Bump the npm_and_yarn group across 1 directory with 25 updates #1

dependabot · 2025-05-17T18:51:43Z

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
express	`4.17.0`	`4.20.0`
highlight.js	`9.15.8`	`10.4.1`
semver	`5.7.0`	`5.7.2`
rollup	`1.12.2`	`2.79.2`
@babel/helpers	`7.4.4`	`7.27.1`
@babel/runtime	`7.4.4`	`7.27.1`
@babel/traverse	`7.4.4`	`7.27.1`
ajv	`6.10.0`	`6.12.6`
async	`2.6.2`	`2.6.4`
bl	`1.2.2`	`1.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
dot-prop	`4.2.0`	`4.2.1`
fsevents	`1.2.9`	`1.2.13`
handlebars	`4.1.2`	`4.7.8`
ini	`1.3.5`	`1.3.8`
path-parse	`1.0.6`	`1.0.7`
tmpl	`1.0.4`	`1.0.5`
undefsafe	`2.0.2`	`2.0.5`
ws	`5.2.2`	`5.2.4`
y18n	`3.2.1`	`3.2.2`

Updates express from 4.17.0 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

... (truncated)

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates highlight.js from 9.15.8 to 10.4.1

Release notes

Sourced from highlight.js's releases.

10.4.1

Security fixes:

(fix) Exponential backtracking fixes for: Josh Goebel

cpp

handlebars

gams

perl

jboss-cli

r

erlang-repl

powershell

routeros

(fix) Polynomial backtracking fixes for: Josh Goebel

asciidoc

reasonml

latex

kotlin

gcode

d

aspectj

moonscript

coffeescript/livescript

csharp

scilab

crystal

elixir

basic

ebnf

ruby

fortran/irpf90

livecodeserver

yaml

x86asm

dsconfig

markdown

ruleslanguage

xquery

sqf

Very grateful to Michael Schmidt for all the help.

10.4.0 - November 2020

A largish release with many improvements and fixes from quite a few different contributors. Enjoy!

Deprecations:

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Version 10.4.1 (tentative)

Security

(fix) Exponential backtracking fixes for: Josh Goebel

cpp

handlebars

gams

perl

jboss-cli

r

erlang-repl

powershell

routeros

(fix) Polynomial backtracking fixes for: Josh Goebel

asciidoc

reasonml

latex

kotlin

gcode

d

aspectj

moonscript

coffeescript/livescript

csharp

scilab

crystal

elixir

basic

ebnf

ruby

fortran/irpf90

livecodeserver

yaml

x86asm

dsconfig

markdown

ruleslanguage

xquery

sqf

Very grateful to Michael Schmidt for all the help.

Version 10.4.0

A largish release with many improvements and fixes from quite a few different contributors. Enjoy!

... (truncated)

Commits

e96b915 bump 10.4.1
065f65f chore(release) allow release script to handle production releases
68509fc chore(docs) bump SECURITY mention to 9.18.5
aa0fb85 chore(docs) Version 9 has reached EOL.
fb0a626 enh(ci): Add tests for polynomial regex issues
fa46dd1 fix(reasonml) fix poly backtracking issue
d496052 fix(latex) fix poly backtracking issue
d9f1cdb fix(javascript/typescript) fix poly backtracking issue
fdec037 fix(asciidoc) fix poly backtracking issue
02ca487 fix(kotlin) fix poly backtracking issue
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by joshgoebel, a new releaser for highlight.js since your current version.

Updates semver from 5.7.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
c83c18c 5.7.1
956e228 Correct typo in README
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates rollup from 1.12.2 to 2.79.2

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

3.29.5

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5670: refactor: Use object.prototype to check for reserved properties (@YuHyeonWook)

#5671: Fix DOM Clobbering CVE (@lukastaegert)

4.22.3

2024-09-21

Bug Fixes

Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

#5669: Ensure impure dependencies of pure modules are added (@lukastaegert)

4.22.2

... (truncated)

Commits

c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
69ff418 2.79.1
04dce1b Update changelog
159137e fix: typo docs and contributors link in CONTRIBUTING.md (#4639)
e1392b3 Update type definition of resolveId (#4641)
7836357 Improve performance of chunk naming collision check (#4643)
71d20c9 Reduce permissions for repl-artefacts.yml workflow (#4630)
8193ea5 Adapt workflow to use Node 14 sub-version to work with branch protection
8477f8f 2.79.0
Additional commits viewable in compare view

Updates @babel/helpers from 7.4.4 to 7.27.1

Release notes

Sourced from @babel/helpers's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
b1f9184 Reduce interopRequireWildcard size (#16538)
9c351e5 Use class and add type definitions for regenerator (#17220)
0f95b74 Reduce regeneratorRuntime size (#17213)
317e332 Enforce node protocol import (#17207)
14ef1e9 Babel 8 cleanup (#17211)
97105cb Re-convert regeneratorRuntime to helper format (#17205)
1b93b0c Move regenerator files to the relevant packages (#17205)
b953a8f Remove bundled regeneratorRuntime helper (#17205)
6874c25 Prepare LICENSE files for incorporating regenerator (#17205)
Additional commits viewable in compare view

Updates @babel/runtime from 7.4.4 to 7.27.1

Release notes

Sourced from @babel/runtime's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
296cdc5 Remove unused regenerator-runtime dep in @babel/runtime (#17263)
fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
5c350ea v7.27.0
ca4865a Fix: align behaviour to tsc rewriteRelativeImportExtensions (#17118)
e1ce99d v7.26.10
d5952e8 Fix processing of replacement pattern with named capture groups (#17173)
64bca7b v7.26.9
2d95140 v7.26.7
63d3038 v7.26.0
Additional commits viewable in compare view

Updates @babel/traverse from 7.4.4 to 7.27.1

Release notes

Sourced from @babel/traverse's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evalua...
Description has been truncated

Bumps the npm_and_yarn group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.17.0` | `4.20.0` | | [highlight.js](https://github.com/highlightjs/highlight.js) | `9.15.8` | `10.4.1` | | [semver](https://github.com/npm/node-semver) | `5.7.0` | `5.7.2` | | [rollup](https://github.com/rollup/rollup) | `1.12.2` | `2.79.2` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.4.4` | `7.27.1` | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.4.4` | `7.27.1` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.4.4` | `7.27.1` | | [ajv](https://github.com/ajv-validator/ajv) | `6.10.0` | `6.12.6` | | [async](https://github.com/caolan/async) | `2.6.2` | `2.6.4` | | [bl](https://github.com/rvagg/bl) | `1.2.2` | `1.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [dot-prop](https://github.com/sindresorhus/dot-prop) | `4.2.0` | `4.2.1` | | [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.1.2` | `4.7.8` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | | [undefsafe](https://github.com/remy/undefsafe) | `2.0.2` | `2.0.5` | | [ws](https://github.com/websockets/ws) | `5.2.2` | `5.2.4` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` | Updates `express` from 4.17.0 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.0...4.20.0) Updates `highlight.js` from 9.15.8 to 10.4.1 - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/main/CHANGES.md) - [Commits](highlightjs/highlight.js@9.15.8...10.4.1) Updates `semver` from 5.7.0 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.0...v5.7.2) Updates `rollup` from 1.12.2 to 2.79.2 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v1.12.2...v2.79.2) Updates `@babel/helpers` from 7.4.4 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-helpers) Updates `@babel/runtime` from 7.4.4 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-runtime) Updates `@babel/traverse` from 7.4.4 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-traverse) Updates `ajv` from 6.10.0 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.0...v6.12.6) Updates `async` from 2.6.2 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.2...v2.6.4) Updates `bl` from 1.2.2 to 1.2.3 - [Release notes](https://github.com/rvagg/bl/releases) - [Changelog](https://github.com/rvagg/bl/blob/master/CHANGELOG.md) - [Commits](rvagg/bl@v1.2.2...v1.2.3) Updates `body-parser` from 1.19.0 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.0...1.20.3) Updates `cookie` from 0.4.0 to 0.6.0 - [Release notes](https://github.com/jshttp/cookie/releases) - [Changelog](https://github.com/jshttp/cookie/blob/v0.6.0/HISTORY.md) - [Commits](jshttp/cookie@v0.4.0...v0.6.0) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `dot-prop` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/sindresorhus/dot-prop/releases) - [Commits](sindresorhus/dot-prop@v4.2.0...v4.2.1) Updates `fsevents` from 1.2.9 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) Updates `handlebars` from 4.1.2 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.7.8) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `send` from 0.17.1 to 0.18.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.18.0) Updates `serve-static` from 1.14.1 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...1.16.0) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `undefsafe` from 2.0.2 to 2.0.5 - [Release notes](https://github.com/remy/undefsafe/releases) - [Commits](remy/undefsafe@v2.0.2...v2.0.5) Updates `ws` from 5.2.2 to 5.2.4 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.2...5.2.4) Updates `y18n` from 3.2.1 to 3.2.2 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) --- updated-dependencies: - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: highlight.js dependency-version: 10.4.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.79.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.12.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bl dependency-version: 1.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dot-prop dependency-version: 4.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-version: 1.2.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-version: 4.7.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-version: 1.3.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-parse dependency-version: 1.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.18.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-version: 1.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undefsafe dependency-version: 2.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 5.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-version: 3.2.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Uh oh!

dependabot bot commented on behalf of github May 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 1 directory with 25 updates #1

Uh oh!

Conversation

dependabot bot commented on behalf of github May 17, 2025

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

10.4.1

10.4.0 - November 2020

Version 10.4.1 (tentative)

Version 10.4.0

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v.2.79.2

2.79.2

Bug Fixes

Pull Requests

2.79.2

Bug Fixes

Pull Requests

3.29.5

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

Pull Requests

4.22.3

Bug Fixes

Pull Requests

4.22.2

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone