Bump the npm_and_yarn group with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 17 updates:

Package	From	To
postcss	8.4.31	8.4.32
webpack	5.82.0	5.94.0
astro	4.4.8	4.16.1
@adobe/css-tools	4.2.0	4.4.0
dset	3.1.3	3.1.4
ejs	3.1.9	3.1.10
es5-ext	0.10.62	0.10.64
express	4.18.2	4.21.1
follow-redirects	1.15.5	1.15.9
msgpackr	1.9.1	1.11.2
path-to-regexp	0.1.7	0.1.10
rollup	4.10.0	4.22.4
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
tar	6.1.14	6.2.1
vite	5.1.4	5.4.6
word-wrap	1.2.3	1.2.5

Updates postcss from 8.4.31 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

Commits

• a0d9f10 Release 8.4.32 version
• 0146b3e Add Node.js 21 to CI
• 2398534 Update dependencies
• 1918533 Merge pull request #1902 from ferreira-tb/main
• 395e6dc Fix ProcessOptions interface
• fa8cd15 Update dependencies
• 199a7c4 Typo
• 2528047 Update EM link
• See full diff in compare view

Updates webpack from 5.82.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Updates astro from 4.4.8 to 4.16.1

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

  Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

• #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

[email protected]

Minor Changes

• #12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

  The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
  markdown: {
  shikiConfig: {
  langAlias: {
  cjs: 'javascript',
  },
  },
  },
  });

  Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:

  ```cjs
  'use strict';
  function commonJs() {
  return 'I am a commonjs file';
  }
  </code></pre>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/11984">#11984</a> <a href="https://github.com/withastro/astro/commit/3ac2263ff6070136bec9cffb863c38bcc31ccdfe"><code>3ac2263</code></a> Thanks <a href="https://github.com/chaegumi"><code>@​chaegumi</code></a>! - Adds a new <code>build.concurreny</code> configuration option to specify the number of pages to build in parallel</p>
  <p><strong>In most cases, you should not change the default value of <code>1</code>.</strong></p>
  <p>Use this option only when other attempts to reduce the overall rendering time (e.g. batch or cache long running tasks like fetch calls or data access) are not possible or are insufficient.</p>
  <p>Use this option only if the refactors are not possible. If the number is set too high, the page rendering may slow down due to insufficient memory resources and because JS is single-threaded.</p>
  </li>
  </ul>
  <!-- raw HTML omitted -->
  </blockquote>
  <p>... (truncated)</p>
  </details>
  <details>
  <summary>Changelog</summary>
  <p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md&quot;&gt;astro's changelog</a>.</em></p>
  <blockquote>
  <h2>4.16.12</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li><a href="https://redirect.github.com/withastro/astro/pull/12420&quot;&gt;#12420&lt;/a> <a href="https://github.com/withastro/astro/commit/acac0af53466f8a381ccdac29ed2ad735d7b4e79&quot;&gt;&lt;code&gt;acac0af&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/ematipico&quot;&gt;&lt;code&gt;@​ematipico&lt;/code&gt;&lt;/a>! - Fixes an issue where the dev server returns a 404 status code when a user middleware returns a valid <code>Response</code>.</li>
  </ul>
  <h2>4.16.11</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12305&quot;&gt;#12305&lt;/a> <a href="https://github.com/withastro/astro/commit/f5f71094ec74961b4cca2ee451798abd830c617a&quot;&gt;&lt;code&gt;f5f7109&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/florian-lefebvre&quot;&gt;&lt;code&gt;@​florian-lefebvre&lt;/code&gt;&lt;/a>! - Fixes a case where the error overlay would not escape the message</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12402&quot;&gt;#12402&lt;/a> <a href="https://github.com/withastro/astro/commit/823e73b164eab4115af31b1de8e978f2b4e0a95d&quot;&gt;&lt;code&gt;823e73b&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/ematipico&quot;&gt;&lt;code&gt;@​ematipico&lt;/code&gt;&lt;/a>! - Fixes a case where Astro allowed to call an action without using <code>Astro.callAction</code>. This is now invalid, and Astro will show a proper error.</p>
  <pre lang="diff"><code>---
  import { actions } from &quot;astro:actions&quot;;
  -const result = actions.getUser({ userId: 123 });
  +const result = Astro.callAction(actions.getUser, { userId: 123 });
  </code></pre>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12401&quot;&gt;#12401&lt;/a> <a href="https://github.com/withastro/astro/commit/9cca10843912698e13d35f1bc3c493e2c96a06ee&quot;&gt;&lt;code&gt;9cca108&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/bholmesdev&quot;&gt;&lt;code&gt;@​bholmesdev&lt;/code&gt;&lt;/a>! - Fixes unexpected 200 status in dev server logs for action errors and redirects.</p>
  </li>
  </ul>
  <h2>4.16.10</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12311&quot;&gt;#12311&lt;/a> <a href="https://github.com/withastro/astro/commit/bf2723e83140099914b29c6d51eb147a065be460&quot;&gt;&lt;code&gt;bf2723e&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/dinesh-58&quot;&gt;&lt;code&gt;@​dinesh-58&lt;/code&gt;&lt;/a>! - Adds <code>checked</code> to the list of boolean attributes.</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12363&quot;&gt;#12363&lt;/a> <a href="https://github.com/withastro/astro/commit/222f71894cc7118319ce83b3b29fa61a9dbebb75&quot;&gt;&lt;code&gt;222f718&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/Fryuni&quot;&gt;&lt;code&gt;@​Fryuni&lt;/code&gt;&lt;/a>! - Fixes code generated by <code>astro add</code> command when adding a version of an integration other than the default <code>latest</code>.</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12368&quot;&gt;#12368&lt;/a> <a href="https://github.com/withastro/astro/commit/493fe43cd3ef94b087b8958031ecc964ae73463b&quot;&gt;&lt;code&gt;493fe43&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/bluwy&quot;&gt;&lt;code&gt;@​bluwy&lt;/code&gt;&lt;/a>! - Improves error logs when executing commands</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12355&quot;&gt;#12355&lt;/a> <a href="https://github.com/withastro/astro/commit/c4726d7ba8cc93157390ce64d5c8b718ed5cac29&quot;&gt;&lt;code&gt;c4726d7&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/apatel369&quot;&gt;&lt;code&gt;@​apatel369&lt;/code&gt;&lt;/a>! - Improves error reporting for invalid frontmatter in MDX files during the <code>astro build</code> command. The error message now includes the file path where the frontmatter parsing failed.</p>
  </li>
  </ul>
  <h2>4.16.9</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12333&quot;&gt;#12333&lt;/a> <a href="https://github.com/withastro/astro/commit/836cd91c37cea8ae58dd04a326435fcb2c88f358&quot;&gt;&lt;code&gt;836cd91&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/imattacus&quot;&gt;&lt;code&gt;@​imattacus&lt;/code&gt;&lt;/a>! - Destroy the server response stream if async error is thrown</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12358&quot;&gt;#12358&lt;/a> <a href="https://github.com/withastro/astro/commit/76803498738f9e86e7948ce81e01e63607e03549&quot;&gt;&lt;code&gt;7680349&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/spacedawwwg&quot;&gt;&lt;code&gt;@​spacedawwwg&lt;/code&gt;&lt;/a>! - Honors <code>inlineAstroConfig</code> parameter in <code>getViteConfig</code> when creating a logger</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12353&quot;&gt;#12353&lt;/a> <a href="https://github.com/withastro/astro/commit/35795a1a54b2bfaf331c58ca91b47e5672e08c4e&quot;&gt;&lt;code&gt;35795a1&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/hippotastic&quot;&gt;&lt;code&gt;@​hippotastic&lt;/code&gt;&lt;/a>! - Fixes an issue in dev server watch file handling that could cause multiple restarts for a single file change.</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12351&quot;&gt;#12351&lt;/a> <a href="https://github.com/withastro/astro/commit/57514881655b62a0bc39ace1e1ed4b89b96f74ca&quot;&gt;&lt;code&gt;5751488&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/florian-lefebvre&quot;&gt;&lt;code&gt;@​florian-lefebvre&lt;/code&gt;&lt;/a>! - Reverts a change made in <code>4.16.6</code> that prevented usage of <code>astro:env</code> secrets inside middleware in SSR</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12346&quot;&gt;#12346&lt;/a> <a href="https://github.com/withastro/astro/commit/20e5a843c86e9328814615edf3e8a6fb5e4696cc&quot;&gt;&lt;code&gt;20e5a84&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/bluwy&quot;&gt;&lt;code&gt;@​bluwy&lt;/code&gt;&lt;/a>! - Fixes sourcemap generation when prefetch is enabled</p>
  </li>
  </ul>
  <!-- raw HTML omitted -->
  </blockquote>
  <p>... (truncated)</p>
  </details>
  <details>
  <summary>Commits</summary>
  <ul>
  <li><a href="https://github.com/withastro/astro/commit/c73d65d7f76617cf5275203fd918887cbda01baf&quot;&gt;&lt;code&gt;c73d65d&lt;/code&gt;&lt;/a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12178&quot;&gt;#12178&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/650dd22a7bce084c66a9a0f96f2d4e4500807641&quot;&gt;&lt;code&gt;650dd22&lt;/code&gt;&lt;/a> Fix VT video test fail in firefox (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12188&quot;&gt;#12188&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/58e22bd042f9a67c2167605bc7ee45538f1b4921&quot;&gt;&lt;code&gt;58e22bd&lt;/code&gt;&lt;/a> [ci] format</li>
  <li><a href="https://github.com/withastro/astro/commit/2d10de5f212323e6e19c7ea379826dcc18fe739c&quot;&gt;&lt;code&gt;2d10de5&lt;/code&gt;&lt;/a> fix(routing): actions should redirect the original pathname (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12173&quot;&gt;#12173&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/a4ffbfaa5cb460c12bd486fd75e36147f51d3e5e&quot;&gt;&lt;code&gt;a4ffbfa&lt;/code&gt;&lt;/a> Ensure router only targets scripts for execution (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12177&quot;&gt;#12177&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/2f5b28e93851f39708d0d683832c70730b40afe9&quot;&gt;&lt;code&gt;2f5b28e&lt;/code&gt;&lt;/a> Use p-queue instead of fastq (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12189&quot;&gt;#12189&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/1f93fca1d36734bc0abc227214cf8d96eba513cd&quot;&gt;&lt;code&gt;1f93fca&lt;/code&gt;&lt;/a> Fix biome lint warning (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12187&quot;&gt;#12187&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/582f12e1f6f99b54865a0b24d804ee0924f4ef55&quot;&gt;&lt;code&gt;582f12e&lt;/code&gt;&lt;/a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12148&quot;&gt;#12148&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/b9e8e96354019c21c8b73585bea74b84b9b092ee&quot;&gt;&lt;code&gt;b9e8e96&lt;/code&gt;&lt;/a> add info about content intellisense (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12164&quot;&gt;#12164&lt;/a&gt;)&lt;/li>
  <li><a href="https://github.com/withastro/astro/commit/c6fd1df695d0f2a24bb49e6954064f92664ccf67&quot;&gt;&lt;code&gt;c6fd1df&lt;/code&gt;&lt;/a> Fix mts reloads (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/12160&quot;&gt;#12160&lt;/a&gt;)&lt;/li>
  <li>Additional commits viewable in <a href="https://github.com/withastro/astro/commits/[email protected]/packages/astro&quot;&gt;compare view</a></li>
  </ul>
  </details>
  <br />
  
  Updates @adobe/css-tools from 4.2.0 to 4.4.0
  
  Changelog
  Sourced from @​adobe/css-tools's changelog.
  
  4.4.0 / 2024-06-05
  
  add support for @​starting-style #319
  
  4.3.3 / 2024-01-24
  
  Update export property #271
  
  4.3.2 / 2023-11-28
  
  Fix redos vulnerability with specific crafted css string - CVE-2023-48631
  Fix Problem parsing with :is() and nested :nth-child() #211
  
  4.3.1 / 2023-03-14
  
  Fix redos vulnerability with specific crafted css string - CVE-2023-26364
  
  4.3.0 / 2023-03-07
  
  Update build tools
  Update exports path and files
  
  
  
  
  Commits
  
  See full diff in compare view
  
  
  
  Updates dset from 3.1.3 to 3.1.4
  
  Commits
  
  05b1ec0 3.1.4
  16d6154 fix: prevent proto assignment via implicit string
  See full diff in compare view
  
  
  
  Updates ejs from 3.1.9 to 3.1.10
  
  Release notes
  Sourced from ejs's releases.
  
  v3.1.10
  Version 3.1.10
  
  
  
  Commits
  
  d3f807d Version 3.1.10
  9ee26dd Mocha TDD
  e469741 Basic pollution protection
  715e950 Merge pull request #756 from Jeffrey-mu/main
  cabe314 Include advanced usage examples
  29b076c Added header
  11503c7 Merge branch 'main' of github.com:mde/ejs into main
  7690404 Added security banner to README
  f47d7ae Update SECURITY.md
  828cea1 Update SECURITY.md
  Additional commits viewable in compare view
  
  
  
  Updates es5-ext from 0.10.62 to 0.10.64
  
  Release notes
  Sourced from es5-ext's releases.
  
  0.10.64 (2024-02-27)
  Bug Fixes
  
  Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)
  
  
  Comparison since last release
  0.10.63 (2024-02-23)
  Bug Fixes
  
  Do not rely on problematic regex (3551cdd), addresses #201
  Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)
  
  Maintenance Improvements
  
  Simplify the manifest message (7855319)
  
  
  Comparison since last release
  
  
  
  Changelog
  Sourced from es5-ext's changelog.
  
  0.10.64 (2024-02-27)
  Bug Fixes
  
  Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)
  
  0.10.63 (2024-02-23)
  Bug Fixes
  
  Do not rely on problematic regex (3551cdd), addresses #201
  Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)
  
  Maintenance Improvements
  
  Simplify the manifest message (7855319)
  
  
  
  
  Commits
  
  f76b03d chore: Release v0.10.64
  2881acd chore: Bump dependencies
  c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  16f2b72 docs: Fix date in the changelog
  de4e03c chore: Release v0.10.63
  3fd53b7 chore: Upgrade lint-staged to v13
  bf8ed79 chore: Ensure postinstall script does not crash on Windows
  2cbbb07 chore: Bump dependencies
  22d0416 chore: Bump LICENSE year
  a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  Additional commits viewable in compare view
  
  
  
  Updates express from 4.18.2 to 4.21.1
  
  Release notes
  Sourced from express's releases.
  
  4.21.1
  What's Changed
  
  Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
  Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031
  
  Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1
  4.21.0
  What's Changed
  
  Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
  [email protected] by @​wesleytodd in expressjs/express#5954
  fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
  Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946
  
  New Contributors
  
  @​agadzinski93 made their first contribution in expressjs/express#5946
  
  Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0
  4.20.0
  What's Changed
  Important
  
  IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  Remove link renderization in html while using res.redirect
  
  Other Changes
  
  4.19.2 Staging by @​wesleytodd in expressjs/express#5561
  remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
  feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
  Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
  Add a Threat Model by @​UlisesGascon in expressjs/express#5526
  Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
  Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
  docs: update Security.md by @​inigomarquinez in expressjs/express#5590
  docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
  Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
  docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
  deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
  skip QUERY method test by @​jonchurch in expressjs/express#5628
  ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
  add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
  doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
  List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
  docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
  ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
  [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
  skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
  
  
  
  ... (truncated)
  
  
  Changelog
  Sourced from express's changelog.
  
  4.21.1 / 2024-10-08
  
  Backported a fix for CVE-2024-47764
  
  4.21.0 / 2024-09-11
  
  Deprecate res.location("back") and res.redirect("back") magic string
  deps: [email protected]
  
  includes [email protected]
  
  
  deps: [email protected]
  deps: [email protected]
  
  4.20.0 / 2024-09-10
  
  deps: [email protected]
  
  Remove link renderization in html while redirecting
  
  
  deps: [email protected]
  
  Remove link renderization in html while redirecting
  
  
  deps: [email protected]
  
  add depth option to customize the depth level in the parser
  IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  
  
  Remove link renderization in html while using res.redirect
  deps: [email protected]
  
  Adds support for named matching groups in the routes using a regex
  Adds backtracking protection to parameters without regexes defined
  
  
  deps: encodeurl@~2.0.0
  
  Removes encoding of \, |, and ^ to align better with URL spec
  
  
  Deprecate passing options.maxAge and options.expires to res.clearCookie
  
  Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
  
  
  
  4.19.2 / 2024-03-25
  
  Improved fix for open redirect allow list bypass
  
  4.19.1 / 2024-03-20
  
  Allow passing non-strings to res.location with new encoding handling checks
  
  4.19.0 / 2024-03-20
  
  Prevent open redirect allow list bypass due to encodeurl
  deps: [email protected]
  
  4.18.3 / 2024-02-29
  
  
  ... (truncated)
  
  
  Commits
  
  8e229f9 4.21.1
  a024c8a fix(deps): [email protected]
  7e562c6 4.21.0
  1bcde96 fix(deps): [email protected] (#5946)
  7d36477 fix(deps): [email protected] (#5951)
  40d2d8f fix(deps): [email protected]
  77ada90 Deprecate "back" magic string in redirects (#5935)
  21df421 4.20.0
  4c9ddc1 feat: upgrade to [email protected]
  9ebe5d5 feat: upgrade to [email protected] (#5928)
  Additional commits viewable in compare view
  
  
  
  Maintainer changes
  This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.
  
  
  Updates follow-redirects from 1.15.5 to 1.15.9
  
  Commits
  
  e4e55c7 Release version 1.15.9 of the npm package.
  31a1abf Attempt much more gentle detection.
  d2aaa97 Fix url field.
  62558f0 Release version 1.15.8 of the npm package.
  a8d1cee Return subtlety.
  458ca8e Fix native URL test for Node 20.
  ca49e44 Handle KeepAlive connections in tests.
  f3711d7 Test on Node 20 and 22.
  fda0faf Fix typo.
  760757f Release version 1.15.7 of the npm package.
  Additional commits viewable in compare view
  
  
  
  Updates msgpackr from 1.9.1 to 1.11.2
  
  Commits
  
  See full diff in compare view
  
  
  
  Updates path-to-regexp from 0.1.7 to 0.1.10
  
  Release notes
  Sourced from path-to-regexp's releases.
  
  Backtrack protection
  Fixed
  
  Add backtrack protection to parameters  29b96b4
  
  This will break some edge cases but should improve performance
  
  
  
  https://github.com/pillarjs/path-to-regexp/compare/v0.1.9...v0.1.10
  Support non-lookahead regex output
  Added
  
  Allow a non-lookahead regex (#312)  c4272e4
  
  https://github.com/component/path-to-regexp/compare/v0.1.8...v0.1.9
  Support named matching groups in RegExp
  Added
  
  Add support for named matching groups (#301)  114f62d
  
  https://github.com/pillarjs/path-to-regexp/compare/v0.1.7...v0.1.8
  
  
  
  Commits
  
  c827fce 0.1.10
  29b96b4 Add backtrack protection to parameters
  ac4c234 Update repo url (#314)
  bdb6635 0.1.9
  c4272e4 Allow a non-lookahead regex (#312)
  51a1955 0.1.8
  114f62d Add support for named matching groups (#301)
  See full diff in compare view
  
  
  
  Updates rollup from 4.10.0 to 4.22.4
  
  Release notes
  Sourced from rollup's releases.
  
  v4.22.4
  4.22.4
  2024-09-21
  Bug Fixes
  
  Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
  
  Pull Requests
  
  #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
  #5671: Fix DOM Clobbering CVE (@​lukastaegert)
  
  v4.22.3
  4.22.3
  2024-09-21
  Bug Fixes
  
  Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)
  
  Pull Requests
  
  #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)
  
  v4.22.2
  4.22.2
  2024-09-20
  Bug Fixes
  
  Revert fix for side effect free modules until other issues are investigated (#5667)
  
  Pull Requests
  
  #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)
  
  v4.22.1
  4.22.1
  2024-09-20
  Bug Fixes
  
  Revert #5644 "stable chunk hashes" while issues are being investigated
  
  Pull Requests
  
  
  ... (truncated)
  
  
  Changelog
  Sourced from rollup's changelog.
  
  4.22.4
  2024-09-21
  Bug Fixes
  
  Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)
  
  Pull Requests
  
  #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
  #5671: Fix DOM Clobbering CVE (@​lukastaegert)
  
  4.22.3
  2024-09-21
  Bug Fixes
  
  Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)
  
  Pull Requests
  
  #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)
  
  4.22.2
  2024-09-20
  Bug Fixes
  
  Revert fix for side effect free modules until other issues are investigated (#5667)
  
  Pull Requests
  
  #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)
  
  4.22.1
  2024-09-20
  Bug Fixes
  
  Revert #5644 "stable chunk hashes" while issues are being investigated
  
  Pull Requests
  
  #5663: chore(deps): update dependency inquirer to v11 (@​renovate[bot], @​lukastaegert)
  #5664: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
  #5665: fix: type in CI file (@​YuHyeonWook)
  
  
  
  ... (truncated)
  
  
  Commits
  
  79c0aba 4.22.4
  e2552c9 Fix DOM Clobbering CVE (#5671)
  10ab90e refactor: Use object.prototype to check for reserved properties (#5670)
  e1cba8e 4.22.3
  59cec3e Ensure impure dependencies of pure modules are added (#5669)
  b86ffd7 4.22.2
  d5ff63d Partially revert #5658 and re-apply #5644 (#5667)
  0a821d9 Create SECURITY.md
  76e962d 4.22.1
  68c23da Partially revert #5644
  Additional commits viewable in compare view
  
  
  
  Updates send from 0.18.0 to 0.19.0
  
  Release notes
  Sourced from send's releases.
  
  0.19.0
  What's Changed
  
  Remove link renderization in html while redirecting (pillarjs/send#235)
  
  New Contributors
  
  @​UlisesGascon made their first contribution in pillarjs/send#235
  
  Full Changelog: https://github.com/pillarjs/send/compare/0.18.0...0.19.0
  
  
  
  Changelog
  Sourced from send's changelog.
  
  0.19.0 / 2024-09-10
  
  Remove link renderization in html while redirecting
  
  
  
  
  Commits
  
  9d2db99 0.19.0
  ae4f298 Merge commit from fork
  See full diff in compare view
  
  
  
  Maintainer changes
  This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
  
  
  Updates serve-static from 1.15.0 to 1.16.2
  
  Release notes
  Sourced from serve-static's releases.
  
  1.16.0
  What's Changed
  
  Remove link renderization in html while redirecting (expressjs/serve-static#173)
  
  New Contributors
  
  @​UlisesGascon made their first contribution in expressjs/serve-static#173
  
  Full Changelog: https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0
  
  
  
  Changelog
  Sourced from serve-static's changelog.
  
  1.16.2 / 2024-09-11
  
  deps: encodeurl@~2.0.0
  
  1.16.1 / 2024-09-11
  
  deps: [email protected]
  
  1.16.0 / 2024-09-10
  
  Remove link renderization in html while redirecting
  
  
  
  
  Commits
  
  ec9c5ec 1.16.2
  f454d37 fix(deps): encodeurl@~2.0.0
  77a8255 1.16.1
  4263f49 fix(deps): [email protected]
  48c7397 1.16.0
  0c11fad Merge commit from fork
  See full diff in compare view
  
  
  
  Maintainer changes
  This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.
  
  
  Updates tar from 6.1.14 to 6.2.1
  
  Changelog
  Sourced from tar's changelog.
  
  Changelog
  7.4
  
  Deprecate onentry in favor of onReadEntry for clarity.
  
  7.3
  
  Add onWriteEntry option
  
  7.2
  
  DRY the command definitions into a single makeCommand method,
  and update the type signatures to more appropriately infer the
  return type from the options and arguments provided.
  
  7.1
  
  Update minipass to v7.1.0
  Update the type definitions of write() and end() methods on
  Unpack and Parser classes to be compatible with the
  NodeJS.WritableStream type in the latest versions of
  @types/node.
  
  7.0
  
  Rewrite in TypeScript, provide ESM and CommonJS hybrid
  interface
  Add tree-shake friendly exports, like import('tar/create')
  and import('tar/read-entry') to get individual functions or
  classes.
  Add chmod option that defaults to false, and deprecate
  noChmod. That is, reverse the default option regarding
  explicitly setting file system modes to match tar entry
  settings.
  Add processUmask option to avoid having to call
  process.umask() when chmod: true (or noChmod: false) is
  set.
  
  6.2
  
  Add support for brotli compression
  Add maxDepth option to prevent extraction into excessively
  deep folders.
  
  6.1
  
  remove dead link to benchmarks (#313) (@​yetzt)
  add examples/explanation of using tar.t (@​isaacs)
  ensure close event is emited after stream has ended (@​webark)
  
  
  
  ... (truncated)
  
  
  Commits
  
  bef7b1e 6.2.1
  fe8cd57 prevent extraction in excessively deep subfolders
  fe7ebfd remove security.md
  5bc9d40 6.2.0
  fe1ef5e changelog 6.2
  e483220 get rid of npm lint stuff
  689928a ci that works outside of npm org
  db6f539 file inference improvements for .tbr and .tgz
  336fa8f refactor: dry and other pr comments
  eeba222 chore: lint fixes
  Additional commits viewable in compare view
  
  
  
  Updates vite from 5.1.4 to 5.4.6
  
  Release notes
  Sourced from vite's releases.
  
  v5.4.6
  Please refer to CHANGELOG.md for details.
  v5.4.5
  Please refer to CHANGELOG.md for details.
  v5.4.4
  Please re...
  Description has been truncated