Bump the npm group across 1 directory with 6 updates

[dependabot]

Bumps the npm group with 6 updates in the / directory:

Package	From	To
axios	1.7.2	1.7.7
semver	7.6.2	7.6.3
express	4.19.2	4.21.0
grunt-cli	1.4.3	1.5.0
grunt-nw-builder	4.7.4	4.10.0
mocha	10.4.0	10.7.3

Updates axios from 1.7.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates semver from 7.6.2 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

Commits

• 0a12d6c chore: release 7.6.3 (#720)
• 73a3d79 fix: optimize Range parsing and formatting (#726)
• 2975ece docs: fix extra backtick typo (#719)
• See full diff in compare view

Updates express from 4.19.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• Additional commits viewable in compare view

Updates grunt-cli from 1.4.3 to 1.5.0

Release notes

Sourced from grunt-cli's releases.

v1.5.0

• package version for np 7f5c4e8
• v1.5.0 (#157) bd5917d
• Update from nopt 4.x to nopt 5.0.0 (#156) f33cc6a
• Updated dependencies on v8flags to latest, v8flags no longer uses an md5 hash. (#154) 670029a

gruntjs/grunt-cli@v1.4.3...v1.5.0

Changelog

Sourced from grunt-cli's changelog.

• v1.5.0:
  • date: 2024-07-20
  • changes:
    • Update "v8flags" dependency to support FIPS-enabled systems.
    • Update "nopt"d peendency to fix "osenv" deprecation warning.
• v1.4.1:
  • date: 2021-05-24
  • changes:
    • fix preload option for latest grunt
• v1.4.0:
  • date: 2021-03-25
  • changes:
    • updated dependencies
    • Requires node >= 10
• v1.3.2:
  • date: 2018-11-04
  • changes:
    • bump v8 flags dependency
• v1.3.1:
  • date: 2018-08-18
  • changes:
    • cwd option fix
• v1.3.0:
  • date: 2018-08-15
  • changes:
    • Switch to 'liftoff' module for CLI
    • Dropped support for node 0.10, 0.12.
• v1.2.0
  • date: 2016-04-01
  • changes:
    • Use shared grunt-known-options module.
• v1.1.0
  • date: 2016-03-22
  • changes:
    • Update to "nopt": "~3.0.6".
    • nopt is upgraded to ~3.0.6 which has fixed many issues, including passing multiple arguments and dealing with numbers as options. Be aware previously --foo bar used to pass the value 'bar' to the option foo. It will now set the option foo to true and run the task bar.
• v1.0.1
  • date: 2016-03-22
  • changes:
    • Revert to "nopt": "~1.0.10" due to issues with the update.
• v1.0.0
  • date: 2016-03-21
  • changes:
    • Update dev deps
    • Update error message when Gruntfile is not found
• v1.0.0-rc1
  • date: 2016-02-11
  • changes:
    • Update findup-sync and other deps

... (truncated)

Commits

• 8c791ef 1.5.0
• 7f5c4e8 package version for np
• bd5917d v1.5.0 (#157)
• f33cc6a Update from nopt 4.x to nopt 5.0.0 (#156)
• 670029a Updated dependencies on v8flags to latest, v8flags no longer uses an md5 hash...
• See full diff in compare view

Updates grunt-nw-builder from 4.7.4 to 4.10.0

Release notes

Sourced from grunt-nw-builder's releases.

v4.10.0

4.10.0 (2024-08-27)

Features

• deps: bump nw-builder from 4.9.0 to 4.10.0 in the npm group (#222) (62324e2)

Bug Fixes

• deps: bump micromatch from 4.0.7 to 4.0.8 in the npm_and_yarn group (#224) (6d58c65)

v4.9.0

4.9.0 (2024-08-20)

Features

• deps: bump nw-builder from 4.8.1 to 4.9.0 in the npm group (#221) (43d3b2a)

Chores

• deps: bump axios from 1.7.3 to 1.7.4 in the npm_and_yarn group (#219) (4bb8de6)

v4.8.1

4.8.1 (2024-08-14)

Bug Fixes

• deps: upgrade nw-builder to v4.8.1 (754a2e9)
• docs: correct typo (27d4eb0)

v4.8.0

4.8.0 (2024-07-27)

Features

• deps: upgrade nw-builder to v4.8.0 (5055d49)

Bug Fixes

• correct version in release please manifest (0aa05e8)
• git: resolve conflicts (dabe54f)

... (truncated)

Changelog

Sourced from grunt-nw-builder's changelog.

4.10.0 (2024-08-27)

Features

• deps: bump nw-builder from 4.9.0 to 4.10.0 in the npm group (#222) (62324e2)

Bug Fixes

• deps: bump micromatch from 4.0.7 to 4.0.8 in the npm_and_yarn group (#224) (6d58c65)

4.9.0 (2024-08-20)

Features

• deps: bump nw-builder from 4.8.1 to 4.9.0 in the npm group (#221) (43d3b2a)

Chores

• deps: bump axios from 1.7.3 to 1.7.4 in the npm_and_yarn group (#219) (4bb8de6)

4.8.1 (2024-08-14)

Bug Fixes

• deps: upgrade nw-builder to v4.8.1 (754a2e9)
• docs: correct typo (27d4eb0)

4.8.0 (2024-07-27)

Features

• deps: upgrade nw-builder to v4.8.0 (5055d49)

Bug Fixes

• correct version in release please manifest (0aa05e8)
• git: resolve conflicts (dabe54f)

Chores

• bump actions/setup-node from 4.0.2 to 4.0.3 in /.github/workflows in the gha group (#215) (43f6a97)
• deps: bump selenium-webdriver from 4.22.0 to 4.23.0 in the npm group (#216) (32eb170)

... (truncated)

Commits

• See full diff in compare view

Updates mocha from 10.4.0 to 10.7.3

Release notes

Sourced from mocha's releases.

v10.7.3

10.7.3 (2024-08-09)

🩹 Fixes

• make release-please build work (#5194) (afd66ef)

v10.7.2

10.7.2 (2024-08-06)

📚 Documentation

• improve filtering (#5191) (1ac5b55)

🧹 Chores

• fix failing markdown linting (#5193) (7e7a2ec)

v10.7.1

10.7.1 (2024-08-06)

🩹 Fixes

• crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

• add knip to validate included dependencies (5c2989f)
• more fully remove assetgraph-builder and canvas (#5175) (1883c41)
• replace nps with npm scripts (#5128) (c44653a), closes #5126

v10.7.0

What's Changed

• feat: add option to not fail on failing test suite by @​ilgonmic in mochajs/mocha#4771

New Contributors

• @​ilgonmic made their first contribution in mochajs/mocha#4771

Full Changelog: mochajs/mocha@v10.6.1...v10.7.0

v10.6.1

What's Changed

• fix: do not exit when only unref'd timer is present in test code by @​boneskull in mochajs/mocha#3825
• fix: support canonical module by @​JacobLey in mochajs/mocha#5040

... (truncated)

Changelog

Sourced from mocha's changelog.

10.7.3 (2024-08-09)

🩹 Fixes

• make release-please build work (#5194) (afd66ef)

10.7.2 (2024-08-06)

📚 Documentation

• improve filtering (#5191) (1ac5b55)

🧹 Chores

• fix failing markdown linting (#5193) (7e7a2ec)

10.7.1 (2024-08-06)

🩹 Fixes

• crash with --parallel and --retries both enabled (#5173) (d7013dd)

🧹 Chores

• add knip to validate included dependencies (5c2989f)
• more fully remove assetgraph-builder and canvas (#5175) (1883c41)
• replace nps with npm scripts (#5128) (c44653a), closes #5126

10.7.0 / 2024-07-20

🎉 Enhancements

• #4771 feat: add option to not fail on failing test suite (@​ilgonmic)

10.6.1 / 2024-07-20

🐛 Fixes

• #3825 fix: do not exit when only unref'd timer is present in test code (@​boneskull)
• #5040 fix: support canonical module (@​JacobLey)

10.6.0 / 2024-07-02

🎉 Enhancements

... (truncated)

Commits

• d5766c8 chore(main): release 10.7.3 (#5195)
• afd66ef fix: make release-please build work (#5194)
• 9e0a4bd chore(main): release 10.7.2 (#5192)
• 7e7a2ec chore: fix failing markdown linting (#5193)
• 1ac5b55 docs: improve filtering (#5191)
• 1528c42 chore(main): release 10.7.1 (#5189)
• d7013dd fix: crash with --parallel and --retries both enabled (#5173)
• 5c2989f chore: add knip to validate included dependencies
• a777fd1 ci: automate releases (#5186)
• ac5574e ci: update to windows-latest in actions (#5185)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions