chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates by dependabot[bot] · Pull Request #6 · rickneves15/blog

dependabot · 2025-11-20T15:03:22Z

Bumps the npm_and_yarn group with 3 updates in the /server directory: @nestjs/common, @babel/runtime and js-yaml.
Bumps the npm_and_yarn group with 5 updates in the /web directory:

Package	From	To
@babel/runtime	`7.23.8`	`7.28.4`
js-yaml	`4.1.0`	`4.1.1`
axios	`1.7.4`	`1.12.0`
next	`14.1.1`	`14.2.32`
nanoid	`3.3.7`	`3.3.11`

Updates @nestjs/common from 10.3.0 to 10.4.16

Release notes

Sourced from @nestjs/common's releases.

v10.4.16

What's Changed

fix(common): introduce magic file type validator to nestjs common by @Chathula in nestjs/nest#14948

Full Changelog: nestjs/nest@v10.4.15...v10.4.16

v10.4.15 (2024-12-09)

Dependencies

platform-express

#14282 fix(deps): update dependency express to v4.21.2 (@renovate[bot])

v10.4.13 (2024-12-03)

Bug fixes

common

#14256 chore(common): Add type declaration for RawBody decorator with pipes (@sapenlei)

Dependencies

#14257 fix(deps): update dependency @fastify/static to v7.0.4 (@renovate[bot])

#14258 fix(deps): update dependency @nestjs/sequelize to v10.0.1 (@renovate[bot])

#14249 chore(deps): bump @apollo/gateway from 2.4.8 to 2.8.5 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])

#14250 chore(deps): update jest monorepo (@renovate[bot])

#14245 chore(deps): update dependency mqtt to v5.10.3 (@renovate[bot])

#14247 fix(deps): update nest monorepo to v10.4.12 (@renovate[bot])

#14251 chore(deps-dev): bump graphql-tools from 9.0.3 to 9.0.5 (@dependabot[bot])

#14246 chore(deps): update nest monorepo (@renovate[bot])

Committers: 3

Kamil Mysliwiec (@kamilmysliwiec)

Micael Levi L. Cavalcante (@micalevisk)

sapenlei (@sapenlei)

v10.4.12 (2024-11-29)

Bug fixes

common

#14241 fix(common): enforce string type in validationpipe (@LhonRafaat)

Dependencies

Other

#14243 chore(deps): update dependency @types/node to v20.17.9 (@renovate[bot])

#14240 chore(deps): update dependency @types/multer to v1.4.12 (@renovate[bot])

#14239 chore(deps): update dependency @types/chai to v4.3.20 (@renovate[bot])

#14237 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.2 (@renovate[bot])

#14236 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.2 (@renovate[bot])

#12253 fix(deps): update apollo graphql packages (@renovate[bot])

#14235 chore(deps-dev): bump @commitlint/config-angular from 19.5.0 to 19.6.0 (@dependabot[bot])

#14233 chore(deps): update nest monorepo (@renovate[bot])

... (truncated)

Commits

6c8aec6 chore(@nestjs) publish v10.4.16 release
2b9e132 chore: update outdated tests, make file-type optional
cb0d650 chore: remove duplicate packages
6196ab2 Merge branch 'Chathula-fix-nestjs-common-mime-validator'
0ac7959 chore: minor tweaks
312a54a Update packages/common/pipes/file/file-type.validator.ts
a28fc03 refactor(common): move back file type validator options type
07b4b38 refactor(common): move file-type package to peer dependencies
0b7af8a refactor(common): refactor code to use simple eval
6953b7a fix(common): used eval import
Additional commits viewable in compare view

Updates @babel/runtime from 7.23.8 to 7.28.4

Release notes

Sourced from @babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

Babel Bot (@babel-bot)

Bill Collins (@mrginglymus)

Glenn Willen (@gwillen)

Huáng Jùnliàng (@JLHwung)

@liuxingbaoyu

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

Committers: 5

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Jam Balaya (@JamBalaya56562)

Nicolò Ribaudo (@nicolo-ribaudo)

easrng (@easrng)

... (truncated)

Changelog

Sourced from @babel/runtime's changelog.

v7.28.4 (2025-09-05)

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types

#17493 Update Jest to v30.1.1 (@JLHwung)

babel-plugin-transform-regenerator

#17455 chore: Clean up transform-regenerator (@liuxingbaoyu)

babel-core

#17474 Switch to @jridgewell/remapping (@mrginglymus)

v7.28.3 (2025-08-14)

👓 Spec Compliance

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env

#17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

babel-parser

#17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)

#17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

babel-plugin-transform-regenerator, babel-plugin-transform-runtime

#17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

#17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

#17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions

#17444 Optimize do expression output (@JLHwung)

v7.28.2 (2025-07-24)

🐛 Bug Fix

babel-types

#17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator

#17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

babel-types

#17422 Add missing FunctionParameter docs (@JLHwung)

... (truncated)

Commits

35055e3 v7.28.4
ef155f5 v7.28.3
cac0ff4 v7.28.2
f68ac51 chore: Avoid CITGM errors (#17382)
baa4cb8 v7.27.6
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
da5e371 v7.27.3
Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates cookie from 0.5.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

1faf228 4.21.2
2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
59fc270 deps: path-to-regexp@0.1.11 (#5956)
51fc39c docs: add funding (#6065)
8e229f9 4.21.1
a024c8a fix(deps): cookie@0.7.1
7e562c6 4.21.0
1bcde96 fix(deps): qs@6.13.0 (#5946)
7d36477 fix(deps): serve-static@1.16.2 (#5951)
40d2d8f fix(deps): finalhandler@1.3.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

Fix prototype pollution issue in yaml merge (<<) operator.

Commits

cc482e7 4.1.1 released
50968b8 dist rebuild
d092d86 lint fix
383665f fix prototype pollution in merge (<<)
0d3ca7a README.md: HTTP => HTTPS (#678)
49baadd doc: 'empty' style option for !!null
ba3460e Fix demo link (#618)
See full diff in compare view

Updates multer from 1.4.4-lts.1 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

What's Changed

add Arabic translation for README .. by @3imed-jaberi in expressjs/multer#762

Update README.md to fix issue #1114 by @Mohamed-Abdelfattah in expressjs/multer#1169

Improved documentation translation to Spanish by @juliomontenegro in expressjs/multer#1174

Translated to french by @AlanLg in expressjs/multer#1182

Improve the Brazilian Portuguese translation by @vitorRibeiro7 in expressjs/multer#1204

doc: uzbek language by @eugene0928 in expressjs/multer#1232

Fix a mistake with README-pt-br.md by @Igor-CA in expressjs/multer#1251

Update in Readme-pt-br and fix in Readme-ko by @carlosstenzel in expressjs/multer#1252

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/multer#1260

ci: replace travis with github action by @inigomarquinez in expressjs/multer#1259

docs: improve readability by @Sreejit-Sengupto in expressjs/multer#1255

test: add test for out-of-band error event by @LinusU in expressjs/multer#1294

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/multer#1290

Documentation: remove unfortunate abbreviation from readme by @MaddyGuthridge in expressjs/multer#1299

ci: use ubuntu-latest as default runner by @UlisesGascon in expressjs/multer#1308

ci: add CodeQL (SAST) by @bjohansebas in expressjs/multer#1289

Update readme badges by @bjohansebas in expressjs/multer#1268

📝 fix changelog information by @ctcpip in expressjs/multer#1316

master -> v2 by @ctcpip in expressjs/multer#1317

chore: fix typo by @saucecodee in expressjs/multer#993

Remove --save from README by @username1001 in expressjs/multer#929

feat - update link badge in docs by @carlosstenzel in expressjs/multer#1273

ci: change branch reference by @UlisesGascon in expressjs/multer#1319

♻️ use version tag for CI, fix CI badge, fix references to master/main by @ctcpip in expressjs/multer#1324

deps: update dependencies to latest versions by @bjohansebas in expressjs/multer#1328

📝 list languages in table to prevent GH right-aligning list due to RTL language by @ctcpip in expressjs/multer#1325

[StepSecurity] Apply security best practices by @step-security-bot in expressjs/multer#1311

New Contributors

@3imed-jaberi made their first contribution in expressjs/multer#762

@Mohamed-Abdelfattah made their first contribution in expressjs/multer#1169

@juliomontenegro made their first contribution in expressjs/multer#1174

@AlanLg made their first contribution in expressjs/multer#1182

@vitorRibeiro7 made their first contribution in expressjs/multer#1204

@eugene0928 made their first contribution in expressjs/multer#1232

@Igor-CA made their first contribution in expressjs/multer#1251

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

Fix out-of-band error event from busboy (#1177)

1.4.5-lts.1

No changes

Commits

e5db9ca 🔖 2.0.2
adfeaf6 🥅 improve error handling
e259a7e 🔖 2.0.1
35a3272 Fixes expressjs/multer#1233. Makes multer handle mi...
f897007 ci: apply security best practices (#1311)
061f4cb 📝 list languages in table to prevent GH right-aligning list due to RTL language
854d769 deps: update dependencies to latest versions (#1328)
256da2f ♻️ use version tag for CI, fix CI badge, fix references to master/main
dd9dde4 📝 fix badges in translation files (#1321)
dc2a880 ci: change branch reference
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

640e694 0.1.12
f01c26a Merge commit from fork
0c71192 0.1.11
8f09549 Add error on bad input values
c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
bdb6635 0.1.9
c4272e4 Allow a non-lookahead regex (#312)
51a1955 0.1.8
Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

@UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

9d2db99 0.19.0
ae4f298 Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

encodeurl@~2.0.0 by @wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

bump send to 0.19 by @tommasini in expressjs/serve-static#176

New Contributors

@tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

@UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

deps: send@0.19.0

1.16.0 / 2024-09-10

Remove link renderization in html while redirecting

Commits

ec9c5ec 1.16.2
f454d37 fix(deps): encodeurl@~2.0.0
77a8255 1.16.1
4263f49 fix(deps): send@0.19.0
48c7397 1.16.0
0c11fad Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates @babel/runtime from 7.23.8 to 7.28.4

Release notes

Sourced from @babel/runtime's releases.

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types...
Description has been truncated

… updates Bumps the npm_and_yarn group with 3 updates in the /server directory: [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common), [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) and [js-yaml](https://github.com/nodeca/js-yaml). Bumps the npm_and_yarn group with 5 updates in the /web directory: | Package | From | To | | --- | --- | --- | | [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.23.8` | `7.28.4` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [axios](https://github.com/axios/axios) | `1.7.4` | `1.12.0` | | [next](https://github.com/vercel/next.js) | `14.1.1` | `14.2.32` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` | Updates `@nestjs/common` from 10.3.0 to 10.4.16 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.4.16/packages/common) Updates `@babel/runtime` from 7.23.8 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `cookie` from 0.5.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.5.0...v0.7.1) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `multer` from 1.4.4-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.4-lts.1...v2.0.2) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `@babel/runtime` from 7.23.8 to 7.28.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `axios` from 1.7.4 to 1.12.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.4...v1.12.0) Updates `next` from 14.1.1 to 14.2.32 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.1.1...v14.2.32) Updates `form-data` from 4.0.0 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.5) Updates `nanoid` from 3.3.7 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.11) --- updated-dependencies: - dependency-name: "@nestjs/common" dependency-version: 10.4.16 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 14.2.32 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates#6

chore(deps): bump the npm_and_yarn group across 2 directories with 14 updates#6
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/server/npm_and_yarn-71e13ca307

dependabot bot commented on behalf of github Nov 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Nov 20, 2025

v10.4.16

What's Changed

v10.4.15 (2024-12-09)

Dependencies

v10.4.13 (2024-12-03)

Bug fixes

Dependencies

Committers: 3

v10.4.12 (2024-11-29)

Bug fixes

Dependencies

v7.28.4 (2025-09-05)

🏠 Internal

Committers: 5

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 5

v7.28.4 (2025-09-05)

🏠 Internal

v7.28.3 (2025-08-14)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.28.2 (2025-07-24)

🐛 Bug Fix

v7.28.1 (2025-07-12)

🐛 Bug Fix

📝 Documentation

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

0.7.1

0.7.0

0.6.0

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.20.0

What's Changed

Important

Other Changes

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

[4.1.1] - 2025-11-12

Security

v2.0.2

Important

v2.0.1

Important

What's Changed

New Contributors

2.0.2

2.0.1

2.0.0

1.4.5-lts.2

1.4.5-lts.1

Fix backtracking (again)

Support named matching groups in `RegExp`