[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 16 updates by dependabot[bot] · Pull Request #1987 · CenturyLink/Chi

dependabot · 2026-03-16T07:05:25Z

Bumps the all-dependencies group with 16 updates in the / directory:

Package	From	To
@babel/preset-env	`7.28.0`	`7.29.0`
@types/node	`24.1.0`	`25.5.0`
autoprefixer	`10.4.23`	`10.4.27`
chokidar	`4.0.3`	`5.0.0`
cors	`2.8.5`	`2.8.6`
cross-env	`7.0.3`	`10.1.0`
cssnano	`7.1.2`	`7.1.3`
cypress	`14.5.3`	`15.12.0`
dayjs	`1.11.13`	`1.11.20`
express	`5.1.0`	`5.2.1`
express-rate-limit	`7.5.1`	`8.3.1`
ora	`8.2.0`	`9.3.0`
pug	`3.0.3`	`3.0.4`
sass	`1.89.2`	`1.98.0`
ssri	`12.0.0`	`13.0.1`
@rollup/rollup-linux-x64-gnu	`4.46.1`	`4.59.0`

Updates @babel/preset-env from 7.28.0 to 7.29.0

Release notes

Sourced from @babel/preset-env's releases.

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

babel-types

#17750 [7.x backport] Add attributes import declaration builder (@JLHwung)

babel-standalone

#17663 [7.x backport] feat(standalone): export async transform (@JLHwung)

#17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

babel-parser

#17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)

#17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)

babel-traverse

#17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)

babel-plugin-transform-block-scoping, babel-traverse

#17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

babel-generator, babel-runtime-corejs3

#17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

David (@simbahax)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

@magic-akari

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

... (truncated)

Commits

aa8394e v7.29.0
0053db6 Update polyfill packages (#17727)
f3a2226 [babel 7] Delete Babel 8 fixtures (#17729)
d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
61647ae v7.28.5
42cb285 Improve @babel/core types (#17404)
ae363ae chore: Fix typo in variable name (#17535)
1edfcaa Update compat data (#17487)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/preset-env since your current version.

Updates @types/node from 24.1.0 to 25.5.0

Commits

See full diff in compare view

Updates autoprefixer from 10.4.23 to 10.4.27

Release notes

Sourced from autoprefixer's releases.

10.4.27

Removed development key from package.json.

10.4.26

Reduced package size.

10.4.25

Fixed broken gradients on CSS Custom Properties (by @serger777).

10.4.24

Made Autoprefixer a little faster (by @Cherry).

Changelog

Sourced from autoprefixer's changelog.

10.4.27

Removed development key from package.json.

10.4.26

Reduced package size.

10.4.25

Fixed broken gradients on CSS Custom Properties (by @serger777).

10.4.24

Made Autoprefixer a little faster (by @Cherry).

Commits

360f2d9 Release 10.4.27 version
ab5260c Update clean-publish
09e9dd1 Release 10.4.26 version
ec75540 Ignore local patches
59601b8 Update c8 and clean-publish
06ea988 Release 10.4.25 version
47d8a5b Update dependencies and fix Node.js 25
51c596e Add Node.js 25 and 24 to CI
5239823 Fix CSS variables in gradients (#1515) (#1544)
36692c2 Release 10.4.24 version
Additional commits viewable in compare view

Updates chokidar from 4.0.3 to 5.0.0

Release notes

Sourced from chokidar's releases.

5.0.0

Make the package ESM-only. Reduces on-disk package size from ~150kb to ~80kb

Increase minimum node.js version to v20.19. The versions starting from it support loading esm files from cjs

fix: Make types more precise paulmillr/chokidar#1424

perf: re-use double slash regex paulmillr/chokidar#1435

Update readdirp to ESM-only v5

Lots of minor improvements in tests

Increase security of NPM releases. Switch to token-less Trusted Publishing, with help of jsbt

Switch compilation mode to isolatedDeclaration-based typescript for simplified auto-generated docs

New Contributors

@mhkeller made their first contribution in paulmillr/chokidar#1426

@btea made their first contribution in paulmillr/chokidar#1432

Full Changelog: paulmillr/chokidar@4.0.3...5.0.0

Commits

c0c8d20 Release 5.0.0.
b211cec Remove src from npm
8742246 Upgrade dev deps, jsbt, ci files. Upgrade readdirp to v5.
de5a34c Merge pull request #1442 from paulmillr/flaky-buns
c08a6c4 fix: throttle based on dir + target
0c55ab3 test: wait for explicit calls in directory test
ce81be5 perf: re-use double slash regex (#1435)
7d9c1ed Merge pull request #1433 from paulmillr/super-matrices
3915541 Merge pull request #1430 from paulmillr/esm-only
9308bed chore: use Nodejs 24 in CI (#1432)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chokidar since your current version.

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates cross-env from 7.0.3 to 10.1.0

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

add support for default value syntax (152ae6a)

For example:
"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",
If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

You're using a modern maintained version of Node.js (v20+ is tested)

You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

Replace Jest with Vitest for testing

Convert all source files from .js to .ts with proper TypeScript types

Use zshy for ESM-only builds (removes CJS support)

Adopt @epic-web/config for TypeScript, ESLint, and Prettier

Update to Node.js >=20 requirement

Remove kcd-scripts dependency

Add comprehensive e2e tests with GitHub Actions matrix testing

Update GitHub workflow with caching and cross-platform testing

Modernize documentation and remove outdated sections

Update all dependencies to latest versions

Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

152ae6a feat: add support ofr default value syntax
bd70d1a chore: upgrade zshy
8e0b190 chore(ci): get coverage
8635e80 fix(release): manually release a major version
3a58f22 chore: fix npmrc registry
b70bfff chore(ci): add names to steps and workflows
cc5759d fix(release): manually release a major version
080a859 chore: remove publish script
31e5bc7 chore(ci): restore built files
81e9c34 chore(ci): add back semantic-release
Additional commits viewable in compare view

Updates cssnano from 7.1.2 to 7.1.3

Release notes

Sourced from cssnano's releases.

v7.1.3

What's Changed

Optimize mergeRule selector merging with WeakMap caching by @Goodwine in cssnano/cssnano#1748

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.2...cssnano@7.1.3

Commits

b2e9903 Publish cssnano 7.1.3
a9f72ef chore: update development dependencies
5674f7a fix(postcss-svgo: update SVGO
c3e537a fix: update postcss-selector-parser
5b9af42 fix: update browserlist and autoprefixer
c0053c8 chore: add changeset
da88eca Optimize selector merging with WeakMap caching
cf4fc27 chore(deps-dev): bump diff from 8.0.2 to 8.0.3
a985c71 chore: update pnpm
4b2a74a chore: update to ESLint 10
Additional commits viewable in compare view

Updates cypress from 14.5.3 to 15.12.0

Release notes

Sourced from cypress's releases.

v15.12.0

Changelog: https://docs.cypress.io/app/references/changelog#15-12-0

v15.11.0

Changelog: https://docs.cypress.io/app/references/changelog#15-11-0

v15.10.0

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

v15.9.0

Changelog: https://docs.cypress.io/app/references/changelog#15-9-0

v15.8.2

Changelog: https://docs.cypress.io/app/references/changelog#15-8-2

v15.8.1

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

v15.7.1

Changelog: https://docs.cypress.io/app/references/changelog#15-7-1

v15.7.0

Changelog: https://docs.cypress.io/app/references/changelog#15-7-0

v15.6.0

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

v15.5.0

Changelog: https://docs.cypress.io/app/references/changelog#15-5-0

v15.4.0

Changelog: https://docs.cypress.io/app/references/changelog#15-4-0

v15.3.0

Changelog: https://docs.cypress.io/app/references/changelog#15-3-0

v15.2.0

Changelog: https://docs.cypress.io/app/references/changelog#15-2-0

v15.1.0

Changelog: https://docs.cypress.io/app/references/changelog#15-1-0

v15.0.0

Changelog: https://docs.cypress.io/app/references/changelog#15-0-0

v14.5.4

Changelog: https://docs.cypress.io/app/references/changelog#14-5-4

Commits

dbb806a chore: release v15.12.0 (#33459)
4931cf0 chore: bootstrap AI agent context files (AGENTS.md + CLAUDE.md) (#33429)
9546ee8 chore: removes changelog entries for sigint-related fixes that are still unre...
fec7088 chore: updating v8 snapshot cache (#33453)
9b7ac44 chore: Update v8 snapshot cache - darwin (#33452)
9c8afaa chore: updating v8 snapshot cache (#33449)
3d2ca8a chore: Update Chrome (beta) to 146.0.7680.65 (#33443)
abc6b2b fix: prevent hang when waiting on multiple intercepts and navigating (#33446)
32e95ed test: update coming soon test from app (#33448)
aa56256 dependency: update fast-xml-parser to 4.5.4 (#33435)
Additional commits viewable in compare view

Install script changes

This version modifies postinstall script that runs during installation. Review the package contents before updating.

Updates dayjs from 1.11.13 to 1.11.20

Release notes

Sourced from dayjs's releases.

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

Update locale km.js to support meridiem (#3017) (9d2b6a1)

update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

added usage warnings for diff + updated unit tests (#2948) (269a7a9)

dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)

replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)

Updated Belarusian locale with relative time (#2656) (1d8746c)

v1.11.18

1.11.18 (2025-08-30)

Bug Fixes

error semantic-release dependency (8cfb313)

v1.11.17

1.11.17 (2025-08-29)

Bug Fixes

[en-AU] locale use the same ordinal as moment (#2878) (1b95ecd)

v1.11.16

1.11.16 (2025-08-29)

Bug Fixes

test release workflow (no code changes) (c38c428)

v1.11.15

1.11.15 (2025-08-28)

Bug Fixes

... (truncated)

Changelog

Sourced from dayjs's changelog.

1.11.20 (2026-03-12)

Bug Fixes

Update locale km.js to support meridiem (#3017) (9d2b6a1)

update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

1.11.19 (2025-10-31)

Bug Fixes

added usage warnings for diff + updated unit tests (#2948) (269a7a9)

dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)

replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)

Updated Belarusian locale with relative time (#2656) (1d8746c)

1.11.18 (2025-08-30)

Bug Fixes

error semantic-release dependency (8cfb313)

1.11.17 (2025-08-29)

Bug Fixes

[en-AU] locale use the same ordinal as moment (#2878) (1b95ecd)

1.11.16 (2025-08-29)

Bug Fixes

test release workflow (no code changes) (c38c428)

1.11.15 (2025-08-28)

Bug Fixes

Fix misspellings in Irish or Irish Gaelic [ga] (#2861) (9c14a42)

1.11.14 (2025-08-27)

Bug Fixes

... (truncated)

Commits

af6e1f8 chore(release): 1.11.20 [skip ci]
82babd6 D2M (#3018)
bbe4ab1 chore: fix lint error
99691c5 fix: update updateLocale plugin to merge nested object properties instead of ...
9d2b6a1 fix: Update locale km.js to support meridiem (#3017)
acf21cd chore: update doc
55a64e1 chore: update doc
807face chore: update doc
54f4470 chore: update doc
9ea23c7 chore: update doc
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dayjs since your current version.

Updates express from 5.1.0 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 5.2.1 by @UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in expressjs/express#6429

Refactor: simplify acceptsLanguages implementation using spread operator by @Ayoub-Mabrouk in expressjs/express#6137

increased code coverage of utils.js file by @ashish3011 in expressjs/express#6386

chore: remove duplicate word by @dufucun in expressjs/express#6456

build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @dependabot[bot] in expressjs/express#6498

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/express#6497

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/express#6496

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6504

ci: update codeql config by @Phillip9587 in expressjs/express#6488

chore: wider range for query test skip by @jonchurch in expressjs/express#6512

chore: fix typos in test by @noritaka1166 in expressjs/express#6535

ci: disable credential persistence for checkout actions by @mertssmnoglu in expressjs/express#6522

ci: allow manual triggering of workflow by @shivarm in expressjs/express#6515

test: add coverage for app.listen() variants by @kgarg1 in expressjs/express#6476

docs: move documentation and charters to the discussions and .github … by @bjohansebas in expressjs/express#6427

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/express#6549

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/express#6548

chore: enforce explicit Buffer import and add lint rule by @shivarm in expressjs/express#6525

chore: use node protocol for querystring by @shivarm in expressjs/express#6520

chore: fix typo by @mountdisk in expressjs/express#6609

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/express#6618

add deprecation warnings for redirect arguments undefined by @bjohansebas in expressjs/express#6405

ci: run CI when the markdown changes by @bjohansebas in expressjs/express#6632

doc: fix CONTRIBUTING link by @jonchurch in expressjs/express#6653

doc: update contributing guidelines and code of conduct links by @ShubhamOulkar in expressjs/express#6601

build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @dependabot[bot] in expressjs/express#6679

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @dependabot[bot] in expressjs/express#6678

lint: add --fix flag to automatic fix linting issue by @shivarm in expressjs/express#6644

chore: ignore yarn.lock file and update example by @shivarm in expressjs/express#6588

lib: use req.socket over deprecated req.connection by @bjohansebas in expressjs/express#6705

doc: update express app example by @shivarm in expressjs/express#6718

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/express#6675

Remove history.md from being packaged on publish by @sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: body-parser@^2.2.1

A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

Commits

dbac741 5.2.1
697547c Revert "sec: security patch for CVE-2024-51999"
4007ad1 Release: 5.2.0 (#6920)

lumen-jenkins-prod · 2026-03-16T07:11:25Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1987/1/. ❌

…y with 16 updates Bumps the all-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.28.0` | `7.29.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.1.0` | `25.5.0` | | [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.23` | `10.4.27` | | [chokidar](https://github.com/paulmillr/chokidar) | `4.0.3` | `5.0.0` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [cross-env](https://github.com/kentcdodds/cross-env) | `7.0.3` | `10.1.0` | | [cssnano](https://github.com/cssnano/cssnano) | `7.1.2` | `7.1.3` | | [cypress](https://github.com/cypress-io/cypress) | `14.5.3` | `15.12.0` | | [dayjs](https://github.com/iamkun/dayjs) | `1.11.13` | `1.11.20` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.3.1` | | [ora](https://github.com/sindresorhus/ora) | `8.2.0` | `9.3.0` | | [pug](https://github.com/pugjs/pug) | `3.0.3` | `3.0.4` | | [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.98.0` | | [ssri](https://github.com/npm/ssri) | `12.0.0` | `13.0.1` | | [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) | `4.46.1` | `4.59.0` | Updates `@babel/preset-env` from 7.28.0 to 7.29.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-preset-env) Updates `@types/node` from 24.1.0 to 25.5.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `autoprefixer` from 10.4.23 to 10.4.27 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.23...10.4.27) Updates `chokidar` from 4.0.3 to 5.0.0 - [Release notes](https://github.com/paulmillr/chokidar/releases) - [Commits](paulmillr/chokidar@4.0.3...5.0.0) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `cross-env` from 7.0.3 to 10.1.0 - [Release notes](https://github.com/kentcdodds/cross-env/releases) - [Changelog](https://github.com/kentcdodds/cross-env/blob/main/CHANGELOG.md) - [Commits](kentcdodds/cross-env@v7.0.3...v10.1.0) Updates `cssnano` from 7.1.2 to 7.1.3 - [Release notes](https://github.com/cssnano/cssnano/releases) - [Commits](https://github.com/cssnano/cssnano/compare/cssnano@7.1.2...cssnano@7.1.3) Updates `cypress` from 14.5.3 to 15.12.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v14.5.3...v15.12.0) Updates `dayjs` from 1.11.13 to 1.11.20 - [Release notes](https://github.com/iamkun/dayjs/releases) - [Changelog](https://github.com/iamkun/dayjs/blob/dev/CHANGELOG.md) - [Commits](iamkun/dayjs@v1.11.13...v1.11.20) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@v5.1.0...v5.2.1) Updates `express-rate-limit` from 7.5.1 to 8.3.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.5.1...v8.3.1) Updates `ora` from 8.2.0 to 9.3.0 - [Release notes](https://github.com/sindresorhus/ora/releases) - [Commits](sindresorhus/ora@v8.2.0...v9.3.0) Updates `pug` from 3.0.3 to 3.0.4 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@3.0.3...pug@3.0.4) Updates `sass` from 1.89.2 to 1.98.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.2...1.98.0) Updates `ssri` from 12.0.0 to 13.0.1 - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/main/CHANGELOG.md) - [Commits](npm/ssri@v12.0.0...v13.0.1) Updates `@rollup/rollup-linux-x64-gnu` from 4.46.1 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.46.1...v4.59.0) --- updated-dependencies: - dependency-name: "@babel/preset-env" dependency-version: 7.29.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: "@types/node" dependency-version: 25.5.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: autoprefixer dependency-version: 10.4.27 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: chokidar dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: cross-env dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: cssnano dependency-version: 7.1.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: cypress dependency-version: 15.12.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: dayjs dependency-version: 1.11.20 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: express-rate-limit dependency-version: 8.3.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: ora dependency-version: 9.3.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: pug dependency-version: 3.0.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: sass dependency-version: 1.98.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: ssri dependency-version: 13.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: "@rollup/rollup-linux-x64-gnu" dependency-version: 4.59.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

lumen-jenkins-prod · 2026-03-16T18:18:30Z

The CI pipeline did not run successfully in https://jenkinsprod.corp.intranet:8443/job/UX-CHI/job/Productive/job/Chi/job/PR-1987/2/. ❌

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026

dependabot bot requested a review from a team as a code owner March 16, 2026 07:05

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026

dependabot bot force-pushed the dependabot-npm_and_yarn-all-dependencies-bddd79236f branch from ed84d91 to 4128dfd Compare March 16, 2026 18:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 16 updates#1987

[DPEDE-1784](deps): Bump the all-dependencies group across 1 directory with 16 updates#1987
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot-npm_and_yarn-all-dependencies-bddd79236f

dependabot bot commented on behalf of github Mar 16, 2026 •

edited

Loading

Uh oh!

lumen-jenkins-prod bot commented Mar 16, 2026

Uh oh!

lumen-jenkins-prod bot commented Mar 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.29.0 (2026-01-31)

🚀 New Feature

🐛 Bug Fix

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

10.4.27

10.4.26

10.4.25

10.4.24

10.4.27

10.4.26

10.4.25

10.4.24

5.0.0

New Contributors

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

v10.1.0

10.1.0 (2025-09-29)

Features

v10.0.0

10.0.0 (2025-07-25)

BREAKING CHANGES

v7.1.3

What's Changed

v15.12.0

v15.11.0

v15.10.0

v15.9.0

v15.8.2

v15.8.1

v15.8.0

v15.7.1

v15.7.0

v15.6.0

v15.5.0

v15.4.0

v15.3.0

v15.2.0

v15.1.0

v15.0.0

v14.5.4

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

v1.11.18

1.11.18 (2025-08-30)

Bug Fixes

v1.11.17

1.11.17 (2025-08-29)

Bug Fixes

v1.11.16

1.11.16 (2025-08-29)

Bug Fixes

v1.11.15

1.11.15 (2025-08-28)

Bug Fixes

1.11.20 (2026-03-12)

Bug Fixes

1.11.19 (2025-10-31)

Bug Fixes

1.11.18 (2025-08-30)

Bug Fixes

1.11.17 (2025-08-29)

Bug Fixes

1.11.16 (2025-08-29)

Bug Fixes

1.11.15 (2025-08-28)

dependabot bot commented on behalf of github Mar 16, 2026 •

edited

Loading