Bump the npm_and_yarn group across 2 directories with 19 updates #49

dependabot · 2025-05-06T17:10:58Z

Bumps the npm_and_yarn group with 3 updates in the / directory: mongoose, cookie and express.
Bumps the npm_and_yarn group with 11 updates in the /ui directory:

Package	From	To
braces	`3.0.2`	`3.0.3`
micromatch	`4.0.5`	`4.0.8`
axios	`0.24.0`	`0.30.0`
element-plus	`1.2.0-beta.6`	`2.1.0`
vite	`2.9.9`	`6.3.5`
unplugin-vue-components	`0.17.21`	`28.5.0`
@vitejs/plugin-vue	`2.3.3`	`5.2.3`
rollup	`2.73.0`	`3.29.5`
simple-git	`1.132.0`	`3.27.0`
lint	`0.7.0`	`0.8.19`
tough-cookie	`2.5.0`	`removed`
lint	`0.8.19`	`1.1.2`

Updates mongoose from 6.13.2 to 6.13.6

Release notes

Sourced from mongoose's releases.

6.13.6 / 2025-01-13

fix: disallow nested $where in populate match

Changelog

Sourced from mongoose's changelog.

6.13.6 / 2025-01-13

fix: disallow nested $where in populate match CVE-2025-23061

8.9.4 / 2025-01-09

fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI

fix(model): make Model.validate() static correctly cast document arrays #15169 #15164

fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156

fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120

types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158

docs: fix <code> in header ids #15159

docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109

fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075

fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071

fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126

perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449

types: make BufferToBinary avoid Document instances #15123 #15122

types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111

types(schema): add missing removeIndex #15134

types: add cleanIndexes() to IndexManager interface #15127

docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109

fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108

fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI

types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057

types: add UUID to RefType #15115 #15101

docs: remove link to Mongoose 5.x docs from dropdown #15116

docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812

fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092

fix(model): handle discriminators in castObject() #15096 #15075

fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056

fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048

fix(document+schema): improve error message for get() on invalid path #15098 #15071

docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13

feat: upgrade mongodb -> 6.12

... (truncated)

Commits

e59e342 chore: release 6.13.6
64a9f97 fix: disallow nested $where in populate match
15bdccf chore: release 6.13.5
33679bc fix: disallow using $where in match
22210b1 chore: release 6.13.4
d21a239 Merge pull request #15043 from Automattic/vkarpov15/gh-15039
68377ff fix: save execution stack in query as string
6fbe9f0 Merge pull request #14998 from markstos/UT-8434-doc-strict-query-flipflop
3e3dc2e docs: clarify strictQuery default will flip-flop in "Migrating to 6.x"
d98b2e7 docs: Add missing closing tag for Lodash entry.
Additional commits viewable in compare view

Updates cookie from 0.6.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.21.0 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

Commits

1faf228 4.21.2
2e0fb64 deps: bump [email protected] (#6209)
59fc270 deps: [email protected] (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): [email protected]
See full diff in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates path-to-regexp from 0.1.10 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Commits

640e694 0.1.12
f01c26a Merge commit from fork
0c71192 0.1.11
8f09549 Add error on bad input values
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates axios from 0.24.0 to 0.30.0

Release notes

Sourced from axios's releases.

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @thatguyinabeanie in axios/axios#6829

fix: add allowAbsoluteUrls type by @thatguyinabeanie in axios/axios#6849

Contributors to this release

@mori5321 made their first contribution in axios/axios#4917

@TehZarathustra made their first contribution in axios/axios#6271

@nafeger made their first contribution in axios/axios#6787

@thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @Sean-Powell in axios/axios#6402

fix: omit nulls in params by @Willshaw in axios/axios#6394

fix(backport): fix paramsSerializer function validation by @solonzhu in axios/axios#6361

fix: Regular Expression Denial of Service (ReDoS) by @qiongshusheng in axios/axios#6708

Contributors to this release

@Sean-Powell made their first contribution in axios/axios#6402

@Willshaw made their first contribution in axios/axios#6394

@solonzhu made their first contribution in axios/axios#6361

@qiongshusheng made their first contribution in axios/axios#6708

Release v0.28.1

Release notes:

Release notes:

Bug Fixes

fix(backport): custom params serializer support (#6263)

fix(backport): uncaught ReferenceError req is not defined (#6307)

Release v0.28.0

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

... (truncated)

Changelog

Sourced from axios's changelog.

0.30.0 (2025-03-26)

Release notes:

Bug Fixes

fix: modify log while request is aborted (#4917)

fix: update CHANGELOG.md for v0.x (#6271)

fix: modify upgrade guide for 0.28.1's breaking change (#6787)

fix: backport allowAbsoluteUrls vulnerability fix to v0.x (#6829)

fix: add allowAbsoluteUrls type (#6849)

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 (#6402)

fix: omit nulls in params (#6394)

fix(backport): fix paramsSerializer function validation (#6361)

fix: regular expression denial of service (ReDoS) (#6708)

0.28.1 (2024-03-24)

Release notes:

Bug Fixes

fix(backport): custom params serializer support (#6263)

fix(backport): uncaught ReferenceError req is not defined (#6307)

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated (#4745)

Fixed timeout error message for HTTP (#4738)

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 (#4728)

Adding types for progress event callbacks (#4675)

Fixed max body length defaults (#4731)

... (truncated)

Commits

6e922e4 chore: added build artifacts
a06ed1e chore: added pre-release artifacts
c010622 feat: add type for allowAbsoluteUrls (#6849)
02c3c69 fix: backport allowAbsoluteUrls vuln fix to v0.x (#6829)
8603e67 docs: modify upgrade guide for 0.28.1's breaking change (#6787)
f0642ee fix(docs): update CHANGELOG.md for v0.x (#6271)
0630c32 fix: modify log while request is aborted (#4917)
7750b8c chore(release): prep release v0.29.0
4840cb2 fix: regular expression denial of service issues (#6708)
2e36cdb fix(backport): fix paramsSerializer function validation (#6361)
Additional commits viewable in compare view

Updates element-plus from 1.2.0-beta.6 to 2.1.0

Changelog

Sourced from element-plus's changelog.

2.1.0

2022-03-12

Features

Components [message] support re-render vnode (#6527 by @sxzz)

Bug fixes

Ci remove clean script (#6550 by @JeremyWuuuuu)

Ci clean up several warning (#6551 by @HerringtonDarkholme)

Ci fix cascader ns querySelector class (#6552 by @HerringtonDarkholme)

Build move eslint config to internal (#6553 by @sxzz)

Ci suppress warning by mark icon as raw (#6555 by @HerringtonDarkholme)

Components [upload] photo-wall wrap (#6546 by @YunYouJun)

Refactors

Components [link] dynamic css vars & fix inner align (#6557 by @YunYouJun)

Components [link] refactor (#6543 by @sxzz)

2.0.6

2022-03-11

Features

[el-table] support always show scrollbar & get selection rows (#6469 by @msidolphin)

Extract eslint config to separate package (#6495 by @sxzz)

Export dayjs instance, closes #6498 (#6517 by @sxzz)

Components [select]add collapse-tags-tooltip (#6245 by @Alanscut)

Components [select-v2]add collapse-tags-tooltip (#6532 by @Alanscut)

Components [cascader]add collapse-tags-tooltip (#6331 by @Alanscut)

Bug fixes

Deps update all non-major dependencies (#6448 by @renovate[bot])

Components [el-select] optimize prefix size & selected style (#6267 by @msidolphin)

Components [el-table] defaultSort not working (#6322 by @msidolphin)

[el-table] fixed columns display when horizontal cannot scroll (#6320 by @msidolphin)

Components [el-checkbox] modelValue (#6168 by @gjfei) (#6169)

Components[select] (#6446 by @gjfei) (#6474)

Components [el-collapse] collapse item key pressing jumping (#6462 by @JeremyWuuuuu)

Components [message] offset error (#6497 by @Alanscut)

Components[select] namespace (#6486 by @gjfei)

Components el-select-allow-dynamically-update-options (#6473 by @gjfei)

Components [el-tooltip] close the dropdown after set disabled (#6467 by @Alanscut)

Docs improve component typings (#6524 by @sxzz)

... (truncated)

Commits

d6690f8 Merge pull request #6560 from element-plus/dev
45d915f chore: Update changelog 2.1.0 (#6561)
58897ec ci(build): add threshold to build product workflow (#6564)
e98d129 refactor(components): [link] refactor (#6543)
9172120 test(ci): add build product checking for prs (#6558)
2db400c refactor(components): [link] dynamic css vars & fix inner align (#6557)
93ee392 fix(components): [upload] photo-wall wrap (#6546)
14353db fix(ci): suppress warning by mark icon as raw (#6555)
88b574e fix(build): move eslint config to internal (#6553)
e10a1e4 fix(ci): fix cascader ns querySelector class (#6552)
Additional commits viewable in compare view

Updates vite from 2.9.9 to 6.3.5

Release notes

Sourced from vite's releases.

v6.3.5

Please refer to CHANGELOG.md for details.

v6.3.4

Please refer to CHANGELOG.md for details.

v6.3.3

Please refer to CHANGELOG.md for details.

v6.3.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.3.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.3.0

Please refer to CHANGELOG.md for details.

v6.3.0-beta.2

Please refer to CHANGELOG.md for details.

v6.3.0-beta.1

Please refer to CHANGELOG.md for details.

v6.3.0-beta.0

Please refer to CHANGELOG.md for details.

v6.2.7

Please refer to CHANGELOG.md for details.

v6.2.6

Please refer to CHANGELOG.md for details.

v6.2.5

Please refer to CHANGELOG.md for details.

v6.2.4

Please refer to CHANGELOG.md for details.

v6.2.3

Please refer to CHANGELOG.md for details.

v6.2.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.3.5 (2025-05-05)

fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965

fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940

refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

fix(assets): ensure ?no-inline is not included in the asset url in the production environment (#1949 (16a73c0), closes #19496

fix(css): resolve relative imports in sass properly on Windows (#19920) (ffab442), closes #19920

fix(deps): update all non-major dependencies (#19899) (a4b500e), closes #19899

fix(ssr): fix execution order of re-export (#19841) (ed29dee), closes #19841

fix(ssr): fix live binding of default export declaration and hoist exports getter (#19842) (80a91ff), closes #19842

perf: skip sourcemap generation for renderChunk hook of import-analysis-build plugin (#19921) (55cfd04), closes #19921

test(ssr): test ssrTransform re-export deps and test stacktrace with first line (#19629) (9399cda), closes #19629

6.3.2 (2025-04-18)

fix: match default asserts case insensitive (#19852) (cbdab1d), closes #19852

fix: open first url if host does not match any urls (#19886) (6abbdce), closes #19886

fix(css): respect css.lightningcss option in css minification process (#19879) (b5055e0), closes #19879

fix(deps): update all non-major dependencies (#19698) (bab4cb9), closes #19698

feat(css): improve lightningcss messages (#19880) (c713f79), closes #19880

6.3.1 (2025-04-17)

fix: avoid using Promise.allSettled in preload function (#19805) (35c7f35), closes #19805

fix: backward compat for internal plugin transform calls (#19878) (a152b7c), closes #19878

6.3.0 (2025-04-16)

fix(hmr): avoid infinite loop happening with hot.invalidate in circular deps (#19870) (d4ee5e8), closes #19870

fix(preview): use host url to open browser (#19836) (5003434), closes #19836

... (truncated)

Commits

84e4647 release: v6.3.5
fd38d07 fix(ssr): handle uninitialized export access as undefined (#19959)
b040d54 release: v6.3.4
c22c43d fix: check static serve file inside sirv (#19965)
efc5eab fix(optimizer): return plain object when using require to import externals ...
d6d01c2 refactor: remove duplicate plugin context type (#19935)
db9eb97 release: v6.3.3
e4d5201 fix: ignore malformed uris in tranform middleware (#19853)
55cfd04 perf: skip sourcemap generation for renderChunk hook of import-analysis-build...
ffab442 fix(css): resolve relative imports in sass properly on Windows (#19920)
Additional commits viewable in compare view

Updates unplugin-vue-components from 0.17.21 to 28.5.0

Release notes

Sourced from unplugin-vue-components's releases.

v28.5.0

   🚀 Features

Add sourcemap configuration switch - by @amazli in unplugin/unplugin-vue-components#833 (365b6)

Introduce dumpComponentsInfo option - by @ilyaliao in unplugin/unplugin-vue-components#830 (1f1eb)

    View changes on GitHub

v28.4.1

   🐞 Bug Fixes

Remove node_modules exclude from globsExclude - by @antfu (b5e2b)

Compatible with vue-loader experimentalInlineMatchResource - by @ahabhgk and @chenjiahan in unplugin/unplugin-vue-components#829 (2f689)

    View changes on GitHub

v28.4.0

   🐞 Bug Fixes

Disable expandDirectories in tinyglobby - by @antfu (8fa96)

Disable biome detection in generated components.d.ts - by @wChenonly in unplugin/unplugin-vue-components#792 (c6942)

Fix how globs resolves, excludes nested node_modules folder by default - by @antfu in unplugin/unplugin-vue-components#826 (6656e)

tdesign: Fix a series of components related to typography - by @entireyu in unplugin/unplugin-vue-components#813 (30bd3)

    View changes on GitHub

v28.3.0

   🚀 Features

Support transform user's resolveComponent usage, and enable by default - by @antfu (a89b3)

    View changes on GitHub

v28.2.0

   🚀 Features

Do not ignore node_modules by default, instead expose globsExclude option - by ...
Description has been truncated

Bumps the npm_and_yarn group with 3 updates in the / directory: [mongoose](https://github.com/Automattic/mongoose), [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 11 updates in the /ui directory: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [axios](https://github.com/axios/axios) | `0.24.0` | `0.30.0` | | [element-plus](https://github.com/element-plus/element-plus) | `1.2.0-beta.6` | `2.1.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `2.9.9` | `6.3.5` | | [unplugin-vue-components](https://github.com/unplugin/unplugin-vue-components) | `0.17.21` | `28.5.0` | | [@vitejs/plugin-vue](https://github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue) | `2.3.3` | `5.2.3` | | [rollup](https://github.com/rollup/rollup) | `2.73.0` | `3.29.5` | | [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `1.132.0` | `3.27.0` | | [lint](https://github.com/omnilint/lint) | `0.7.0` | `0.8.19` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `removed` | | [lint](https://github.com/omnilint/lint) | `0.8.19` | `1.1.2` | Updates `mongoose` from 6.13.2 to 6.13.6 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@6.13.2...6.13.6) Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.1) Updates `express` from 4.21.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.21.0...4.21.2) Updates `path-to-regexp` from 0.1.10 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.10...v0.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `axios` from 0.24.0 to 0.30.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.30.0/CHANGELOG.md) - [Commits](axios/axios@v0.24.0...v0.30.0) Updates `element-plus` from 1.2.0-beta.6 to 2.1.0 - [Release notes](https://github.com/element-plus/element-plus/releases) - [Changelog](https://github.com/element-plus/element-plus/blob/dev/CHANGELOG.en-US.md) - [Commits](element-plus/element-plus@1.2.0-beta.6...2.1.0) Updates `vite` from 2.9.9 to 6.3.5 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.5/packages/vite) Updates `unplugin-vue-components` from 0.17.21 to 28.5.0 - [Release notes](https://github.com/unplugin/unplugin-vue-components/releases) - [Commits](unplugin/unplugin-vue-components@v0.17.21...v28.5.0) Updates `@vitejs/plugin-vue` from 2.3.3 to 5.2.3 - [Release notes](https://github.com/vitejs/vite-plugin-vue/releases) - [Changelog](https://github.com/vitejs/vite-plugin-vue/blob/main/packages/plugin-vue/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-vue/commits/[email protected]/packages/plugin-vue) Updates `esbuild` from 0.14.39 to 0.25.4 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2022.md) - [Commits](evanw/esbuild@v0.14.39...v0.25.4) Updates `follow-redirects` from 1.15.0 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.0...v1.15.9) Updates `nanoid` from 3.3.3 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.3...3.3.11) Updates `postcss` from 8.4.13 to 8.5.3 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.13...8.5.3) Updates `rollup` from 2.73.0 to 3.29.5 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.73.0...v3.29.5) Updates `simple-git` from 1.132.0 to 3.27.0 - [Release notes](https://github.com/steveukx/git-js/releases) - [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md) - [Commits](https://github.com/steveukx/git-js/commits/[email protected]/simple-git) Updates `lint` from 0.7.0 to 0.8.19 - [Commits](https://github.com/omnilint/lint/commits) Removes `tough-cookie` Updates `lint` from 0.8.19 to 1.1.2 - [Commits](https://github.com/omnilint/lint/commits) --- updated-dependencies: - dependency-name: mongoose dependency-version: 6.13.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: element-plus dependency-version: 2.1.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: unplugin-vue-components dependency-version: 28.5.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@vitejs/plugin-vue" dependency-version: 5.2.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.25.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 3.29.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: simple-git dependency-version: 3.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lint dependency-version: 0.8.19 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lint dependency-version: 1.1.2 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 2 directories with 19 updates #49

Bump the npm_and_yarn group across 2 directories with 19 updates #49

Uh oh!

dependabot bot commented on behalf of github May 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 2 directories with 19 updates #49

Are you sure you want to change the base?

Bump the npm_and_yarn group across 2 directories with 19 updates #49

Uh oh!

Conversation

dependabot bot commented on behalf of github May 6, 2025

6.13.6 / 2025-01-13

6.13.6 / 2025-01-13

8.9.4 / 2025-01-09

8.9.3 / 2024-12-30

8.9.2 / 2024-12-19

8.9.1 / 2024-12-16

8.9.0 / 2024-12-13

0.7.1

0.7.0

4.21.2

What's Changed

4.21.1

What's Changed

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

Fix backtracking (again)

Error on bad input

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

Release v0.30.0

Release notes:

Bug Fixes

Contributors to this release

v0.29.0

Release notes:

Bug Fixes

Contributors to this release

Release v0.28.1

Release notes:

Release notes:

Bug Fixes

Release v0.28.0

Release notes:

Bug Fixes

Backports from v1.x:

0.30.0 (2025-03-26)

Release notes:

Bug Fixes

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

0.28.1 (2024-03-24)

Release notes:

Bug Fixes

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

Backports from v1.x:

2.1.0

Features

Bug fixes

Refactors

2.0.6

Features

Bug fixes

v6.3.5

v6.3.4

v6.3.3

v6.3.2

[email protected]

v6.3.1

[email protected]

v6.3.0

v6.3.0-beta.2

v6.3.0-beta.1

v6.3.0-beta.0

v6.2.7

v6.2.6

v6.2.5

v6.2.4

v6.2.3

v6.2.2