⬆️(deps): Bump the npm-major group across 1 directory with 3 updates#2216
Closed
dependabot[bot] wants to merge 1 commit into
Closed
⬆️(deps): Bump the npm-major group across 1 directory with 3 updates#2216dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm-major group with 3 updates in the / directory: [express](https://github.com/expressjs/express), [jose](https://github.com/panva/jose) and [js-yaml](https://github.com/nodeca/js-yaml). Updates `express` from 4.22.2 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v4.22.2...v5.2.1) Updates `jose` from 5.10.0 to 6.2.3 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](panva/jose@v5.10.0...v6.2.3) Updates `js-yaml` from 4.2.0 to 5.1.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.2.0...5.1.0) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-major - dependency-name: jose dependency-version: 6.2.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-major - dependency-name: js-yaml dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm-major ... Signed-off-by: dependabot[bot] <support@github.com>
b932d2a to
2352c23
Compare
lissy93
reviewed
Jun 27, 2026
lissy93
left a comment
Owner
There was a problem hiding this comment.
no, because express update is incompatible.
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm-major group with 3 updates in the / directory: express, jose and js-yaml.
Updates
expressfrom 4.22.2 to 5.2.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
dbac7415.2.1697547cRevert "sec: security patch for CVE-2024-51999"4007ad1Release: 5.2.0 (#6920)2f64f68sec: security patch for CVE-2024-51999ed0ba3fbuild(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)8eace46build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)30bae81build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)758d435deps: body-parser@^2.2.1 (#6922)77bcd52docs: update emeritus triagers (#6890)f33caf1Nominate to@efekrsklfor triage team (#6888)Updates
josefrom 5.10.0 to 6.2.3Release notes
Sourced from jose's releases.
... (truncated)
Changelog
Sourced from jose's changelog.
... (truncated)
Commits
41ad7e9chore(release): 6.2.3988e90fchore: account for commit-and-tag-version instead of standard-version4b24656chore: update CHANGELOG.md header0cdb851refactor: cleanly reject invalid PBES2 p2ca0b261etest: update Bun expectationsb39dc1achore: use fs.globSync0675be1build: replace rollup umd build with a custom esbuild iife wrap9b03323chore: bump packages914b73dchore(deps-dev): bump lodash9dce817chore: bump packagesMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for jose since your current version.
Updates
js-yamlfrom 4.2.0 to 5.1.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
f1e45cd5.1.0 released53b22beFix constructor coveragea1eaa2bFix quote style options and restore forceQuotes0532e7dAdd finalizers for immutable collection tags9f00b91tests: drop the rest of issues tests, move a small fraction of useful checks ...6be5d46tests: drop not actual or duplicating issue tests (covered in other places)a7c9766Fix !!pairs coverage75148bc5.0.0 released704b25dQuote document markers followed by whitespace42dea28Support complex !!pairs keys with realMapTag