Bump the npm_and_yarn group across 2 directories with 7 updates by dependabot[bot] · Pull Request #11 · blackXploit-404/blogify

dependabot · 2026-03-24T09:47:44Z

Bumps the npm_and_yarn group with 5 updates in the /backend directory:

Package	From	To
cloudinary	`1.41.3`	`2.7.0`
express-rate-limit	`8.2.1`	`8.3.1`
multer	`2.0.2`	`2.1.1`
flatted	`3.3.3`	`3.4.2`
minimatch	`3.1.2`	`3.1.5`

Bumps the npm_and_yarn group with 4 updates in the /frontend directory: ajv, flatted, minimatch and rollup.

Updates cloudinary from 1.41.3 to 2.7.0

Release notes

Sourced from cloudinary's releases.

Version 2.7.0

fix: prevent parameter injection via ampersand in parameter values (#709)

Version 2.6.1

No release notes provided.

Version 2.6.1-rc.1

fix: uploader interface

Version 2.6.0

chore: bumped jsdoc

fix: defaults for related asset methods and proper content_type

chore: Updated Sample Projects (#698)

fix: metadata field datasource type (#693)

feat: Add support for DELETE /resources/backup/:asset_id (#700)

chore: dev dependencies cleanup

chore: new node version support in CI

Version 2.5.1

fix: added missing stream method to ts spec

Version 2.5.0

feat: auto_transcription on upload and explicit support (#690)

feat: auto_chaptering on upload and explicit support (#689)

feat: access key management via provisioning api (#687)

Version 2.4.0

feat: exposing config endpoint from admin api

fix: update metadata field added missing param default_disabled

fix: types definitions

Version 2.3.1

fix: use 0.0.0 as fallback when package.json unavailable

fix: upload_chunked_stream works properly with more than 2 chunks

Version 2.3.0

fix: url analytics property name

fix: dependencies explicit version (fix for CI)

fix: decoding transformation string before sending in upload payload

feat: update folders

Version 2.2.0

feat: selective response for admin and search api

feat: multiple values support for fields and with_field methods in search api

Version 2.1.0

feat: added support for new api in beta - analyze api

chore: added state to datasource entry type

fix: metadata field api response datasource type improved

feat: notification-url for rename and destroy methods

... (truncated)

Changelog

Sourced from cloudinary's changelog.

2.7.0 / 2025-06-18

fix: prevent parameter injection via ampersand in parameter values (#709)

2.6.1 / 2025-05-05

2.6.1-rc.1 / 2025-05-05

fix: uploader interface

2.6.0 / 2025-03-11

chore: bumped jsdoc

fix: defaults for related asset methods and proper content_type

chore: Updated Sample Projects (#698)

fix: metadata field datasource type (#693)

feat: Add support for DELETE /resources/backup/:asset_id (#700)

chore: dev dependencies cleanup

chore: new node version support in CI

2.5.1 / 2024-10-08

fix: added missing stream method to ts spec

2.5.0 / 2024-09-15

feat: auto_transcription on upload and explicit support (#690)

feat: auto_chaptering on upload and explicit support (#689)

feat: access key management via provisioning api (#687)

2.4.0 / 2024-07-30

feat: exposing config endpoint from admin api

fix: update metadata field added missing param default_disabled

fix: types definitions

2.3.1 / 2024-07-25

fix: use 0.0.0 as fallback when package.json unavailable

... (truncated)

Commits

923a66e Version 2.7.0
ec4b65f fix: prevent parameter injection via ampersand in parameter values (#709)
c7f784d Version 2.6.1
4afcd36 fix: uploader methods return correct type (#706)
ad90190 Version 2.6.0
64bdc9d fix: defaults for related asset methods and proper content_type (#705)
25e04e6 Updated Sample Projects (#698)
265ccb8 fix: metadata field datasource type (#693)
d6c51e2 feat: Add support for DELETE /resources/backup/:asset_id (#700)
c072e37 Minor typo fix (#703)
Additional commits viewable in compare view

Updates express-rate-limit from 8.2.1 to 8.3.1

Release notes

Sourced from express-rate-limit's releases.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

Commits

47e5b29 8.3.1
eb61179 v8.3.1 changelog
a17377d Fix broken link for contributing guide
5aa3f6c fix: revert the dts-bundle-generator update
06dea83 ci: run test on node 20, 22, 24, 25 and drop 18 as it reached eol
c86a27d chore: update dependencies
8898ffa chore: migrate biome schema and run formatter
dd544fd docs: update changelog with backported releases
9c90752 ci: setup oidc connect with npm for automatatic publish
e4477fa 8.3.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.

Updates multer from 2.0.2 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

chore: add node version to 25.x in CI by @imangas in expressjs/multer#1372

chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @dependabot[bot] in expressjs/multer#1378

chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/multer#1377

chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @dependabot[bot] in expressjs/multer#1376

chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @dependabot[bot] in expressjs/multer#1375

chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @dependabot[bot] in expressjs/multer#1374

fix error/abort handling by @ctcpip in expressjs/multer#1373

2.1.1 by @UlisesGascon in expressjs/multer#1380

New Contributors

@imangas made their first contribution in expressjs/multer#1372

@dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

v2.1.0

Important

Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)

Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

What's Changed

chore: add funding to package.json by @bjohansebas in expressjs/multer#1346

chore: drop mkdirp dependency by @wojtekmaj in expressjs/multer#1350

chore: drop object-assign dependency by @wojtekmaj in expressjs/multer#1351

chore: drop xtend dependency by @wojtekmaj in expressjs/multer#1352

chore(gitignore): ignore .nyc_output directory by @ShubhamOulkar in expressjs/multer#1332

Fix typo in README-vi.md regarding file upload by @Kunniii in expressjs/multer#1366

Fix typo in README-pt-br.md for array method by @matheushbm192 in expressjs/multer#1367

headers-support-utf8 by @Doc999tor in expressjs/multer#1210

Add Turkish translation (README-tr.md) by @Sabandogan in expressjs/multer#1360

Release: 2.1.0 by @UlisesGascon in expressjs/multer#1371

New Contributors

@wojtekmaj made their first contribution in expressjs/multer#1350

@ShubhamOulkar made their first contribution in expressjs/multer#1332

@Kunniii made their first contribution in expressjs/multer#1366

@matheushbm192 made their first contribution in expressjs/multer#1367

@Doc999tor made their first contribution in expressjs/multer#1210

@Sabandogan made their first contribution in expressjs/multer#1360

Full Changelog: expressjs/multer@v2.0.2...v2.1.0

Changelog

Sourced from multer's changelog.

2.1.1

Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

fix error/abort handling

2.1.0

Add defParamCharset option for UTF-8 filename support (#1210)

Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)

Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

Commits

368c8a1 2.1.1 (#1380)
7e66481 🐛 fix recursion issue
643571e ✅ add explicit test for client able to send body without abrupt disconnect
e86fa52 fix error/abort handling
ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
17d7f51 chore: add node version to 25.x in CI
Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates rollup from 4.55.1 to 4.60.0

Release notes

Sourced from rollup's releases.

v4.60.0

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

v4.59.1

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

#6290: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6291: chore(deps): update dependency @shikijs/vitepress-twoslash to v4 (@renovate[bot])

#6292: chore(deps): lock file maintenance (@renovate[bot])

#6297: chore(deps): update minor/patch updates (@renovate[bot])

#6298: chore(deps): lock file maintenance (@renovate[bot])

#6299: chore(deps): lock file maintenance (@renovate[bot])

#6300: docs: update packagephobia link (@bluwy)

#6301: chore(deps): update dependency lint-staged to ^16.3.3 (@renovate[bot])

#6306: fix: fix chunk assignment for deoptimized module with dynamic import (@JoaoBrlt, @lukastaegert)

#6307: chore(deps): update minor/patch updates (@renovate[bot])

#6308: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6309: chore(deps): update dependency vite to v8 (@renovate[bot])

#6310: chore(deps): lock file maintenance (@renovate[bot])

#6311: chore(deps): lock file maintenance (@renovate[bot])

#6312: chore(deps): lock file maintenance (@renovate[bot])

v4.59.0

4.59.0

2026-02-22

... (truncated)

Changelog

Sourced from rollup's changelog.

4.60.0

2026-03-22

Features

Support source phase imports as long as they are external (#6279)

Pull Requests

#6279: feat: external only Source Phase imports support (@guybedford, @lukastaegert)

4.59.1

2026-03-21

Bug Fixes

Fix a crash when using lazy dynamic imports with moduleSideEffects:false (#6306)

Pull Requests

#6281: fix(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6282: chore(deps): update github artifact actions (major) (@renovate[bot], @lukastaegert)

#6283: chore(deps): update dependency nyc to v18 (@renovate[bot], @lukastaegert)

#6284: fix(deps): update swc monorepo (major) (@renovate[bot])

#6285: chore(deps): lock file maintenance (@renovate[bot])

#6290: chore(deps): update minor/patch updates (@renovate[bot], @lukastaegert)

#6291: chore(deps): update dependency @shikijs/vitepress-twoslash to v4 (@renovate[bot])

#6292: chore(deps): lock file maintenance (@renovate[bot])

#6297: chore(deps): update minor/patch updates (@renovate[bot])

#6298: chore(deps): lock file maintenance (@renovate[bot])

#6299: chore(deps): lock file maintenance (@renovate[bot])

#6300: docs: update packagephobia link (@bluwy)

#6301: chore(deps): update dependency lint-staged to ^16.3.3 (@renovate[bot])

#6306: fix: fix chunk assignment for deoptimized module with dynamic import (@JoaoBrlt, @lukastaegert)

#6307: chore(deps): update minor/patch updates (@renovate[bot])

#6308: chore(deps): update dependency lru-cache to v11 (@renovate[bot])

#6309: chore(deps): update dependency vite to v8 (@renovate[bot])

#6310: chore(deps): lock file maintenance (@renovate[bot])

#6311: chore(deps): lock file maintenance (@renovate[bot])

#6312: chore(deps): lock file maintenance (@renovate[bot])

4.59.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6276)

... (truncated)

Commits

6ecd69f 4.60.0
6b725b9 feat: external only Source Phase imports support (#6279)
0cba9e0 4.59.1
4eeea29 Pin Vite
1cd49ae fix: fix chunk assignment for deoptimized module with dynamic import (#6306)
c9dabc3 Downgrade Vite
d46200f chore(deps): update dependency vite to v8 (#6309)
aa6c853 chore(deps): update dependency lru-cache to v11 (#6308)
4208811 chore(deps): lock file maintenance (#6312)
5348a82 chore(deps): lock file maintenance (#6311)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the /backend directory: | Package | From | To | | --- | --- | --- | | [cloudinary](https://github.com/cloudinary/cloudinary_npm) | `1.41.3` | `2.7.0` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.3.1` | | [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | Bumps the npm_and_yarn group with 4 updates in the /frontend directory: [ajv](https://github.com/ajv-validator/ajv), [flatted](https://github.com/WebReflection/flatted), [minimatch](https://github.com/isaacs/minimatch) and [rollup](https://github.com/rollup/rollup). Updates `cloudinary` from 1.41.3 to 2.7.0 - [Release notes](https://github.com/cloudinary/cloudinary_npm/releases) - [Changelog](https://github.com/cloudinary/cloudinary_npm/blob/master/CHANGELOG.md) - [Commits](cloudinary/cloudinary_npm@1.41.3...2.7.0) Updates `express-rate-limit` from 8.2.1 to 8.3.1 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.2.1...v8.3.1) Updates `multer` from 2.0.2 to 2.1.1 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v2.0.2...v2.1.1) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `rollup` from 4.55.1 to 4.60.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.55.1...v4.60.0) --- updated-dependencies: - dependency-name: cloudinary dependency-version: 2.7.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express-rate-limit dependency-version: 8.3.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.1.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.60.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-03-24T09:47:46Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
blogify	Ready	Preview, Comment	Mar 24, 2026 9:48am

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 24, 2026

dependabot Bot added the javascript Pull requests that update javascript code label Mar 24, 2026

vercel Bot deployed to Preview March 24, 2026 09:48 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 7 updates#11

Bump the npm_and_yarn group across 2 directories with 7 updates#11
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/backend/npm_and_yarn-44aed0514b

dependabot Bot commented on behalf of github Mar 24, 2026

Uh oh!

vercel Bot commented Mar 24, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 24, 2026

Version 2.7.0

Version 2.6.1

Version 2.6.1-rc.1

Version 2.6.0

Version 2.5.1

Version 2.5.0

Version 2.4.0

Version 2.3.1

Version 2.3.0

Version 2.2.0

Version 2.1.0

2.7.0 / 2025-06-18

2.6.1 / 2025-05-05

2.6.1-rc.1 / 2025-05-05

2.6.0 / 2025-03-11

2.5.1 / 2024-10-08

2.5.0 / 2024-09-15

2.4.0 / 2024-07-30

2.3.1 / 2024-07-25

v8.3.1

v8.3.0

v2.1.1

Important

What's Changed

New Contributors

v2.1.0

Important

What's Changed

New Contributors

2.1.1

2.1.0

v4.60.0

4.60.0

Features

Pull Requests

v4.59.1

4.59.1

Bug Fixes

Pull Requests

v4.59.0

4.59.0

4.60.0

Features

Pull Requests

4.59.1

Bug Fixes

Pull Requests

4.59.0

Features

Uh oh!

vercel Bot commented Mar 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

vercel Bot commented Mar 24, 2026 •

edited

Loading