Skip to content

Bump the npm_and_yarn group across 2 directories with 17 updates#6

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-aa8d246638
Open

Bump the npm_and_yarn group across 2 directories with 17 updates#6
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-aa8d246638

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 2 updates in the / directory: brace-expansion and extend.
Bumps the npm_and_yarn group with 10 updates in the /src directory:

Package From To
brace-expansion 1.1.11 1.1.16
extend 3.0.1 3.0.2
async 2.6.0 2.6.4
axios 0.17.1 0.32.0
body-parser 1.18.2 1.20.3
ejs 2.5.7 3.1.10
express 4.16.2 4.22.0
express-jwt 5.3.0 6.0.0
mongoose 5.0.4 6.13.9
validator 9.4.0 13.15.22

Updates brace-expansion from 1.1.11 to 1.1.16

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.16

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • See full diff in compare view

Updates async from 2.6.0 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)

v2.6.3

  • Updated lodash to squelch a security warning (#1675)

v2.6.2

  • Updated lodash to squelch a security warning (#1620)

v2.6.1

  • Updated lodash to prevent npm audit warnings. (#1532, #1533)
  • Made async-es more optimized for webpack users (#1517)
  • Fixed a stack overflow with large collections and a synchronous iterator (#1514)
  • Various small fixes/chores (#1505, #1511, #1527, #1530)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Updates axios from 0.17.1 to 0.32.0

Release notes

Sourced from axios's releases.

v0.32.0 — May 4, 2026

This release backports a comprehensive set of security and hardening fixes from the v1.x branch into v0.x, covering prototype-pollution protections, default error redaction, stricter proxy/cookie/socket handling, and one breaking change to merged config and header object prototypes.

⚠️ Breaking Changes & Deprecations

  • Null-prototype merged objects: mergeConfig and header merging now return objects with a null prototype to block prototype-pollution gadgets. Consumers must use Object.prototype.hasOwnProperty.call(obj, key) and avoid implicit string coercion against merged config or header objects. (#10838)

🔒 Security Fixes

  • Default error redaction: AxiosError.toJSON() now redacts sensitive keys by default to prevent credential leaks in logs. The behavior is configurable via config.redact, with defaults exposed on defaults.redact. (#10838)
  • Cookie & XSRF handling: Cookie names are read literally rather than via regex, and only own properties are respected when evaluating withXSRFToken. (#10838)
  • Proxy bypass IPv6 parity: NO_PROXY matching now handles canonical IPv4-mapped IPv6 forms such as ::ffff:127.0.0.1 and ::ffff:7f00:1. (#10838)
  • Node http adapter hardening: Strips Proxy-Authorization when no proxy is in use and gates socketPath behind a new allowedSocketPaths allowlist (string or array, normalized) to reduce accidental Unix socket exposure. (#10838)
  • Browser xhr adapter: Stricter own-property checks when reading config and headers. (#10838)
  • URL parameters: AxiosURLSearchParams keeps %00 encoded and applies consistent encoding throughout. (#10838)
  • Public type surface: Adds formDataHeaderPolicy, redact, and allowedSocketPaths to the TypeScript declarations alongside their runtime defaults. (#10838)

🔧 Maintenance & Chores

  • Repo hygiene: Updates README.md and CHANGELOG.md, adds AGENTS.md, and refreshes the issue and PR templates. (#10838)

Full Changelog

v0.31.1

This release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed dist/ artefacts along with Bower support.

⚠️ Breaking Changes & Deprecations

  • Bower & Committed dist/ Removed: dist/ bundles are no longer committed to the repo, and bower.json plus the Grunt package2bower task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (#10747)

🔒 Security Fixes

  • Prototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9): Tightened isFormData to reject plain/null-prototype objects and require append, and guarded the Node HTTP adapter so data.getHeaders() is only merged when it is not inherited from Object.prototype. Blocks injected headers via polluted getHeaders. (#10750)
  • Prototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf): mergeConfig, defaults resolution, and the HTTP adapter now uses own-property checks for transport, env, Blob, formSerializer, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (#10752)
  • FormData / Params Recursion DoS: Added a configurable maxDepth (default 100, Infinity disables) to toFormData and params serialisation, throwing AxiosError with code ERR_FORM_DATA_DEPTH_EXCEEDED when exceeded. Circular-reference detection is preserved. (#10728)
  • Null-Byte Injection in Query Strings: Removed the unsafe %00 → null-byte substitution from AxiosURLSearchParams.encode so %00 is preserved as-is. Other encoding behaviour (including %20+) unchanged. (#10737)
  • Consolidated v1 Security Backport: Rolls up remaining v1 hardenings into v0.x: maxContentLength enforcement for responseType: 'stream' via a guarded transform with deferred piping, maxBodyLength enforcement for streamed uploads on native http/https with maxRedirects: 0, and stricter withXSRFToken handling so only own boolean true enables cross-origin XSRF headers. (#10764)

🔧 Maintenance & Chores

  • CODEOWNERS: Added .github/CODEOWNERS with * @jasonsaayman to set a default reviewer for all paths. (#10740)

Full Changelog

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.


Updates body-parser from 1.18.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1 / 2022-10-06

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0 / 2022-04-02

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates ejs from 2.5.7 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

v2.7.4

Bug fixes

v2.7.3

Bug fixes

v2.7.2

Features

Bug Fixes

  • The error message when async != true now correctly mention the existence of the async option (#460, @​ExE-Boss)
  • Improved performance of HTML output generation (#470, @​nwoltman)

v2.7.1

Deprecated:

  • Added deprecation notice for use of require.extensions (@​mde)

v2.6.2

... (truncated)

Commits

Updates express from 4.16.2 to 4.22.0

Release notes

Sourced from express's releases.

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

  • deps: path-to-regexp@0.1.12
    • Fix backtracking protection
  • deps: path-to-regexp@0.1.11
    • Throws an error on invalid path values

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Updates express-jwt from 5.3.0 to 6.0.0

Commits
Maintainer changes

This version was pushed to npm by yacine-b, a new releaser for express-jwt since your current version.


Updates mongoose from 5.0.4 to 6.13.9

Release notes

Sourced from mongoose's releases.

6.13.9 / 2026-02-04

  • fix: handle other top-level query operators in sanitizeFilter
  • types(aggregate): add $firstN, $lastN, $bottom, $bottomN, $minN and $maxN operators #15303 #15299
  • docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x #15427

6.13.8 / 2025-01-20

  • chore: remove coverage output from bundle

6.13.7 / 2025-01-20

  • chore: re-release to force npm audit to pick up 6.x fix for CVE-2025-23061

6.13.6 / 2025-01-13

  • fix: disallow nested $where in populate match
Changelog

Sourced from mongoose's changelog.

6.13.9 / 2026-02-04

  • fix: handle other top-level query operators in sanitizeFilter
  • types(aggregate): add $firstN, $lastN, $bottom, $bottomN, $minN and $maxN operators #15303 #15299
  • docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x #15427

6.13.8 / 2025-01-20

  • chore: remove coverage output from bundle

6.13.7 / 2025-01-20

  • chore: re-release to force npm audit to pick up 6.x fix for CVE-2025-23061

6.13.6 / 2025-01-13

6.13.5 / 2024-11-26

  • fix: disallow using $where in match

6.13.4 / 2024-11-15

  • fix: save execution stack in query as string #15043 #15039
  • docs: clarify strictQuery default will flip-flop in "Migrating to 6.x" #14998 markstos

6.13.3 / 2024-09-23

  • docs(migrating_to_6): document that Lodash _.isEmpty() with ObjectId() as a parameter returns true in Mongoose 6 #11152

6.13.2 / 2024-09-12

  • fix(document): make set() respect merge option on deeply nested objects #14870 #14878

6.13.1 / 2024-09-06

  • fix: remove empty $and, $or, $not that were made empty by scrict mode #14749 #13086 0x0a0d

6.13.0 / 2024-06-06

  • feat(model): add throwOnValidationError option for opting into getting MongooseBulkWriteError if all valid operations succeed in bulkWrite() and insertMany() #14599 #14587 #14572 #13410

6.12.9 / 2024-05-24

  • fix(cast): cast $comment to string in query filters #14590 #14576
  • types(model): allow passing strict type checking override to create() #14571 #14548

6.12.8 / 2024-04-10

... (truncated)

Commits
  • 473a92e style: fix lint
  • 40e1af0 quick fix for no elvis operator in node 12
  • 068ee25 chore: release 6.13.9
  • 3b0c5c0 fix: handle other top-level query operators in sanitizeFilter
  • b331eac Merge pull request #15434 from Automattic/vkarpov15/gh-15427
  • 2097837 chore: remove upload-artifact
  • 8045783 chore: bump ubuntu versions in GitHub actions
  • 5235028 docs(compatibility): add note that Mongoose ^6.5 works with MongoDB server 7.x
  • 1448c67 Merge pull request #15303 from Automattic/vkarpov15/gh-15299
  • 17d1bd6 fix ts benchmark by bumping max instantiations
  • Additional commits viewable in compare view

Updates validator from 9.4.0 to 13.15.22

Release notes

Sourced from validator's releases.

