Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• [email protected] by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]

... (truncated)

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 [email protected] (#5902)
• 2a980ad [email protected] (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: [email protected] (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• e8fb281 Test prototype pollution on unflatten
• 6e95c43 Add node 10 & 12 to travis config.
• See full diff in compare view

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Sourced from got's releases.

v14.4.4

• Fix support for AbortSignal#timeout() (#2388) 92b378e

sindresorhus/got@v14.4.3...v14.4.4

v14.4.3

• Fix cache with HTTP2 (#2380) f2f8cb2

sindresorhus/got@v14.4.2...v14.4.3

v14.4.2

• Fix handling of invalid arguments (#2367) f44ef43

sindresorhus/got@v14.4.1...v14.4.2

v14.4.1

• Fix missing dependency dfc54d9

sindresorhus/got@v14.4.0...v14.4.1

v14.4.0

• Improve TypeScript types with generic extend (#2353) 15ca4a0

sindresorhus/got@v14.3.0...v14.4.0

v14.3.0

• Update dependencies dbab6c3

sindresorhus/got@v14.2.1...v14.3.0

v14.2.1

• Fix error handling when UTF-8 decoding fails (#2336) c81a611

sindresorhus/got@v14.2.0...v14.2.1

v14.2.0

• Add cause property with the original error to RequestError (#2327) 4cbd01d

sindresorhus/got@v14.1.0...v14.2.0

v14.1.0

• Allow typing the body of a RequestError response (#2325) 5e4f6ff

sindresorhus/got@v14.0.0...v14.1.0

v14.0.0

Breaking

• Require Node.js 20 (#2313) a004263
  • Why not target the oldest active Node.js LTS, which is Node.js 18? I usually strictly follow this convention in my packages. However, this package is the exception because the HTTP part of Node.js is consistently buggy, and I don't have time to work around issues in older Node.js releases. I you need to still support Node.js 18, I suggest staying on Got v13, which is quite stable. Node.js 18 will be out of active LTS in 5 months.

... (truncated)

• 3034c2f 14.4.4
• 92b378e Fix support for AbortSignal#timeout() (#2388)
• f4f3ba8 14.4.3
• f145b09 Update dependencies
• f2f8cb2 Fix cache with HTTP2 (#2380)
• 9ab4cf9 Fix 404 links related to cacheable-request (#2379)
• 89b7fdf Fix docs typo (#2378)
• 895e463 Update HTTP/2 support info for Ky (#2374)
• 3a06919 Use built-in delay method (#2373)
• d276dc9 Meta tweaks
• Additional commits viewable in compare view

Sourced from domwaiter's releases.

v1.4.0

1.4.0 (2022-09-26)

Features

• Release from main (4f01a05)
• Update default branch (b9017cc)

v1.3.0

1.3.0 (2020-07-26)

Features

• add parseDOM option (#7) (18fc27a)

v1.2.0

1.2.0 (2020-07-25)

Features

• emit beforePageLoad event (#6) (2c9fb43)

• 4f01a05 feat: Release from main
• b9017cc feat: Update default branch
• f535e19 1.4.0
• 692ed34 0.0.1
• c416e20 0.0.0
• d5b82c7 Update got, add MIT license
• 18fc27a feat: add parseDOM option (#7)
• 2c9fb43 feat: emit beforePageLoad event (#6)
• See full diff in compare view

Sourced from nodemon's releases.

v2.0.22

2.0.22 (2023-03-22)

Bug Fixes

• remove ts mapping if loader present (f7816e4), closes #2083

v2.0.21

2.0.21 (2023-03-02)

Bug Fixes

• remove ts mapping if loader present (1468397), closes #2083

v2.0.20

2.0.20 (2022-09-16)

Bug Fixes

• remove postinstall script (e099e91)

v2.0.19

2.0.19 (2022-07-05)

Bug Fixes

• Replace update notifier with simplified deps (#2033) (176c4a6), closes #1961 #2028

v2.0.18

2.0.18 (2022-06-23)

Bug Fixes

• revert update-notifier forcing esm (1b3bc8c)

v2.0.17

2.0.17 (2022-06-23)

Bug Fixes

• bump update-notifier to v6.0.0 (#2029) (0144e4f)
• update packge-lock (27e91c3)

v2.0.16

... (truncated)

• c971fdc Merge branch 'main' of github.com:remy/nodemon
• b9679a2 chore: supporters
• f7816e4 fix: remove ts mapping if loader present
• 9f3ffdb One more fix
• abc8522 Get rid of spawning shell windows if nodemon is started without console.
• b11ddd1 Merge branch 'main' of github.com:remy/nodemon
• 204af11 chore: missing supporters
• 1468397 fix: remove ts mapping if loader present
• 26b1f0f chore: add conventional commit check
• adaafa1 One more fix
• Additional commits viewable in compare view

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• See full diff in compare view

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Sourced from airtable's releases.

v0.12.2

Fix invalid URL error in abort-controller

v0.12.1

• Add recordMetadata param to table.select(params) in order to fetch comment counts, available as record.commentCount.

v0.11.6

• Remove behavior of including AIRTABLE_API_KEY in airtable.browser.js via envify
• Add web worker compatibility

v0.11.5

• Update select() and list() to support to use POST endpoint when GET url length would exceed Airtable's 16k character limit
• Update select() and list() to explicitly choose to use GET or POST endpoint via new 'method' arg

v0.11.4

Add support for returnFieldsByFieldId param.

v0.11.3

Adds a UMD build to use for browser-targeted builds. This fixes an issue where other apps that use airtable.js as a dependency were bundling code that expects to run in a node environment when building for a browser enviornment.

v0.11.2

Bump NPM package versions (Airtable/airtable.js#276 , Airtable/airtable.js#281 , Airtable/airtable.js#293 , Airtable/airtable.js#296 , Airtable/airtable.js#297 , Airtable/airtable.js#298 )

v0.11.1

Bump NPM package versions (#250, #253, #266, #267, #268)

v0.11.0

• Add support for custom headers
• Allow requestTimeout to be configured like other AirtableOptions
• Fix type warnings

v0.10.1

• Fix error handler in updating an array (#223)
• Fix binding fetch to window (#235)
• Update lodash and node-fetch dependencies
• Widen @​types/node dependency

v0.10.0

• Convert to TypeScript. The project now comes with .d.ts typescript definition files.

Sourced from airtable's changelog.

v0.12.2

• Fix invalid URL error in abort-controller

v0.12.1

• Add recordMetadata param to table.select(params) in order to fetch comment counts, available as record.commentCount.

v0.11.6

• Remove behavior of including AIRTABLE_API_KEY in airtable.browser.js via envify
• Add web worker compatibility

v0.11.5

• Update select() and list() to support to use POST endpoint when GET url length would exceed Airtable's 16k character limit
• Update select() and list() to explicitly choose to use GET or POST endpoint via new 'method' arg

v0.11.4

• Add support for returnFieldsByFieldId param.

v0.11.3

• Add a UMD build to use for browser-targeted builds. This fixes an issue where other apps that use airtable.js as a dependency were bundling code that expects to run in a node environment when building for a browser enviornment.

v0.11.2

• Bump NPM package versions (#276, #281, #293, #296, #297, #298)

v0.11.1

• Bump NPM package versions (#250, #253, #266, #267, #268)

v0.11.0

• Add support for custom headers
• Allow requestTimeout to be configured like other AirtableOptions
• Fix type warnings

v0.10.1

• Fix error handler in updating an array (#223)
• Fix binding fetch to window (#235)
• Update lodash and node-fetch dependencies
• Widen @​types/node dependency

v0.10.0

• Convert to TypeScript. The project now comes with .d.ts typescript definition files.

• c4c8f0e v0.12.2
• aa1cd32 Merge pull request #380 from NabeelFarooqui-at/NabeelFarooqui-run-prepare-abo...
• d0ed278 run prepare
• 1b43e7d Fix invalid URL in Request constructor (#372)
• 7dbfd5d v0.12.1 (#371)
• 2b2902a Add support for recordMetadata param (#370)
• 2d36eb6 Merge pull request #330 from Airtable/v0.11.6
• b468d8f v0.11.6
• 560b466 Update README.md with personal access token, OAuth and new docs links (#329)
• ccefdcc Merge pull request #326 from Airtable/v0.11.5
• Additional commits viewable in compare view

This version was pushed to npm by nabeelairtable, a new releaser for airtable since your current version.

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Sourced from pa11y-ci's changelog.

2.4.2 (2021-06-28)

• If Chrome crashes during startup, pa11y-ci will now retry to launch Chrome once before bailing out instead of giving up straight away
• Add Docker examples to documentation
• Reduce size of npm package (thanks @​mfranzke)

2.4.1 (2021-04-25)

• Upgrades pa11y to the latest 5.3.1 version
• Fix a bug related to having to download puppeteer twice since pa11y 5.3.1 was release (#131)

2.4.0 (2020-08-18)

• Adds support for parsing sitemapindex (Thanks @​42tte)
• Better test coverage (Thanks @​kkoskelin)
• Updated dependencies and devDependencies
• Less eslint warnings
• Restrict dependency upgrades to bugfixes to avoid potential breakages when updating or integrating with other apps
• Minor documentation improvements and fixes

2.3.1 (2020-08-17)

Add missing puppeteer dependency

• 9de41f3 Version 2.4.2
• 7cb5bd8 Replace npmignore with allow list for consistency
• fefa70b Retry launching browser if first time fails
• 6846233 Adds example of running pa11y-ci in Docker (#137)
• 00ac4f9 refactor(npm): remove unnecessary files from package (#126)
• 18f1e60 Version 2.4.1 (#135)
• d0843ab Pin puppeteer version to avoid downloading twice (#134)
• 830d5a6 Update integration tests to remove DNS dependencies (#133)
• cda8b5a Replace Travis with GH Actions
• 7da3907 Version 2.4.0 (#119)
• Additional commits viewable in compare view

This version was pushed to npm by joseluisbolos, a new releaser for pa11y-ci since your current version.

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Sourced from async's changelog.

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

• acc084e Version 3.2.2
• acd7316 Update built files
• b50d648 update changelog for 3.2.2
• e1ecdbf Fix prototype pollution vulnerability
• fc9ba65 Fix(docs): use plural callbacks word in lib/map.js (#1765)
• b1b69b0 regen docs
• cac52e3 update changelog
• d1af045 Version 3.2.1
• b31840e Update built files
• 159a119 Enhance examples for Collections methods. (#1726)
• Additional commits viewable in compare view

Sourced from aws-sdk's changelog.

2.814.0

• bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to proto
• feature: EC2: EBS io2 volumes now supports Multi-Attach
• feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression.
• feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API.

2.813.0

• feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config
• feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM)
• feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances
• feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder.
• feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response
• feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53.
• feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
• feature: SQS: Amazon SQS adds queue attributes to enabl...

  Description has been truncated