Added pipe with --pipe, -l

3.2.0

  • Added azure pipelines .

3.1.0

  • Custom yaml file. Allow codecov token from yml file.
Commits

Updates flatted from 0.2.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates body-parser from 1.18.2 to 1.20.5

Release notes

Sourced from body-parser's releases.

v1.20.5

What's Changed

The reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (> 100) on qs@6.14.2+. (expressjs/body-parser#716)

New Contributors

Special thanks to triager @​krzysdz for keeping this on our radar and effectively triaging the specific issue!

Full Changelog: expressjs/body-parser@1.20.4...1.20.5

1.20.4

What's Changed

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.5 / 2026-04-24

  • refactor(json): simplify strict mode error string construction
  • fix: extended urlencoded parsing of arrays with >100 elements (#716)
  • deps: qs@~6.15.1

1.20.4 / 2025-12-01

  • deps: qs@~6.14.0
  • deps: use tilde notation for dependencies
  • deps: http-errors@~2.0.1
  • deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1 / 2022-10-06

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0 / 2022-04-02

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.


Updates bson from 1.0.9 to 4.7.2

Release notes

Sourced from bson's releases.

v4.7.2

The MongoDB Node.js team is pleased to announce version v4.7.2 of the bson package!

Bug Fixes

  • NODE-4932: remove .0 suffix from double extended json values (#553) (a298d22)

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

v4.7.1

The MongoDB Node.js team is pleased to announce version v4.7.1 of the bson package!

Bug Fixes

  • NODE-4905: double precision accuracy in canonical EJSON (#549) (d86bd52)

Documentation

We invite you to try the bson library immediately, and report any issues to the NODE project.

v4.7.0

The MongoDB Node.js team is pleased to announce version 4.7.0 of the bson package!

Release Highlights

This release adds automatic UUID support. Now when serializing or deserializing BSON you can work directly with the UUID type without explicit conversion methods. The UUID class is now a subclass of binary so all existing code will continue to work (including the explicit conversion methods .toUUID/.toBinary). The same automatic support for UUID is also present in EJSON .parse/.stringify.

Take a look at the following for the expected behavior:

const document = BSON.deserialize(bytes)
// { uuid: UUID('xxx') }
BSON.serialize(document)
// Buffer < document with uuid (binary subtype 4) >

Special thanks to @​aditi-khare-mongoDB for all her hard work on this feature!! 🎉

Features

  • NODE-4405: support serializing UUID class (#508) (f5dc9ed)
  • NODE-4419: UUID class deserialization (#509) (ff2b975)
  • NODE-4506: Make UUID a subclass of binary (#512) (e9afa9d)

... (truncated)

Changelog

Sourced from bson's changelog.

4.7.2 (2023-01-10)

Bug Fixes

  • NODE-4932: remove .0 suffix from double extended json values (#553) (a298d22)

4.7.1 (2023-01-05)

Bug Fixes

  • NODE-4905: double precision accuracy in canonical EJSON (#549) (d86bd52)

4.7.0 (2022-08-18)

Features

  • NODE-4405: support serializing UUID class (#508) (f5dc9ed)
  • NODE-4419: UUID class deserialization (#509) (ff2b975)
  • NODE-4506: Make UUID a subclass of binary (#512) (e9afa9d)
  • NODE-4535: automatically promote UUIDs when deserializing and parsing UUIDs (#513) (1dc7eae)

4.6.5 (2022-07-07)

Bug Fixes

  • NODE-3630: remove float parser and test edge cases for Double (#502) (54ca603)
  • NODE-4211: Do not require crypto in browser builds (#500) (b32ab40)
  • NODE-4302: remove downlevel ts and typesVersions (#501) (651b60e)
  • NODE-4381: handle __proto__ well in EJSON (#506) (4bda57d)

4.6.4 (2022-05-19)

4.6.3 (2022-04-20)

4.6.2 (2022-03-22)

Bug Fixes

  • MONGOSH-1155: update error message in ObjectId class (#493) (67fbc7c)
  • NODE-3015: ObjectId.equals should use Buffer.equals for better performance (#478) (8305bdf)
  • NODE-3962: correct type for ObjectiId._bsontype (#480) (9671773)

