Bump the npm_and_yarn group across 1 directory with 25 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
moment	2.29.1	2.29.4
grunt	0.4.5	1.5.3
requirejs	2.1.22	2.3.7
webpack-dev-server	1.16.5	3.1.11
body-parser	1.19.1	1.20.3
express	4.17.2	4.21.2
qs	6.5.2	6.5.3
grunt-contrib-watch	0.5.3	1.1.0
browserify-shim	2.0.10	removed
grunt-browserify	1.3.2	6.0.0
decode-uri-component	0.2.0	0.2.2
tough-cookie	2.5.0	removed
jest-cli	0.5.10	29.7.0

Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates grunt from 0.4.5 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056
• support .cjs extension e35fe54

gruntjs/grunt@v1.4.1...v1.5.0

v1.4.1

• Update Changelog e7625e5
• Merge pull request #1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

gruntjs/grunt@v1.4.0...v1.4.1

v1.4.0

• Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #1722 from gruntjs/update-through e86db1c
• Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits

• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request #1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.

Updates requirejs from 2.1.22 to 2.3.7

Commits

• 1874a29 Rev to 2.3.7
• 152f450 Merge pull request #1016 from requirejs/jr/1854-pollution
• ecc356a Fixes requirejs/requirejs#1854, pollution
• acec536 SECURITY.md
• 13c11de Rev to 2.3.6
• 3b64985 Merge pull request #981 from christopheraue/rawText_fix
• 37d613f snapshot update
• d88b0ac Fixes #988 Pass layer module ID and path to builder write method
• e86dbb2 update master snapshot
• c817283 Fixes #991, update to Esprima 4.0.1
• Additional commits viewable in compare view

Updates webpack-dev-server from 1.16.5 to 3.1.11

Release notes

Sourced from webpack-dev-server's releases.

v3.1.11

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

v3.1.10

2018-10-23

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

v3.1.9

No release notes provided.

v3.1.8

2018-09-06

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

v3.1.7

2018-08-29

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

v3.1.6

2018-08-26

Bug Fixes

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

... (truncated)

Commits

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• 7a3a257 fix(package): update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
• 55398b5 fix(bin/options): correct check for color support (options.color) (#1555)
• 927a2b3 fix(Server): correct node version checks (#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
• fe3219f chore(release): 3.1.10
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Updates body-parser from 1.19.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to [email protected] by @​wesleytodd in expressjs/body-parser#527
• deps: [email protected] by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

1.20.1

• deps: [email protected]
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

1.20.1 / 2022-10-06

• deps: [email protected]
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
• deps: [email protected]
• deps: [email protected]
  • deps: [email protected]

1.19.2 / 2022-02-15

• deps: [email protected]
• deps: [email protected]
  • Fix handling of __proto__ keys
• deps: [email protected]
  • deps: [email protected]

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: [email protected] (#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.17.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: [email protected] by @​blakeembrey in expressjs/express#5956
• deps: bump [email protected] by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: [email protected]
  • Fix backtracking protection
• deps: [email protected]
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump [email protected] (#6209)
• 59fc270 deps: [email protected] (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates grunt-contrib-watch from 0.5.3 to 1.1.0

Changelog

Sourced from grunt-contrib-watch's changelog.

v1.1.0: date: 2018-05-12 changes: - Update to [email protected], [email protected], [email protected] v1.0.1: date: 2018-04-20 changes: - Update to [email protected], lodash@4 v1.0.0: date: 2016-03-12 changes: - Updated tiny-lr, gaze, async and lodash dependencies. - Fix endless loop issue with atBegin/nospawn. - Expose hostname parameter of tiny-lr. - Support cwd.event to emit events relative to path. - Removed peerDependencies setting. v0.6.1: date: 2014-03-19 changes: - Fix for watch targets named "default". v0.6.0: date: 2014-03-11 changes: - Clear changed files after triggering live reload to ensure they're only triggered once. - 'cwd option now accepts separate settings for files and spawn.' - Fix to make interrupt work more than once. - Enable live reload over HTTPS. - Print newline after initial 'Waiting...'. - Remove deprecated grunt.util libs. - Add reload option to specify files other than Gruntfile files to reload. - Update to [email protected]. - Use a fork of tiny-lr (which has quiter operation, support for HTTPS and Windows path fixes). - Add livereloadOnError, which if set to false will not trigger live reload if there is an error.

Commits

• 3b7ddf4 v1.1.0
• 72b1214 Updating dependencies, async, lodash and tiny-lr
• 5adb27c Merge pull request #543 from digitalbazaar/master
• 6ec71e9 v1.0.1
• 7d20933 Update copyright year
• e3d19df Update ci configs
• d117574 Updating ci configs
• 99410a7 README.md: Fixed typos (#536)
• f07311b Update tiny-lr dependency to 1.x
• 7f8cf80 Add local grunt-cli
• Additional commits viewable in compare view

Removes browserify-shim

Updates grunt-browserify from 1.3.2 to 6.0.0

Changelog

Sourced from grunt-browserify's changelog.

6.0.0

• Update watchify to 4.0.0
• Update browserify to 17.0.0
• Bump minimum node version to 8.10 to keep up with with watchify and chokidar

5.3.0

• Update browserify to 16.0.0

5.2.0

• New: Added cacheFile option for browserify-incremental support (contributed by Greg Slepak)
• Update dependencies.

5.1.0

• Update dependencies. Browserify 14.0

5.0.0

• Update dependencies. Browserify 13.0
• Fix Watchify on MacOS #358
• BC: the order of transform arguments is now consistent with the browserify API #319

3.8.0

• Update dependencies. Browserify 10.0
• New: Users can specify the alias with {alias: path} #316

3.7.0

• Update dependencies.
• Update to Watchify 3.0 (#314 via @​jonbretman)
• New: browserify-shim example
• Fix: #289 with #317 by adding more details in readme for watchify.

3.6.0

• New: List only the required files in package.json
• New: Added node 0.12 for Travis.
• Fix: Run tasks in parallel instead of in series to fix #199.

3.5.1

• Update dependencies.
• Update watchify to fix an issue with *.json files (watchify#160 with #308 (@​Pleochism))

3.5.0

• New: Support for passing options to watchify (watchifyOptions) (#299 via @​nfvs)
• New: JSHint in Travis (#300 via @​jonbretman)
• New: require option can now takes options hash (#302 via @​jonbretman)
• New: configure option to be able to configure the bundle using the browserify api. (#303 via @​oliverwoodings)

3.4.0

• Update dependencies. Browserify to v9.
• Fix: Update require to expose as per browserify (#292 via @​justinjmoses)
• New: Add example with factor-bundle

... (truncated)

Commits

• fd0f242 Update browserify, bump version, changelog.
• c061a05 Merge pull request #413 from mdblr/mdblr/upgrade-watchify-for-nodejs-14
• 8ae8687 Upgrade watchify from 3.x to 4.x
• f20e21c Version bump.
• 30ad90d Merge pull request #401 from zkochan/master
• 6cb1429 fix(deps): update browserify to version 16
• 4e8eb1f Merge pull request #399 from ChuanyuWang/master
• 4899438 Add example to use plulgin with options
• c660306 Typo.
• 9146bea Add aknowledgement to changelog.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by dirtyhairy, a new releaser for grunt-browserify since your current version.

Updates cookie from 0.4.1 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits