Depfu

🚨 [security] Update express 4.17.1 → 4.22.0 (minor)

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ express (4.17.1 → 4.22.0) · Repo · Changelog

Security Advisories 🚨

🚨 express improperly controls modification of query properties

Impact

when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names

Important

the extended query parser is the default in express 4; this was changed in express 5 which by default uses the simple query parser

Patches

the issue has been patched to ensure request.query is a plain object so request.query no longer has object prototype properties. this brings the default behavior of extended query parsing in line with express's default simple query parser

Workaround

this only impacts users using extended query parsing ('query parser': 'extended'), which is the default in express 4, but not express 5. all users are encouraged to upgrade to the patched versions, but can otherwise work around this issue:

provide qs directly and specify plainObjects: true
app.set('query parser',
  function (str) {
    return qs.parse(str, {
      plainObjects: true
  });
});

🚨 express vulnerable to XSS via response.redirect()

Impact

In express <4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code

Patches

this issue is patched in express 4.20.0

Workarounds

users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist

Details

successful exploitation of this vector requires the following:

The attacker MUST control the input to response.redirect()

express MUST NOT redirect before the template appears

the browser MUST NOT complete redirection before:

the user MUST click on the link in the template

🚨 Express.js Open Redirect in malformed URLs

Impact

Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.

When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.

The main method impacted is res.location() but this is also called from within res.redirect().

Patches

0867302
0b74695

An initial fix went out with express@4.19.0, we then patched a feature regression in 4.19.1 and added improved handling for the bypass in 4.19.2.

Workarounds

The fix for this involves pre-parsing the url string with either require('node:url').parse or new URL. These are steps you can take on your own before passing the user input string to res.location or res.redirect.

References

#5539
koajs/koa#1800
https://expressjs.com/en/4x/api.html#res.location

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ accepts (indirect, 1.3.7 → 1.3.8) · Repo · Changelog

Release Notes

1.3.8

deps: mime-types@~2.1.34

deps: mime-db@~1.51.0

deps: negotiator@0.6.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 28 commits:

↗️ body-parser (indirect, 1.19.0 → 1.20.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ content-disposition (indirect, 0.5.3 → 0.5.4) · Repo · Changelog

Release Notes

0.5.4

deps: safe-buffer@5.2.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 27 commits:

↗️ content-type (indirect, 1.0.4 → 1.0.5) · Repo · Changelog

Release Notes

1.0.5

perf: skip value escaping when unnecessary

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 74 commits:

Security Advisories 🚨

🚨 cookie accepts cookie name, path, and domain with out of bounds characters

Impact

The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value) would result in "userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test", setting userName cookie to <script> and ignoring value.

A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie.

Patches

Upgrade to 0.7.0, which updates the validation for name, path, and domain.

Workarounds

Avoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.

References

#167

Release Notes

0.7.2

Fixed

Fix object assignment of hasOwnProperty (#177) bc38ffd

v0.7.1...v0.7.2

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

v0.6.0...v0.7.0

0.6.0 (from changelog)

Add partitioned option

0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

0.4.2

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

0.4.1

Fix maxAge option to reject invalid values

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

Release Notes

1.0.7 (from changelog)

Later release for older node.js versions. See the v1.0.x branch notes.

Does any of this look wrong? Please let us know.

↗️ depd (indirect, 1.1.2 → 2.0.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 28 commits:

↗️ destroy (indirect, 1.0.4 → 1.2.0) · Repo · Changelog

Release Notes

1.2.0 (from changelog)

Add suppress argument

1.1.1 (from changelog)

Work around Zlib close bug in Node.js < 4.5.5

1.1.0 (from changelog)

Add Zlib steam support and Node.js leak work around

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ encodeurl (indirect, 1.0.2 → 2.0.0) · Repo · Changelog

Release Notes

2.0.0

Changed

Align encoding with WHATWG URL spec (#8) be0f77b

Stops encoding \, ^, and |.

Important: If you are using this to encode user entered and validated URLs, upgrade to v2 immediately. It is possible to exploit \ encoding in v1. A URL can be formed that looks like http://foo.com\@bar.com, which parses as foo.com for the host, but when encodeUrl(url) will parse as bar.com for the host.

v1.0.2...v2.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

↗️ finalhandler (indirect, 1.1.2 → 1.3.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 74 commits:

↗️ forwarded (indirect, 0.1.2 → 0.2.0) · Repo · Changelog

Release Notes

0.2.0

Use req.socket over deprecated req.connection

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ http-errors (indirect, 1.7.2 → 2.0.1) · Repo · Changelog

Release Notes

2.0.1

What's Changed

Add support for OSSF scorecard reporting by @carpasse in #107

refactor: improve toClassName function readability and JSDoc completeness by @Ayoub-Mabrouk in #112

chore: upgrade scorecard workflow pinned action versions by @carpasse in #113

Add test for extending native errors w/o altering prototype by @jonchurch in #106

remove --bail from test script by @jonchurch in #114

[StepSecurity] Apply security best practices by @step-security-bot in #116

build(deps): bump actions/checkout from 2.7.0 to 4.2.2 by @dependabot[bot] in #117

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in #118

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in #119

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in #121

build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 by @dependabot[bot] in #123

fix: use ubuntu-latest as ci runner by @UlisesGascon in #124

remove --bail by @jonchurch in #125

deps: update statuses and switch fixed versions to tilde (~) by @Phillip9587 in #126

chore: add funding to package.json by @Phillip9587 in #130

build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 by @dependabot[bot] in #131

ci: add nodejs v18 - v24 to test matrix by @Phillip9587 in #127

build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 by @dependabot[bot] in #129

build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 by @dependabot[bot] in #133

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #132

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #138

build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 by @dependabot[bot] in #137

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #134

Release: 2.0.1 by @UlisesGascon in #140

New Contributors

@Ayoub-Mabrouk made their first contribution in #112

@jonchurch made their first contribution in #106

@step-security-bot made their first contribution in #116

@dependabot[bot] made their first contribution in #117

@UlisesGascon made their first contribution in #124

@Phillip9587 made their first contribution in #126

Full Changelog: v2.0.0...v2.0.1

2.0.0 (from changelog)

Drop support for Node.js 0.6

Remove I'mateapot export; use ImATeapot instead

Remove support for status being non-first argument

Rename UnorderedCollection constructor to TooEarly

deps: depd@2.0.0

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: statuses@2.0.1

Fix messaging casing of 418 I'm a Teapot

Remove code 306

Rename 425 Unordered Collection to standard 425 Too Early

1.8.1 (from changelog)

deps: toidentifier@1.0.1

1.8.0 (from changelog)

Add isHttpError export to determine if value is an HTTP error

deps: setprototypeof@1.2.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ merge-descriptors (indirect, 1.0.1 → 1.0.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 34 commits:

↗️ mime-db (indirect, 1.44.0 → 1.52.0) · Repo · Changelog

Release Notes

1.52.0

Add extensions from IANA for more image/* types

Add extension .asc to application/pgp-keys

Add extensions to various XML types

Add new upstream MIME types

1.51.0

Add new upstream MIME types

Mark image/vnd.microsoft.icon as compressible

Mark image/vnd.ms-dds as compressible

1.50.0

Add deprecated iWorks mime types and extensions

Add new upstream MIME types

1.49.0

Add extension .trig to application/trig

Add new upstream MIME types

1.48.0

Add extension .mvt to application/vnd.mapbox-vector-tile

Add new upstream MIME types

Mark text/yaml as compressible

1.47.0

Add new upstream MIME types

Remove ambigious extensions from IANA for application/*+xml types

Update primary extension to .es for application/ecmascript

1.46.0 (from changelog)

Add extension .amr to audio/amr

Add extension .m4s to video/iso.segment

Add extension .opus to audio/ogg

Add new upstream MIME types

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mime-types (indirect, 2.1.27 → 2.1.35) · Repo · Changelog

Release Notes

2.1.35

deps: mime-db@1.52.0

Add extensions from IANA for more image/* types

Add extension .asc to application/pgp-keys

Add extensions to various XML types

Add new upstream MIME types

2.1.34

deps: mime-db@1.51.0

Add new upstream MIME types

2.1.33

deps: mime-db@1.50.0

Add deprecated iWorks mime types and extensions

Add new upstream MIME types

2.1.32

deps: mime-db@1.49.0

Add extension .trig to application/trig

Add new upstream MIME types

2.1.31

deps: mime-db@1.48.0

Add extension .mvt to application/vnd.mapbox-vector-tile

Add new upstream MIME types

Mark text/yaml as compressible

2.1.30

deps: mime-db@1.47.0

Add extension .amr to audio/amr

Remove ambigious extensions from IANA for application/*+xml types

Update primary extension to .es for application/ecmascript

2.1.29

deps: mime-db@1.46.0

Add extension .amr to audio/amr

Add extension .m4s to video/iso.segment

Add extension .opus to audio/ogg

Add new upstream MIME types

2.1.28

deps: mime-db@1.45.0

Add application/ubjson with extension .ubj

Add image/avif with extension .avif

Add image/ktx2 with extension .ktx2

Add extension .dbf to application/vnd.dbf

Add extension .rar to application/vnd.rar

Add extension .td to application/urc-targetdesc+xml

Add new upstream MIME types

Fix extension of application/vnd.apple.keynote to be .key

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ negotiator (indirect, 0.6.2 → 0.6.3) · Repo · Changelog

Release Notes

0.6.3 (from changelog)

Revert "Lazy-load modules from main entry point"

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ on-finished (indirect, 2.3.0 → 2.4.1) · Repo · Changelog

Release Notes

2.4.1

Fix error on early async hooks implementations

2.4.0

Prevent loss of async hooks context

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ path-to-regexp (indirect, 0.1.7 → 0.1.12) · Repo · Changelog

Security Advisories 🚨

🚨 path-to-regexp contains a ReDoS

Impact

The regular expression that is vulnerable to backtracking can be generated in versions before 0.1.12 of path-to-regexp, originally reported in CVE-2024-45296

Patches

Upgrade to 0.1.12.

Workarounds

Avoid using two parameters within a single path segment, when the separator is not . (e.g. no /:a-:b). Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.

References

GHSA-9wv6-86v2-598j

https://blakeembrey.com/posts/2024-09-web-redos/

🚨 path-to-regexp outputs backtracking regular expressions

Impact

A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b.

Patches

For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.

These versions add backtrack protection when a custom regex pattern is not provided:

0.1.10

1.9.0

3.3.0

6.3.0

They do not protect against vulnerable user supplied capture groups. Protecting against explicit user patterns is out of scope for old versions and not considered a vulnerability.

Version 7.1.0 can enable strict: true and get an error when the regular expression might be bad.

Version 8.0.0 removes the features that can cause a ReDoS.

Workarounds

All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b to /:a-:b([^-/]+).

If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves performance by 4x faster.

Details

Using /:a-:b will produce the regular expression /^\/([^\/]+?)-([^\/]+?)\/?$/. This can be exploited by a path such as /a${'-a'.repeat(8_000)}/a. OWASP has a good example of why this occurs, but the TL;DR is the /a at the end ensures this route would never match but due to naive backtracking it will still attempt every combination of the :a-:b on the repeated 8,000 -a.

Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and can lead to a DoS. In local benchmarks, exploiting the unsafe regex will result in performance that is over 1000x worse than the safe regex. In a more realistic environment using Express v4 and 10 concurrent connections, this translated to average latency of ~600ms vs 1ms.

References

OWASP

Detailed blog post

Release Notes

0.1.12

Fixed

Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

v0.1.11...v0.1.12

0.1.10

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

v0.1.9...v0.1.10

0.1.9

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 11 commits:

↗️ proxy-addr (indirect, 2.0.6 → 2.0.7) · Repo · Changelog

Release Notes

2.0.7

deps: forwarded@0.2.0

Use req.socket over deprecated req.connection

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 60 commits:

↗️ qs (indirect, 6.7.0 → 6.14.0) · Repo · Changelog

Security Advisories 🚨

🚨 qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an __ proto__ key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.

🚨 qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an __ proto__ key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.

🚨 qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an __ proto__ key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.

🚨 qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an __ proto__ key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4.

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ raw-body (indirect, 2.4.0 → 2.5.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ send (indirect, 0.17.1 → 0.19.1) · Repo · Changelog

↗️ serve-static (indirect, 1.14.1 → 1.16.2) · Repo · Changelog

Security Advisories 🚨

🚨 serve-static vulnerable to template injection that can lead to XSS

Impact

passing untrusted user input - even after sanitizing it - to redirect() may execute untrusted code

Patches

this issue is patched in serve-static 1.16.0

Workarounds

users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist

Details

successful exploitation of this vector requires the following:

The attacker MUST control the input to response.redirect()

express MUST NOT redirect before the template appears

the browser MUST NOT complete redirection before:

the user MUST click on the link in the template

Release Notes

1.16.0

What's Changed

Remove link renderization in html while redirecting (#173)

New Contributors

@UlisesGascon made their first contribution in #173

Full Changelog: v1.15.0...1.16.0

1.15.0

deps: send@0.18.0

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: depd@2.0.0

deps: destroy@1.2.0

deps: http-errors@2.0.0

deps: on-finished@2.4.1

deps: statuses@2.0.1

1.14.2

deps: send@0.17.2

deps: http-errors@1.8.1

deps: ms@2.1.3

pref: ignore empty http tokens

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 48 commits:

↗️ setprototypeof (indirect, 1.1.1 → 1.2.0) · Repo

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ statuses (indirect, 1.5.0 → 2.0.2) · Repo · Changelog

Release Notes

2.0.2

What's Changed

Ci/add missing node versions by @carpasse in #32

chore: add support for OSSF scorecard reporting by @inigomarquinez in #24

chore: pin dependencies and specify permissions in the pipeline by @inigomarquinez in #25

docs: add openssf badge in readme file by @inigomarquinez in #29

chore: add codeql pipeline by @inigomarquinez in #26

chore: add dependency review tool by @inigomarquinez in #27

chore: add dependabot by @inigomarquinez in #28

fix: use ubuntu-latest as ci runner by @UlisesGascon in #33

Replace deprecated String.prototype.substr() by @CommanderRoot in #23

ci: modernize pipelines by @UlisesGascon in #34

fix: typo in pipeline by @UlisesGascon in #39

build(deps-dev): bump raw-body from 2.4.1 to 2.5.2 by @dependabot in #35

build(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1 by @dependabot in #36

build(deps-dev): bump csv-parse from 4.15.1 to 4.16.3 by @dependabot in #37

build(deps-dev): bump eslint-plugin-import from 2.23.2 to 2.31.0 by @dependabot in #38

Release: 2.0.2 by @UlisesGascon in #40

New Contributors

@carpasse made their first contribution in #32

@inigomarquinez made their first contribution in #24

@UlisesGascon made their first contribution in #33

@CommanderRoot made their first contribution in #23

@dependabot made their first contribution in #35

Full Changelog: v2.0.1...v2.0.2

2.0.1 (from changelog)

Fix returning values from Object.prototype

2.0.0 (from changelog)

Drop support for Node.js 0.6

Fix messaging casing of 418 I'm a Teapot

Remove code 306

Remove status[code] exports; use status.message[code]

Remove status[msg] exports; use status.code[msg]

Rename 425 Unordered Collection to standard 425 Too Early

Rename STATUS_CODES export to message

Return status message for statuses(code) when given code

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ toidentifier (indirect, 1.0.0 → 1.0.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 40 commits:

🆕 @babel/code-frame (added, 7.27.1)

🆕 @babel/compat-data (added, 7.28.5)

🆕 @babel/core (added, 7.28.5)

🆕 @babel/generator (added, 7.28.5)

🆕 @babel/helper-annotate-as-pure (added, 7.27.3)

🆕 @babel/helper-compilation-targets (added, 7.27.2)

🆕 @babel/helper-create-class-features-plugin (added, 7.28.5)

🆕 @babel/helper-create-regexp-features-plugin (added, 7.28.5)

🆕 @babel/helper-define-polyfill-provider (added, 0.6.5)

🆕 @babel/helper-globals (added, 7.28.0)

🆕 @babel/helper-member-expression-to-functions (added, 7.28.5)

🆕 @babel/helper-module-imports (added, 7.27.1)

🆕 @babel/helper-module-transforms (added, 7.28.3)

🆕 @babel/helper-optimise-call-expression (added, 7.27.1)

🆕 @babel/helper-plugin-utils (added, 7.27.1)

🆕 @babel/helper-remap-async-to-generator (added, 7.27.1)

🆕 @babel/helper-replace-supers (added, 7.27.1)

🆕 @babel/helper-skip-transparent-expression-wrappers (added, 7.27.1)

🆕 @babel/helper-string-parser (added, 7.27.1)

🆕 @babel/helper-validator-identifier (added, 7.28.5)

🆕 @babel/helper-validator-option (added, 7.27.1)

🆕 @babel/helper-wrap-function (added, 7.28.3)

🆕 @babel/helpers (added, 7.28.4)

🆕 @babel/parser (added, 7.28.5)

🆕 @babel/plugin-bugfix-firefox-class-in-computed-class-key (added, 7.28.5)

🆕 @babel/plugin-bugfix-safari-class-field-initializer-scope (added, 7.27.1)

🆕 @babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression (added, 7.27.1)

🆕 @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining (added, 7.27.1)

🆕 @babel/plugin-bugfix-v8-static-class-fields-redefine-readonly (added, 7.28.3)

🆕 @babel/plugin-proposal-class-properties (added, 7.18.6)

🆕 @babel/plugin-proposal-decorators (added, 7.28.0)

🆕 @babel/plugin-proposal-export-default-from (added, 7.27.1)

🆕 @babel/plugin-proposal-nullish-coalescing-operator (added, 7.18.6)

🆕 @babel/plugin-proposal-object-rest-spread (added, 7.20.7)

🆕 @babel/plugin-proposal-optional-chaining (added, 7.21.0)

🆕 @babel/plugin-proposal-private-methods (added, 7.18.6)

🆕 @babel/plugin-proposal-private-property-in-object (added, 7.21.11)

🆕 @babel/plugin-syntax-decorators (added, 7.27.1)

🆕 @babel/plugin-syntax-dynamic-import (added, 7.8.3)

🆕 @babel/plugin-syntax-import-assertions (added, 7.27.1)

🆕 @babel/plugin-syntax-import-attributes (added, 7.27.1)

🆕 @babel/plugin-syntax-jsx (added, 7.27.1)

🆕 @babel/plugin-syntax-nullish-coalescing-operator (added, 7.8.3)

🆕 @babel/plugin-syntax-object-rest-spread (added, 7.8.3)

🆕 @babel/plugin-syntax-optional-chaining (added, 7.8.3)

🆕 @babel/plugin-syntax-private-property-in-object (added, 7.14.5)

🆕 @babel/plugin-syntax-typescript (added, 7.27.1)

🆕 @babel/plugin-syntax-unicode-sets-regex (added, 7.18.6)

🆕 @babel/plugin-transform-arrow-functions (added, 7.27.1)

🆕 @babel/plugin-transform-async-generator-functions (added, 7.28.0)

🆕 @babel/plugin-transform-async-to-generator (added, 7.27.1)

🆕 @babel/plugin-transform-block-scoped-functions (added, 7.27.1)

🆕 @babel/plugin-transform-block-scoping (added, 7.28.5)

🆕 @babel/plugin-transform-class-properties (added, 7.27.1)

🆕 @babel/plugin-transform-class-static-block (added, 7.28.3)

🆕 @babel/plugin-transform-classes (added, 7.28.4)

🆕 @babel/plugin-transform-computed-properties (added, 7.27.1)

🆕 @babel/plugin-transform-destructuring (added, 7.28.5)

🆕 @babel/plugin-transform-dotall-regex (added, 7.27.1)

🆕 @babel/plugin-transform-duplicate-keys (added, 7.27.1)

🆕 @babel/plugin-transform-duplicate-named-capturing-groups-regex (added, 7.27.1)

🆕 @babel/plugin-transform-dynamic-import (added, 7.27.1)

🆕 @babel/plugin-transform-explicit-resource-management (added, 7.28.0)

🆕 @babel/plugin-transform-exponentiation-operator (added, 7.28.5)

🆕 @babel/plugin-transform-export-namespace-from (added, 7.27.1)

🆕 @babel/plugin-transform-for-of (added, 7.27.1)

🆕 @babel/plugin-transform-function-name (added, 7.27.1)

🆕 @babel/plugin-transform-json-strings (added, 7.27.1)

🆕 @babel/plugin-transform-literals (added, 7.27.1)

🆕 @babel/plugin-transform-logical-assignment-operators (added, 7.28.5)

🆕 @babel/plugin-transform-member-expression-literals (added, 7.27.1)

🆕 @babel/plugin-transform-modules-amd (added, 7.27.1)

🆕 @babel/plugin-transform-modules-commonjs (added, 7.27.1)

🆕 @babel/plugin-transform-modules-systemjs (added, 7.28.5)

🆕 @babel/plugin-transform-modules-umd (added, 7.27.1)

🆕 @babel/plugin-transform-named-capturing-groups-regex (added, 7.27.1)

🆕 @babel/plugin-transform-new-target (added, 7.27.1)

🆕 @babel/plugin-transform-nullish-coalescing-operator (added, 7.27.1)

🆕 @babel/plugin-transform-numeric-separator (added, 7.27.1)

🆕 @babel/plugin-transform-object-rest-spread (added, 7.28.4)

🆕 @babel/plugin-transform-object-super (added, 7.27.1)

🆕 @babel/plugin-transform-optional-catch-binding (added, 7.27.1)

🆕 @babel/plugin-transform-optional-chaining (added, 7.28.5)

🆕 @babel/plugin-transform-parameters (added, 7.27.7)

🆕 @babel/plugin-transform-private-methods (added, 7.27.1)

🆕 @babel/plugin-transform-private-property-in-object (added, 7.27.1)

🆕 @babel/plugin-transform-property-literals (added, 7.27.1)

🆕 @babel/plugin-transform-react-display-name (added, 7.28.0)

🆕 @babel/plugin-transform-react-jsx (added, 7.27.1)

🆕 @babel/plugin-transform-react-jsx-development (added, 7.27.1)

🆕 @babel/plugin-transform-react-pure-annotations (added, 7.27.1)

🆕 @babel/plugin-transform-regenerator (added, 7.28.4)

🆕 @babel/plugin-transform-regexp-modifiers (added, 7.27.1)

🆕 @babel/plugin-transform-reserved-words (added, 7.27.1)

🆕 @babel/plugin-transform-shorthand-properties (added, 7.27.1)

🆕 @babel/plugin-transform-spread (added, 7.27.1)

🆕 @babel/plugin-transform-sticky-regex (added, 7.27.1)

🆕 @babel/plugin-transform-template-literals (added, 7.27.1)

🆕 @babel/plugin-transform-typeof-symbol (added, 7.27.1)

🆕 @babel/plugin-transform-typescript (added, 7.28.5)

🆕 @babel/plugin-transform-unicode-escapes (added, 7.27.1)

🆕 @babel/plugin-transform-unicode-property-regex (added, 7.27.1)

🆕 @babel/plugin-transform-unicode-regex (added, 7.27.1)

🆕 @babel/plugin-transform-unicode-sets-regex (added, 7.27.1)

🆕 @babel/preset-env (added, 7.28.5)

🆕 @babel/preset-modules (added, 0.1.6-no-external-plugins)

🆕 @babel/preset-react (added, 7.28.5)

🆕 @babel/preset-typescript (added, 7.28.5)

🆕 @babel/register (added, 7.28.3)

🆕 @babel/runtime (added, 7.28.4)

🆕 @babel/template (added, 7.27.2)

🆕 @babel/traverse (added, 7.28.5)

🆕 @babel/types (added, 7.28.5)

🆕 @cnakazawa/watch (added, 1.0.4)

🆕 @colors/colors (added, 1.5.0)

🆕 @discoveryjs/json-ext (added, 0.5.7)

🆕 @gar/promisify (added, 1.1.3)

🆕 @istanbuljs/load-nyc-config (added, 1.1.0)

🆕 @istanbuljs/schema (added, 0.1.3)

🆕 @jest/transform (added, 26.6.2)

🆕 @jest/types (added, 26.6.2)

🆕 @jridgewell/gen-mapping (added, 0.3.13)

🆕 @jridgewell/remapping (added, 2.3.5)

🆕 @jridgewell/resolve-uri (added, 3.1.2)

🆕 @jridgewell/source-map (added, 0.3.11)

🆕 @jridgewell/sourcemap-codec (added, 1.5.5)

🆕 @jridgewell/trace-mapping (added, 0.3.31)

🆕 @mdx-js/mdx (added, 1.6.22)

🆕 @mdx-js/react (added, 1.6.22)

🆕 @mdx-js/util (added, 1.6.22)

🆕 @mrmlnc/readdir-enhanced (added, 2.2.1)

🆕 @nodelib/fs.scandir (added, 2.1.5)

🆕 @nodelib/fs.stat (added, 1.1.3)

🆕 @nodelib/fs.walk (added, 1.2.8)

🆕 @npmcli/fs (added, 1.1.1)

🆕 @npmcli/move-file (added, 1.1.2)

🆕 @storybook/addon-actions (added, 6.5.16)

🆕 @storybook/addon-backgrounds (added, 6.5.16)

🆕 @storybook/addon-controls (added, 6.5.16)

🆕 @storybook/addon-docs (added, 6.5.16)

🆕 @storybook/addon-essentials (added, 6.5.16)

🆕 @storybook/addon-links (added, 6.5.16)

🆕 @storybook/addon-measure (added, 6.5.16)

🆕 @storybook/addon-outline (added, 6.5.16)

🆕 @storybook/addon-toolbars (added, 6.5.16)

🆕 @storybook/addon-viewport (added, 6.5.16)

🆕 @storybook/addons (added, 6.5.16)

🆕 @storybook/api (added, 6.5.16)

🆕 @storybook/builder-webpack4 (added, 6.5.16)

🆕 @storybook/channel-postmessage (added, 6.5.16)

🆕 @storybook/channel-websocket (added, 6.5.16)

🆕 @storybook/channels (added, 6.5.16)

🆕 @storybook/client-api (added, 6.5.16)

🆕 @storybook/client-logger (added, 6.5.16)

🆕 @storybook/components (added, 6.5.16)

🆕 @storybook/core (added, 6.5.16)

🆕 @storybook/core-client (added, 6.5.16)

🆕 @storybook/core-common (added, 6.5.16)

🆕 @storybook/core-events (added, 6.5.16)

🆕 @storybook/core-server (added, 6.5.16)

🆕 @storybook/csf (added, 0.0.2–canary.4566f4d.1)

🆕 @storybook/csf-tools (added, 6.5.16)

🆕 @storybook/docs-tools (added, 6.5.16)

🆕 @storybook/html (added, 6.5.16)

🆕 @storybook/manager-webpack4 (added, 6.5.16)

🆕 @storybook/mdx1-csf (added, 0.0.1)

🆕 @storybook/node-logger (added, 6.5.16)

🆕 @storybook/postinstall (added, 6.5.16)

🆕 @storybook/preview-web (added, 6.5.16)

🆕 @storybook/router (added, 6.5.16)

🆕 @storybook/semver (added, 7.3.2)

🆕 @storybook/source-loader (added, 6.5.16)

🆕 @storybook/store (added, 6.5.16)

🆕 @storybook/telemetry (added, 6.5.16)

🆕 @storybook/theming (added, 6.5.16)

🆕 @storybook/ui (added, 6.5.16)

🆕 @types/glob (added, 9.0.0)

🆕 @types/graceful-fs (added, 4.1.9)

🆕 @types/hast (added, 2.3.10)

🆕 @types/html-minifier-terser (added, 5.1.2)

🆕 @types/is-function (added, 1.0.3)

🆕 @types/istanbul-lib-coverage (added, 2.0.6)

🆕 @types/istanbul-lib-report (added, 3.0.3)

🆕 @types/istanbul-reports (added, 3.0.4)

🆕 @types/json-schema (added, 7.0.15)

🆕 @types/lodash (added, 4.17.21)

🆕 @types/mdast (added, 3.0.15)

🆕 @types/minimatch (added, 6.0.0)

🆕 @types/node (added, 16.18.126)

🆕 @types/node-fetch (added, 2.6.13)

🆕 @types/normalize-package-data (added, 2.4.4)

🆕 @types/npmlog (added, 4.1.6)

🆕 @types/parse-json (added, 4.0.2)

🆕 @types/parse5 (added, 5.0.3)

🆕 @types/pretty-hrtime (added, 1.0.3)

🆕 @types/qs (added, 6.14.0)

🆕 @types/source-list-map (added, 0.1.6)

🆕 @types/tapable (added, 1.0.12)

🆕 @types/uglify-js (added, 3.17.5)

🆕 @types/unist (added, 2.0.11)

🆕 @types/webpack (added, 4.41.40)

🆕 @types/webpack-env (added, 1.18.8)

🆕 @types/webpack-sources (added, 3.2.3)

🆕 @types/yargs (added, 15.0.20)

🆕 @types/yargs-parser (added, 21.0.3)

🆕 @webassemblyjs/ast (added, 1.9.0)

🆕 @webassemblyjs/floating-point-hex-parser (added, 1.9.0)

🆕 @webassemblyjs/helper-api-error (added, 1.9.0)

🆕 @webassemblyjs/helper-buffer (added, 1.9.0)

🆕 @webassemblyjs/helper-code-frame (added, 1.9.0)

🆕 @webassemblyjs/helper-fsm (added, 1.9.0)

🆕 @webassemblyjs/helper-module-context (added, 1.9.0)

🆕 @webassemblyjs/helper-wasm-bytecode (added, 1.9.0)

🆕 @webassemblyjs/helper-wasm-section (added, 1.9.0)

🆕 @webassemblyjs/ieee754 (added, 1.9.0)

🆕 @webassemblyjs/leb128 (added, 1.9.0)

🆕 @webassemblyjs/utf8 (added, 1.9.0)

🆕 @webassemblyjs/wasm-edit (added, 1.9.0)

🆕 @webassemblyjs/wasm-gen (added, 1.9.0)

🆕 @webassemblyjs/wasm-opt (added, 1.9.0)

🆕 @webassemblyjs/wasm-parser (added, 1.9.0)

🆕 @webassemblyjs/wast-parser (added, 1.9.0)

🆕 @webassemblyjs/wast-printer (added, 1.9.0)

🆕 @xtuc/ieee754 (added, 1.2.0)

🆕 @xtuc/long (added, 4.2.2)

🆕 address (added, 1.2.2)

🆕 aggregate-error (added, 3.1.0)

🆕 airbnb-js-shims (added, 2.2.1)

🆕 ajv (added, 6.12.6)

🆕 ajv-errors (added, 1.0.1)

🆕 ajv-keywords (added, 3.5.2)

🆕 ansi-align (added, 3.0.1)

🆕 ansi-colors (added, 3.2.4)

🆕 ansi-html-community (added, 0.0.8)

🆕 ansi-to-html (added, 0.6.15)

🆕 anymatch (added, 3.1.3)

🆕 app-root-dir (added, 1.0.2)

🆕 argparse (added, 1.0.10)

🆕 arr-diff (added, 4.0.0)

🆕 arr-flatten (added, 1.1.0)

🆕 arr-union (added, 3.1.0)

🆕 array-buffer-byte-length (added, 1.0.2)

🆕 array-find-index (added, 1.0.2)

🆕 array-includes (added, 3.1.9)

🆕 array-union (added, 1.0.2)

🆕 array-uniq (added, 1.0.3)

🆕 array-unique (added, 0.3.2)

🆕 array.prototype.flat (added, 1.3.3)

🆕 array.prototype.flatmap (added, 1.3.3)

🆕 array.prototype.map (added, 1.0.8)

🆕 array.prototype.reduce (added, 1.0.8)

🆕 arraybuffer.prototype.slice (added, 1.0.4)

🆕 arrify (added, 2.0.1)

🆕 asn1.js (added, 4.10.1)

🆕 assert (added, 1.5.1)

🆕 assign-symbols (added, 1.0.0)

🆕 async-each (added, 1.0.6)

🆕 async-function (added, 1.0.0)

🆕 asynckit (added, 0.4.0)

🆕 at-least-node (added, 1.0.0)

🆕 atob (added, 2.1.2)

🆕 available-typed-arrays (added, 1.0.7)

🆕 axios (added, 0.20.0)

🆕 babel-loader (added, 8.4.1)

🆕 babel-plugin-apply-mdx-type-prop (added, 1.6.22)

🆕 babel-plugin-extract-import-names (added, 1.6.22)

🆕 babel-plugin-istanbul (added, 6.1.1)

🆕 babel-plugin-macros (added, 3.1.0)

🆕 babel-plugin-polyfill-corejs2 (added, 0.4.14)

🆕 babel-plugin-polyfill-corejs3 (added, 0.1.7)

🆕 babel-plugin-polyfill-regenerator (added, 0.6.5)

🆕 bail (added, 1.0.5)

🆕 base (added, 0.11.2)

🆕 baseline-browser-mapping (added, 2.8.32)

🆕 better-opn (added, 2.1.1)

🆕 big-integer (added, 1.6.52)

🆕 big.js (added, 5.2.2)

🆕 binary-extensions (added, 2.3.0)

🆕 bluebird (added, 3.7.2)

🆕 bn.js (added, 5.2.2)

🆕 boolbase (added, 1.0.0)

🆕 boxen (added, 5.1.2)

🆕 bplist-parser (added, 0.1.1)

🆕 braces (added, 3.0.3)

🆕 brorand (added, 1.1.0)

🆕 browserify-aes (added, 1.2.0)

🆕 browserify-cipher (added, 1.0.1)

🆕 browserify-des (added, 1.0.2)

🆕 browserify-rsa (added, 4.1.1)

🆕 browserify-sign (added, 4.2.5)

🆕 browserify-zlib (added, 0.2.0)

🆕 bser (added, 2.1.1)

🆕 buffer-from (added, 1.1.2)

🆕 buffer-xor (added, 1.0.3)

🆕 builtin-status-codes (added, 3.0.0)

🆕 cacache (added, 12.0.4)

🆕 cache-base (added, 1.0.1)

🆕 call-bind (added, 1.0.8)

🆕 call-bind-apply-helpers (added, 1.0.2)

🆕 call-bound (added, 1.0.4)

🆕 call-me-maybe (added, 1.0.2)

🆕 callsites (added, 3.1.0)

🆕 camel-case (added, 4.1.2)

🆕 camelcase (added, 5.3.1)

🆕 camelcase-keys (added, 2.1.0)

🆕 capture-exit (added, 2.0.0)

🆕 case-sensitive-paths-webpack-plugin (added, 2.4.0)

🆕 ccount (added, 1.1.0)

🆕 character-entities (added, 1.2.4)

🆕 character-entities-legacy (added, 1.1.4)

🆕 character-reference-invalid (added, 1.1.4)

🆕 chokidar (added, 3.6.0)

🆕 chrome-trace-event (added, 1.0.4)

🆕 ci-info (added, 2.0.0)

🆕 cipher-base (added, 1.0.7)

🆕 class-utils (added, 0.3.6)

🆕 clean-css (added, 4.2.4)

🆕 clean-stack (added, 2.2.0)

🆕 cli-boxes (added, 2.2.1)

🆕 cli-table3 (added, 0.6.5)

🆕 clone-deep (added, 4.0.1)

🆕 collapse-white-space (added, 1.0.6)

🆕 collection-visit (added, 1.0.0)

🆕 color-support (added, 1.1.3)

🆕 combined-stream (added, 1.0.8)

🆕 comma-separated-tokens (added, 1.0.8)

🆕 commondir (added, 1.0.1)

🆕 component-emitter (added, 1.3.1)

🆕 compressible (added, 2.0.18)

🆕 compression (added, 1.8.1)

🆕 concat-stream (added, 1.6.2)

🆕 console-browserify (added, 1.2.0)

🆕 constants-browserify (added, 1.0.0)

🆕 convert-source-map (added, 2.0.0)

🆕 copy-concurrently (added, 1.0.5)

🆕 copy-descriptor (added, 0.1.1)

🆕 core-js (added, 3.47.0)

🆕 core-js-compat (added, 3.47.0)

🆕 cosmiconfig (added, 7.1.0)

🆕 cp-file (added, 7.0.0)

🆕 cpy (added, 8.1.2)

🆕 create-ecdh (added, 4.0.4)

🆕 create-hash (added, 1.2.0)

🆕 create-hmac (added, 1.1.7)

🆕 cross-spawn (added, 6.0.6)

🆕 crypto-browserify (added, 3.12.1)

🆕 css-loader (added, 3.6.0)

🆕 css-select (added, 4.3.0)

🆕 css-what (added, 6.2.2)

🆕 currently-unhandled (added, 0.4.1)

🆕 cyclist (added, 1.0.2)

🆕 data-view-buffer (added, 1.0.2)

🆕 data-view-byte-length (added, 1.0.2)

🆕 data-view-byte-offset (added, 1.0.1)

🆕 decamelize (added, 1.2.0)

🆕 decode-uri-component (added, 0.2.2)

🆕 deepmerge (added, 4.3.1)

🆕 default-browser-id (added, 1.0.4)

🆕 define-data-property (added, 1.1.4)

🆕 define-lazy-prop (added, 2.0.0)

🆕 define-properties (added, 1.2.1)

🆕 define-property (added, 2.0.2)

🆕 delayed-stream (added, 1.0.0)

🆕 des.js (added, 1.1.0)

🆕 detab (added, 2.0.4)

🆕 detect-package-manager (added, 2.0.1)

🆕 detect-port (added, 1.6.1)

🆕 diffie-hellman (added, 5.0.3)

🆕 dir-glob (added, 2.2.2)

🆕 doctrine (added, 3.0.0)

🆕 dom-converter (added, 0.2.0)

🆕 dom-serializer (added, 1.4.1)

🆕 dom-walk (added, 0.1.2)

🆕 domain-browser (added, 1.2.0)

🆕 domelementtype (added, 2.3.0)

🆕 domhandler (added, 4.3.1)

🆕 domutils (added, 2.8.0)

🆕 dot-case (added, 3.0.4)

🆕 dotenv (added, 8.6.0)

🆕 dotenv-expand (added, 5.1.0)

🆕 dunder-proto (added, 1.0.1)

🆕 duplexify (added, 3.7.1)

🆕 elliptic (added, 6.6.1)

🆕 emoji-regex (added, 8.0.0)

🆕 emojis-list (added, 3.0.0)

🆕 enhanced-resolve (added, 4.5.0)

🆕 entities (added, 2.2.0)

🆕 errno (added, 0.1.8)

🆕 error-ex (added, 1.3.4)

🆕 es-abstract (added, 1.24.0)

🆕 es-array-method-boxes-properly (added, 1.0.0)

🆕 es-define-property (added, 1.0.1)

🆕 es-errors (added, 1.3.0)

🆕 es-get-iterator (added, 1.1.3)

🆕 es-object-atoms (added, 1.1.1)

🆕 es-set-tostringtag (added, 2.1.0)

🆕 es-shim-unscopables (added, 1.1.0)

🆕 es-to-primitive (added, 1.3.0)

🆕 es5-shim (added, 4.6.7)

🆕 es6-shim (added, 0.35.8)

🆕 eslint-scope (added, 4.0.3)

🆕 esprima (added, 4.0.1)

🆕 esrecurse (added, 4.3.0)

🆕 estraverse (added, 4.3.0)

🆕 esutils (added, 2.0.3)

🆕 events (added, 3.3.0)

🆕 evp_bytestokey (added, 1.0.3)

🆕 exec-sh (added, 0.3.6)

🆕 execa (added, 1.0.0)

🆕 expand-brackets (added, 2.1.4)

🆕 extend (added, 3.0.2)

🆕 extend-shallow (added, 3.0.2)

🆕 extglob (added, 2.0.4)

🆕 fast-deep-equal (added, 3.1.3)

🆕 fast-glob (added, 2.2.7)

🆕 fast-json-stable-stringify (added, 2.1.0)

🆕 fastq (added, 1.19.1)

🆕 fb-watchman (added, 2.0.2)

🆕 fetch-retry (added, 5.0.6)

🆕 figgy-pudding (added, 3.5.2)

🆕 file-loader (added, 6.2.0)

🆕 file-system-cache (added, 1.1.0)

🆕 fill-range (added, 7.1.1)

🆕 find-cache-dir (added, 2.1.0)

🆕 find-up (added, 4.1.0)

🆕 flush-write-stream (added, 1.1.1)

🆕 follow-redirects (added, 1.15.11)

🆕 for-each (added, 0.3.5)

🆕 for-in (added, 1.0.2)

🆕 fork-ts-checker-webpack-plugin (added, 6.5.3)

🆕 form-data (added, 4.0.5)

🆕 fragment-cache (added, 0.2.1)

🆕 from2 (added, 2.3.0)

🆕 fs-monkey (added, 1.1.0)

🆕 fs-write-stream-atomic (added, 1.0.10)

🆕 fsevents (added, 2.3.3)

🆕 function-bind (added, 1.1.2)

🆕 function.prototype.name (added, 1.1.8)

🆕 functions-have-names (added, 1.2.3)

🆕 generator-function (added, 2.0.1)

🆕 gensync (added, 1.0.0-beta.2)

🆕 get-intrinsic (added, 1.3.0)

🆕 get-package-type (added, 0.1.0)

🆕 get-proto (added, 1.0.1)

🆕 get-stdin (added, 4.0.1)

🆕 get-stream (added, 4.1.0)

🆕 get-symbol-description (added, 1.1.0)

🆕 get-value (added, 2.0.6)

🆕 github-slugger (added, 1.5.0)

🆕 glob-parent (added, 5.1.2)

🆕 glob-promise (added, 3.4.0)

🆕 glob-to-regexp (added, 0.3.0)

🆕 global (added, 4.4.0)

🆕 globalthis (added, 1.0.4)

🆕 globby (added, 11.1.0)

🆕 gopd (added, 1.2.0)

🆕 handlebars (added, 4.7.8)

🆕 has-bigints (added, 1.1.0)

🆕 has-glob (added, 1.0.0)

🆕 has-property-descriptors (added, 1.0.2)

🆕 has-proto (added, 1.2.0)

🆕 has-symbols (added, 1.1.0)

🆕 has-tostringtag (added, 1.0.2)

🆕 has-value (added, 1.0.0)

🆕 has-values (added, 1.0.0)

🆕 hash-base (added, 3.0.5)

🆕 hash.js (added, 1.1.7)

🆕 hasown (added, 2.0.2)

🆕 hast-to-hyperscript (added, 9.0.1)

🆕 hast-util-from-parse5 (added, 6.0.1)

🆕 hast-util-parse-selector (added, 2.2.5)

🆕 hast-util-raw (added, 6.0.1)

🆕 hast-util-to-parse5 (added, 6.0.0)

🆕 hastscript (added, 6.0.0)

🆕 he (added, 1.2.0)

🆕 hmac-drbg (added, 1.0.1)

🆕 hosted-git-info (added, 2.8.9)

🆕 html-entities (added, 2.6.0)

🆕 html-loader (added, 1.3.2)

🆕 html-minifier-terser (added, 5.1.1)

🆕 html-void-elements (added, 1.0.5)

🆕 html-webpack-plugin (added, 4.5.2)

🆕 htmlparser2 (added, 6.1.0)

🆕 https-browserify (added, 1.0.0)

🆕 human-signals (added, 2.1.0)

🆕 icss-utils (added, 4.1.1)

🆕 iferr (added, 0.1.5)

🆕 ignore (added, 4.0.6)

🆕 import-fresh (added, 3.3.1)

🆕 imurmurhash (added, 0.1.4)

🆕 indent-string (added, 4.0.0)

🆕 infer-owner (added, 1.0.4)

🆕 inline-style-parser (added, 0.1.1)

🆕 internal-slot (added, 1.1.0)

🆕 interpret (added, 2.2.0)

🆕 ip (added, 2.0.1)

🆕 is-absolute-url (added, 3.0.3)

🆕 is-accessor-descriptor (added, 1.0.1)

🆕 is-alphabetical (added, 1.0.4)

🆕 is-alphanumerical (added, 1.0.4)

🆕 is-arguments (added, 1.2.0)

🆕 is-array-buffer (added, 3.0.5)

🆕 is-async-function (added, 2.1.1)

🆕 is-bigint (added, 1.1.0)

🆕 is-binary-path (added, 2.1.0)

🆕 is-boolean-object (added, 1.2.2)

🆕 is-buffer (added, 1.1.6)

🆕 is-callable (added, 1.2.7)

🆕 is-ci (added, 2.0.0)

🆕 is-core-module (added, 2.16.1)

🆕 is-data-descriptor (added, 1.0.1)

🆕 is-data-view (added, 1.0.2)

🆕 is-date-object (added, 1.1.0)

🆕 is-decimal (added, 1.0.4)

🆕 is-descriptor (added, 0.1.7)

🆕 is-docker (added, 2.2.1)

🆕 is-dom (added, 1.1.0)

🆕 is-extendable (added, 0.1.1)

🆕 is-extglob (added, 2.1.1)

🆕 is-finalizationregistry (added, 1.1.1)

🆕 is-finite (added, 1.1.0)

🆕 is-function (added, 1.0.2)

🆕 is-generator-function (added, 1.1.2)

🆕 is-glob (added, 4.0.3)

🆕 is-hexadecimal (added, 1.0.4)

🆕 is-map (added, 2.0.3)

🆕 is-negative-zero (added, 2.0.3)

🆕 is-number (added, 7.0.0)

🆕 is-number-object (added, 1.1.1)

🆕 is-object (added, 1.0.2)

🆕 is-plain-obj (added, 2.1.0)

🆕 is-plain-object (added, 2.0.4)

🆕 is-regex (added, 1.2.1)

🆕 is-set (added, 2.0.3)

🆕 is-shared-array-buffer (added, 1.0.4)

🆕 is-stream (added, 1.1.0)

🆕 is-string (added, 1.1.1)

🆕 is-symbol (added, 1.1.1)

🆕 is-typed-array (added, 1.1.15)

🆕 is-typedarray (added, 1.0.0)

🆕 is-utf8 (added, 0.2.1)

🆕 is-weakmap (added, 2.0.2)

🆕 is-weakref (added, 1.1.1)

🆕 is-weakset (added, 2.0.4)

🆕 is-whitespace-character (added, 1.0.4)

🆕 is-window (added, 1.0.2)

🆕 is-windows (added, 1.0.2)

🆕 is-word-character (added, 1.0.4)

🆕 is-wsl (added, 1.1.0)

🆕 isexe (added, 2.0.0)

🆕 isobject (added, 4.0.0)

🆕 isomorphic-unfetch (added, 3.1.0)

🆕 istanbul-lib-coverage (added, 3.2.2)

🆕 istanbul-lib-instrument (added, 5.2.1)

🆕 iterate-iterator (added, 1.0.2)

🆕 iterate-value (added, 1.0.2)

🆕 jest-haste-map (added, 26.6.2)

🆕 jest-regex-util (added, 26.0.0)

🆕 jest-serializer (added, 26.6.2)

🆕 jest-util (added, 26.6.2)

🆕 jest-worker (added, 26.6.2)

🆕 js-string-escape (added, 1.0.1)

🆕 js-tokens (added, 4.0.0)

🆕 js-yaml (added, 3.14.2)

🆕 jsesc (added, 3.1.0)

🆕 json-parse-better-errors (added, 1.0.2)

🆕 json-parse-even-better-errors (added, 2.3.1)

🆕 json-schema-traverse (added, 0.4.1)

🆕 json5 (added, 2.2.3)

🆕 junk (added, 3.1.0)

🆕 kind-of (added, 6.0.3)

🆕 kleur (added, 3.0.3)

🆕 klona (added, 2.0.6)

🆕 lazy-universal-dotenv (added, 3.0.1)

🆕 lines-and-columns (added, 1.2.4)

🆕 load-json-file (added, 1.1.0)

🆕 loader-runner (added, 2.4.0)

🆕 loader-utils (added, 2.0.4)

🆕 locate-path (added, 5.0.0)

🆕 lodash.debounce (added, 4.0.8)

🆕 lodash.uniq (added, 4.5.0)

🆕 loose-envify (added, 1.4.0)

🆕 loud-rejection (added, 1.6.0)

🆕 lower-case (added, 2.0.2)

🆕 lru-cache (added, 5.1.1)

🆕 make-dir (added, 2.1.0)

🆕 makeerror (added, 1.0.12)

🆕 map-cache (added, 0.2.2)

🆕 map-obj (added, 1.0.1)

🆕 map-or-similar (added, 1.5.0)

🆕 map-visit (added, 1.0.0)

🆕 markdown-escapes (added, 1.0.4)

🆕 math-intrinsics (added, 1.1.0)

🆕 md5.js (added, 1.3.5)

🆕 mdast-squeeze-paragraphs (added, 4.0.0)

🆕 mdast-util-definitions (added, 4.0.0)

🆕 mdast-util-to-hast (added, 10.0.1)

🆕 mdast-util-to-string (added, 1.1.0)

🆕 mdurl (added, 1.0.1)

🆕 memfs (added, 3.5.3)

🆕 memoizerific (added, 1.11.3)

🆕 memory-fs (added, 0.4.1)

🆕 meow (added, 3.7.0)

🆕 merge-stream (added, 2.0.0)

🆕 merge2 (added, 1.4.1)

🆕 microevent.ts (added, 0.1.1)

🆕 micromatch (added, 3.1.10)

🆕 miller-rabin (added, 4.0.1)

🆕 mimic-fn (added, 2.1.0)

🆕 min-document (added, 2.19.2)

🆕 minimalistic-assert (added, 1.0.1)

🆕 minimalistic-crypto-utils (added, 1.0.1)

🆕 minipass-collect (added, 1.0.2)

🆕 minipass-flush (added, 1.0.5)

🆕 minipass-pipeline (added, 1.2.4)

🆕 mississippi (added, 3.0.0)

🆕 mixin-deep (added, 1.3.2)

🆕 move-concurrently (added, 1.0.1)

🆕 nanoid (added, 3.3.11)

🆕 nanomatch (added, 1.2.13)

🆕 neo-async (added, 2.6.2)

🆕 nested-error-stacks (added, 2.1.1)

🆕 nice-try (added, 1.0.5)

🆕 no-case (added, 3.0.4)

🆕 node-int64 (added, 0.4.0)

🆕 node-libs-browser (added, 2.2.1)

🆕 normalize-package-data (added, 2.5.0)

🆕 normalize-path (added, 3.0.0)

🆕 npm-run-path (added, 2.0.2)

🆕 nth-check (added, 2.1.1)

🆕 object-copy (added, 0.1.0)

🆕 object-inspect (added, 1.13.4)

🆕 object-keys (added, 1.1.1)

🆕 object-visit (added, 1.0.1)

🆕 object.assign (added, 4.1.7)

🆕 object.entries (added, 1.1.9)

🆕 object.fromentries (added, 2.0.8)

🆕 object.getownpropertydescriptors (added, 2.1.8)

🆕 object.pick (added, 1.3.0)

🆕 object.values (added, 1.2.1)

🆕 on-headers (added, 1.1.0)

🆕 onetime (added, 5.1.2)

🆕 open (added, 8.4.2)

🆕 os-browserify (added, 0.3.0)

🆕 os-homedir (added, 1.0.2)

🆕 own-keys (added, 1.0.1)

🆕 p-all (added, 2.1.0)

🆕 p-event (added, 4.2.0)

🆕 p-filter (added, 2.1.0)

🆕 p-finally (added, 1.0.0)

🆕 p-limit (added, 2.3.0)

🆕 p-locate (added, 4.1.0)

🆕 p-map (added, 4.0.0)

🆕 p-timeout (added, 3.2.0)

🆕 p-try (added, 2.2.0)

🆕 pako (added, 1.0.11)

🆕 parallel-transform (added, 1.2.0)

🆕 param-case (added, 3.0.4)

🆕 parent-module (added, 1.0.1)

🆕 parse-asn1 (added, 5.1.9)

🆕 parse-entities (added, 2.0.0)

🆕 parse-json (added, 5.2.0)

🆕 parse5 (added, 6.0.1)

🆕 pascal-case (added, 3.1.2)

🆕 pascalcase (added, 0.1.1)

🆕 path-browserify (added, 0.0.1)

🆕 path-dirname (added, 1.0.2)

🆕 path-exists (added, 4.0.0)

🆕 path-key (added, 2.0.1)

🆕 path-type (added, 4.0.0)

🆕 pbkdf2 (added, 3.1.5)

🆕 picocolors (added, 1.1.1)

🆕 picomatch (added, 2.3.1)

🆕 pify (added, 4.0.1)

🆕 pinkie (added, 2.0.4)

🆕 pinkie-promise (added, 2.0.1)

🆕 pirates (added, 4.0.7)

🆕 pkg-dir (added, 5.0.0)

🆕 pnp-webpack-plugin (added, 1.6.4)

🆕 polished (added, 4.3.1)

🆕 posix-character-classes (added, 0.1.1)

🆕 possible-typed-array-names (added, 1.1.0)

🆕 postcss-flexbugs-fixes (added, 4.2.1)

🆕 postcss-loader (added, 4.3.0)

🆕 postcss-modules-extract-imports (added, 2.0.0)

🆕 postcss-modules-local-by-default (added, 3.0.3)

🆕 postcss-modules-scope (added, 2.2.0)

🆕 postcss-modules-values (added, 3.0.0)

🆕 prettier (added, 2.3.0)

🆕 pretty-error (added, 2.1.2)

🆕 process (added, 0.11.10)

🆕 promise-inflight (added, 1.0.1)

🆕 promise.allsettled (added, 1.0.7)

🆕 promise.prototype.finally (added, 3.1.8)

🆕 prompts (added, 2.4.2)

🆕 prop-types (added, 15.8.1)

🆕 property-information (added, 5.6.0)

🆕 prr (added, 1.0.1)

🆕 public-encrypt (added, 4.0.3)

🆕 pumpify (added, 1.5.1)

🆕 punycode (added, 2.3.1)

🆕 querystring-es3 (added, 0.2.1)

🆕 queue-microtask (added, 1.2.3)

🆕 ramda (added, 0.28.0)

🆕 randombytes (added, 2.1.0)

🆕 randomfill (added, 1.0.4)

🆕 raw-loader (added, 4.0.2)

🆕 react (added, 16.14.0)

🆕 react-dom (added, 16.14.0)

🆕 react-inspector (added, 5.1.1)

🆕 react-is (added, 16.13.1)

🆕 read-pkg (added, 5.2.0)

🆕 read-pkg-up (added, 7.0.1)

🆕 readdirp (added, 3.6.0)

🆕 redent (added, 1.0.0)

🆕 reflect.getprototypeof (added, 1.0.10)

🆕 regenerate (added, 1.4.2)

🆕 regenerate-unicode-properties (added, 10.2.2)

🆕 regenerator-runtime (added, 0.13.11)

🆕 regex-not (added, 1.0.2)

🆕 regexp.prototype.flags (added, 1.5.4)

🆕 regexpu-core (added, 6.4.0)

🆕 regjsgen (added, 0.8.0)

🆕 regjsparser (added, 0.13.0)

🆕 relateurl (added, 0.2.7)

🆕 remark-external-links (added, 8.0.0)

🆕 remark-footnotes (added, 2.0.0)

🆕 remark-mdx (added, 1.6.22)

🆕 remark-parse (added, 8.0.3)

🆕 remark-slug (added, 6.1.0)

🆕 remark-squeeze-paragraphs (added, 4.0.0)

🆕 remove-trailing-separator (added, 1.1.0)

🆕 renderkid (added, 2.0.7)

🆕 repeat-element (added, 1.1.4)

🆕 repeat-string (added, 1.6.1)

🆕 repeating (added, 2.0.1)

🆕 resolve-from (added, 5.0.0)

🆕 resolve-url (added, 0.2.1)

🆕 ret (added, 0.1.15)

🆕 reusify (added, 1.1.0)

🆕 rimraf (added, 2.7.1)

🆕 ripemd160 (added, 2.0.3)

🆕 rsvp (added, 4.8.5)

🆕 run-parallel (added, 1.2.0)

🆕 run-queue (added, 1.0.3)

🆕 safe-array-concat (added, 1.1.3)

🆕 safe-push-apply (added, 1.0.0)

🆕 safe-regex (added, 1.1.0)

🆕 safe-regex-test (added, 1.1.0)

🆕 sane (added, 4.1.0)

🆕 scheduler (added, 0.19.1)

🆕 schema-utils (added, 2.7.1)

🆕 serialize-javascript (added, 4.0.0)

🆕 serve-favicon (added, 2.5.1)

🆕 set-function-length (added, 1.2.2)

🆕 set-function-name (added, 2.0.2)

🆕 set-proto (added, 1.0.0)

🆕 set-value (added, 2.0.1)

🆕 setimmediate (added, 1.0.5)

🆕 sha.js (added, 2.4.12)

🆕 shallow-clone (added, 3.0.1)

🆕 shebang-command (added, 1.2.0)

🆕 shebang-regex (added, 1.0.0)

🆕 side-channel (added, 1.1.0)

🆕 side-channel-list (added, 1.0.0)

🆕 side-channel-map (added, 1.0.1)

🆕 side-channel-weakmap (added, 1.0.2)

🆕 sisteransi (added, 1.0.5)

🆕 slash (added, 3.0.0)

🆕 snapdragon (added, 0.8.2)

🆕 snapdragon-node (added, 2.1.1)

🆕 snapdragon-util (added, 3.0.1)

🆕 source-list-map (added, 2.0.1)

🆕 source-map-resolve (added, 0.5.3)

🆕 source-map-support (added, 0.5.21)

🆕 source-map-url (added, 0.4.1)

🆕 space-separated-tokens (added, 1.1.5)

🆕 spdx-correct (added, 3.2.0)

🆕 spdx-exceptions (added, 2.5.0)

🆕 spdx-expression-parse (added, 3.0.1)

🆕 spdx-license-ids (added, 3.0.22)

🆕 split-string (added, 3.1.0)

🆕 sprintf-js (added, 1.0.3)

🆕 ssri (added, 6.0.2)

🆕 stable (added, 0.1.8)

🆕 state-toggle (added, 1.0.3)

🆕 static-extend (added, 0.1.2)

🆕 stop-iteration-iterator (added, 1.1.0)

🆕 store2 (added, 2.14.4)

🆕 stream-browserify (added, 2.0.2)

🆕 stream-each (added, 1.2.3)

🆕 stream-http (added, 2.8.3)

🆕 stream-shift (added, 1.0.3)

🆕 string.prototype.matchall (added, 4.0.12)

🆕 string.prototype.padend (added, 3.1.6)

🆕 string.prototype.padstart (added, 3.1.7)

🆕 string.prototype.trim (added, 1.2.10)

🆕 string.prototype.trimend (added, 1.0.9)

🆕 string.prototype.trimstart (added, 1.0.8)

🆕 strip-bom (added, 2.0.0)

🆕 strip-eof (added, 1.0.0)

🆕 strip-final-newline (added, 2.0.0)

🆕 strip-indent (added, 1.0.1)

🆕 style-loader (added, 1.3.0)

🆕 style-to-object (added, 0.3.0)

🆕 supports-preserve-symlinks-flag (added, 1.0.0)

🆕 symbol.prototype.description (added, 1.0.7)

🆕 synchronous-promise (added, 2.0.17)

🆕 tapable (added, 1.1.3)

🆕 telejson (added, 6.0.8)

🆕 terser (added, 4.8.1)

🆕 terser-webpack-plugin (added, 1.4.6)

🆕 test-exclude (added, 6.0.0)

🆕 through2 (added, 2.0.5)

🆕 timers-browserify (added, 2.0.12)

🆕 tmpl (added, 1.0.5)

🆕 to-arraybuffer (added, 1.0.1)

🆕 to-buffer (added, 1.2.2)

🆕 to-object-path (added, 0.3.0)

🆕 to-regex (added, 3.0.2)

🆕 to-regex-range (added, 5.0.1)

🆕 tr46 (added, 0.0.3)

🆕 trim (added, 0.0.1)

🆕 trim-newlines (added, 1.0.0)

🆕 trim-trailing-lines (added, 1.1.4)

🆕 trough (added, 1.0.5)

🆕 ts-dedent (added, 2.2.0)

🆕 ts-pnp (added, 1.2.0)

🆕 tslib (added, 2.8.1)

🆕 tty-browserify (added, 0.0.0)

🆕 type-fest (added, 0.8.1)

🆕 typed-array-buffer (added, 1.0.3)

🆕 typed-array-byte-length (added, 1.0.3)

🆕 typed-array-byte-offset (added, 1.0.4)

🆕 typed-array-length (added, 1.0.7)

🆕 typedarray (added, 0.0.6)

🆕 typedarray-to-buffer (added, 3.1.5)

🆕 uglify-js (added, 3.19.3)

🆕 unbox-primitive (added, 1.1.0)

🆕 unfetch (added, 4.2.0)

🆕 unherit (added, 1.1.3)

🆕 unicode-canonical-property-names-ecmascript (added, 2.0.1)

🆕 unicode-match-property-ecmascript (added, 2.0.0)

🆕 unicode-match-property-value-ecmascript (added, 2.2.1)

🆕 unicode-property-aliases-ecmascript (added, 2.2.0)

🆕 unified (added, 9.2.0)

🆕 union-value (added, 1.0.1)

🆕 unique-filename (added, 1.1.1)

🆕 unique-slug (added, 2.0.2)

🆕 unist-builder (added, 2.0.3)

🆕 unist-util-generated (added, 1.1.6)

🆕 unist-util-is (added, 4.1.0)

🆕 unist-util-position (added, 3.1.0)

🆕 unist-util-remove (added, 2.1.0)

🆕 unist-util-remove-position (added, 2.0.1)

🆕 unist-util-stringify-position (added, 2.0.3)

🆕 unist-util-visit (added, 2.0.3)

🆕 unist-util-visit-parents (added, 3.1.1)

🆕 unset-value (added, 1.0.0)

🆕 untildify (added, 2.1.0)

🆕 upath (added, 1.2.0)

🆕 update-browserslist-db (added, 1.1.4)

🆕 uri-js (added, 4.4.1)

🆕 urix (added, 0.1.0)

🆕 url (added, 0.11.4)

🆕 url-loader (added, 4.1.1)

🆕 use (added, 3.1.1)

🆕 util (added, 0.11.1)

🆕 util.promisify (added, 1.0.0)

🆕 utila (added, 0.4.0)

🆕 uuid (added, 3.4.0)

🆕 uuid-browser (added, 3.1.0)

🆕 validate-npm-package-license (added, 3.0.4)

🆕 vfile (added, 4.2.1)

🆕 vfile-location (added, 3.2.0)

🆕 vfile-message (added, 2.0.4)

🆕 vm-browserify (added, 1.1.2)

🆕 walker (added, 1.0.8)

🆕 watchpack (added, 1.7.5)

🆕 watchpack-chokidar2 (added, 2.0.1)

🆕 web-namespaces (added, 1.1.4)

🆕 webidl-conversions (added, 3.0.1)

🆕 webpack (added, 4.47.0)

🆕 webpack-dev-middleware (added, 3.7.3)

🆕 webpack-filter-warnings-plugin (added, 1.2.1)

🆕 webpack-hot-middleware (added, 2.26.1)

🆕 webpack-log (added, 2.0.0)

🆕 webpack-sources (added, 1.4.3)

🆕 webpack-virtual-modules (added, 0.2.2)

🆕 whatwg-url (added, 5.0.0)

🆕 which (added, 1.3.1)

🆕 which-boxed-primitive (added, 1.1.1)

🆕 which-builtin-type (added, 1.2.1)

🆕 which-collection (added, 1.0.2)

🆕 which-typed-array (added, 1.1.19)

🆕 widest-line (added, 3.1.0)

🆕 wordwrap (added, 1.0.0)

🆕 worker-farm (added, 1.7.0)

🆕 worker-rpc (added, 0.1.1)

🆕 wrap-ansi (added, 7.0.0)

🆕 write-file-atomic (added, 3.0.3)

🆕 ws (added, 8.18.3)

🆕 x-default-browser (added, 0.4.0)

🆕 y18n (added, 4.0.3)

🆕 yaml (added, 1.10.2)

🆕 yocto-queue (added, 0.1.0)

🆕 zwitch (added, 1.0.5)

🚨 [security] Update express 4.17.1 → 4.22.0 (minor)

What changed?

✳️ express (4.17.1 → 4.22.0) · Repo · Changelog

Impact

Patches

Workaround

provide qs directly and specify plainObjects: true

Impact

Patches

Workarounds

Details

Impact

Patches

Workarounds

References

↗️ accepts (indirect, 1.3.7 → 1.3.8) · Repo · Changelog

↗️ body-parser (indirect, 1.19.0 → 1.20.4) · Repo · Changelog

↗️ content-disposition (indirect, 0.5.3 → 0.5.4) · Repo · Changelog

↗️ content-type (indirect, 1.0.4 → 1.0.5) · Repo · Changelog

↗️ cookie (indirect, 0.4.0 → 0.7.2) · Repo · Changelog

Impact

Patches

Workarounds

References

0.6.0 (from changelog)

↗️ cookie-signature (indirect, 1.0.6 → 1.0.7) · Repo · Changelog

1.0.7 (from changelog)

↗️ depd (indirect, 1.1.2 → 2.0.0) · Repo · Changelog

↗️ destroy (indirect, 1.0.4 → 1.2.0) · Repo · Changelog

1.2.0 (from changelog)

1.1.1 (from changelog)

1.1.0 (from changelog)

↗️ encodeurl (indirect, 1.0.2 → 2.0.0) · Repo · Changelog

↗️ finalhandler (indirect, 1.1.2 → 1.3.2) · Repo · Changelog

↗️ forwarded (indirect, 0.1.2 → 0.2.0) · Repo · Changelog

↗️ http-errors (indirect, 1.7.2 → 2.0.1) · Repo · Changelog

What's Changed

New Contributors

2.0.0 (from changelog)

1.8.1 (from changelog)

1.8.0 (from changelog)

↗️ merge-descriptors (indirect, 1.0.1 → 1.0.3) · Repo · Changelog

↗️ mime-db (indirect, 1.44.0 → 1.52.0) · Repo · Changelog

1.46.0 (from changelog)

↗️ mime-types (indirect, 2.1.27 → 2.1.35) · Repo · Changelog

↗️ negotiator (indirect, 0.6.2 → 0.6.3) · Repo · Changelog

0.6.3 (from changelog)

↗️ on-finished (indirect, 2.3.0 → 2.4.1) · Repo · Changelog

↗️ path-to-regexp (indirect, 0.1.7 → 0.1.12) · Repo · Changelog

Impact

Patches

Workarounds

References

Impact

Patches

Workarounds

Details

References

↗️ proxy-addr (indirect, 2.0.6 → 2.0.7) · Repo · Changelog

↗️ qs (indirect, 6.7.0 → 6.14.0) · Repo · Changelog

↗️ raw-body (indirect, 2.4.0 → 2.5.3) · Repo · Changelog

↗️ send (indirect, 0.17.1 → 0.19.1) · Repo · Changelog

↗️ serve-static (indirect, 1.14.1 → 1.16.2) · Repo · Changelog

Impact

Patches

Workarounds

Details

What's Changed

New Contributors

↗️ setprototypeof (indirect, 1.1.1 → 1.2.0) · Repo

↗️ statuses (indirect, 1.5.0 → 2.0.2) · Repo · Changelog

What's Changed

New Contributors

2.0.1 (from changelog)

2.0.0 (from changelog)

↗️ toidentifier (indirect, 1.0.0 → 1.0.1) · Repo · Changelog

🆕 @​babel/code-frame (added, 7.27.1)

🆕 @​babel/compat-data (added, 7.28.5)

🆕 @​babel/core (added, 7.28.5)

🆕 @​babel/generator (added, 7.28.5)

provide `qs` directly and specify `plainObjects: true`

🆕 @babel/code-frame (added, 7.27.1)

🆕 @babel/compat-data (added, 7.28.5)

🆕 @babel/core (added, 7.28.5)

🆕 @babel/generator (added, 7.28.5)

🆕 @babel/helper-annotate-as-pure (added, 7.27.3)

🆕 @babel/helper-compilation-targets (added, 7.27.2)

🆕 @babel/helper-create-class-features-plugin (added, 7.28.5)

🆕 @babel/helper-create-regexp-features-plugin (added, 7.28.5)

🆕 @babel/helper-define-polyfill-provider (added, 0.6.5)

🆕 @babel/helper-globals (added, 7.28.0)

🆕 @babel/helper-member-expression-to-functions (added, 7.28.5)

🆕 @babel/helper-module-imports (added, 7.27.1)

🆕 @babel/helper-module-transforms (added, 7.28.3)

🆕 @babel/helper-optimise-call-expression (added, 7.27.1)

🆕 @babel/helper-plugin-utils (added, 7.27.1)

🆕 @babel/helper-remap-async-to-generator (added, 7.27.1)

🆕 @babel/helper-replace-supers (added, 7.27.1)

🆕 @babel/helper-skip-transparent-expression-wrappers (added, 7.27.1)

🆕 @babel/helper-string-parser (added, 7.27.1)

🆕 @babel/helper-validator-identifier (added, 7.28.5)

🆕 @babel/helper-validator-option (added, 7.27.1)

🆕 @babel/helper-wrap-function (added, 7.28.3)

🆕 @babel/helpers (added, 7.28.4)

🆕 @babel/parser (added, 7.28.5)

🆕 @babel/plugin-bugfix-firefox-class-in-computed-class-key (added, 7.28.5)

🆕 @babel/plugin-bugfix-safari-class-field-initializer-scope (added, 7.27.1)

🆕 @babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression (added, 7.27.1)