Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 21 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-d0ec49091f
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 21 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-d0ec49091f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
bootstrap 3.1.1 5.0.0
firebase-tools 9.3.0 13.6.0
lodash 4.17.21 4.18.1
serve-static 1.11.2 1.16.0
bn.js 4.12.0 4.12.5
browserstack-local 1.4.2 1.5.13
cipher-base 1.0.3 1.0.7
follow-redirects 1.13.0 1.16.0
picomatch 2.1.1 2.3.2
sha.js 2.4.8 2.4.12
tar-fs 2.0.0 2.1.5

Updates bootstrap from 3.1.1 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #32763: Add color-scheme mixin
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33549: Add offcanvas-top modifier

🎨 CSS

  • #32155: Add equal column mixin
  • #32763: Add color-scheme mixin
  • #33292: Make accordion icon rotation more natural
  • #33411: Fix validation feedback icon in select multiple
  • #33478: Make .nav-link color consistent when using buttons
  • #33482: Dropdown — Apply positioning only when Popper is not used
  • #33548: Vertically align offcanvas header components
  • #33549: Add offcanvas-top modifier
  • #33550: Spinner alignment changes
  • #33598: Hide validation icons from multiple selects
  • #33600: Have $form-check-input-border's default derive from $black
  • #33607: Reduce color-scheme complexity
  • #33642: use :read-only css selector instead [readonly] for consistency
  • #33658: fix: use list-group variable instead of alert
  • #33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #32439: Decouple BackDrop from modal
  • #33245: Decouple Modal's scrollbar functionality
  • #33249: Simplify Modal Config
  • #33250: Simplify ScrollSpy config
  • #33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #33389: Dropdown — Add option to make the dropdown menu clickable
  • #33429: Remove element event listeners through base component
  • #33451: Add missing things in hide method of dropdown
  • #33456: Use our isDisabled util on dropdown
  • #33466: Refactor dropdown's hide functionality
  • #33479: Fix dropdown escape propagation
  • #33496: Use cached noop function

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by mdo, a new releaser for bootstrap since your current version.


Updates firebase-tools from 9.3.0 to 13.6.0

Commits

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

  • Add security notice for _.template in threat model and API docs (#6099)
  • Document lower > upper behavior in _.random (#6115)
  • Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

Commits
  • cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
  • 75535f5 chore: prune stale advisory refs (#6170)
  • 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
  • 59be2de release(minor): bump to 4.18.0 (#6161)
  • af63457 fix: broken tests for _.template 879aaa9
  • 1073a76 fix: linting issues
  • 879aaa9 fix: validate imports keys in _.template
  • fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
  • 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
  • b819080 ci: add dist sync validation workflow (#6137)
  • Additional commits viewable in compare view

Updates serve-static from 1.11.2 to 1.16.0

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

New Contributors

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

1.15.0

1.14.2

1.14.1

  • Set stricter CSP header in redirect response
  • deps: [email protected]
    • deps: range-parser@~1.2.1

1.14.0

1.13.2

  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: [email protected]
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0

1.13.1

... (truncated)

Changelog

Sourced from serve-static's changelog.

1.16.0 / 2024-09-10

  • Remove link renderization in html while redirecting

1.15.0 / 2022-03-24

1.14.2 / 2021-12-15

1.14.1 / 2019-05-10

  • Set stricter CSP header in redirect response
  • deps: [email protected]
    • deps: range-parser@~1.2.1

1.14.0 / 2019-05-07

1.13.2 / 2018-02-07

  • Fix incorrect end tag in redirects
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: [email protected]

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-static since your current version.


Updates @grpc/grpc-js from 1.2.6 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.22

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js@​1.8.21

  • Fix propagation of UNIMPLEMENTED error messages (#2528)

@​grpc/grpc-js 1.8.20

  • Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@​grpc/grpc-js 1.8.19

  • Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@​grpc/grpc-js 1.8.18

  • Fix reporting of call stacks in unary request errors (#2503)
  • Fix reporting of proxy info in channelz socket responses (#2503)

@​grpc/grpc-js 1.8.17

  • Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

  • Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

  • Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)
  • Ensure status and error events are consistently emitted asynchronously (#2456)

@​grpc/grpc-js 1.8.14

  • Fix sequencing of some events related to connectivity state changes (#2421)

@​grpc/grpc-js 1.8.13

  • Fix memory leak in channelz socket tracking (#2394)

@​grpc/grpc-js@​1.8.12

  • Fix an occasional type error when receiving DNS updates (#2380)
  • Fix ordering of events when handing requests on the server (#2376 contributed by @​phoenix741)

@​grpc/grpc-js-xds 1.8.2

  • Fix behavior when receiving invalid resources after receiving valid resources for the same resource name (#2433)

@​grpc/grpc-js-xds 1.8.1

  • Populate Node message field user_agent_version (#2391)
Commits
  • a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
  • 3b110cd grpc-js: Bump to 1.8.22
  • 8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
  • 00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
  • 969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
  • f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
  • ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates basic-auth-connect from 1.0.0 to 1.1.0

Release notes

Sourced from basic-auth-connect's releases.

1.1.0

What's Changed

Important

Other

New Contributors

Full Changelog: expressjs/basic-auth-connect@1.0.0...1.1.0

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for basic-auth-connect since your current version.


Updates bn.js from 4.12.0 to 4.12.5

Commits

Updates body-parser from 1.18.2 to 1.19.0

Release notes

Sourced from body-parser's releases.

1.19.0

1.18.3

Changelog

Sourced from body-parser's changelog.

1.19.0 / 2019-04-25

1.18.3 / 2018-05-14

Commits

Updates browserstack-local from 1.4.2 to 1.5.13

Release notes

Sourced from browserstack-local's releases.

Changed local binary paths to support LocalBinary 7.3. Fixed folder argument.

Changed local binary paths to support LocalBinary 7.3. Fixed folder argument when building browserstack local arguments.

Commits
  • fa2dcbc 1.5.13
  • dcfaf7b Merge pull request #175 from browserstack/LOC-6635_sdk_binary_compatibility
  • e79cd0e Remove debug log
  • 4376222 Fix url ref
  • 18f9a57 Add Async method to fetch download url for async flow
  • 7fd6ce1 1.5.12
  • 6498856 Merge pull request #174 from browserstack/LOC-5083_add_arm64_support
  • 560755f LOC-5083: Add support for Linux arm64 binary
  • 4586a3e 1.5.11
  • 18bfc1d Merge pull request #173 from browserstack/wmic_deprecation
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by browserstack-admin, a new releaser for browserstack-local since your current version.


Updates cipher-base from 1.0.3 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

  • [Refactor] use to-buffer fd1e5ee
  • [Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

  • [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

  • [Tests] standard -> eslint, make test dir, etc ae02fd6
  • [Tests] migrate from travis to GHA 66387d7
  • [meta] fix package.json indentation 5c02918
  • [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
  • [meta] add auto-changelog 88dc806
  • [meta] add npmignore and safe-publish-latest 7a137d7
  • Only apps should have lockfiles 42528f2
  • [Deps] update inherits, safe-buffer 0e7a2d9
  • [meta] add missing engines.node f2dc13e

v1.0.4 - 2017-07-06

Merged

Commits

Commits
  • 0056718 v1.0.7
  • fd1e5ee [Refactor] use to-buffer
  • 08ba803 [Dev Deps] update @ljharb/eslint-config
  • f5249f9 v1.0.6
  • b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
  • f03cebf v1.0.5
  • 88dc806 [meta] add auto-changelog
  • 7a137d7 [meta] add npmignore and safe-publish-latest
  • 5c02918 [meta] fix package.json indentation
  • 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


Updates express from 4.14.1 to 4.17.1

Release notes

Sourced from express's releases.

4.17.1

  • Revert "Improve error message for null/undefined to res.status"

4.17.0

... (truncated)

Changelog

Sourced from express's changelog.

4.17.1 / 2019-05-25

  • Revert "Improve error message for null/undefined to res.status"

4.17.0 / 2019-05-16

... (truncated)

Commits

Updates follow-redirects from 1.13.0 to 1.16.0

Commits
  • 0c23a22 Release version 1.16.0 of the npm package.
  • 844c4d3 Add sensitiveHeaders option.
  • 5e8b8d0 ci: add Node.js 24.x to the CI matrix
  • 7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
  • 86dc1f8 Sanitizing input.
  • 21ef28a Release version 1.15.11 of the npm package.
  • 7c88135 Roll back tree shaking.
  • 6e389ba Release version 1.15.10 of the npm package.
  • 5bc496e Shake me up before you go-go.
  • 694d6b4 Bump minimist from 1.2.5 to 1.2.8
  • Additional commits viewable in compare view

Updates jws from 3.2.2 to 4.0.0

Release notes

Sourced from jws's releases.

v4.0.0

No release notes provided.

v3.2.3

Changed

  • Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.
  • Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.
Commits

Updates morgan from 1.8.0 to 1.10.0

Release notes

Sourced from morgan's releases.

1.10.0

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: [email protected]
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2

1.8.1

  • deps: [email protected]
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2
Changelog

Sourced from morgan's changelog.

1.10.0 / 2020-03-20

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

  • Fix using special ch...

    Description has been truncated

…pdates

Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [bootstrap](https://github.com/twbs/bootstrap) | `3.1.1` | `5.0.0` |
| [firebase-tools](https://github.com/firebase/firebase-tools) | `9.3.0` | `13.6.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [serve-static](https://github.com/expressjs/serve-static) | `1.11.2` | `1.16.0` |
| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.5` |
| [browserstack-local](https://github.com/browserstack/browserstack-local-nodejs) | `1.4.2` | `1.5.13` |
| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.3` | `1.0.7` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.13.0` | `1.16.0` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.1.1` | `2.3.2` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.8` | `2.4.12` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.0.0` | `2.1.5` |



Updates `bootstrap` from 3.1.1 to 5.0.0
- [Release notes](https://github.com/twbs/bootstrap/releases)
- [Commits](twbs/bootstrap@v3.1.1...v5.0.0)

Updates `firebase-tools` from 9.3.0 to 13.6.0
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Changelog](https://github.com/firebase/firebase-tools/blob/main/CHANGELOG.md)
- [Commits](firebase/firebase-tools@v9.3.0...v13.6.0)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `serve-static` from 1.11.2 to 1.16.0
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.11.2...1.16.0)

Updates `@grpc/grpc-js` from 1.2.6 to 1.8.22
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected])

Updates `basic-auth-connect` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/expressjs/basic-auth-connect/releases)
- [Commits](expressjs/basic-auth-connect@1.0.0...1.1.0)

Updates `bn.js` from 4.12.0 to 4.12.5
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v4.12.0...v4.12.5)

Updates `body-parser` from 1.18.2 to 1.19.0
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.18.2...1.19.0)

Updates `browserstack-local` from 1.4.2 to 1.5.13
- [Release notes](https://github.com/browserstack/browserstack-local-nodejs/releases)
- [Commits](browserstack/browserstack-local-nodejs@v1.4.2...v1.5.13)

Updates `cipher-base` from 1.0.3 to 1.0.7
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.3...v1.0.7)

Updates `express` from 4.14.1 to 4.17.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.14.1...4.17.1)

Updates `follow-redirects` from 1.13.0 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.13.0...v1.16.0)

Updates `jws` from 3.2.2 to 4.0.0
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v4.0.0)

Updates `morgan` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/expressjs/morgan/releases)
- [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md)
- [Commits](expressjs/morgan@1.8.0...1.10.0)

Updates `on-headers` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](jshttp/on-headers@v1.0.1...v1.0.2)

Updates `picomatch` from 2.1.1 to 2.3.2
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.1.1...2.3.2)

Updates `protobufjs` from 6.9.0 to 7.2.4
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@v6.9.0...protobufjs-v7.2.4)

Updates `send` from 0.14.2 to 0.17.1
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.14.2...0.17.1)

Updates `sha.js` from 2.4.8 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.8...v2.4.12)

Updates `tar-fs` from 2.0.0 to 2.1.5
- [Commits](mafintosh/tar-fs@v2.0.0...v2.1.5)

Updates `tar` from 4.4.4 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.4...v6.2.1)

---
updated-dependencies:
- dependency-name: bootstrap
  dependency-version: 5.0.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: firebase-tools
  dependency-version: 13.6.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.8.22
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: basic-auth-connect
  dependency-version: 1.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bn.js
  dependency-version: 4.12.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: browserstack-local
  dependency-version: 1.5.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cipher-base
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.17.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 4.0.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: morgan
  dependency-version: 1.10.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: on-headers
  dependency-version: 1.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.17.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants