Bump the npm_and_yarn group across 1 directory with 12 updates#4
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 12 updates#4dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `4.4.3` | `20.3.25` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `4.4.3` | `20.3.25` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `4.4.3` | `20.3.25` | | [body-parser](https://github.com/expressjs/body-parser) | `1.18.2` | `1.20.5` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.8` | `1.1.15` | | [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` | | [express](https://github.com/expressjs/express) | `4.15.5` | `4.22.2` | | [jws](https://github.com/brianloveswords/node-jws) | `3.1.4` | `3.2.3` | | [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.14` | `3.1.6` | | [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.8` | `2.4.12` | Updates `@angular/common` from 4.4.3 to 20.3.25 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/common) Updates `@angular/compiler` from 4.4.3 to 20.3.25 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/compiler) Updates `@angular/core` from 4.4.3 to 20.3.25 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/core) Updates `body-parser` from 1.18.2 to 1.20.5 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md) - [Commits](expressjs/body-parser@1.18.2...1.20.5) Updates `brace-expansion` from 1.1.8 to 1.1.15 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v1.1.8...v1.1.15) Updates `cipher-base` from 1.0.4 to 1.0.7 - [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md) - [Commits](browserify/cipher-base@v1.0.4...v1.0.7) Updates `express` from 4.15.5 to 4.22.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md) - [Commits](expressjs/express@4.15.5...v4.22.2) Updates `jws` from 3.1.4 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.1.4...v3.2.3) Updates `pbkdf2` from 3.0.14 to 3.1.6 - [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md) - [Commits](browserify/pbkdf2@v3.0.14...v3.1.6) Updates `send` from 0.15.6 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.15.6...0.19.2) Updates `serve-static` from 1.12.6 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.12.6...v1.16.3) Updates `sha.js` from 2.4.8 to 2.4.12 - [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md) - [Commits](browserify/sha.js@v2.4.8...v2.4.12) --- updated-dependencies: - dependency-name: "@angular/common" dependency-version: 20.3.25 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/compiler" dependency-version: 20.3.25 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 20.3.25 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.15 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cipher-base dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: pbkdf2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sha.js dependency-version: 2.4.12 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
This was referenced Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 10 updates in the / directory:
4.4.320.3.254.4.320.3.254.4.320.3.251.18.21.20.51.1.81.1.151.0.41.0.74.15.54.22.23.1.43.2.33.0.143.1.62.4.82.4.12Updates
@angular/commonfrom 4.4.3 to 20.3.25Release notes
Sourced from @angular/common's releases.
... (truncated)
Changelog
Sourced from @angular/common's changelog.
... (truncated)
Commits
06be298fix(http): preserve empty referrer option in HttpRequest9f443bcfix(common): Limits date format string lengthfa940e1fix(http): Rejects non-HTTP(S) URLs in JSONP requests1a62130fix(common): use cryptographically secure SHA-256 for transfer cache key gene...566ad05fix(common): skip transfer cache for uncacheable HTTP traffice2ef1cefix(http): skip transfer cache for fetch credentialed requests3d135cefix(common): add upper bounds for digitsInfo39a4b4cfix(common): sanitize placeholderde7b2a6fix(http): exclude withCredentials requests from transfer cache4233188fix(http): skip TransferCache for cookie-bearing requests by defaultMaintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/commonsince your current version.Updates
@angular/compilerfrom 4.4.3 to 20.3.25Release notes
Sourced from @angular/compiler's releases.
... (truncated)
Changelog
Sourced from @angular/compiler's changelog.
... (truncated)
Commits
a68ec70fix(compiler): sanitize two-way propertiesd40acc6fix(compiler): prevent namespaced SVG <style> elements from being stripped7ae6381test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...36200bdtest(core): update spec files to match 20.3.x limits and actual contexts (#68...823b37ftest(compiler): remove obsolete schema_extractor import (#68926)e345a58fix(core): normalize tag names in runtime i18n attribute security context loo...8f35b18fix(compiler): normalize tag names with custom namespaces in DomElementSchema...64a89e9fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...6404edffix(compiler): strip namespaced SVG script elements during template compilati...dc631effix(core): support prefix-insensitive DOM schema lookups and compile-time i18...Maintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/compilersince your current version.Updates
@angular/corefrom 4.4.3 to 20.3.25Release notes
Sourced from @angular/core's releases.
... (truncated)
Changelog
Sourced from @angular/core's changelog.
... (truncated)
Commits
ca48b47fix(core): validate lowercase SVG animation attribute names (#69270)1a62130fix(common): use cryptographically secure SHA-256 for transfer cache key gene...49368c1fix(platform-server): harden platform location origin validation during SSR566ad05fix(common): skip transfer cache for uncacheable HTTP traffic768a349fix(core): harden TransferState restoration against DOM clobbering7ae6381test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...6595409test(core): update golden symbols and host bindings sanitization spec (#68926)d86e4e7fix(core): reject script element as a dynamic component host (#68926)b8f1f72test(core): remove obsolete blockquote cite host binding tests (#68926)36200bdtest(core): update spec files to match 20.3.x limits and actual contexts (#68...Maintainer changes
This version was pushed to npm by google-wombot, a new releaser for
@angular/coresince your current version.Updates
body-parserfrom 1.18.2 to 1.20.5Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
... (truncated)
Commits
0defdberelease(patch): 1.20.5cd0e7a0deps(qs): bump qs to 6.15.16f24d7efix: correct off-by-one error in parameterCount (#716)b849bd5deps: qs@~6.14.1 (#690)2c55e2frefactor(json): simplify strict mode error string construction (#692)7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.
Updates
brace-expansionfrom 1.1.8 to 1.1.15Release notes
Sourced from brace-expansion's releases.
... (truncated)
Commits
2203f4f1.1.150b09384Backport v5.0.6 change to v1 (#111)10c05fc1.1.141afa1b2Add opt-in { max } mitigation to v1 legacy line (#103)2fbb6a2Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)0d7652eBackport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)6c353ca1.1.137fd684fBackport fix for GHSA-f886-m6hf-6m8v (#95)44f33b41.1.12c460dbdpkg: publish on tag 1.xUpdates
cipher-basefrom 1.0.4 to 1.0.7Changelog
Sourced from cipher-base's changelog.
Commits
0056718v1.0.7fd1e5ee[Refactor] useto-buffer08ba803[Dev Deps] update@ljharb/eslint-configf5249f9v1.0.6b7ddd2a[Fix] io.js 3.0 - Node.js 5.3 typed array supportf03cebfv1.0.588dc806[meta] addauto-changelog7a137d7[meta] addnpmignoreandsafe-publish-latest5c02918[meta] fix package.json indentation8fd1364[Fix] return valid values on multi-byte-wide TypedArray inputMaintainer changes
This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.
Install script changes
This version adds
prepublishscript that runs during installation. Review the package contents before updating.Updates
expressfrom 4.15.5 to 4.22.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.