Skip to content

Bump the npm_and_yarn group across 1 directory with 34 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-2e9706e960
Open

Bump the npm_and_yarn group across 1 directory with 34 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-2e9706e960

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 10, 2025

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 28 updates in the / directory:

Package From To
@babel/runtime 7.7.7 7.26.10
body-parser 1.19.0 1.20.3
cookie 0.4.0 0.7.0
ejs 3.0.1 3.1.10
express 4.17.1 4.20.0
got 10.2.2 11.8.5
jsonwebtoken 8.5.1 9.0.0
knex 0.20.7 2.4.0
moment-timezone 0.5.27 0.5.35
passport 0.4.1 0.6.0
request 2.88.0 2.88.2
validator 12.1.0 13.15.20
minimist 1.2.0 1.2.6
@babel/traverse 7.7.4 7.28.5
@google-cloud/firestore 3.0.0 3.8.6
browserify-sign 4.0.4 4.2.5
cipher-base 1.0.4 1.0.7
decode-uri-component 0.2.0 0.2.2
elliptic 6.4.1 6.6.1
eventsource 1.0.7 1.1.2
follow-redirects 1.7.0 1.15.11
http-cache-semantics 4.0.3 4.2.0
moment 2.24.0 2.30.1
passport-oauth2 1.4.0 1.8.0
sha.js 2.4.11 2.4.12
tar 4.4.8 4.4.19
url-parse 1.4.4 1.5.10
ws 5.2.2 5.2.4

Updates @babel/runtime from 7.7.7 to 7.26.10

Release notes

Sourced from @​babel/runtime's releases.

v7.26.10 (2025-03-11)

Thanks @​jordan-choi and @​mmmsssttt404 for your first PRs!

This release includes a fix for GHSA-968p-4wvh-cqc8, a security vulnerability which affects the .replace method of transpiled regular expressions that use named capturing groups.

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

Committers: 6

v7.26.9 (2025-02-14)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​babel/runtime's changelog.

v7.26.10 (2025-03-11)

👓 Spec Compliance

🐛 Bug Fix

  • babel-parser, babel-template
  • babel-core
  • babel-parser, babel-plugin-transform-typescript
  • babel-traverse
  • babel-generator
  • babel-parser
  • babel-helpers, babel-runtime, babel-runtime-corejs2, babel-runtime-corejs3

💅 Polish

  • babel-standalone

🏠 Internal

v7.26.9 (2025-02-14)

🐛 Bug Fix

🏠 Internal

v7.26.7 (2025-01-24)

🐛 Bug Fix

  • babel-helpers, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-transform-typeof-symbol

... (truncated)

Commits

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1 / 2022-10-06

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0 / 2022-04-02

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates cookie from 0.4.0 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse

0.4.2

  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

0.4.1

  • Fix maxAge option to reject invalid values
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates ejs from 3.0.1 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

Updates express from 4.17.1 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

New Contributors

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.


Updates got from 10.2.2 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

  • Bump cacheable-request dependency (#1921) 9463bb6
  • Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

v11.8.2

  • Make the dnsCache option lazy (#1529) 3bd245f This slightly improves Got startup performance and fixes an issue with Jest.

sindresorhus/got@v11.8.1...v11.8.2

v11.8.1

  • Do not throw on custom stack traces (#1491) 4c815c3a609eb74d0eb139414d9996b4f65dc3c0

v11.8.0

  • Fix for sending files with size 0 on stat (#1488) 7acd380
  • beforeRetry allows stream body if different from original (#1501) 3dd2273
  • Set default value for an options object (#1495) 390b145

sindresorhus/got@v11.7.0...v11.8.0

v11.7.0

Improvements

  • Add pfx HTTPS option (#1364) c33df7f
  • Update body after beforeRequest (#1453) e1c1844
  • Don't allocate buffer twice (#1403) 7bc69d9

Fixes

  • Fix a regression where body was sent after redirect 88b32ea
  • Fix destructure error on promise.json() c97ce7c
  • Do not ignore userinfo on a redirect to the same origin 52de13b

sindresorhus/got@v11.6.2...v11.7.0

v11.6.2

Bug fixes

  • Inherit the prefixUrl option from parent if it's undefined (#1448) a3da70a78aeb7f44dd3e0d0fa47cebe9541eb91e
  • Prepare a fix for hanging promise on Node.js 14.10.x 29d4e325b110ccf7571d4265d40760be4175f7ff
  • Prepare for Node.js 15.0.0 c126ff19c4e893975cbf6c2c8bebce6ed7631276

... (truncated)

Commits

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates knex from 0.20.7 to 2.4.0

Release notes

Sourced from knex's releases.

2.4.0

New features:

  • Support partial unique indexes #5316
  • Make compiling SQL in error message optional #5282

Bug fixes

  • Insert array into json column #5321
  • Fix unexpected max acquire-timeout #5377
  • Fix: orWhereJson #5361
  • MySQL: Add assertion for basic where clause not to be object or array #1227
  • SQLite: Fix changing the default value of a boolean column in SQLite #5319

Typings:

  • add missing type for 'expirationChecker' on PgConnectionConfig #5334

2.3.0

New features:

  • PostgreSQL: Explicit jsonb support for custom pg clients #5201
  • SQLite: Support returning with sqlite3 and better-sqlite3 #5285
  • MSSQL: Implement mapBinding mssql dialect option #5292

Typings:

  • Update types for TS 4.8 #5279
  • Fix typo #5267
  • Fix WhereJsonObject withCompositeTableType #5306
  • Fix AnalyticFunction type #5304
  • Infer specific column value type in aggregations #5297

2.2.0

New features:

  • Inline primary key creation for postgres flavours #5233
  • SQLite: Add warning for undefined connection file #5223
  • MSSQL: Add JSON parameter support for connection #5200

Bug fixes:

  • PostgreSQL: add primaryKey option for uuid #5212

Typings:

  • Add promisable and better types #5222
  • Update raw query bind parameter type #5208

2.1.0 - 26 May, 2022

... (truncated)

Changelog

Sourced from knex's changelog.

2.4.0 - 06 January, 2023

New features:

  • Support partial unique indexes #5316
  • Make compiling SQL in error message optional #5282

Bug fixes

  • Insert array into json column #5321
  • Fix unexpected max acquire-timeout #5377
  • Fix: orWhereJson #5361
  • MySQL: Add assertion for basic where clause not to be object or array #1227
  • SQLite: Fix changing the default value of a boolean column in SQLite #5319

Typings:

  • add missing type for 'expirationChecker' on PgConnectionConfig #5334

2.3.0 - 31 August, 2022

New features:

  • PostgreSQL: Explicit jsonb support for custom pg clients #5201
  • SQLite: Support returning with sqlite3 and better-sqlite3 #5285
  • MSSQL: Implement mapBinding mssql dialect option #5292

Typings:

  • Update types for TS 4.8 #5279
  • Fix typo #5267
  • Fix WhereJsonObject withCompositeTableType #5306
  • Fix AnalyticFunction type #5304
  • Infer specific column value type in aggregations #5297

2.2.0 - 19 July, 2022

New features:

  • Inline primary key creation for postgres flavours #5233
  • SQLite: Add warning for undefined connection file #5223
  • MSSQL: Add JSON parameter support for connection #5200

Bug fixes:

  • PostgreSQL: add primaryKey option for uuid #5212

Typings:

  • Add promisable and better types #5222

... (truncated)

Commits

Updates lodash from 4.17.15 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates moment-timezone from 0.5.27 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

  • Updated data to IANA TZDB 2021e. #962

Release 0.5.33

  • Updated data to IANA TZDB 2021a. #927

Release 0.5.32

  • Updated data to IANA TZDB 2020d. #910

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

  • Updated data to IANA TZDB 2020a. #852
  • Fixed TypeScript definitions.

NOTE: You might need to un-install @types/moment-timezone. Check #858 for more info.

Release 0.5.29

Release 0.5.28

Merged pull request #410 from @​adgrace:

  • Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
  • Added a method moment.tz(timezone_id).countries() to get countries for some time zone
  • Added a method moment.tz.countries() to get all country codes
  • And as you know moment.tz.names() already exists
Changelog

Sourced from

Bumps the npm_and_yarn group with 28 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.7.7` | `7.26.10` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.19.0` | `1.20.3` |
| [cookie](https://github.com/jshttp/cookie) | `0.4.0` | `0.7.0` |
| [ejs](https://github.com/mde/ejs) | `3.0.1` | `3.1.10` |
| [express](https://github.com/expressjs/express) | `4.17.1` | `4.20.0` |
| [got](https://github.com/sindresorhus/got) | `10.2.2` | `11.8.5` |
| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` |
| [knex](https://github.com/knex/knex) | `0.20.7` | `2.4.0` |
| [moment-timezone](https://github.com/moment/moment-timezone) | `0.5.27` | `0.5.35` |
| [passport](https://github.com/jaredhanson/passport) | `0.4.1` | `0.6.0` |
| [request](https://github.com/request/request) | `2.88.0` | `2.88.2` |
| [validator](https://github.com/validatorjs/validator.js) | `12.1.0` | `13.15.20` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.6` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.7.4` | `7.28.5` |
| [@google-cloud/firestore](https://github.com/googleapis/nodejs-firestore) | `3.0.0` | `3.8.6` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.5` |
| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [elliptic](https://github.com/indutny/elliptic) | `6.4.1` | `6.6.1` |
| [eventsource](https://github.com/EventSource/eventsource) | `1.0.7` | `1.1.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.7.0` | `1.15.11` |
| [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.0.3` | `4.2.0` |
| [moment](https://github.com/moment/moment) | `2.24.0` | `2.30.1` |
| [passport-oauth2](https://github.com/jaredhanson/passport-oauth2) | `1.4.0` | `1.8.0` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [tar](https://github.com/isaacs/node-tar) | `4.4.8` | `4.4.19` |
| [url-parse](https://github.com/unshiftio/url-parse) | `1.4.4` | `1.5.10` |
| [ws](https://github.com/websockets/ws) | `5.2.2` | `5.2.4` |



