Bump the npm_and_yarn group across 9 directories with 43 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the /lessons/076/wall-e directory:

Package	From	To
axios	0.21.1	0.30.0
@babel/helpers	7.14.8	7.27.6
@babel/traverse	7.14.8	7.27.4
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
json5	2.2.0	2.2.3
micromatch	4.0.4	4.0.8
minimatch	3.0.4	3.1.2
tough-cookie	4.0.0	4.1.4
word-wrap	1.2.3	1.2.5
ws	7.5.3	7.5.10
xml2js	0.4.19	0.6.2
aws-sdk	2.953.0	2.1692.0

Bumps the npm_and_yarn group with 2 updates in the /lessons/077/secret-access directory: xml2js and aws-sdk.
Bumps the npm_and_yarn group with 29 updates in the /lessons/110/www.devopsbyexample.io directory:

Package	From	To
@babel/helpers	7.17.7	7.27.6
@babel/traverse	7.17.3	7.27.4
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
follow-redirects	1.14.9	1.15.9
semver	6.3.0	7.7.2
semver	7.3.5	7.7.2
core-js-compat	3.21.1	3.42.0
json5	1.0.1	1.0.2
micromatch	4.0.4	4.0.8
minimatch	3.0.4	3.1.2
recursive-readdir	2.2.2	2.2.3
minimist	1.2.5	1.2.8
tough-cookie	4.0.0	4.1.4
word-wrap	1.2.3	1.2.5
@babel/runtime	7.17.7	7.27.6
@babel/runtime-corejs3	7.17.7	7.27.6
async	2.6.3	2.6.4
body-parser	1.19.2	1.20.3
express	4.17.3	4.21.2
decode-uri-component	0.2.0	0.2.2
ejs	3.1.6	3.1.10
http-proxy-middleware	2.0.4	2.0.9
ip	1.1.5	removed
webpack-dev-server	4.7.4	4.15.2
nanoid	3.3.1	3.3.11
rollup	2.70.1	2.79.2
serialize-javascript	6.0.0	6.0.2
terser	5.12.1	5.41.0
webpack	5.70.0	5.99.9

Bumps the npm_and_yarn group with 2 updates in the /lessons/115/s3 directory: xml2js and aws-sdk.
Bumps the npm_and_yarn group with 2 updates in the /lessons/118/my-app directory: body-parser and express.
Bumps the npm_and_yarn group with 4 updates in the /lessons/119/my-chat-app directory: xml2js, aws-sdk, body-parser and express.
Bumps the npm_and_yarn group with 2 updates in the /lessons/124/functions/nodejs directory: xml2js and aws-sdk.
Bumps the npm_and_yarn group with 2 updates in the /lessons/126/functions/nodejs directory: xml2js and aws-sdk.
Bumps the npm_and_yarn group with 9 updates in the /lessons/143/node-app directory:

Package	From	To
xml2js	0.4.19	0.6.2
aws-sdk	2.1286.0	2.1692.0
body-parser	1.20.1	1.20.3
express	4.18.2	4.21.2
ip	2.0.0	removed
socks	2.7.1	2.8.4
mongodb	4.13.0	4.17.0
fast-xml-parser	4.0.11	4.4.1
@aws-sdk/credential-providers	3.241.0	3.823.0

Updates axios from 0.21.1 to 0.30.0

Release notes

Sourced from axios's releases.

Release v0.30.0

Release notes:

Bug Fixes

• fix: modify log while request is aborted by @​mori5321 in axios/axios#4917
• fix: update CHANGELOG.md for v0.x by @​TehZarathustra in axios/axios#6271
• fix: modify upgrade guide for 0.28.1's breaking change by @​nafeger in axios/axios#6787
• fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @​thatguyinabeanie in axios/axios#6829
• fix: add allowAbsoluteUrls type by @​thatguyinabeanie in axios/axios#6849

Contributors to this release

• @​mori5321 made their first contribution in axios/axios#4917
• @​TehZarathustra made their first contribution in axios/axios#6271
• @​nafeger made their first contribution in axios/axios#6787
• @​thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

• fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @​Sean-Powell in axios/axios#6402
• fix: omit nulls in params by @​Willshaw in axios/axios#6394
• fix(backport): fix paramsSerializer function validation by @​solonzhu in axios/axios#6361
• fix: Regular Expression Denial of Service (ReDoS) by @​qiongshusheng in axios/axios#6708

Contributors to this release

• @​Sean-Powell made their first contribution in axios/axios#6402
• @​Willshaw made their first contribution in axios/axios#6394
• @​solonzhu made their first contribution in axios/axios#6361
• @​qiongshusheng made their first contribution in axios/axios#6708

Release v0.28.1

Release notes:

Release notes:

Bug Fixes

• fix(backport): custom params serializer support (#6263)
• fix(backport): uncaught ReferenceError req is not defined (#6307)

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745

... (truncated)

Changelog

Sourced from axios's changelog.

0.30.0 (2025-03-26)

Release notes:

Bug Fixes

• fix: modify log while request is aborted (#4917)
• fix: update CHANGELOG.md for v0.x (#6271)
• fix: modify upgrade guide for 0.28.1's breaking change (#6787)
• fix: backport allowAbsoluteUrls vulnerability fix to v0.x (#6829)
• fix: add allowAbsoluteUrls type (#6849)

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

• fix(backport): backport security fixes in commits #6167 and #6163 (#6402)
• fix: omit nulls in params (#6394)
• fix(backport): fix paramsSerializer function validation (#6361)
• fix: regular expression denial of service (ReDoS) (#6708)

0.28.1 (2024-03-24)

Release notes:

Bug Fixes

• fix(backport): custom params serializer support (#6263)
• fix(backport): uncaught ReferenceError req is not defined (#6307)

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated (#4745)
• Fixed timeout error message for HTTP (#4738)
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 (#4728)
• Adding types for progress event callbacks (#4675)
• Fixed max body length defaults (#4731)

... (truncated)

Commits

• 6e922e4 chore: added build artifacts
• a06ed1e chore: added pre-release artifacts
• c010622 feat: add type for allowAbsoluteUrls (#6849)
• 02c3c69 fix: backport allowAbsoluteUrls vuln fix to v0.x (#6829)
• 8603e67 docs: modify upgrade guide for 0.28.1's breaking change (#6787)
• f0642ee fix(docs): update CHANGELOG.md for v0.x (#6271)
• 0630c32 fix: modify log while request is aborted (#4917)
• 7750b8c chore(release): prep release v0.29.0
• 4840cb2 fix: regular expression denial of service issues (#6708)
• 2e36cdb fix(backport): fix paramsSerializer function validation (#6361)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates @babel/helpers from 7.14.8 to 7.27.6

Release notes

Sourced from @​babel/helpers's releases.

v7.27.6 (2025-06-05)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17366 fix: finally causes unexpected return value (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #17357 Ensure syntactic ordering when visiting array-type AST nodes (@​JLHwung)

Committers: 3

• Huáng Jùnliàng (@​JLHwung)
• Ingvar Stepanyan (@​RReverser)
• @​liuxingbaoyu

v7.27.5 (2025-06-03)

Thanks @​NullVoxPopuli for your first PR!

🐛 Bug Fix

• babel-plugin-transform-regenerator
  • #17359 fix: Unexpected infinite loop with regenerator for try (@​liuxingbaoyu)
• Other
  • #17349 Map ESLint's sourceType: commonjs to script (@​JLHwung)

💅 Polish

• babel-parser
  • #17333 Improve using declaration errors (@​JLHwung)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• @​NullVoxPopuli
• @​liuxingbaoyu

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.27.6 (2025-06-05)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17366 fix: finally causes unexpected return value (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #17357 Ensure syntactic ordering when visiting array-type AST nodes (@​JLHwung)

v7.27.5 (2025-06-03)

🐛 Bug Fix

• babel-plugin-transform-regenerator
  • #17359 fix: Unexpected infinite loop with regenerator for try (@​liuxingbaoyu)
• Other
  • #17349 Map ESLint's sourceType: commonjs to script (@​JLHwung)

💅 Polish

• babel-parser
  • #17333 Improve using declaration errors (@​JLHwung)

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #17238 Split regeneratorRuntime into multiple helpers (@​nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)

... (truncated)

Commits

• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
• 49c0dbb Fix iterator compatibility of regeneratorValues (#17335)
• d23a1bd Use shorter method names for regenerator context (#17334)
• 9dcd115 Restore behavior of regeneratorRuntime helper (#17329)
• fe32019 Reduce regenerator helper size (#17268)
• a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.14.8 to 7.27.4

Release notes

Sourced from @​babel/traverse's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #17238 Split regeneratorRuntime into multiple helpers (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

Committers: 7

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Vik R (@​vikr01)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #17238 Split regeneratorRuntime into multiple helpers (@​nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

v7.27.2 (2025-05-06)

🐛 Bug Fix

• babel-parser
  • #17289 fix: @babel/parser/bin/index.js contains node: protocol require (@​liuxingbaoyu)
  • #17291 fix: Private class method not found when TS and estree (@​liuxingbaoyu)
• babel-plugin-transform-object-rest-spread
  • #17281 Fix: improve object rest handling in array pattern (@​JLHwung)
• babel-plugin-transform-modules-commonjs, babel-template
  • #17284 fix(babel-template): Properly handle empty string replacements (@​magic-akari)

🏃‍♀️ Performance

• babel-cli

... (truncated)

Commits

• 7d06930 v7.27.4
• 05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
• da5e371 v7.27.3
• 2d0c76e Improve integrations of using declaration with other transforms (#17330)
• eebd3a0 v7.27.1
• 62af1a6 fix: do expressions should allow early exit (#17137)
• 8e23272 [Babel 8] perf: Improve traverse performance (#16965)
• 9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
• 4d39e9d Harden variable declarator validations (#17217)
• 6cd1c60 Reduce generated names size for the 10th-11th (#17221)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates follow-redirects from 1.14.1 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates micromatch from 4.0.4 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

• Adds support for options.onMatch. See the readme for details
• Adds support for options.onIgnore. See the readme for details
• Adds support for options.onResult. See the readme for details

Breaking changes

• Require Node.js >= 8.6
• Removed support for passing an array of brace patterns to micromatch.braces().
• To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
• cache - caching and all related options and methods have been removed
• options.unixify was renamed to options.windows
• options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
• options.snapdragon was removed, as snapdragon is no longer used.
• options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

• micromatch results are directly compared to bash results
• in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
• micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits