[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 14 updates by dependabot[bot] · Pull Request #1935 · CenturyLink/Chi

dependabot · 2026-02-02T07:17:04Z

Bumps the all-dependencies group with 14 updates in the / directory:

Package	From	To
@babel/preset-env	`7.28.0`	`7.29.0`
@types/node	`24.1.0`	`25.2.0`
autoprefixer	`10.4.23`	`10.4.24`
chokidar	`4.0.3`	`5.0.0`
cors	`2.8.5`	`2.8.6`
cross-env	`7.0.3`	`10.1.0`
cypress	`14.5.3`	`15.9.0`
dayjs	`1.11.13`	`1.11.19`
express	`5.1.0`	`5.2.1`
express-rate-limit	`7.5.1`	`8.2.1`
ora	`8.2.0`	`9.1.0`
sass	`1.89.2`	`1.97.3`
ssri	`12.0.0`	`13.0.0`
@rollup/rollup-linux-x64-gnu	`4.46.1`	`4.57.1`

Updates @babel/preset-env from 7.28.0 to 7.29.0

Release notes

Sourced from @babel/preset-env's releases.

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

... (truncated)

Commits

aa8394e v7.29.0
0053db6 Update polyfill packages (#17727)
f3a2226 [babel 7] Delete Babel 8 fixtures (#17729)
d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
61647ae v7.28.5
42cb285 Improve @babel/core types (#17404)
ae363ae chore: Fix typo in variable name (#17535)
1edfcaa Update compat data (#17487)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/preset-env since your current version.

Updates @types/node from 24.1.0 to 25.2.0

Commits

See full diff in compare view

Updates autoprefixer from 10.4.23 to 10.4.24

Release notes

Sourced from autoprefixer's releases.

10.4.24

Made Autoprefixer a little faster (by @Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.24

Made Autoprefixer a little faster (by @Cherry).

Commits

36692c2 Release 10.4.24 version
67df014 Update dependencies
032440e perf: reduce array allocations (#1542)
See full diff in compare view

Updates chokidar from 4.0.3 to 5.0.0

Release notes

Sourced from chokidar's releases.

5.0.0

Make the package ESM-only. Reduces on-disk package size from ~150kb to ~80kb

Increase minimum node.js version to v20.19. The versions starting from it support loading esm files from cjs

fix: Make types more precise paulmillr/chokidar#1424

perf: re-use double slash regex paulmillr/chokidar#1435

Update readdirp to ESM-only v5

Lots of minor improvements in tests

Increase security of NPM releases. Switch to token-less Trusted Publishing, with help of jsbt

Switch compilation mode to isolatedDeclaration-based typescript for simplified auto-generated docs

New Contributors

@mhkeller made their first contribution in paulmillr/chokidar#1426

@btea made their first contribution in paulmillr/chokidar#1432

Full Changelog: paulmillr/chokidar@4.0.3...5.0.0

Commits

c0c8d20 Release 5.0.0.
b211cec Remove src from npm
8742246 Upgrade dev deps, jsbt, ci files. Upgrade readdirp to v5.
de5a34c Merge pull request #1442 from paulmillr/flaky-buns
c08a6c4 fix: throttle based on dir + target
0c55ab3 test: wait for explicit calls in directory test
ce81be5 perf: re-use double slash regex (#1435)
7d9c1ed Merge pull request #1433 from paulmillr/super-matrices
3915541 Merge pull request #1430 from paulmillr/esm-only
9308bed chore: use Nodejs 24 in CI (#1432)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chokidar since your current version.

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates cross-env from 7.0.3 to 10.1.0

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

add support for default value syntax (152ae6a)

For example:
"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",
If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

You're using a modern maintained version of Node.js (v20+ is tested)

You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

Replace Jest with Vitest for testing

Convert all source files from .js to .ts with proper TypeScript types

Use zshy for ESM-only builds (removes CJS support)

Adopt @epic-web/config for TypeScript, ESLint, and Prettier

Update to Node.js >=20 requirement

Remove kcd-scripts dependency

Add comprehensive e2e tests with GitHub Actions matrix testing

Update GitHub workflow with caching and cross-platform testing

Modernize documentation and remove outdated sections

Update all dependencies to latest versions

Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

152ae6a feat: add support ofr default value syntax
bd70d1a chore: upgrade zshy
8e0b190 chore(ci): get coverage
8635e80 fix(release): manually release a major version
3a58f22 chore: fix npmrc registry
b70bfff chore(ci): add names to steps and workflows
cc5759d fix(release): manually release a major version
080a859 chore: remove publish script
31e5bc7 chore(ci): restore built files
81e9c34 chore(ci): add back semantic-release
Additional commits viewable in compare view

Updates cypress from 14.5.3 to 15.9.0

Release notes

Sourced from cypress's releases.

v15.9.0

Changelog: https://docs.cypress.io/app/references/changelog#15-9-0

v15.8.2

Changelog: https://docs.cypress.io/app/references/changelog#15-8-2

v15.8.1

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

v15.7.1

Changelog: https://docs.cypress.io/app/references/changelog#15-7-1

v15.7.0

Changelog: https://docs.cypress.io/app/references/changelog#15-7-0

v15.6.0

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

v15.5.0

Changelog: https://docs.cypress.io/app/references/changelog#15-5-0

v15.4.0

Changelog: https://docs.cypress.io/app/references/changelog#15-4-0

v15.3.0

Changelog: https://docs.cypress.io/app/references/changelog#15-3-0

v15.2.0

Changelog: https://docs.cypress.io/app/references/changelog#15-2-0

v15.1.0

Changelog: https://docs.cypress.io/app/references/changelog#15-1-0

v15.0.0

Changelog: https://docs.cypress.io/app/references/changelog#15-0-0

v14.5.4

Changelog: https://docs.cypress.io/app/references/changelog#14-5-4

Commits

2b07fd1 chore: prepare 15.9.0 release (#33227)
9a8e52e chore: correct grammar & typos in CHANGELOG linting (#33225)
e0a7eec chore: enforce CHANGELOG release date MM/DD/YYYY format (#33224)
3de32cf chore: Remove unused exports/type exports + remove export from internal types...
b6ccf40 chore: Update v8 snapshot cache - darwin (#33223)
562be94 chore: Update v8 snapshot cache - windows (#33222)
a478a87 chore: Update v8 snapshot cache - linux (#33221)
5ea6549 chore(deps): update dependency fast-xml-parser to ^4.5.3 (#33216)
f25153a feat: experimentalRunAllSpecs for component testing (#32926)
530b0dd chore: Remove unused exports + remove 'export' from internal functions + fix ...
Additional commits viewable in compare view

Updates dayjs from 1.11.13 to 1.11.19

Release notes

Sourced from dayjs's releases.

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

added usage warnings for diff + updated unit tests (#2948) (269a7a9)

dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)

replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)

Updated Belarusian locale with relative time (#2656) (1d8746c)

v1.11.18

1.11.18 (2025-08-30)

Bug Fixes

error semantic-release dependency (8cfb313)

v1.11.17

1.11.17 (2025-08-29)

Bug Fixes

[en-AU] locale use the same ordinal as moment (#2878) (1b95ecd)

v1.11.16

1.11.16 (2025-08-29)

Bug Fixes

test release workflow (no code changes) (c38c428)

v1.11.15

1.11.15 (2025-08-28)

Bug Fixes

Fix misspellings in Irish or Irish Gaelic [ga] (#2861) (9c14a42)

v1.11.14

1.11.14 (2025-08-27)

Bug Fixes

.utcOffset(0, true) result and its clone are different bug (#2505) (fefdcd4)

Changelog

Sourced from dayjs's changelog.

1.11.19 (2025-10-31)

Bug Fixes

added usage warnings for diff + updated unit tests (#2948) (269a7a9)

dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)

replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)

Updated Belarusian locale with relative time (#2656) (1d8746c)

1.11.18 (2025-08-30)

Bug Fixes

error semantic-release dependency (8cfb313)

1.11.17 (2025-08-29)

Bug Fixes

[en-AU] locale use the same ordinal as moment (#2878) (1b95ecd)

1.11.16 (2025-08-29)

Bug Fixes

test release workflow (no code changes) (c38c428)

1.11.15 (2025-08-28)

Bug Fixes

Fix misspellings in Irish or Irish Gaelic [ga] (#2861) (9c14a42)

1.11.14 (2025-08-27)

Bug Fixes

.utcOffset(0, true) result and its clone are different bug (#2505) (fefdcd4)

Commits

02b7a5c chore(release): 1.11.19 [skip ci]
37193be Merge pull request #2950 from iamkun/dev
2db920b chore: update doc
4f72974 chore: update doc
0b36a07 chore: update doc
269a7a9 fix: added usage warnings for diff + updated unit tests (#2948)
9e3132e chore: update doc
84201e6 chore: update doc
80401e3 chore: update readme
88ad3fd test: Add unit test for Belarusian locale (#2934)
Additional commits viewable in compare view

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)
2f64f68 sec: security patch for CVE-2024-51999
ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
758d435 deps: body-parser@^2.2.1 (#6922)
77bcd52 docs: update emeritus triagers (#6890)
f33caf1 Nominate to @efekrskl for triage team (#6888)
Additional commits viewable in compare view

Updates express-rate-limit from 7.5.1 to 8.2.1

Release notes

Sourced from express-rate-limit's releases.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits

fe1604d 8.2.1
b11c05b Fix: don't warn for extra config from express-slow-down (#580)
3734733 8.2.0
962d737 feat: Unknown Options validation check (#578)
992c15c chore(deps-dev): bump the development-dependencies group with 3 updates (#579)
449a28a chore(deps-dev): bump the development-dependencies group across 1 directory w...
ceaff6f chore(deps-dev): bump @biomejs/biome from 2.2.5 to 2.2.6 (#574)
4fccb9e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#573)
b597770 Rework dependabot grouping
03e8336 chore(deps-dev): bump mintlify from 4.2.114 to 4.2.175 (#572)
Additional commits viewable in compare view

Updates ora from 8.2.0 to 9.1.0

Release notes

Sourced from ora's releases.

v9.1.0

Support external writes to stream (console.log) while spinning d2b543a

Replace strip-ansi dependency with native stripVTControlCharacters (#249)...
Description has been truncated

lumen-jenkins-prod · 2026-02-02T07:29:43Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/1/. ❌

lumen-jenkins-prod · 2026-02-05T13:23:32Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/2/. ❌

lumen-jenkins-prod · 2026-02-05T16:37:39Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/3/. ❌

lumen-jenkins-prod · 2026-02-12T14:08:12Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/4/. ❌

lumen-jenkins-prod · 2026-02-13T09:28:32Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/5/. ❌

lumen-jenkins-prod · 2026-02-13T11:16:28Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/6/. ❌

…y with 14 updates Bumps the all-dependencies group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.28.0` | `7.29.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.1.0` | `25.2.0` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.23` | `10.4.24` | | [chokidar](https://github.com/paulmillr/chokidar) | `4.0.3` | `5.0.0` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [cross-env](https://github.com/kentcdodds/cross-env) | `7.0.3` | `10.1.0` | | [cypress](https://github.com/cypress-io/cypress) | `14.5.3` | `15.9.0` | | [dayjs](https://github.com/iamkun/dayjs) | `1.11.13` | `1.11.19` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.2.1` | | [ora](https://github.com/sindresorhus/ora) | `8.2.0` | `9.1.0` | | [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.97.3` | | [ssri](https://github.com/npm/ssri) | `12.0.0` | `13.0.0` | | [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) | `4.46.1` | `4.57.1` | Updates `@babel/preset-env` from 7.28.0 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-preset-env) Updates `@types/node` from 24.1.0 to 25.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `autoprefixer` from 10.4.23 to 10.4.24 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.23...10.4.24) Updates `chokidar` from 4.0.3 to 5.0.0 - [Release notes](https://github.com/paulmillr/chokidar/releases) - [Commits](paulmillr/chokidar@4.0.3...5.0.0) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `cross-env` from 7.0.3 to 10.1.0 - [Release notes](https://github.com/kentcdodds/cross-env/releases) - [Changelog](https://github.com/kentcdodds/cross-env/blob/main/CHANGELOG.md) - [Commits](kentcdodds/cross-env@v7.0.3...v10.1.0) Updates `cypress` from 14.5.3 to 15.9.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v14.5.3...v15.9.0) Updates `dayjs` from 1.11.13 to 1.11.19 - [Release notes](https://github.com/iamkun/dayjs/releases) - [Changelog](https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md) - [Commits](iamkun/dayjs@v1.11.13...v1.11.19) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `express-rate-limit` from 7.5.1 to 8.2.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.5.1...v8.2.1) Updates `ora` from 8.2.0 to 9.1.0 - [Release notes](https://github.com/sindresorhus/ora/releases) - [Commits](sindresorhus/ora@v8.2.0...v9.1.0) Updates `sass` from 1.89.2 to 1.97.3 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.2...1.97.3) Updates `ssri` from 12.0.0 to 13.0.0 - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/main/CHANGELOG.md) - [Commits](npm/ssri@v12.0.0...v13.0.0) Updates `@rollup/rollup-linux-x64-gnu` from 4.46.1 to 4.57.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.46.1...v4.57.1) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-version: 7.29.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 25.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: autoprefixer dependency-version: 10.4.24 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: chokidar dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: cross-env dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: cypress dependency-version: 15.9.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: dayjs dependency-version: 1.11.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: express-rate-limit dependency-version: 8.2.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: ora dependency-version: 9.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: sass dependency-version: 1.97.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: ssri dependency-version: 13.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@rollup/rollup-linux-x64-gnu" dependency-version: 4.57.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

lumen-jenkins-prod · 2026-02-18T17:20:55Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1935/7/. ❌

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 2, 2026

dependabot bot requested a review from a team as a code owner February 2, 2026 07:17

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from 7991bf3 to 89e4ecb Compare February 5, 2026 13:10

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from 89e4ecb to c5e700c Compare February 5, 2026 16:15

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from c5e700c to 2b824a9 Compare February 12, 2026 13:43

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from 2b824a9 to 748ba69 Compare February 13, 2026 09:07

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from 748ba69 to 37cfef4 Compare February 13, 2026 10:56

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-ffa926387c branch from 37cfef4 to c92e9ce Compare February 18, 2026 17:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 14 updates#1935

[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 14 updates#1935
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot-npm_and_yarn-all-dependencies-ffa926387c

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading

Uh oh!

lumen-jenkins-prod bot commented Feb 2, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 5, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 5, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 12, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 13, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 13, 2026

Uh oh!

lumen-jenkins-prod bot commented Feb 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

10.4.24

10.4.24

5.0.0

New Contributors

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v10.1.0

10.1.0 (2025-09-29)

Features

v10.0.0

10.0.0 (2025-07-25)

BREAKING CHANGES

v15.9.0

v15.8.2

v15.8.1

v15.8.0

v15.7.1

v15.7.0

v15.6.0

v15.5.0

v15.4.0

v15.3.0

v15.2.0

v15.1.0

v15.0.0

v14.5.4

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

v1.11.18

1.11.18 (2025-08-30)

Bug Fixes

v1.11.17

1.11.17 (2025-08-29)

Bug Fixes

v1.11.16

1.11.16 (2025-08-29)

Bug Fixes

v1.11.15

1.11.15 (2025-08-28)

Bug Fixes

v1.11.14

1.11.14 (2025-08-27)

Bug Fixes

1.11.19 (2025-10-31)

Bug Fixes

1.11.18 (2025-08-30)

Bug Fixes

1.11.17 (2025-08-29)

Bug Fixes

1.11.16 (2025-08-29)

Bug Fixes

1.11.15 (2025-08-28)

Bug Fixes

1.11.14 (2025-08-27)

Bug Fixes

v5.2.1

What's Changed

v5.2.0

Important: Security

What's Changed

5.2.1 / 2025-12-01

5.2.0 / 2025-12-01

v8.2.1

v8.2.0

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading