Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 1 update#404

Merged
skanda890 merged 1 commit intomainfrom
dependabot/npm_and_yarn/Projects/JavaScript/code-compiler/npm_and_yarn-632f0598a2
Mar 28, 2026
Merged

chore(deps): bump the npm_and_yarn group across 2 directories with 1 update#404
skanda890 merged 1 commit intomainfrom
dependabot/npm_and_yarn/Projects/JavaScript/code-compiler/npm_and_yarn-632f0598a2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 28, 2026

Bumps the npm_and_yarn group with 1 update in the /Projects/JavaScript/code-compiler directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /Projects/JavaScript/math-calculator directory: path-to-regexp.

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fixed

Changed

  • Dedupes regex prefixes (pillarjs/path-to-regexp#422)
    • This will result in shorter regular expressions for some cases using optional groups
  • Rejects large optional route combinations (pillarjs/path-to-regexp#424)
    • When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

8.3.0

Changed

  • Add custom error class (#398) 2a7f2a4
  • Allow plain objects for TokenData (#391) 687a9bb
  • Escape text should escape backslash (#390) a4a8552
  • Improved error messages and stack size (#363) a6bdf40

Other

  • Minifying the parser
    • PR (#401) 9df2448
    • PR (#395) 4a91505
    • Shaving some bytes d63f44b
    • Remove optional operator 973d15c

pillarjs/path-to-regexp@v8.2.0...v8.3.0

Commits

Updates path-to-regexp from 8.2.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fixed

Changed

  • Dedupes regex prefixes (pillarjs/path-to-regexp#422)
    • This will result in shorter regular expressions for some cases using optional groups
  • Rejects large optional route combinations (pillarjs/path-to-regexp#424)
    • When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

8.3.0

Changed

  • Add custom error class (#398) 2a7f2a4
  • Allow plain objects for TokenData (#391) 687a9bb
  • Escape text should escape backslash (#390) a4a8552
  • Improved error messages and stack size (#363) a6bdf40

Other

  • Minifying the parser
    • PR (#401) 9df2448
    • PR (#395) 4a91505
    • Shaving some bytes d63f44b
    • Remove optional operator 973d15c

pillarjs/path-to-regexp@v8.2.0...v8.3.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 1 …
ed51812 
…update

Bumps the npm_and_yarn group with 1 update in the /Projects/JavaScript/code-compiler directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).
Bumps the npm_and_yarn group with 1 update in the /Projects/JavaScript/math-calculator directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp).


Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.2.0...v8.4.0)

Updates `path-to-regexp` from 8.2.0 to 8.4.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v8.2.0...v8.4.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 8.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 28, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Mar 28, 2026
edited
Loading

Deploy Preview for silver-entremet-633411 failed.

Name Link
🔨 Latest commit ed51812
🔍 Latest deploy log https://app.netlify.com/projects/silver-entremet-633411/deploys/69c79f547d0d1f0008468147

@codeant-ai
Copy link
Copy Markdown
Contributor

codeant-ai bot commented Mar 28, 2026

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@skanda890
Copy link
Copy Markdown
Owner

skanda890 commented Mar 28, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 28, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA ed51812.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/path-to-regexp 8.4.0 🟢 7.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
CI-Tests🟢 821 out of 24 merged PRs checked by a CI test -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7found 8 unreviewed changesets out of 29 -- score normalized to 7
Contributors🟢 1025 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 55 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 5
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected
npm/path-to-regexp 8.4.0 🟢 7.3
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
CI-Tests🟢 821 out of 24 merged PRs checked by a CI test -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7found 8 unreviewed changesets out of 29 -- score normalized to 7
Contributors🟢 1025 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 55 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 5
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 9security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 10no vulnerabilities detected

Scanned Files

  • Projects/JavaScript/code-compiler/package-lock.json
  • Projects/JavaScript/math-calculator/package-lock.json

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 28, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedsupertest@​6.3.49910010050100
Addedreadline-sync@​1.4.109910010075100
Added@​types/​node@​22.19.31001008195100
Addedmathjs@​15.1.0951001009070
Addeduuid@​9.0.110010010083100
Addedsocket.io@​4.8.110010010083100
Addedsocket.io@​4.8.310010010083100
Addedyjs@​14.0.0-810010010084100
Updatedbody-parser@​1.20.4 ⏵ 2.2.199 +110010085100
Addedvalidator@​13.15.2610010010086100
Addedsysteminformation@​5.31.58710010095100
Addedyargs@​18.0.0-candidate.79910010087100
Addedwinston@​3.9.09910010088100
Addedwinston@​3.19.09810010088100
Addedtypescript@​6.0.0-dev.202603241001009010090
Addedaxios@​1.13.59110010095100
Addedredis@​4.7.110010010092100
Updatedexpress@​4.22.1 ⏵ 5.2.098 +110010095 +8100

View full report

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@deepsource-io
Copy link
Copy Markdown
Contributor

deepsource-io bot commented Mar 28, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in 688770c...ed51812 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
Test coverage Mar 28, 2026 9:29a.m. Review ↗
Terraform Mar 28, 2026 9:29a.m. Review ↗
Swift Mar 28, 2026 9:29a.m. Review ↗
SQL Mar 28, 2026 9:29a.m. Review ↗
Shell Mar 28, 2026 9:29a.m. Review ↗
Secrets Mar 28, 2026 9:29a.m. Review ↗
Scala Mar 28, 2026 9:29a.m. Review ↗
Ruby Mar 28, 2026 9:29a.m. Review ↗
PHP Mar 28, 2026 9:29a.m. Review ↗
Kotlin Mar 28, 2026 9:29a.m. Review ↗
Go Mar 28, 2026 9:29a.m. Review ↗
Docker Mar 28, 2026 9:29a.m. Review ↗
Ansible Mar 28, 2026 9:29a.m. Review ↗
Rust Mar 28, 2026 9:29a.m. Review ↗
C# Mar 28, 2026 9:29a.m. Review ↗
C & C++ Mar 28, 2026 9:29a.m. Review ↗
Java Mar 28, 2026 9:29a.m. Review ↗
JavaScript Mar 28, 2026 9:29a.m. Review ↗
Python Mar 28, 2026 9:29a.m. Review ↗

@skanda890 skanda890 merged commit b30b8e2 into main Mar 28, 2026
47 of 72 checks passed
@skanda890 skanda890 deleted the dependabot/npm_and_yarn/Projects/JavaScript/code-compiler/npm_and_yarn-632f0598a2 branch March 28, 2026 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skanda890