4.6.1 (2022-01-06)

... (truncated)

Commits
  • c3fc5df chore(release): 4.7.2
  • a298d22 fix(NODE-4932): remove .0 suffix from double extended json values (#553)
  • 5465c33 chore(release): 4.7.1
  • d86bd52 fix(NODE-4905): double precision accuracy in canonical EJSON (#549)
  • 853bbb0 chore(release): 4.7.0
  • 1dc7eae feat(NODE-4535): automatically promote UUIDs when deserializing and parsing U...
  • e9afa9d feat(NODE-4506): Make UUID a subclass of binary (#512)
  • ff2b975 feat(NODE-4419): UUID class deserialization (#509)
  • f5dc9ed feat(NODE-4405): support serializing UUID class (#508)
  • 4d75481 test(NODE-4357): delete windows tests (#510)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for bson since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates chownr from 1.0.1 to 1.1.4

Commits

Updates cookie from 0.3.1 to 0.4.2

Release notes

Sourced from cookie's releases.

0.4.2

  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

0.4.1

  • Fix maxAge option to reject invalid values

0.4.0

  • Add SameSite=None support
Changelog

Sourced from cookie's changelog.

0.4.2 / 2022-02-02

  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

0.4.1 / 2020-04-21

  • Fix maxAge option to reject invalid values

0.4.0 / 2019-05-15

  • Add SameSite=None support
Commits
  • 55bac40 0.4.2
  • 519feb5 build: mocha@9.2.0
  • fadc4bc build: Node.js@14.19
  • 009b3cb pref: read value only when assigning in parse
  • 04be428 lint: remove deprecated String.prototype.substr
  • 2dc6662 bench: preserve decode behavior for top cookies
  • aa1a335 pref: remove unnecessary regexp in parse
  • 2bcee5a bench: add cookies from top 20 sites
  • 4f08c95 docs: update benchmark
  • f056356 build: mocha@9.1.4
  • Additional commits viewable in compare view

Updates cookiejar from 2.1.2 to 2.1.4

Commits

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates engine.io from 3.2.0 to 3.6.2

Commits

Updates fsevents from 1.2.4 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

Commits

Updates get-func-name from 2.0.0 to 2.0.2

Release notes

Sourced from get-func-name's releases.

v2.0.2

What's Changed

Revert previous changes that shipped this as an ES module.

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.2

v2.0.1

What's Changed

Fix GHSA-4q6p-r6v2-jvc5

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.1

Commits
Maintainer changes

This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.


Updates js-yaml from 3.12.0 to 3.15.0

Changelog

Sourced from js-yaml's changelog.

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and tagBeforeAnchor.
  • Added formal data layers (events and AST) for modular data pipelines.
    • Added low-level parser (to events), presenter and visitor APIs.
  • Added the YAML Test Suite to the test set.

Changed

  • See the migration guide for upgrade notes.
  • Rewritten in TypeScript and reorganized the public API around flat named exports.

... (truncated)

Commits
  • c34b6c4 3.15.0 released
  • 21e13d3 dist rebuild
  • Description has been truncated

Bumps the npm_and_yarn group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.16.3` | `4.22.0` |
| [mongoose](https://github.com/Automattic/mongoose) | `5.2.8` | `6.13.9` |
| [socket.io](https://github.com/socketio/socket.io) | `2.1.1` | `2.5.0` |
| [codecov](https://github.com/codecov/codecov-node) | `3.0.4` | `3.6.2` |
| [flatted](https://github.com/WebReflection/flatted) | `0.2.3` | `3.4.2` |
| [chownr](https://github.com/isaacs/chownr) | `1.0.1` | `1.1.4` |
| [cookiejar](https://github.com/bmeck/node-cookiejar) | `2.1.2` | `2.1.4` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [fsevents](https://github.com/fsevents/fsevents) | `1.2.4` | `1.2.13` |
| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.1.5` | `3.2.3` |
| [lodash](https://github.com/lodash/lodash) | `4.17.10` | `4.18.1` |
| [moment-timezone](https://github.com/moment/moment-timezone) | `0.5.21` | `0.5.48` |
| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |
| [semver](https://github.com/npm/node-semver) | `5.5.0` | `5.7.2` |



Updates `express` from 4.16.3 to 4.22.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md)
- [Commits](expressjs/express@4.16.3...4.22.0)

Updates `mongoose` from 5.2.8 to 6.13.9
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/6.13.9/CHANGELOG.md)
- [Commits](Automattic/mongoose@5.2.8...6.13.9)

Updates `socket.io` from 2.1.1 to 2.5.0
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/2.5.0/CHANGELOG.md)
- [Commits](socketio/socket.io@2.1.1...2.5.0)

Updates `codecov` from 3.0.4 to 3.6.2
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Changelog](https://github.com/codecov/codecov-node/blob/master/CHANGELOG.md)
- [Commits](codecov/codecov-node@v3.0.4...v3.6.2)

Updates `flatted` from 0.2.3 to 3.4.2
- [Commits](WebReflection/flatted@v0.2.3...v3.4.2)

Updates `body-parser` from 1.18.2 to 1.20.5
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md)
- [Commits](expressjs/body-parser@1.18.2...1.20.5)

Updates `bson` from 1.0.9 to 4.7.2
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/v4.7.2/HISTORY.md)
- [Commits](mongodb/js-bson@v1.0.9...v4.7.2)

Updates `chownr` from 1.0.1 to 1.1.4
- [Commits](isaacs/chownr@v1.0.1...v1.1.4)

Updates `cookie` from 0.3.1 to 0.4.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Changelog](https://github.com/jshttp/cookie/blob/v0.4.2/HISTORY.md)
- [Commits](jshttp/cookie@v0.3.1...v0.4.2)

Updates `cookiejar` from 2.1.2 to 2.1.4
- [Commits](https://github.com/bmeck/node-cookiejar/commits)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `engine.io` from 3.2.0 to 3.6.2
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits)

Updates `fsevents` from 1.2.4 to 1.2.13
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.2.4...v1.2.13)

Updates `get-func-name` from 2.0.0 to 2.0.2
- [Release notes](https://github.com/chaijs/get-func-name/releases)
- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)

Updates `js-yaml` from 3.12.0 to 3.15.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.12.0...3.15.0)

Updates `jws` from 3.1.5 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.1.5...v3.2.3)

Updates `lodash` from 4.17.10 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.10...4.18.1)

Updates `moment-timezone` from 0.5.21 to 0.5.48
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](moment/moment-timezone@0.5.21...0.5.48)

Updates `moment` from 2.22.2 to 2.30.1
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.22.2...2.30.1)

Updates `parseuri` from 0.0.5 to 0.0.6
- [Release notes](https://github.com/slevithan/parseuri/releases)
- [Commits](https://github.com/slevithan/parseuri/commits)

Updates `path-to-regexp` from 0.1.7 to 0.1.13
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13)

Updates `pathval` from 1.1.0 to 1.1.1
- [Release notes](https://github.com/chaijs/pathval/releases)
- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)
- [Commits](chaijs/pathval@v1.1.0...v1.1.1)

Updates `qs` from 6.5.1 to 6.5.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.1...v6.5.2)

Updates `semver` from 5.5.0 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.5.0...v5.7.2)

Updates `send` from 0.16.2 to 0.19.2
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.16.2...0.19.2)

Updates `serve-static` from 1.13.2 to 1.16.3
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.13.2...v1.16.3)

Updates `socket.io-parser` from 3.2.0 to 3.3.5
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/socket.io-parser@3.3.5/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@3.3.5)

Updates `ws` from 3.3.3 to 7.5.11
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@3.3.3...7.5.11)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 4.22.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mongoose
  dependency-version: 6.13.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: socket.io
  dependency-version: 2.5.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: codecov
  dependency-version: 3.6.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bson
  dependency-version: 4.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: chownr
  dependency-version: 1.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookiejar
  dependency-version: 2.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: engine.io
  dependency-version: 3.6.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fsevents
  dependency-version: 1.2.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: get-func-name
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: moment-timezone
  dependency-version: 0.5.48
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: moment
  dependency-version: 2.30.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: parseuri
  dependency-version: 0.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pathval
  dependency-version: 1.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.5.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io-parser
  dependency-version: 3.3.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants