:ghost: Bump the server-dependencies group with 3 updates by dependabot[bot] · Pull Request #41 · carlosthe19916/trustify-ui

dependabot · 2025-06-23T08:54:03Z

Bumps the server-dependencies group with 3 updates: http-proxy-middleware, express and @types/express.

Updates http-proxy-middleware from 2.0.9 to 3.0.5

Release notes

Sourced from http-proxy-middleware's releases.

v3.0.5

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1096

chore(package): v3.0.5 by @chimurai in chimurai/http-proxy-middleware#1098

Full Changelog: chimurai/http-proxy-middleware@v3.0.4...v3.0.5

v3.0.4

What's Changed

chore(package): bump dev dependencies by @chimurai in chimurai/http-proxy-middleware#1045

chore(package): update yarn.lock by @chimurai in chimurai/http-proxy-middleware#1046

docs(readme): fix example code syntax error by @17hz in chimurai/http-proxy-middleware#1014

chore(package): bump express to v4.21.1 by @chimurai in chimurai/http-proxy-middleware#1047

chore(examples): update yarn.lock by @chimurai in chimurai/http-proxy-middleware#1048

chore(package): bump dev deps by @chimurai in chimurai/http-proxy-middleware#1059

chore(package): bump dev dependencies by @chimurai in chimurai/http-proxy-middleware#1060

chore(package): bump dev dependencies by @chimurai in chimurai/http-proxy-middleware#1074

ci(github-actions): pipeline improvements by @chimurai in chimurai/http-proxy-middleware#1082

feat(types): export Plugin type by @oktapodia in chimurai/http-proxy-middleware#1071

fix(fixRequestBody): support multipart/form-data by @JS-mark in chimurai/http-proxy-middleware#896

chore(package.json): bump dev deps by @chimurai in chimurai/http-proxy-middleware#1083

ci(package): patch http-proxy by @chimurai in chimurai/http-proxy-middleware#1084

ci(pkg-pr-new): publish package for testing purposes by @chimurai in chimurai/http-proxy-middleware#1085

build(patch-package): run patch-package in 'development' only by @chimurai in chimurai/http-proxy-middleware#1086

chore(examples): update next deps by @chimurai in chimurai/http-proxy-middleware#1087

ci(github-actions): update spellcheck config by @chimurai in chimurai/http-proxy-middleware#1088

fix(websocket): handle errors in handleUpgrade by @nwalters512 in chimurai/http-proxy-middleware#823

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1089

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1092

docs(CHANGELOG): update changelog by @chimurai in chimurai/http-proxy-middleware#1093

chore(package): v3.0.4 by @chimurai in chimurai/http-proxy-middleware#1095

New Contributors

@17hz made their first contribution in chimurai/http-proxy-middleware#1014

@oktapodia made their first contribution in chimurai/http-proxy-middleware#1071

@JS-mark made their first contribution in chimurai/http-proxy-middleware#896

@nwalters512 made their first contribution in chimurai/http-proxy-middleware#823

Full Changelog: chimurai/http-proxy-middleware@v3.0.3...v3.0.4

v3.0.3

What's Changed

fix(pathFilter): handle errors by @chimurai in chimurai/http-proxy-middleware#1043

chore(package): v3.0.3 by @chimurai in chimurai/http-proxy-middleware#1044

Full Changelog: chimurai/http-proxy-middleware@v3.0.2...v3.0.3

v3.0.2

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v3.0.5

fix(fixRequestBody): check readableLength (#1096)

v3.0.4

fix(fixRequestBody): handle invalid request (#1092)

fix(fixRequestBody): prevent multiple .write() calls (#1089)

fix(websocket): handle errors in handleUpgrade (#823)

ci(package): patch http-proxy (#1084)

fix(fixRequestBody): support multipart/form-data (#896)

feat(types): export Plugin type (#1071)

v3.0.3

fix(pathFilter): handle errors

v3.0.2

refactor(dependency): replace is-plain-obj with is-plain-object (#1031)

chore(package): upgrade to eslint v9 (#1032)

fix(logger-plugin): handle undefined protocol and hostname (#1036)

v3.0.1

fix(type): fix RequestHandler return type (#980)

refactor(errors): improve pathFilter error message (#987)

fix(logger-plugin): fix missing target port (#989)

ci(package): npm package provenance (#991)

fix(logger-plugin): log target port when router option is used (#1001)

refactor: fix circular dependencies (#1010)

fix(fix-request-body): support '+json' content-type suffix (#1015)

v3.0.0

This release contains some breaking changes.

Please read the V3 discussion chimurai/http-proxy-middleware#768 or follow the MIGRATION.md guide.

feat(typescript): type improvements (#882)

chore(deps): update micromatch to 4.0.5

chore(package): bump devDependencies

feat(legacyCreateProxyMiddleware): show migration tips (#756)

feat(legacyCreateProxyMiddleware): adapter with v2 behavior (#754)

docs(proxy events): fix new syntax (#753)

feat(debug): improve troubleshooting (#752)

test(path-rewriter): improve coverage (#751)

feat(ejectPlugins): skip registering default plugins (#750)

refactor: logging [BREAKING CHANGE] (#749)

... (truncated)

Commits

d3851ed chore(package): v3.0.5 (#1098)
1bdccbe fix(fixRequestBody): check readableLength (#1096)
01934d3 chore(package): v3.0.4 (#1095)
3364c0a docs(CHANGELOG): update changelog (#1093)
bd3c124 fix(fixRequestBody): handle invalid request (#1092)
0209760 fix(fixRequestBody): prevent multiple .write() calls (#1089)
fd0f568 fix(websocket): handle errors in handleUpgrade (#823)
e94087e ci(github-actions): update spellcheck config (#1088)
397748a chore(examples): update next deps (#1087)
6fb6032 build(patch-package): run patch-package in 'development' only (#1086)
Additional commits viewable in compare view

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

Update captains by @UlisesGascon in expressjs/express#6027

build: Node.js 23.0 by @bjohansebas in expressjs/express#6075

Add funding field (v5) by @bjohansebas in expressjs/express#6064

✅ add discarded middleware test by @ctcpip in expressjs/express#5819

update homepage link http to https by @bjohansebas in expressjs/express#5920

Improve readme by @bjohansebas in expressjs/express#5994

Add bjohansebas as repo captain for expressjs.com by @crandmck in expressjs/express#6058

Remove Object.setPrototypeOf polyfill by @Phillip9587 in expressjs/express#6081

fix(buffer): use node:buffer instead of safe-buffer by @bhavya3024 in expressjs/express#6071

docs: Add DCO by @UlisesGascon in expressjs/express#6048

cleanup: remove promise support check from tests by @Phillip9587 in expressjs/express#6148

Use loop for acceptParams by @blakeembrey in expressjs/express#6066

Improve documentation step in release process by @bjohansebas in expressjs/express#6150

cleanup: remove unnecessary require for global Buffer by @Phillip9587 in expressjs/express#6146

cleanup: remove AsyncLocalStorage check by @Phillip9587 in expressjs/express#6147

update history.md for acceptParams change by @jonchurch in expressjs/express#6177

docs: add @rxmarbles to the triage team by @UlisesGascon in expressjs/express#6151

refactor: improve readability by @sazk07 in expressjs/express#6173

docs: clarify the security process in the triage role by @bjohansebas in expressjs/express#6217

chore: replace methods dependency with standard library by @jonkoops in expressjs/express#6196

Remove utils-merge dependency - use spread syntax instead by @Phillip9587 in expressjs/express#6091

fix(securite): fix vulnerabilities by @Abdel-Monaam-Aouini in expressjs/express#6211

refactor: prefix built-in node module imports by @slagiewka in expressjs/express#6236

fix: remove download size badges by @wesleytodd in expressjs/express#6266

Remove unused depd dependency by @jonkoops in expressjs/express#6197

fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @hamirmahal in expressjs/express#6256

Add support for OSSF scorecard reporting by @UlisesGascon in expressjs/express#5431

docs: add @Phillip9587 to the triage team by @bjohansebas in expressjs/express#6276

fix: added a missing semicolon in css styles in examples/auth by @pr4j3sh in expressjs/express#6297

docs: include team email in the security policy by @UlisesGascon in expressjs/express#6278

refactor: simplify normalizeTypes function by @Ayoub-Mabrouk in expressjs/express#6097

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6314

ci: fix npm install --include typo by @Phillip9587 in expressjs/express#6324

ci: updated scorecard actions by @Phillip9587 in expressjs/express#6322

build(deps): use carat notation for dependency versions by @dpopp07 in expressjs/express#6317

chore(deps): update debug to ^4.4.0 by @Phillip9587 in expressjs/express#6313

docs: retroactively note 5.0.0-beta.1 api change in history file by @dpopp07 in expressjs/express#6333

feat(deps): body-parser@^2.1.0 by @wesleytodd in expressjs/express#6332

feat(deps): router@^2.1.0 by @wesleytodd in expressjs/express#6331

Update repo captains by @UlisesGascon in expressjs/express#6234

deps: upgrade nyc by @agungjati in expressjs/express#6122

fix (deps): update deps by @wesleytodd in expressjs/express#6337

response: add support for ETag option in res.sendFile by @juanarbol in expressjs/express#6073

Update multiple links to use https instead of http by @Phillip9587 in expressjs/express#6338

Extend res.links() to allow adding multiple links with the same rel #2729 by @andvea in expressjs/express#4885

docs: update emeritus triagers by @UlisesGascon in expressjs/express#6345

docs: update guidance for triager nominations by @bjohansebas in expressjs/express#6349

docs: clarify guidelines for becoming a committer by @bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: server-static@2.2.0

deps: type-is@2.0.1

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: send@1.0.0

res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

change:

res.clearCookie will ignore user provided maxAge and expires options

deps: cookie-signature@^1.2.1

deps: debug@4.3.6

deps: merge-descriptors@^2.0.0

deps: serve-static@^2.1.0

deps: qs@6.13.0

deps: accepts@^2.0.0

deps: mime-types@^3.0.0

application/javascript => text/javascript

deps: type-is@^2.0.0

deps: content-disposition@^1.0.0

... (truncated)

Commits

cd7d439 5.1.0
4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
cb4c56e fix(docs): remove @mertcanaltin from Triagers (#6408)
7b44e1d ci: use full SHAs for github action versions
eb6d125 deps: router@^2.2.0 (#6417)
f1a2dc8 deps: type-is@^2.0.1 (#6420)
6b51e8e deps: body-parser@^2.2.0 (#6419)
1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
9e97144 feat(deps): finalhandler@2.1.0 (#6373)
29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
Additional commits viewable in compare view

Updates @types/express from 4.17.22 to 5.0.3

Commits

See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the server-dependencies group with 3 updates: [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware), [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). Updates `http-proxy-middleware` from 2.0.9 to 3.0.5 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/master/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.9...v3.0.5) Updates `express` from 4.21.2 to 5.1.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `@types/express` from 4.17.22 to 5.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: http-proxy-middleware dependency-version: 3.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: server-dependencies - dependency-name: express dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: server-dependencies - dependency-name: "@types/express" dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: server-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-08-11T23:35:10Z

Dependabot encountered an unknown error. Because of this, Dependabot cannot update this pull request.

dependabot · 2025-08-18T13:29:53Z

The group that created this PR has been removed from your configuration.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 23, 2025

carlosthe19916 force-pushed the main branch 6 times, most recently from ae0ef65 to a9c2b0c Compare July 27, 2025 07:17

dependabot Bot force-pushed the dependabot/npm_and_yarn/server-dependencies-765d25d57a branch from d7151e4 to 0971ae9 Compare August 4, 2025 22:17

dependabot Bot closed this Aug 18, 2025

dependabot Bot deleted the dependabot/npm_and_yarn/server-dependencies-765d25d57a branch August 18, 2025 13:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

👻 Bump the server-dependencies group with 3 updates#41

👻 Bump the server-dependencies group with 3 updates#41
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/server-dependencies-765d25d57a

dependabot Bot commented on behalf of github Jun 23, 2025 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Aug 11, 2025

Uh oh!

dependabot Bot commented on behalf of github Aug 18, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.0.5

What's Changed

v3.0.4

What's Changed

New Contributors

v3.0.3

What's Changed

v3.0.2

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v5.1.0

What's Changed

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

Uh oh!

dependabot Bot commented on behalf of github Aug 11, 2025

Uh oh!

dependabot Bot commented on behalf of github Aug 18, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 23, 2025 •

edited

Loading