Bump the npm_and_yarn group across 1 directory with 47 updates

[dependabot]

Bumps the npm_and_yarn group with 38 updates in the / directory:

Package	From	To
aws-sdk	2.211.0	2.814.0
express	4.16.3	4.19.2
formidable	1.2.1	3.2.4
jsonwebtoken	8.2.0	9.0.0
lodash	4.17.5	4.17.21
log4js	3.0.5	6.4.0
markdown-it	8.4.1	12.3.2
moment	2.21.0	2.29.4
morgan	1.9.0	1.9.1
mysql2	1.5.2	3.9.7
nodemailer	4.6.3	6.9.9
pug	2.0.1	3.0.1
redis	2.8.0	3.1.1
request	2.85.0	2.88.2
sequelize	4.37.1	6.29.0
validator	10.6.0	13.7.0
dot-prop	4.2.0	4.2.1
extend	3.0.1	3.0.2
mime	1.3.6	1.6.0
qiniu	7.1.3	7.11.1
growl	1.9.2	removed
mocha	3.5.3	10.4.0
handlebars	4.0.11	4.7.8
helmet-csp	2.7.0	2.10.0
helmet	3.12.0	3.23.3
js-yaml	3.11.0	3.14.1
minimist	1.2.0	1.2.8
extract-zip	1.6.6	1.7.0
mkdirp	0.5.0	0.5.6
mem	1.1.0	4.3.0
yargs	12.0.1	12.0.5
minimatch	3.0.4	3.1.2
recursive-readdir	2.2.2	2.2.3
protobufjs	4.1.3	7.2.6
aliyun-sdk	1.11.10	1.12.10
qs	6.5.1	6.11.0
body-parser	1.18.2	1.20.2
y18n	3.2.1	4.0.3

Updates aws-sdk from 2.211.0 to 2.814.0

Changelog

Sourced from aws-sdk's changelog.

2.814.0

• bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to proto
• feature: EC2: EBS io2 volumes now supports Multi-Attach
• feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression.
• feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API.

2.813.0

• feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config
• feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM)
• feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances
• feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder.
• feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response
• feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53.
• feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
• feature: SQS: Amazon SQS adds queue attributes to enable high throughput FIFO.
• feature: ServiceCatalog: Support TagOptions sharing with Service Catalog portfolio sharing.

2.812.0

• feature: CostExplorer: This release updates the "MonitorArnList" from a list of String to be a list of Arn for both CreateAnomalySubscription and UpdateAnomalySubscription APIs
• feature: Location: Initial release of Amazon Location Service. A new geospatial service providing capabilities to render maps, geocode/reverse geocode, track device locations, and detect geofence entry/exit events.
• feature: QuickSight: QuickSight now supports connecting to federated data sources of Athena
• feature: WellArchitected: This is the first release of AWS Well-Architected Tool API support, use to review your workload and compare against the latest AWS architectural best practices.

2.811.0

• feature: Amp: (New Service) Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale.
• feature: GreengrassV2: AWS IoT Greengrass V2 is a new major version of AWS IoT Greengrass. This release adds several updates such as modular components, continuous deployments, and improved ease of use.
• feature: IoTAnalytics: FileFormatConfiguration enables data store to save data in JSON or Parquet format. S3Paths enables you to specify the S3 objects that save your channel messages when you reprocess the pipeline.
• feature: IoTFleetHub: AWS IoT Fleet Hub, a new feature of AWS IoT Device Management that provides a web application for monitoring and managing device fleets connected to AWS IoT at scale.
• feature: IoTWireless: AWS IoT for LoRaWAN enables customers to setup a private LoRaWAN network by connecting their LoRaWAN devices and gateways to the AWS cloud without managing a LoRaWAN Network Server.
• feature: Iot: AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection.
• feature: IotDeviceAdvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
• feature: Lambda: Added support for Apache Kafka as a event source. Added support for TumblingWindowInSeconds for streams event source mappings. Added support for FunctionResponseTypes for streams event source mappings
• feature: SSM: Adding support for Change Manager API content

2.810.0

• feature: DevOpsGuru: Documentation updates for DevOps Guru.
• feature: EC2: Add c5n.metal to ec2 instance types list
• feature: GlobalAccelerator: This release adds support for custom routing accelerators

2.809.0

• feature: AutoScaling: Documentation updates and corrections for Amazon EC2 Auto Scaling API Reference and SDKs.
• feature: CloudTrail: CloudTrailInvalidClientTokenIdException is now thrown when a call results in the InvalidClientTokenId error code. The Name parameter of the AdvancedEventSelector data type is now optional.
• feature: IoTSiteWise: Added the ListAssetRelationships operation and support for composite asset models, which represent structured sets of properties within asset models.

