build(deps): bump the npm_and_yarn group across 5 directories with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
firebase-tools	9.23.3	13.6.0
marked	2.1.3	4.0.10
requirejs	2.3.6	2.3.7
send	0.17.2	0.19.0
express	4.19.2	4.21.0
micromatch	4.0.7	4.0.8

Bumps the npm_and_yarn group with 2 updates in the /integration/harness-e2e-cli directory: body-parser and micromatch.
Bumps the npm_and_yarn group with 2 updates in the /integration/ng-add directory: body-parser and micromatch.
Bumps the npm_and_yarn group with 2 updates in the /integration/ng-add-standalone directory: body-parser and micromatch.
Bumps the npm_and_yarn group with 2 updates in the /integration/yarn-pnp-compat directory: body-parser and micromatch.

Updates firebase-tools from 9.23.3 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

• Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
• Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
• Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
• Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

• Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

• Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

• Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
• Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
• Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
• v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
• v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

• Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
• Fix demo projects + web frameworks with emulators (#6737)
• Fix Next.js static routes with server actions (#6664)
• Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
• Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

• Added new commands for managing Firestore backups and restoring databases. (#6778)
• Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

• Release Cloud Firestore emulator v1.19.1:
  • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
• Improve FAH onboarding flow to connect backends with SCMs (#6764).
• Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits

• f6b7d05 13.6.0
• a26c3d0 Ignore quota project in GCF source uploads (#6917)
• 476bd33 Update to PubSub emulator 0.8.2 (#6916)
• ccab9b7 Add Service Usage Consumer role to GitHub Actions service account (#6895)
• 4c1bd42 Switching a few more places to getters (#6914)
• 6950829 Fix "could not assert Secret Manager permissions" Cloud Build error (#6904)
• 4a17ca7 Refactor api.ts file constants to getters (#6913)
• c6d1615 Update Firestore Emulator version (#6912)
• 90b6506 Vector config support (#6900)
• dc13cb9 make fetchLinkableGitRepositories get all linkable git repositories (#6889)
• Additional commits viewable in compare view

Updates marked from 2.1.3 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

• security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

• retain line breaks in tokens properly (#2341) (a9696e2)

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

• spaces on a newline after a table (#2319) (f82ea2c)

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

• Fix every third list item broken (#2318) (346b162), closes #2314

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

• speed up parsing long lists (#2302) (e0005d8)

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

• table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• Additional commits viewable in compare view

Updates requirejs from 2.3.6 to 2.3.7

Commits

• 1874a29 Rev to 2.3.7
• 152f450 Merge pull request #1016 from requirejs/jr/1854-pollution
• ecc356a Fixes requirejs/requirejs#1854, pollution
• acec536 SECURITY.md
• See full diff in compare view

Updates semver from 7.6.2 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Commits

• 0a12d6c chore: release 7.6.3 (#720)
• 73a3d79 fix: optimize Range parsing and formatting (#726)
• 2975ece docs: fix extra backtick typo (#719)
• See full diff in compare view

Updates send from 0.17.2 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

0.18.0 / 2022-03-23

• Fix emitted 416 error missing headers property
• Limit the headers removed for 304 response
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• b69cbb3 0.18.0
• f53edbb Limit the headers removed for 304 response
• 706d6dd docs: add security policy
• b690ba4 docs: fix linux build badge link
• fed09ff docs: update copyright
• aee1a65 deps: [email protected]
• 6060bda deps: [email protected]
• 8055f78 build: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates @grpc/grpc-js from 1.6.12 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.22

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js@​1.8.21

• Fix propagation of UNIMPLEMENTED error messages (#2528)

@​grpc/grpc-js 1.8.20

• Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@​grpc/grpc-js 1.8.19

• Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@​grpc/grpc-js 1.8.18

• Fix reporting of call stacks in unary request errors (#2503)
• Fix reporting of proxy info in channelz socket responses (#2503)

@​grpc/grpc-js 1.8.17

• Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

• Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

• Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)
• Ensure status and error events are consistently emitted asynchronously (#2456)

@​grpc/grpc-js 1.8.14

• Fix sequencing of some events related to connectivity state changes (#2421)

@​grpc/grpc-js 1.8.13

• Fix memory leak in channelz socket tracking (#2394)

@​grpc/grpc-js@​1.8.12

• Fix an occasional type error when receiving DNS updates (#2380)
• Fix ordering of events when handing requests on the server (#2376 contributed by @​phoenix741)

@​grpc/grpc-js 1.8.11

• Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@​grpc/grpc-js 1.8.10

• Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@​grpc/grpc-js 1.8.9

• Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@​grpc/grpc-js 1.8.8

• Remove progress field in returned status object (#2350)
• Export InterceptingListener and NextCall types (#2351)
• Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

... (truncated)

Commits

• a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
• 3b110cd grpc-js: Bump to 1.8.22
• 8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
• 00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• 36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
• 969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
• f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
• ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• Additional commits viewable in compare view

Updates json-ptr from 2.2.0 to 3.1.1

Commits

• 1988f05 3.1.1
• 3292abf Update package.json export statements for TS 4.7 Node ESM Support (#54)
• 677a678 verified and fixed examples
• 02aa710 3.1.0
• 7702108 docs for v3.1.0
• 78e4a61 https for docs
• 1916627 recreate docs paths
• dfeb207 removed docs folder
• e7bd39d testing docs
• afa67f9 docs update
• Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates tar from 4.4.19 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to [email protected] by @​wesleytodd in expressjs/body-parser#527
• deps: [email protected] by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: [email protected] (#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• Description has been truncated

[YoutacRandS-VA]

A