Skip to content

Bump the prod-dependencies group across 1 directory with 5 updates #4579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the prod-dependencies group across 1 directory with 5 updates #4579

dependabot wants to merge 1 commit into from
+97 −174

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 7, 2026
edited
Loading

Bumps the prod-dependencies group with 5 updates in the / directory:

Package From To
body-parser 2.2.0 2.2.1
express 5.1.0 5.2.1
fs-extra 11.3.2 11.3.3
react-router 7.9.6 7.11.0
superagent 10.2.3 10.3.0

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3
Commits
  • d96b63d 2.2.1 (#659)
  • b204886 sec: security patch for CVE-2025-13466
  • e20e351 feat: remove history.md from being packaged on publish (#660)
  • 0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
  • 168afff ci: also test on first supported node.js version (#646)
  • e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
  • 9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
  • 57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
  • a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
  • 10a114d test: add test for urlencoded invalid defaultCharset (#643)
  • Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.
Commits

Updates fs-extra from 11.3.2 to 11.3.3

Changelog

Sourced from fs-extra's changelog.

11.3.3 / 2025-12-18

  • Fix copying symlink when destination is a symlink to the same target (#1019, #1060)
Commits

Updates react-router from 7.9.6 to 7.11.0

Release notes

Sourced from react-router's releases.

v7.11.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110

v7.10.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101

v7.10.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100

Changelog

Sourced from react-router's changelog.

7.11.0

Minor Changes

  • Stabilize <HydratedRouter onError>/<RouterProvider onError> (#14546)

Patch Changes

  • add support for throwing redirect Response's at RSC render time (#14596)

  • Support for throwing data() and Response from server component render phase. Response body is not serialized as async work is not allowed as error encoding phase. If you wish to transmit data to the boundary, throw data() instead. (#14632)

  • Fix unstable_useTransitions prop on <Router> component to permit omission for backewards compatibility (#14646)

  • routeRSCServerRequest replace fetchServer with serverResponse (#14597)

  • [UNSTABLE] Add a new unstable_defaultShouldRevalidate flag to various APIs to allow opt-ing out of standard revalidation behaviors. (#14542)

    If active routes include a shouldRevalidate function, then your value will be passed as defaultShouldRevalidate in those function so that the route always has the final revalidation determination.

    • <Form method="post" unstable_defaultShouldRevalidate={false}>
    • submit(data, { method: "post", unstable_defaultShouldRevalidate: false })
    • <fetcher.Form method="post" unstable_defaultShouldRevalidate={false}>
    • fetcher.submit(data, { method: "post", unstable_defaultShouldRevalidate: false })

    This is also available on non-submission APIs that may trigger revalidations due to changing search params:

    • <Link to="/" unstable_defaultShouldRevalidate={false}>
    • navigate("/?foo=bar", { unstable_defaultShouldRevalidate: false })
    • setSearchParams(params, { unstable_defaultShouldRevalidate: false })

  • Allow redirects to be returned from client side middleware (#14598)

  • Handle dataStrategy implementations that return insufficient result sets by adding errors for routes without any available result (#14627)

7.10.1

Patch Changes

  • Update the useOptimistic stub we provide for React 18 users to use a stable setter function to avoid potential useEffect loops - specifically when using <Link viewTransition> (#14628)

7.10.0

Minor Changes

  • Stabilize fetcher.reset() (#14545)

    • ⚠️ This is a breaking change if you have begun using fetcher.unstable_reset()

  • Stabilize the dataStrategy match.shouldRevalidateArgs/match.shouldCallHandler() APIs. (#14592)

    • The match.shouldLoad API is now marked deprecated in favor of these more powerful alternatives

    • If you're using this API in a custom dataStrategy today, you can swap to the new API at your convenience:

... (truncated)

Commits

Updates superagent from 10.2.3 to 10.3.0

Release notes

Sourced from superagent's releases.

v10.3.0

  • fix: fixed package lock 5db8232
  • fix: fixed package lock b80038d
  • fix: add back zuul, fix mocha, xo, rimraf versions 829893c
  • fix: fixed deps 426c2bf
  • fix: fixed deps a55a6d6
  • fix: added back node v18 to tests c93aa19
  • chore: fix deps 5cd3751
  • Merge pull request #1842 from hlovdal/dep_updates 68308c8
  • Merge pull request #1839 from codders/feat/add-proxy-for-client-agent a488d25
  • chore: remove end-of-life nodejs versions and add active lts 170ef07
  • chore(deps): update eslint-plugin-compat package 3ce73dd
  • chore(deps): update tinify package a9a48a3
  • chore(deps): update xo package 5677b73
  • chore(deps): update rimraf package 7cda38c
  • chore(deps): update mocha package 608b4ef
  • chore(deps): update qs package 81719c9
  • chore(deps): remove zuul 7d8618b
  • chore(deps): update body-parser package e07aaaa
  • chore(deps): npm audit fix b4b2275
  • Merge pull request #1837 from inseong01/translate-docs-ko cec2606
  • feat(client): add proxy object for request.agent for compatibility 44e68b1
  • docs: translate documents to ko_KR 624ab8c

forwardemail/superagent@v10.2.3...v10.3.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the prod-dependencies group across 1 directory with 5 updates
b53feef 
Bumps the prod-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` |
| [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` |
| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.2` | `11.3.3` |
| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.9.6` | `7.11.0` |
| [superagent](https://github.com/ladjs/superagent) | `10.2.3` | `10.3.0` |



Updates `body-parser` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@v2.2.0...v2.2.1)

Updates `express` from 5.1.0 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v5.1.0...v5.2.1)

Updates `fs-extra` from 11.3.2 to 11.3.3
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](jprichardson/node-fs-extra@11.3.2...11.3.3)

Updates `react-router` from 7.9.6 to 7.11.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.11.0/packages/react-router)

Updates `superagent` from 10.2.3 to 10.3.0
- [Release notes](https://github.com/ladjs/superagent/releases)
- [Changelog](https://github.com/forwardemail/superagent/blob/master/HISTORY.md)
- [Commits](forwardemail/superagent@v10.2.3...v10.3.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: fs-extra
  dependency-version: 11.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: react-router
  dependency-version: 7.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
- dependency-name: superagent
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@calculuschild