Skip to content

chore(deps): bump qs and express in /app #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 37 commits into from
Closed

chore(deps): bump qs and express in /app #58

wants to merge 37 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2022
edited
Loading

Bumps qs to 6.11.0 and updates ancestor dependency express. These dependencies need to be updated together.

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

  • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
  • [meta] use npmignore to autogenerate an npmignore file
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

  • [Fix] stringify: actually fix cyclic references (#426)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [actions] update codecov uploader
  • [actions] update workflows
  • [Tests] clean up stringify tests slightly
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

  • [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

  • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
  • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
  • [meta] fix README.md (#399)
  • [meta] only run npm run dist in publish, not install
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
  • [Tests] fix tests on node v0.6
  • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
  • [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits
  • 56763c1 v6.11.0
  • ddd3e29 [readme] fix version badge
  • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
  • 95bc018 v6.10.5
  • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
  • ba9703c v6.10.4
  • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
  • 113b990 [Dev Deps] update object-inspect
  • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
  • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
  • Additional commits viewable in compare view

Updates express from 4.17.1 to 4.18.2

Release notes

Sourced from express's releases.

4.18.2

4.18.1

  • Fix hanging on large stack of sync routes

4.18.0

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

renovate-bot and others added 24 commits May 9, 2021 19:03
@renovate-bot
chore(deps): update dependency hosted-git-info to 2.8.9 [security]
fb58e3e
@dependabot
chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9
1a0c3a0 
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.8.8...v2.8.9)

Signed-off-by: dependabot[bot] <[email protected]>
@koromerzhin
Merge pull request #29 from koromerzhin/dependabot/npm_and_yarn/hoste…
1c4e175 
…d-git-info-2.8.9

chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9
@koromerzhin
Merge pull request #28 from koromerzhin/renovate/npm-hosted-git-info-…
2dc10d8 
…vulnerability

chore(deps): update dependency hosted-git-info to 2.8.9 [security]
@renovate-bot
chore(deps): update dependency jscpd to v3.3.26
bbe3999
@koromerzhin
Merge pull request #31 from koromerzhin/renovate/jscpd-3.x
e514b56
@koromerzhin
fix(docker): add host
0d58dc1
@koromerzhin
feat(makefile): add arguments
0e16545
@koromerzhin
feat(makefile): add arguments
e6f9a4d
@koromerzhin
fix(makefile): correction docker init
44b0ba7
@koromerzhin
feat(docker): update to lampy
7c19c98
@koromerzhin
fix(makefile): add color
b87b957
@koromerzhin
fix(makefile): add color
bb32fa0
@koromerzhin
fix(makefile): simplification
bd52d28
@koromerzhin
fix(deps): update
30bff14
@koromerzhin
fix(deps): update
11b128e
@koromerzhin
fix(makefile): commands with arguments
05f7ae6
@koromerzhin
fix(docker): launch lampy
7de9748
@koromerzhin
fix(libs): update koromerzhin-dependencies
f22287f
@koromerzhin
Update docker-compose.yml
be73321
@koromerzhin
fix(docker): use official image
48e9b38
@renovate-bot
chore(deps): update actions/checkout action to v3
ba53732
@koromerzhin
Merge pull request #47 from koromerzhin/renovate/actions-checkout-3.x
5e7d624
@koromerzhin
fix(doc): to download
f4a45ed
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 8, 2022
@guardrails
Copy link

guardrails bot commented Dec 8, 2022

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity Details
High pkg:npm/[email protected]@4.18.2 - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/app/qs-and-express-6.11.0 branch from ea324cc to cc21998 Compare January 24, 2023 14:11
koromerzhin and others added 2 commits January 24, 2023 16:19
@koromerzhin
fix(libs): update [email protected]
090e8f9
@dependabot
chore(deps): bump qs and express in /app
0e01fce 
Bumps [qs](https://github.com/ljharb/qs) to 6.11.0 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `qs` from 6.7.0 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `express` from 4.17.1 to 4.18.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.18.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/app/qs-and-express-6.11.0 branch from cc21998 to 0e01fce Compare January 24, 2023 15:20
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 30, 2023

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

2 similar comments
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 30, 2023

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 1, 2023

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@koromerzhin koromerzhin force-pushed the develop branch 2 times, most recently from 7e31b33 to 2be921a Compare October 11, 2025 11:22
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 21, 2025

Superseded by #114.

@dependabot dependabot bot closed this Oct 21, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/app/qs-and-express-6.11.0 branch October 21, 2025 10:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @koromerzhin