Bump the npm_and_yarn group across 2 directories with 19 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /bindings/node directory:

Package	From	To
debug	3.2.6	3.2.7
@babel/traverse	7.15.0	7.26.10
braces	2.3.2	3.0.3
jest	26.6.3	29.7.0
ts-jest	26.5.6	29.2.6
minimatch	3.0.4	3.1.2

Bumps the npm_and_yarn group with 9 updates in the /tokenizers/examples/unstable_wasm/www directory:

Package	From	To
semver	5.7.1	5.7.2
decode-uri-component	0.2.0	0.2.2
json5	1.0.1	1.0.2
ws	8.8.1	8.18.1
body-parser	1.20.0	1.20.3
express	4.18.1	4.21.2
browserify-sign	4.2.1	4.2.3
follow-redirects	1.15.1	1.15.9
webpack-dev-middleware	5.3.3	5.3.4

Updates debug from 3.2.6 to 3.2.7

Commits

• 3383260 3.2.7
• 4e21502 fix regression
• See full diff in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates @babel/traverse from 7.15.0 to 7.26.10

Release notes

Sourced from @​babel/traverse's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Yunyoung Jordan Choi (@​jordan-choi)
• @​liuxingbaoyu
• @​mmmsssttt404

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)
• babel-parser, babel-plugin-transform-typescript
  • #17154 Update typescript parser tests (@​JLHwung)
• babel-traverse
  • #17151 fix: Should not evaluate vars in child scope (@​liuxingbaoyu)
• babel-generator
  • #17153 fix: Correctly generate abstract override (@​liuxingbaoyu)
• babel-parser
  • #17107 Fix source type detection when parsing TypeScript (@​JLHwung)
• babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3
  • #17173 Fix processing of replacement pattern with named capture groups (@​mmmsssttt404)

💅 Polish

• babel-standalone
  • #17158 Avoid warnings when re-bundling @​babel/standalone with webpack (@​liuxingbaoyu)

🏠 Internal

• babel-parser
  • #17160 Left-value parsing cleanup (@​JLHwung)

v7.26.9 (2025-02-14)

🐛 Bug Fix

• babel-types
  • #17103 fix: Definition for TSPropertySignature.kind (@​liuxingbaoyu)
• babel-generator, babel-types
  • #17062 Print TypeScript optional/definite in ClassPrivateProperty (@​jamiebuilds-signal)

🏠 Internal

• babel-types
  • #17130 Use .ts files with explicit reexports to solve name conflicts (@​nicolo-ribaudo)
• babel-core
  • #17127 Do not depend on @types/gensync in Babel 7 (@​nicolo-ribaudo)

v7.26.7 (2025-01-24)

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)

... (truncated)

Commits

• e1ce99d v7.26.10
• 51ec746 fix: Should not evaluate vars in child scope (#17151)
• 64bca7b v7.26.9
• 4cf5c9e [babel 8] Use @babel/types for parser's return type (#17117)
• 5315446 [babel 8] Remove babel 7-specific imports (#17111)
• 0593941 v7.26.8
• e02b0ff [Babel 8] Create TSTemplateLiteralType (#17066)
• 2d95140 v7.26.7
• ad572fd fix: Remove type-only import x = y.z (#17025)
• 74181cf v7.26.5
• Additional commits viewable in compare view

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates jest from 26.6.3 to 29.7.0

Release notes

Sourced from jest's releases.

v29.7.0

Features

• [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
• [jest-validate] Allow deprecation warnings for unknown options (#14499)

Fixes

• [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
• [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
• [@jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

Performance

• [@jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

Chore & Maintenance

• [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

New Contributors

• @​bawjensen made their first contribution in jestjs/jest#14465
• @​malaviya-parth made their first contribution in jestjs/jest#14467
• @​niklasholm made their first contribution in jestjs/jest#14507

Full Changelog: jestjs/jest@v29.6.4...v29.7.0

v29.6.4

Fixes

• [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
• [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
• [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

New Contributors

• @​stanleyume made their first contribution in jestjs/jest#14424
• @​dj-stormtrooper made their first contribution in jestjs/jest#14437
• @​thw0rted made their first contribution in jestjs/jest#14444

Full Changelog: jestjs/jest@v29.6.3...v29.6.4

v29.6.3

Fixes

• [expect, @jest/expect-utils] ObjectContaining support symbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)

... (truncated)

Changelog

Sourced from jest's changelog.

29.7.0

Features

• [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
• [jest-validate] Allow deprecation warnings for unknown options (#14499)

Fixes

• [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
• [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
• [@jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

Performance

• [@jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

Chore & Maintenance

• [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

29.6.4

Fixes

• [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
• [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
• [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

29.6.3

Fixes

• [expect, @jest/expect-utils] ObjectContaining support sumbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)
• [jest-mock] Revert #13867 as it was a breaking change (#14429)
• [@jest/reporters] Marks Reporter's hooks as optional (#14433)
• [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

Chore & Maintenance

• [jest-changed-files, jest-circus, jest-console, @jest/core, @jest/runtime, @jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

29.6.2

Fixes

... (truncated)

Commits

• 4e56991 v29.7.0
• 55cd6a0 v29.6.4
• fb7d95c v29.6.3
• 49bacb9 chore: update jest repo organisation in urls (#14413)
• 0fd5b1c v29.6.2
• 1f019af v29.6.1
• c1e5b8a v29.6.0
• 6ffa48d chore: upgrade TypeScript to v5 (#14155)
• a95eeb6 chore: update tsd runner (#14020)
• 39f3bed v29.5.0
• Additional commits viewable in compare view

Updates ts-jest from 26.5.6 to 29.2.6

Release notes

Sourced from ts-jest's releases.

v29.2.6

Please refer to CHANGELOG.md for details.

v29.2.5

Please refer to CHANGELOG.md for details.

v29.2.4

Please refer to CHANGELOG.md for details.

v29.2.3

Please refer to CHANGELOG.md for details.

v29.2.2

Please refer to CHANGELOG.md for details.

v29.2.1

Please refer to CHANGELOG.md for details.

v29.2.0

Please refer to CHANGELOG.md for details.

v29.1.5

Please refer to CHANGELOG.md for details.

v29.1.4

Please refer to CHANGELOG.md for details.

v29.1.3

Please refer to CHANGELOG.md for details.

v29.1.2

Please refer to CHANGELOG.md for details.

v29.1.1

Please refer to CHANGELOG.md for details.

v29.1.0

Please refer to CHANGELOG.md for details.

v29.0.5

Please refer to CHANGELOG.md for details.

v29.0.4

Please refer to CHANGELOG.md for details.

v29.0.3

Please refer to CHANGELOG.md for details.

v29.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from ts-jest's changelog.

29.2.6 (2025-02-22)

Bug Fixes

• fix: escape dot for JS_TRANSFORM_PATTERN regex (8c91c60)
• fix: escape dot for TS_JS_TRANSFORM_PATTERN regex (3eea850)
• fix: escape dot for TS_TRANSFORM_PATTERN regex (80d3e4d), closes #4579

29.2.5 (2024-08-23)

Bug Fixes

• build: build package with NodeNext module (9b3ade5)
• fix: set value ts/tsx extensionsToTreatAsEsm in default esm preset (d9ff362)
• fix(compiler): fallback to NodeJS module resolution for ts 4.8 (b7d3409), closes #4499

29.2.4 (2024-08-01)

Bug Fixes

• fix: revert support implementation for Node16/NodeNext (70b9530), closes #4468 #4473

29.2.3 (2024-07-18)

Security Fixes

• build(deps): Update dependency ejs to ^3.1.10 (de94a56)

Code Refactoring

• refactor(presets): maintain preset codes inside src (8474fc2)

29.2.2 (2024-07-10)

Bug Fixes

... (truncated)

Commits

• 6a38767 chore(release): 29.2.6
• 36e50e4 docs: update transform regex
• 8c91c60 fix: escape dot for JS_TRANSFORM_PATTERN regex
• 3eea850 fix: escape dot for TS_JS_TRANSFORM_PATTERN regex
• 80d3e4d fix: escape dot for TS_TRANSFORM_PATTERN regex
• 4811d42 build(deps): Update JamesIves/github-pages-deploy-action action to v4.7.3
• 82d1116 build(deps): Update babel monorepo to ^7.26.9
• ab058a9 build(deps): Update dependency @​types/node to v20.17.19
• 399e918 build(deps): Update dependency @​formatjs/ts-transformer to ^3.13.32
• 54181f1 build(deps): Update dependency @​vitejs/plugin-react-swc to ^3.8.0
• Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates ws from 8.8.1 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

• The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

• b92745a [dist] 8.18.1
• b3d9747 [doc] Fix nit
• 021f7b8 [test] Shorten the path lengths
• b9ca55b [pkg] Update eslint-config-prettier to version 10.0.1
• c798dd4 [doc] Fix typo (#2271)
• 6861472 [ci] Test on node 23
• 019f28f [minor] Improve JSDoc-inferred types (#2242)
• bfe1b2a [doc] Remove unnecessary period (#2240)
• f7dc469 [doc] Fix the type of the data argument
• 976c53c [dist] 8.18.0
• Additional commits viewable in compare view

Updates body-parser from 1.20.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.18.1 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Ot...

Description has been truncated