Bump the npm_and_yarn group across 1 directory with 20 updates by dependabot[bot] · Pull Request #1 · matthewspear/ghost

dependabot · 2025-12-19T01:05:28Z

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
mysql2	`2.2.5`	`3.9.8`
@babel/runtime	`7.14.0`	`7.28.4`
decode-uri-component	`0.2.0`	`0.2.2`
http-cache-semantics	`4.1.0`	`4.2.0`
jws	`3.2.2`	`3.2.3`
nanoid	`3.1.23`	`3.3.11`
postcss	`8.2.15`	`8.5.6`
tar-fs	`2.1.1`	`2.1.4`
word-wrap	`1.2.3`	`1.2.5`

Updates mysql2 from 2.2.5 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

security: sanitize fields and tables when using nestTables (#2702) (efe3db5)

support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)

typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

SSL: separate each certificate into an individual item #2542 (63f1055)

security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

security: improve results object creation (#2574) (4a964a3)

Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

security: sanitize fields and tables when using nestTables (#2702) (efe3db5)

support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)

typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

docs: improve the contribution guidelines (#2552) (8a818ce)

security: improve results object creation (#2574) (4a964a3)

security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

security: improve cache key formation (#2424) (0d54b0c)

Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab

update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

... (truncated)

Commits

f637d3f chore(master): release 3.9.8 (#2700)
efe3db5 fix(security): sanitize fields and tables when using nestTables (#2702)
2e03694 fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...
8b5f691 fix(typings): typo from jonServerPublicKey to onServerPublicKey (#2699)
5c75802 build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)
179769f build(deps): bump @easyops-cn/docusaurus-search-local in /website (#2696)
56289e2 build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)
b029308 build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)
539acb8 build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)
dc80580 build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 i...
Additional commits viewable in compare view

Updates @babel/runtime from 7.14.0 to 7.28.4

Release notes

Sourced from @babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
Additional commits viewable in compare view

Updates @tryghost/members-csv from 1.0.0 to 1.1.8

Commits

See full diff in compare view

Updates axios from 0.21.1 to 0.21.4

Release notes

Sourced from axios's releases.

v0.21.4

Fixes and Functionality:

Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Guillaume Fortaine

Yusuke Kawasaki

Dmitriy Mozgovoy

v0.21.3

Fixes and Functionality:

Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Julian Hollmann

v0.21.2

Fixes and Functionality:

Updating axios requests to be delayed by pre-emptive promise creation (#2702)

Adding "synchronous" and "runWhen" options to interceptors api (#2702)

Updating of transformResponse (#3377)

Adding ability to omit User-Agent header (#3703)

Adding multiple JSON improvements (#3688, #3763)

Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)

Adding parseInt to config.timeout (#3781)

Adding custom return type support to interceptor (#3783)

Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

Updating build dev dependancies (#3401)

Fixing builds running on Travis CI (#3538)

Updating follow rediect version (#3694, #3771)

Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)

Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)

Fixing tests by bumping karma-sauce-launcher version (#3813)

Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)

Remove duplication of item in changelog (#3523)

Fixing gramatical errors (#2642)

Fixing spelling error (#3567)

Moving gitpod metion (#2637)

Adding new axios documentation website link (#3681, #3707)

Updating documentation around dispatching requests (#3772)

... (truncated)

Changelog

Sourced from axios's changelog.

0.21.4 (September 6, 2021)

Fixes and Functionality:

Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Jay

Guillaume Fortaine

Yusuke Kawasaki

Dmitriy Mozgovoy

0.21.3 (September 4, 2021)

Fixes and Functionality:

Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Jay

Julian Hollmann

0.21.2 (September 4, 2021)

Fixes and Functionality:

Updating axios requests to be delayed by pre-emptive promise creation (#2702)

Adding "synchronous" and "runWhen" options to interceptors api (#2702)

Updating of transformResponse (#3377)

Adding ability to omit User-Agent header (#3703)

Adding multiple JSON improvements (#3688, #3763)

Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)

Adding parseInt to config.timeout (#3781)

Adding custom return type support to interceptor (#3783)

Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

Updating build dev dependancies (#3401)

Fixing builds running on Travis CI (#3538)

Updating follow rediect version (#3694, #3771)

Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)

Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)

Fixing tests by bumping karma-sauce-launcher version (#3813)

Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)

Remove duplication of item in changelog (#3523)

... (truncated)

Commits

66c4602 Merge branch 'master' into release/0.21.4
fc15665 [Releasing] v0.21.4
c2714f0 [Updating] incorrect JSON syntax in README.md
0fc7248 fix json transform when data is pre-stringified (#4020)
90205f8 Change headers type to string record (#3021)
92b29d2 Make the default type of response data never (#3002)
4eeb3b1 Improved type-safety for AxiosRequestConfig (#2995)
cd7ff04 Adding HTTP status code to error.toJSON (#2956)
b5a1a67 Adding nodejs http.request option: insecureHTTPParser (#2930)
4f25380 Exposing the Axios constructor in index.d.ts (#2872)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates follow-redirects from 0.0.3 to 1.15.11

Release notes

Sourced from follow-redirects's releases.

v1.15.11

No release notes provided.

v1.15.10

No release notes provided.

v1.15.9

No release notes provided.

v1.15.8

No release notes provided.

v1.15.7

No release notes provided.

v1.15.6

No release notes provided.

v1.15.5

No release notes provided.

v1.15.4

No release notes provided.

v1.15.3

No release notes provided.

v1.15.2

No release notes provided.

v1.15.1

No release notes provided.

v1.15.0

No release notes provided.

v1.14.9

No release notes provided.

v1.14.8

No release notes provided.

v1.14.7

No release notes provided.

v1.14.6

No release notes provided.

v1.14.5

No release notes provided.

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by rubenverborgh, a new releaser for follow-redirects since your current version.

Updates ghost from 4.5.0 to 4.21.0

Commits

46277b6 v4.21.0
5b5240c Updated Admin to v4.21.0
7f001a4 Replaced moment with luxon in amp helper (#13683)
083b57a Update dependency @tryghost/logging to v1
d0933c5 Revert "Switched AMP to be 'off' by default in all new Ghost instances"
858a989 Update dependency @tryghost/update-check-service to v0.2.5
98fd48c Switched AMP to be 'off' by default in all new Ghost instances
e9afa6f Added metrics for test runs
d89b844 Added a not to the Images API ref field
ca2c9b9 Update dependency @tryghost/email-analytics-provider-mailgun to v1.0.5
Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.2.0

Commits

See full diff in compare view

Updates jws from 3.2.2 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.

Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

BREAKING: jwt.verify now requires an algorithm parameter, and jws.createVerify requires an algorithm option. The "alg" field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by jwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.

2.0.0 - 2015-01-30

Changed

BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

Code reorganization, thanks @fearphage! (7880050)

Added

Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)

Commits

4f6e73f Merge commit from fork
bd0fea5 version 3.2.3
7c3b4b4 Enhance tests for HMAC streaming sign and verify
a9b8ed9 Improve secretOrKey initialization in VerifyStream
6707fde Improve secret handling in SignStream
See full diff in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.

Updates multer from 1.4.2 to 1.4.3

Changelog

Sourced from multer's changelog.

1.4.3 - 2021-08-09

Bugfix: Avoid deprecated pseudoRandomBytes function (#774)

Docs: Add Português Brazil translation for README (#758)

Docs: Clarify the callback calling convention (#775)

Docs: Add example on how to link to html multipart form (#580)

Docs: Add Spanish translation for README (#838)

Docs: Add Math.random() to storage filename example (#841)

Docs: Fix mistakes in russian doc (#869)

Docs: Improve Português Brazil translation (#877)

Docs: Update var to const in all Readmes (#1024)

Internal: Bump mkdirp version (#862)

Internal: Bump Standard version (#878)

Commits

63f4874 version: 1.4.3
8bea17d history: 1.4.3
a5b7d5e Merge pull request #1024 from jonchurch/readme-var-to-const
7cb41b5 doc: update var to const in all Readmes
f5cd339 Merge pull request #1020 from Henrique-Moura/patch-1
2c22519 Update README-pt-br.md
6b5fff5 Merge pull request #877 from carlosstenzel/master
6fd38ed Merge pull request #862 from jonchurch/mkdirp-bump
d4e7cd8 Merge pull request #878 from expressjs/standard14
ca0bb81 package: bump standard
Additional commits viewable in compare view

Updates nanoid from 3.1.23 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

Fixed React Native support.

3.3.10

Fixed React Native support (by @steida).

3.3.9

Reduced npm package size.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

3.3.7

Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

Fixed package.

3.3.5

Backport funding information.

3.3.4

Fixed --help in CLI (by @Lete114).

3.3.3

Reduced size (by Anton Khlynovskiy).

3.3.2

Fixed enhanced-resolve support.

3.3.1

Reduced package size.

3.3

Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

Reduced async exports size (by Artyom Arutyunyan).

Moved from Jest to uvu (by Vitaly Baev).

3.1.31

Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

... (truncated)

Commits

37289ce Release 3.3.11 version
23690b7 Fix CI
c147962 Fix RN support
a83734e Move to manually ESM/CJS dual package
bb12e8a Release 3.3.10 version
8f44264 Fix Expo support
adf9b0c Release 3.3.9 version
1c6f088 Remove dev file from npm package
3044cd5 Release 3.3.8 version
4fe3495 Update size limit
Additional commits viewable in compare view

Updates nodemailer from 0.7.1 to 6.10.1

Release notes

Sourced from nodemailer's releases.

v6.10.1

6.10.1 (2025-02-06)

Bug Fixes

close correct socket (a18062c)

v6.10.0

6.10.0 (2025-01-23)

Features

services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

proxy: Set error and timeout errors for proxied sockets (aa0c99c)

v6.9.16

6.9.16 (2024-10-28)

Bug Fixes

addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

v6.9.15

6.9.15 (2024-08-08)

Bug Fixes

Fix memory leak (#1667) (baa28f6)

mime: Added GeoJSON closes #1637 (#1665) (79b8293)

v6.9.14

6.9.14 (2024-06-19)

Bug Fixes

api: Added support for Ethereal authentication (56b2205)

services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)

services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)

well-known-services: Add Loopia in well known services (#1655) (21a28a1)

v6.9.13

... (truncated)

Changelog

Sourced from nodemailer's changelog.

6.10.1 (2025-02-06)

Bug Fixes

close correct socket (a18062c)

6.10.0 (2025-01-23)

Features

services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

proxy: Set error and timeout errors for proxied sockets (aa0c99c)

6.9.16 (2024-10-28)

Bug Fixes

addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

6.9.15 (2024-08-08)

Bug Fixes

Fix memory leak (#1667) (baa28f6)

mime: Added GeoJSON closes #1637 (#1665) (79b8293)

6.9.14 (2024-06-19)

Bug Fixes

api: Added support for Ethereal authentication (56b2205)

services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)

services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)

well-known-services: Add Loopia in well known services (#1655) (21a28a1)

6.9.13 (2024-03-20)

Bug Fixes

tls: Ensure servername for SMTP (d66fdd3)

6.9.12 (2024-03-08)

Bug Fixes

message-generation: Escape single quote in address names (4ae5fad)

... (truncated)

Commits

e1d9123 chore(master): release 6.10.1 [skip-ci] (#1719)
f093aaa Merge branch 'master' of github.com:nodemailer/nodemailer
a18062c fix: close correct socket
0856796 chore(master): release 6.10.0 [skip-ci] (#1700)
db59df0 Bumped deps
aa0c99c fix(proxy): Set error and timeout errors for proxied sockets
15146d8 Proton mail fix, issue: nodemailer/nodemailer#1691...
d1ae0a8 feat(services): add Seznam email service configuration (#1695)
e70b9c1 chore(master): release 6.9.16 [skip-ci] (#1688)
bcf55be Bumped deps
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by andris, a new releaser for nodemailer since your current version.

Updates parse-uri from 1.0.3 to 2.0.4

Release notes

Sourced from parse-uri's releases.

v2.0.4

What's Changed

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in Kikobeats/parse-uri#27

Full Changelog: Kikobeats/parse-uri@v2.0.3...v2.0.4

v2.0.3

What's ChangedDescription has been truncated

Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [mysql2](https://github.com/sidorares/node-mysql2) | `2.2.5` | `3.9.8` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.14.0` | `7.28.4` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.2.0` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [nanoid](https://github.com/ai/nanoid) | `3.1.23` | `3.3.11` | | [postcss](https://github.com/postcss/postcss) | `8.2.15` | `8.5.6` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `mysql2` from 2.2.5 to 3.9.8 - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v2.2.5...v3.9.8) Updates `@babel/runtime` from 7.14.0 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) Updates `@tryghost/members-csv` from 1.0.0 to 1.1.8 - [Commits](https://github.com/TryGhost/SDK/commits/@tryghost/helpers@1.1.8/packages/members-csv) Updates `axios` from 0.21.1 to 0.21.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.4/CHANGELOG.md) - [Commits](axios/axios@v0.21.1...v0.21.4) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `follow-redirects` from 0.0.3 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/commits/v1.15.11) Updates `ghost` from 4.5.0 to 4.21.0 - [Release notes](https://github.com/TryGhost/Ghost/releases) - [Commits](https://github.com/TryGhost/Ghost/compare/@tryghost/members-api@4.5.0...v4.21.0) Updates `http-cache-semantics` from 4.1.0 to 4.2.0 - [Commits](https://github.com/kornelski/http-cache-semantics/commits) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `multer` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.2...v1.4.3) Updates `nanoid` from 3.1.23 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.23...3.3.11) Updates `nodemailer` from 0.7.1 to 6.10.1 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v0.7.1...v6.10.1) Updates `parse-uri` from 1.0.3 to 2.0.4 - [Release notes](https://github.com/kikobeats/parse-uri/releases) - [Changelog](https://github.com/Kikobeats/parse-uri/blob/master/CHANGELOG.md) - [Commits](Kikobeats/parse-uri@1.0.3...v2.0.4) Updates `passport` from 0.4.1 to 0.5.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.4.1...v0.5.0) Updates `postcss` from 8.2.15 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.2.15...8.5.6) Updates `sanitize-html` from 2.3.3 to 2.5.2 - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.3.3...2.5.2) Updates `sharp` from 0.28.2 to 0.29.3 - [Release notes](https://github.com/lovell/sharp/releases) - [Changelog](https://github.com/lovell/sharp/blob/v0.29.3/docs/changelog.md) - [Commits](lovell/sharp@v0.28.2...v0.29.3) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `validator` from 6.3.0 to 7.2.0 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@6.3.0...7.2.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: mysql2 dependency-version: 3.9.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tryghost/members-csv" dependency-version: 1.1.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.21.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ghost dependency-version: 4.21.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 1.4.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nodemailer dependency-version: 6.10.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: parse-uri dependency-version: 2.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: passport dependency-version: 0.5.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sanitize-html dependency-version: 2.5.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sharp dependency-version: 0.29.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 7.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 19, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Bump the npm_and_yarn group across 1 directory with 20 updates#1

Bump the npm_and_yarn group across 1 directory with 20 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-15b867d44f

dependabot bot commented on behalf of github Dec 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Dec 19, 2025

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

v3.9.3

3.9.3 (2024-03-26)

3.9.8 (2024-05-26)

Bug Fixes

3.9.7 (2024-04-21)

Bug Fixes

3.9.6 (2024-04-18)

Bug Fixes

3.9.5 (2024-04-17)

Bug Fixes

3.9.4 (2024-04-09)

Bug Fixes

3.9.3 (2024-03-26)

Bug Fixes

3.9.2 (2024-02-26)

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

v0.21.4

Fixes and Functionality:

v0.21.3

Fixes and Functionality:

v0.21.2

Fixes and Functionality:

Internal and Tests:

Documentation:

0.21.4 (September 6, 2021)

0.21.3 (September 4, 2021)

0.21.2 (September 4, 2021)

v0.2.2

v0.2.1

v1.15.11

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3