Updates `@babel/runtime` from 7.7.7 to 7.26.10
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime)

Updates `body-parser` from 1.19.0 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.0...1.20.3)

Updates `cookie` from 0.4.0 to 0.7.0
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.0...v0.7.0)

Updates `ejs` from 3.0.1 to 3.1.10
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.0.1...v3.1.10)

Updates `express` from 4.17.1 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.20.0)

Updates `got` from 10.2.2 to 11.8.5
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v10.2.2...v11.8.5)

Updates `jsonwebtoken` from 8.5.1 to 9.0.0
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

Updates `knex` from 0.20.7 to 2.4.0
- [Release notes](https://github.com/knex/knex/releases)
- [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/knex/knex/commits/2.4.0)

Updates `lodash` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `moment-timezone` from 0.5.27 to 0.5.35
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](moment/moment-timezone@0.5.27...0.5.35)

Updates `passport` from 0.4.1 to 0.6.0
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.1...v0.6.0)

Updates `request` from 2.88.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Updates `validator` from 12.1.0 to 13.15.20
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@12.1.0...13.15.20)

Updates `minimist` from 1.2.0 to 1.2.6
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.0...v1.2.6)

Updates `@babel/traverse` from 7.7.4 to 7.28.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.5/packages/babel-traverse)

Updates `@google-cloud/firestore` from 3.0.0 to 3.8.6
- [Release notes](https://github.com/googleapis/nodejs-firestore/releases)
- [Changelog](https://github.com/googleapis/nodejs-firestore/blob/main/CHANGELOG.md)
- [Commits](googleapis/nodejs-firestore@v3.0.0...v3.8.6)

Updates `@grpc/grpc-js` from 0.6.15 to 1.3.8
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/commits)

Updates `browserify-sign` from 4.0.4 to 4.2.5
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.5)

Updates `cipher-base` from 1.0.4 to 1.0.7
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.4...v1.0.7)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `elliptic` from 6.4.1 to 6.6.1
- [Commits](indutny/elliptic@v6.4.1...v6.6.1)

Updates `eventsource` from 1.0.7 to 1.1.2
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/main/CHANGELOG.md)
- [Commits](EventSource/eventsource@v1.0.7...v1.1.2)

Updates `follow-redirects` from 1.7.0 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.7.0...v1.15.11)

Updates `http-cache-semantics` from 4.0.3 to 4.2.0
- [Commits](https://github.com/kornelski/http-cache-semantics/commits)

Updates `moment` from 2.24.0 to 2.30.1
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.24.0...2.30.1)

Updates `passport-oauth2` from 1.4.0 to 1.8.0
- [Changelog](https://github.com/jaredhanson/passport-oauth2/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport-oauth2@v1.4.0...v1.8.0)

Updates `path-to-regexp` from 0.1.7 to 0.1.10
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10)

Updates `send` from 0.16.2 to 0.18.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.16.2...0.18.0)

Updates `serve-static` from 1.13.2 to 1.16.0
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.13.2...1.16.0)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tar` from 4.4.8 to 4.4.19
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.8...v4.4.19)

Updates `tough-cookie` from 2.4.3 to 2.5.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.4.3...v2.5.0)

Updates `url-parse` from 1.4.4 to 1.5.10
- [Commits](unshiftio/url-parse@1.4.4...1.5.10)

Updates `ws` from 5.2.2 to 5.2.4
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.2...5.2.4)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-version: 7.26.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ejs
  dependency-version: 3.1.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.20.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: got
  dependency-version: 11.8.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsonwebtoken
  dependency-version: 9.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: knex
  dependency-version: 2.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.21
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: moment-timezone
  dependency-version: 0.5.35
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: passport
  dependency-version: 0.6.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-version: 2.88.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-version: 13.15.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-version: 1.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.28.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@google-cloud/firestore"
  dependency-version: 3.8.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.3.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserify-sign
  dependency-version: 4.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cipher-base
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: eventsource
  dependency-version: 1.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-version: 4.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: moment
  dependency-version: 2.30.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: passport-oauth2
  dependency-version: 1.8.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.18.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 4.4.19
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tough-cookie
  dependency-version: 2.5.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: url-parse
  dependency-version: 1.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 5.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 10, 2025
@coderabbitai

coderabbitai Bot commented Nov 10, 2025

Copy link
Copy Markdown

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants