Bump the npm_and_yarn group across 1 directory with 7 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /asset-transfer-basic/rest-api-typescript directory:

Package	From	To
express	4.20.0	5.1.0
@types/express	4.17.17	5.0.3
@babel/traverse	7.25.6	7.28.0
axios	1.7.7	1.11.0
elliptic	6.5.7	6.6.1
msgpackr	1.11.0	1.11.5

Updates express from 4.20.0 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

• Update captains by @​UlisesGascon in expressjs/express#6027
• build: Node.js 23.0 by @​bjohansebas in expressjs/express#6075
• Add funding field (v5) by @​bjohansebas in expressjs/express#6064
• ✅ add discarded middleware test by @​ctcpip in expressjs/express#5819
• update homepage link http to https by @​bjohansebas in expressjs/express#5920
• Improve readme by @​bjohansebas in expressjs/express#5994
• Add bjohansebas as repo captain for expressjs.com by @​crandmck in expressjs/express#6058
• Remove Object.setPrototypeOf polyfill by @​Phillip9587 in expressjs/express#6081
• fix(buffer): use node:buffer instead of safe-buffer by @​bhavya3024 in expressjs/express#6071
• docs: Add DCO by @​UlisesGascon in expressjs/express#6048
• cleanup: remove promise support check from tests by @​Phillip9587 in expressjs/express#6148
• Use loop for acceptParams by @​blakeembrey in expressjs/express#6066
• Improve documentation step in release process by @​bjohansebas in expressjs/express#6150
• cleanup: remove unnecessary require for global Buffer by @​Phillip9587 in expressjs/express#6146
• cleanup: remove AsyncLocalStorage check by @​Phillip9587 in expressjs/express#6147
• update history.md for acceptParams change by @​jonchurch in expressjs/express#6177
• docs: add @​rxmarbles to the triage team by @​UlisesGascon in expressjs/express#6151
• refactor: improve readability by @​sazk07 in expressjs/express#6173
• docs: clarify the security process in the triage role by @​bjohansebas in expressjs/express#6217
• chore: replace methods dependency with standard library by @​jonkoops in expressjs/express#6196
• Remove utils-merge dependency - use spread syntax instead by @​Phillip9587 in expressjs/express#6091
• fix(securite): fix vulnerabilities by @​Abdel-Monaam-Aouini in expressjs/express#6211
• refactor: prefix built-in node module imports by @​slagiewka in expressjs/express#6236
• fix: remove download size badges by @​wesleytodd in expressjs/express#6266
• Remove unused depd dependency by @​jonkoops in expressjs/express#6197
• fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @​hamirmahal in expressjs/express#6256
• Add support for OSSF scorecard reporting by @​UlisesGascon in expressjs/express#5431
• docs: add @​Phillip9587 to the triage team by @​bjohansebas in expressjs/express#6276
• fix: added a missing semicolon in css styles in examples/auth by @​pr4j3sh in expressjs/express#6297
• docs: include team email in the security policy by @​UlisesGascon in expressjs/express#6278
• refactor: simplify normalizeTypes function by @​Ayoub-Mabrouk in expressjs/express#6097
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6314
• ci: fix npm install --include typo by @​Phillip9587 in expressjs/express#6324
• ci: updated scorecard actions by @​Phillip9587 in expressjs/express#6322
• build(deps): use carat notation for dependency versions by @​dpopp07 in expressjs/express#6317
• chore(deps): update debug to ^4.4.0 by @​Phillip9587 in expressjs/express#6313
• docs: retroactively note 5.0.0-beta.1 api change in history file by @​dpopp07 in expressjs/express#6333
• feat(deps): body-parser@^2.1.0 by @​wesleytodd in expressjs/express#6332
• feat(deps): router@^2.1.0 by @​wesleytodd in expressjs/express#6331
• Update repo captains by @​UlisesGascon in expressjs/express#6234
• deps: upgrade nyc by @​agungjati in expressjs/express#6122
• fix (deps): update deps by @​wesleytodd in expressjs/express#6337
• response: add support for ETag option in res.sendFile by @​juanarbol in expressjs/express#6073
• Update multiple links to use https instead of http by @​Phillip9587 in expressjs/express#6338
• Extend res.links() to allow adding multiple links with the same rel #2729 by @​andvea in expressjs/express#4885
• docs: update emeritus triagers by @​UlisesGascon in expressjs/express#6345
• docs: update guidance for triager nominations by @​bjohansebas in expressjs/express#6349
• docs: clarify guidelines for becoming a committer by @​bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0
  • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
• change:
  • res.clearCookie will ignore user provided maxAge and expires options
• deps: cookie-signature@^1.2.1
• deps: debug@4.3.6
• deps: merge-descriptors@^2.0.0
• deps: serve-static@^2.1.0
• deps: qs@6.13.0
• deps: accepts@^2.0.0
• deps: mime-types@^3.0.0
  • application/javascript => text/javascript
• deps: type-is@^2.0.0
• deps: content-disposition@^1.0.0

... (truncated)

Commits

• cd7d439 5.1.0
• 4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
• cb4c56e fix(docs): remove @​mertcanaltin from Triagers (#6408)
• 7b44e1d ci: use full SHAs for github action versions
• eb6d125 deps: router@^2.2.0 (#6417)
• f1a2dc8 deps: type-is@^2.0.1 (#6420)
• 6b51e8e deps: body-parser@^2.2.0 (#6419)
• 1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
• 9e97144 feat(deps): finalhandler@2.1.0 (#6373)
• 29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
• Additional commits viewable in compare view

Updates @types/express from 4.17.17 to 5.0.3

Commits

• See full diff in compare view

Updates @types/express from 4.17.17 to 5.0.3

Commits

• See full diff in compare view

Updates @babel/traverse from 7.25.6 to 7.28.0

Release notes

Sourced from @​babel/traverse's releases.

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• coderaiser (@​coderaiser)

v7.27.7 (2025-06-26)

Thanks @​arthur-mountain and @​evankanderson for your first PRs!

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@​JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@​JLHwung)

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@​nicolo-ribaudo)

v7.27.7 (2025-06-26)

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@​JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@​JLHwung)

🐛 Bug Fix

• babel-core
  • #17392 Improve TS babel config loading (@​JLHwung)
• babel-types
  • #17376 fix: support negative bigint in valueToNode (@​JLHwung)
• babel-plugin-transform-parameters
  • #17352 fix: Params of async function* should throw synchronously (@​liuxingbaoyu)

🏠 Internal

• babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread
  • #17389 Use NodePath#splitExportDeclaration in destructuring transforms (@​JLHwung)

... (truncated)

Commits

• ccc5fae v7.28.0
• 4b4e7e2 Create babel-helper-globals (#17297)
• cf5ae03 LVal coverage updates (Part 2) (#17391)
• 6ca9df4 Accept bigints in t.bigIntLiteral factory (#17378)
• 75f0140 Parse discard binding (#17163)
• 4ce7dfd v7.27.7
• 6c8faf1 add generateUidBasedOnNode test cases (#17381)
• f68ac51 chore: Avoid CITGM errors (#17382)
• 7d06930 v7.27.4
• 05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
• Additional commits viewable in compare view

Updates axios from 1.7.7 to 1.11.0

Release notes

Sourced from axios's releases.

Release v1.11.0

Release notes:

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

Release v1.10.0

Release notes:

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

Release v1.9.0

Release notes:

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
• http: send minimal end multipart boundary (#6661) (987d2e2)
• types: fix autocomplete for adapter config (#6855) (e61a893)

... (truncated)

Changelog

Sourced from axios's changelog.

1.11.0 (2025-07-22)

Bug Fixes

• form-data npm pakcage (#6970) (e72c193)
• prevent RangeError when using large Buffers (#6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

1.10.0 (2025-06-14)

Bug Fixes

• adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
• package: add module entry point for React Native; (#6933) (3d343b8)

Features

• types: improved fetchOptions interface (#6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

1.9.0 (2025-04-24)

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)

... (truncated)

Commits

• b76c4ac chore(release): v1.11.0 (#6974)
• e72c193 fix: form-data npm pakcage (#6970)
• 8517aa1 fix(types): resolve type discrepancies between ESM and CJS TypeScript declara...
• a2214ca fix: prevent RangeError when using large Buffers (#6961)
• 6161947 refactor: use spread operator instead of '.apply()' (#6938)
• a1d16dd refactor: use an object spread instead of Object.assign (#6939)
• 07183cd chore(sponsor): update sponsor block (#6952)
• ef36347 docs(CONTRIBUTING): update docs link for accuracy (#6894)
• b29bd6a chore(sponsor): update sponsor block (#6948)
• a406a93 chore(sponsor): update sponsor block (#6937)
• Additional commits viewable in compare view

Updates elliptic from 6.5.7 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• See full diff in compare view

Updates msgpackr from 1.11.0 to 1.11.5

Commits

• See full diff in compare view

Updates path-to-regexp from 0.1.10 to 8.2.0

Release notes

Sourced from path-to-regexp's releases.

8.2.0

Fixed

• Allowing path-to-regexp to run on older browsers by targeting ES2015
  • Target ES2015 5969033
    • Also saved 0.22kb (10%!) by removing the private class field down level
  • Remove s flag from regexp 51dbd45

pillarjs/path-to-regexp@v8.1.0...v8.2.0

v8.1.0

Added

• Adds pathToRegexp method back for generating a regex
• Adds stringify method for converting TokenData into a path string

pillarjs/path-to-regexp@v8.0.0...v8.1.0

Simpler API

Heads up! This is a fairly large change (again) and I need to apologize in advance. If I foresaw what this version would have ended up being I would not have released version 7. A longer blog post and explanation will be incoming this week, but the pivot has been due to work on Express.js v5 and this will the finalized syntax used in Express moving forward.

Edit: The post is out - https://blakeembrey.com/posts/2024-09-web-redos/

Added

• Adds key names to wildcards using *name syntax, aligns with : behavior but using an asterisk instead

Changed

• Removes group suffixes of ?, +, and * - only optional exists moving forward (use wildcards for +, {*foo} for *)
• Parameter names follow JS identifier rules and allow unicode characters

Added

• Parameter names can now be quoted, e.g. :"foo-bar"
• Match accepts an array of values, so the signature is now string | TokenData | Array<string | TokenData>

Removed

• Removes loose mode
• Removes regular expression overrides of parameters

pillarjs/path-to-regexp@v7.1.0...v8.0.0

Support array inputs (again)

Added

• Support array inputs for match and pathToRegexp 3fdd88f

pillarjs/path-to-regexp@v7.1.0...v7.2.0

... (truncated)

Changelog

Sourced from path-to-regexp's changelog.

Moved to GitHub Releases

3.0.0 / 2019-01-13

• Always use prefix character as delimiter token, allowing any character to be a delimiter (e.g. /:att1-:att2-:att3-:att4-:att5)
• Remove partial support, prefer escaping the prefix delimiter explicitly (e.g. \\/(apple-)?icon-:res(\\d+).png)

2.4.0 / 2018-08-26

• Support start option to disable anchoring from beginning of the string

2.3.0 / 2018-08-20

• Use delimiter when processing repeated matching groups (e.g. foo/bar has no prefix, but has a delimiter)

2.2.1 / 2018-04-24

• Allow empty string with end: false to match both relative and absolute paths

2.2.0 / 2018-03-06

• Pass token as second argument to encode option (e.g. encode(value, token))

2.1.0 / 2017-10-20

• Handle non-ending paths where the final character is a delimiter
  • E.g. /foo/ before required either /foo/ or /foo// to match in non-ending mode

2.0.0 / 2017-08-23

• New option! Ability to set endsWith to match paths like /test?query=string up to the query string
• New option! Set delimiters for specific characters to be treated as parameter prefixes (e.g. /:test)
• Remove isarray dependency
• Explicitly handle trailing delimiters instead of trimming them (e.g. /test/ is now treated as /test/ instead of /test when matching)
• Remove overloaded keys argument that accepted options
• Remove keys list attached to the RegExp output
• Remove asterisk functionality (it's a real pain to properly encode)
• Change tokensToFunction (e.g. compile) to accept an encode function for pretty encoding (e.g. pass your own implementation)

1.7.0 / 2016-11-08

• Allow a delimiter option to be passed in with tokensToRegExp which will be used for "non-ending" token match situations

1.6.0 / 2016-10-03

• Populate RegExp.keys when using the tokensToRegExp method (making it consistent with the main export)
• Allow a delimiter option to be passed in with parse
• Updated TypeScript definition with Keys and Options updated

1.5.3 / 2016-06-15

... (truncated)

Commits

• 776c898 8.2.0
• 678756a Dumb down code for negate
• e85fe27 Upgrade deps
• 5969033 Target ES2015
• 51dbd45 Remove s flag from regexp
• df39d6c Append backtrack, ignore bench in coverage
• d6c3658 Update express 4 compatibility guide
• c302644 8.1.0
• 7b4598c Document stringify method
• d6150f5 Add pathToRegexp method back
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.