2.808.0

• feature: EC2: TGW connect simplifies connectivity of SD-WAN appliances; IGMP support for TGW multicast; VPC Reachability Analyzer for VPC resources connectivity analysis.
• feature: Kendra: Amazon Kendra now supports adding synonyms to an index through the new Thesaurus resource.
• feature: NetworkManager: This release adds API support for Transit Gateway Connect integration into AWS Network Manager.

2.807.0

... (truncated)

Commits

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackups...
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• Additional commits viewable in compare view

Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates formidable from 1.2.1 to 3.2.4

Release notes

Sourced from formidable's releases.

3.2.4

No release notes provided.

3.1.4

https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md

Changelog

Sourced from formidable's changelog.

3.2.4

• fix: (#857) improve keep extension
• The code from before 3.2.4 already removed some characters from the file extension. But not always. So it was inconsistent.
• The new code cuts the file extension at the first invalid character (invalid in a file extension).
• The characters that are considered invalid inside a file extension are all except the . numbers and a-Z.
• This change only has an effect if filename option is not used and keepextension option is used

3.2.3

• fix: (#852) end event is emitted once

3.2.2

• refactor: (#801)

3.2.1

• fix: do not let empty file on error (#796)
• it was probably due to the fact that .destroy on a file stream does not always complete on time

3.2.0

• feat: maxFileSize option is now per file (as the name suggests) (#791)
• feat: add maxFiles option, default Infinity
• feat: add maxTotalFileSize, default is maxFileSize (for backwards compatibility)
• fix: minFileSize is per file
• fix: allowEmptyFiles fix in cases where one file is not empty
• fix: allowEmptyFiles false option by default
• fix: rename wrongly named error
• refactor: rename wrongly named maxFileSize into maxTotalFileSize

3.1.5

• fix: PersistentFile.toString (#796)

3.1.4

• fix: add missing pluginFailed error (#794)
• refactor: use explicit node imports (#786)

3.1.1

• feat: handle top level json array, string and number

3.1.0

... (truncated)

Commits

• 81dd350 fix: Improve keep extension (#857)
• 971e3a7 chore: publish
• 92df3c8 fix: IncomingForm end event emitted twice (#852)
• 21efa7d chore(deps): bump istanbul-reports from 3.0.2 to 3.1.4 (#844)
• 8009584 chore(kodiak): always update PRs
• d6c17f1 chore: fix dependabot error
• 7ea655e chore: do not add reviewers to dep update prs (#845)
• 635b4f8 chore: add Dependabot settings (#837)
• a93060c chore: fix kodiak config (#838)
• 7fbf974 chore: add KodiakHQ service (#836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by grossacasacs, a new releaser for formidable since your current version.

Updates jsonwebtoken from 8.2.0 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

• fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

• README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

• feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573
• Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

• Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555
• Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577
• Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544
• ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

Docs

• Fix 'cert' token which isn't a cert (#554) (0c24fe68cd2866cea6322016bf993cd897fefc98), closes #554

8.4.0 - 2018-11-14

New Functionality

... (truncated)

Commits

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates lodash from 4.17.5 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates log4js from 3.0.5 to 6.4.0

Changelog

Sourced from log4js's changelog.

6.4.0 - BREAKING CHANGE 💥

New default file permissions may cause external applications unable to read logs. A manual code/configuration change is required.

• feat: added warnings when log() is used with invalid levels before fallbacking to INFO - thanks @​abernh
• feat: exposed Recording - thanks @​polo-language
• fix: default file permission to be 0o600 instead of 0o644 - thanks ranjit-git and @​lamweili
  • docs: updated fileSync.md and misc comments - thanks @​lamweili
• fix: file descriptor leak if repeated configure() - thanks @​lamweili
• fix: MaxListenersExceededWarning from NodeJS - thanks @​lamweili
  • test: added assertion for increase of SIGHUP listeners on log4js.configure() - thanks @​lamweili
• fix: missing TCP appender with Webpack and Typescript - thanks @​techmunk
• fix: dateFile appender exiting NodeJS on error - thanks @​4eb0da
  • refactor: using writer.writable instead of alive for checking - thanks @​lamweili
• fix: TCP appender exiting NodeJS on error - thanks @​jhonatanTeixeira
• fix: multiprocess appender exiting NodeJS on error - thanks @​harlentan
• test: update fakeFS.read as graceful-fs uses it - thanks @​lamweili
• test: update fakeFS.realpath as fs-extra uses it - thanks @​lamweili
• test: added tap.tearDown() to clean up test files
  • test: #1143 - thanks @​lamweili
  • test: #1022 - thanks @​abetomo
• type: improved @​types for AppenderModule - thanks @​nicobao
• type: Updated fileSync appender types - thanks @​lamweili
• type: Removed erroneous type in file appender - thanks @​vdmtrv
• type: Updated Logger.log type - thanks @​ZLundqvist
• type: Updated Logger._log type - thanks @​lamweili
• type: Updated Logger.level type - thanks @​lamweili
• type: Updated Levels.getLevel type - thanks @​saulzhong
• chore(deps): bump streamroller from 3.0.1 to 3.0.2 - thanks @​lamweili
• chore(deps): bump date-format from 4.0.2 to 4.0.3 - thanks @​lamweili
• chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0 - thanks @​lamweili
• chore(deps-dev): bump nyc from 14.1.1 to 15.1.0 - thanks @​lamweili
• chore(deps-dev): bump eslint from 5.16.0 to 8.6.0 - thanks @​lamweili
• chore(deps): bump flatted from 2.0.2 to 3.2.4 - thanks @​lamweili
• chore(deps-dev): bump fs-extra from 8.1.0 to 10.0.0 - thanks @​lamweili
• chore(deps): bump streamroller from 2.2.4 to 3.0.1 - thanks @​lamweili
  • fix: compressed file ignores dateFile appender "mode" - thanks @​rnd-debug
  • fix: #1039 where there is an additional separator in filename ([email protected] changelog)
  • fix: #1035, #1080 for daysToKeep naming confusion ([email protected] changelog)
  • refactor: migrated from daysToKeep to numBackups due to streamroller@^3.0.0 - thanks @​lamweili
  • feat: allows for zero backups - thanks @​lamweili
• chore(deps): bump date-format from 3.0.0 to 4.0.2 - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0
  • chore(deps-dev): bump eslint-plugin-prettier from 3.4.1 to 4.0.0
  • chore(deps-dev): bump husky from 3.1.0 to 7.0.4
  • chore(deps-dev): bump prettier from 1.19.0 to 2.5.1
  • chore(deps-dev): bump typescript from 3.9.10 to 4.5.4
• chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0 - thanks @​lamweili

... (truncated)

Commits

• 9fdbed5 6.4.0
• 788c7a8 Merge pull request #1150 from log4js-node/update-changelog
• 7fdb141 chore: updated changelog for 6.4.0
• e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
• ac599e4 allow for zero backup - in sync with https://github.com/log4js-node/streamrol...
• 53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
• 436d9b4 Merge pull request #1148 from log4js-node/update-docs
• d6b017e chore(docs): updated fileSync.md and misc comments
• d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
• 0ad0133 Merge pull request #1147 from log4js-node/update-deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates markdown-it from 8.4.1 to 12.3.2

Changelog

Sourced from markdown-it's changelog.

[12.3.2] - 2022-01-08

Security

• Fix possible ReDOS in newline rule. Thanks to @​MakeNowJust.

[12.3.1] - 2022-01-07

Fixed

• Fix corner case when tab prevents paragraph continuation in lists, #830.

[12.3.0] - 2021-12-09

Changed

• StateInline.delimiters[].jump is removed.

Fixed

• Fixed quadratic complexity in pathological ***<10k stars>***a***<10k stars>*** case.

[12.2.0] - 2021-08-02

Added

• Ordered lists: add order value to token info.

Fixed

• Always suffix indented code block with a newline, #799.

[12.1.0] - 2021-07-01

Changed

• Updated CM spec compatibility to 0.30.

[12.0.6] - 2021-04-16

Fixed

• Newline in alt should be rendered, #775.

[12.0.5] - 2021-04-15

Fixed

• HTML block tags with === inside are no longer incorrectly interpreted as headers, #772.
• Fix table/list parsing ambiguity, #767.

[12.0.4] - 2020-12-20

Fixed

• Fix crash introduced in 12.0.3 when processing strikethrough (~~) and similar plugins, #742.
• Avoid fenced token mutation, #745.

[12.0.3] - 2020-12-07

Fixed

... (truncated)

Commits

• d72c68b 12.3.2 released
• aca3396 dist rebuild
• ffc49ab Fix possible ReDOS in newline rule.
• 76469e8 12.3.1 released
• ae5a243 dist rebuild
• 1cd8a51 Fix tab preventing paragraph continuation in lists
• 830757c Fix spelling error in question Github Template (#835)
• 2e31d34 12.3.0 released
• 393354c Dist rebuild
• 8564eed Dev deps bump
• Additional commits viewable in compare view

Updates moment from 2.21.0 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

• Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

• Release May 19, 2020

... (truncated)

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates morgan from 1.9.0 to 1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

Commits

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: [email protected]
• f60afd5 build: [email protected]
• 5295b0c build: [email protected]
• 178daaf build: [email protected]
• 7b08641 build: [email protected]
• Additional commits viewable in compare view

Updates mysql2 from 1.5.2 to 3.9.7

Release notes

Sourced from mysql2's releases.

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

• SSL: separate each certificate into an individual item #2542 (63f1055)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
  • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• security: improve results object creation (#2574) (4a964a3)
  • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

Bug Fixes

• security: improve cache key formation (#2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#2131) (d9dccfd)

v3.9.2

3.9.2 (2024-02-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

• docs: improve the contribution guidelines (