13.15.22

Fixes, New Locales and Enhancements

New Contributors

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

13.15.20

Fixes, New Locales and Enhancements

New Contributors

Full Changelog: validatorjs/validator.js@13.15.15...13.15.20

13.15.15

Fixes, New Locales and Enhancements

Bumps the npm_and_yarn group with 2 updates in the / directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [extend](https://github.com/justmoon/node-extend).
Bumps the npm_and_yarn group with 10 updates in the /src directory:

| Package | From | To |
| --- | --- | --- |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.16` |
| [extend](https://github.com/justmoon/node-extend) | `3.0.1` | `3.0.2` |
| [async](https://github.com/caolan/async) | `2.6.0` | `2.6.4` |
| [axios](https://github.com/axios/axios) | `0.17.1` | `0.32.0` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.18.2` | `1.20.3` |
| [ejs](https://github.com/mde/ejs) | `2.5.7` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.16.2` | `4.22.0` |
| [express-jwt](https://github.com/auth0/express-jwt) | `5.3.0` | `6.0.0` |
| [mongoose](https://github.com/Automattic/mongoose) | `5.0.4` | `6.13.9` |
| [validator](https://github.com/validatorjs/validator.js) | `9.4.0` | `13.15.22` |



Updates `brace-expansion` from 1.1.11 to 1.1.16
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16)

Updates `extend` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md)
- [Commits](justmoon/node-extend@v3.0.1...v3.0.2)

Updates `brace-expansion` from 1.1.11 to 1.1.16
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.16)

Updates `extend` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md)
- [Commits](justmoon/node-extend@v3.0.1...v3.0.2)

Updates `async` from 2.6.0 to 2.6.4
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](caolan/async@v2.6.0...v2.6.4)

Updates `axios` from 0.17.1 to 0.32.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.17.1...v0.32.0)

Updates `body-parser` from 1.18.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.18.2...1.20.3)

Updates `ejs` from 2.5.7 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Changelog](https://github.com/mde/ejs/blob/main/RELEASE_NOTES_v5.md)
- [Commits](mde/ejs@v2.5.7...v3.1.10)

Updates `express` from 4.16.2 to 4.22.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md)
- [Commits](expressjs/express@4.16.2...4.22.0)

Updates `express-jwt` from 5.3.0 to 6.0.0
- [Changelog](https://github.com/auth0/express-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/express-jwt@v5.3.0...v6.0.0)

Updates `mongoose` from 5.0.4 to 6.13.9
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/6.13.9/CHANGELOG.md)
- [Commits](Automattic/mongoose@5.0.4...6.13.9)

Updates `validator` from 9.4.0 to 13.15.22
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@9.4.0...13.15.22)

Updates `bson` from 1.0.4 to 4.7.2
- [Release notes](https://github.com/mongodb/js-bson/releases)
- [Changelog](https://github.com/mongodb/js-bson/blob/v4.7.2/HISTORY.md)
- [Commits](mongodb/js-bson@V1.0.4...v4.7.2)

Updates `cookie` from 0.3.1 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.3.1...v0.7.2)

Updates `follow-redirects` from 1.4.1 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.4.1...v1.16.0)

Updates `mongodb` from 3.0.2 to 4.17.2
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/v4.17.2/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v3.0.2...v4.17.2)

Updates `mpath` from 0.3.0 to 0.9.0
- [Changelog](https://github.com/mongoosejs/mpath/blob/master/History.md)
- [Commits](https://github.com/aheckmann/mpath/commits)

Updates `send` from 0.16.1 to 0.19.2
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.16.1...0.19.2)

Updates `serve-static` from 1.13.1 to 1.16.3
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.13.1...v1.16.3)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: extend
  dependency-version: 3.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: extend
  dependency-version: 3.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: async
  dependency-version: 2.6.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 0.32.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.22.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express-jwt
  dependency-version: 6.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mongoose
  dependency-version: 6.13.9
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-version: 13.15.22
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: bson
  dependency-version: 4.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mongodb
  dependency-version: 4.17.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mpath
  dependency-version: 0.9.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants