Bump the npm_and_yarn group across 1 directory with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
bootstrap	4.5.0	5.0.0
semver	6.3.0	6.3.1
webpack-dev-server	3.2.1	5.2.1
gh-pages	1.2.0	5.0.0
@babel/traverse	7.10.3	7.27.4
browserify-sign	4.2.0	4.2.3
color-string	1.5.3	1.9.1
elliptic	6.5.3	6.6.1
es5-ext	0.10.53	0.10.64
follow-redirects	1.12.1	1.15.9
lodash-es	4.17.15	4.17.21
minimist	1.2.5	1.2.8

Updates bootstrap from 4.5.0 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #32763: Add color-scheme mixin
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33549: Add offcanvas-top modifier

🎨 CSS

• #32155: Add equal column mixin
• #32763: Add color-scheme mixin
• #33292: Make accordion icon rotation more natural
• #33411: Fix validation feedback icon in select multiple
• #33478: Make .nav-link color consistent when using buttons
• #33482: Dropdown — Apply positioning only when Popper is not used
• #33548: Vertically align offcanvas header components
• #33549: Add offcanvas-top modifier
• #33550: Spinner alignment changes
• #33598: Hide validation icons from multiple selects
• #33600: Have $form-check-input-border's default derive from $black
• #33607: Reduce color-scheme complexity
• #33642: use :read-only css selector instead [readonly] for consistency
• #33658: fix: use list-group variable instead of alert
• #33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #32439: Decouple BackDrop from modal
• #33245: Decouple Modal's scrollbar functionality
• #33249: Simplify Modal Config
• #33250: Simplify ScrollSpy config
• #33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33429: Remove element event listeners through base component
• #33451: Add missing things in hide method of dropdown
• #33456: Use our isDisabled util on dropdown
• #33466: Refactor dropdown's hide functionality
• #33479: Fix dropdown escape propagation
• #33496: Use cached noop function

... (truncated)

Commits

• bf09367 Release v5.0.0 (#33647)
• 48ae5a7 Rewrite migration guide (#33834)
• f086572 refactor(docs): Added form file input variables (#33833)
• 1a54286 Fix doc typo and Bootstrap Icons link (#33832)
• e2df73f Update migration guide for some v5 changes (#33829)
• 1e6356a Neutralise more words from placeholder text (#33731)
• 6633845 Bump eslint-config-xo from 0.35.0 to 0.36.0 (#33646)
• cb38744 Tweak toast docs (#33810)
• c2ff225 Bump rollup from 2.46.0 to 2.47.0 (#33818)
• c090ea2 Bump @​babel/preset-env from 7.14.0 to 7.14.1 (#33819)
• Additional commits viewable in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates webpack-dev-server from 3.2.1 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Updates gh-pages from 1.2.0 to 5.0.0

Release notes

Sourced from gh-pages's releases.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

• Assorted updates by @​tschaub in tschaub/gh-pages#452
• Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @​Nezteb in tschaub/gh-pages#445
• Bump actions/checkout from 2 to 3 by @​dependabot in tschaub/gh-pages#453
• Bump actions/setup-node from 1 to 3 by @​dependabot in tschaub/gh-pages#455
• Bump email-addresses from 3.0.1 to 5.0.0 by @​dependabot in tschaub/gh-pages#454
• Bump async from 2.6.4 to 3.2.4 by @​dependabot in tschaub/gh-pages#459
• Remove quotation marks by @​Vicropht in tschaub/gh-pages#438

New Contributors

• @​Nezteb made their first contribution in tschaub/gh-pages#445
• @​Vicropht made their first contribution in tschaub/gh-pages#438

Full Changelog: tschaub/gh-pages@v4.0.0...v5.0.0

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in tschaub/gh-pages#423
• Bump async from 2.6.1 to 2.6.4 by @​dependabot in tschaub/gh-pages#427
• Bump path-parse from 1.0.6 to 1.0.7 by @​dependabot in tschaub/gh-pages#431
• Bump ansi-regex from 3.0.0 to 3.0.1 by @​dependabot in tschaub/gh-pages#430
• Updated dev dependencies and formatting by @​tschaub in tschaub/gh-pages#432

Full Changelog: tschaub/gh-pages@v3.2.3...v4.0.0

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.0.0

Breaking changes:

None really. But tests are no longer run on Node < 10. Development dependencies were updated to address security warnings, and this meant tests could no longer be run on Node 6 or 8. If you still use these Node versions, you may still be able to use this library, but be warned that tests are no longer run on these versions.

All changes:

• #357 - Dev dependency updates (@​tschaub)
• #333 - Update readme with command line options (@​Victoire44)
• #356 - Test as a GitHub action (@​tschaub)
• #355 - feat(beforeAdd): allow custom script before git add (@​Xiphe)
• #336 - Fix remove not working properly (@​sunghwan2789)
• #328 - Update .travis.yml (@​XhmikosR)

... (truncated)

Changelog

Sourced from gh-pages's changelog.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

• #438 - Remove quotation marks (@​Vicropht)
• #459 - Bump async from 2.6.4 to 3.2.4 (@​tschaub)
• #454 - Bump email-addresses from 3.0.1 to 5.0.0 (@​tschaub)
• #455 - Bump actions/setup-node from 1 to 3 (@​tschaub)
• #453 - Bump actions/checkout from 2 to 3 (@​tschaub)
• #445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@​Nezteb)
• #452 - Assorted updates (@​tschaub)

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

• #432 - Updated dev dependencies and formatting (@​tschaub)
• #430 - Bump ansi-regex from 3.0.0 to 3.0.1 (@​tschaub)
• #431 - Bump path-parse from 1.0.6 to 1.0.7 (@​tschaub)
• #427 - Bump async from 2.6.1 to 2.6.4 (@​tschaub)
• #423 - Bump minimist from 1.2.5 to 1.2.6 (@​tschaub)

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.2.2

• #396 - Revert "security(deps): bump filenamify-url to 2.1.1" (@​tschaub)

v3.2.1

• #393 - security(deps): bump filenamify-url to 2.1.1 (@​AviVahl)

v3.2.0

This release updates a few development dependencies and adds a bit of documentation.

• #391 - Update dev dependencies (@​tschaub)
• #375 - Add note about domain problem (@​demee)
• #390 - Fix little typo in the README (@​cizordj)
• #388 - Bump hosted-git-info from 2.8.8 to 2.8.9 (@​tschaub)
• #387 - Bump y18n from 4.0.0 to 4.0.3 (@​tschaub)
• #378 - Add GitHub Actions tips to readme.md (@​mickelsonmichael)
• #386 - Bump lodash from 4.17.14 to 4.17.21 (@​tschaub)

... (truncated)

Commits

• f729b97 5.0.0
• 51534c7 Log changes
• ace063b Merge pull request #438 from Vicropht/patch-1
• 58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
• 2189df3 Bump async from 2.6.4 to 3.2.4
• 051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...
• 5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...
• fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...
• b89287d Merge pull request #445 from Nezteb/patch-1
• e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
• Additional commits viewable in compare view

Updates @babel/traverse from 7.10.3 to 7.27.4

Release notes

Sourced from @​babel/traverse's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #17238 Split regeneratorRuntime into multiple helpers (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

Committers: 7

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Vik R (@​vikr01)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

• babel-parser, babel-plugin-proposal-explicit-resource-management
  • #17323 Disallow using in bare case statement (@​JLHwung)

💅 Polish

• babel-parser
  • #17311 Improve parseExpression error messages (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17287 Reduce regenerator size more (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17334 Use shorter method names for regenerator context (@​nicolo-ribaudo)
  • #17268 Reduce regenerator helper size (@​liuxingbaoyu)
• babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #17238 Split regeneratorRuntime into multiple helpers (@​nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

• babel-generator
  • #17324 Improve multiline comments handling in yield/await expression (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17328 Correctly set .displayName on GeneratorFunction (@​nicolo-ribaudo)
• babel-plugin-proposal-explicit-resource-management
  • #17319 fix: handle shadowed binding in for using of body (@​JLHwung)
  • #17317 fix: support named evaluation for using declaration (@​JLHwung)
• babel-plugin-proposal-decorators, babel-types
  • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
• babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
  • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
• babel-parser
  • #17312 fix(parser): properly handle optional markers in generator class methods (@​magic-akari)
  • #17307 fix(parser): Terminate modifier parsing at newline (@​magic-akari)
• babel-generator, babel-parser
  • #17308 Improve import phase parsing (@​JLHwung)

v7.27.2 (2025-05-06)

🐛 Bug Fix

• babel-parser
  • #17289 fix: @babel/parser/bin/index.js contains node: protocol require (@​liuxingbaoyu)
  • #17291 fix: Private class method not found when TS and estree (@​liuxingbaoyu)
• babel-plugin-transform-object-rest-spread
  • #17281 Fix: improve object rest handling in array pattern (@​JLHwung)
• babel-plugin-transform-modules-commonjs, babel-template
  • #17284 fix(babel-template): Properly handle empty string replacements (@​magic-akari)

🏃‍♀️ Performance

• babel-cli

... (truncated)

Commits

• 7d06930 v7.27.4
• 05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
• da5e371 v7.27.3
• 2d0c76e Improve integrations of using declaration with other transforms (#17330)
• eebd3a0 v7.27.1
• 62af1a6 fix: do expressions should allow early exit (#17137)
• 8e23272 [Babel 8] perf: Improve traverse performance (#16965)
• 9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
• 4d39e9d Harden variable declarator validations (#17217)
• 6cd1c60 Reduce generated names size for the 10th-11th (#17221)
• Additional commits viewable in compare view

Updates async from 2.6.1 to 3.2.6

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

• Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
• Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

• Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

v3.2.0

• Fix a bug in Safari related to overwriting func.name
• Remove built-in browserify configuration (#1653)
• Varios doc fixes (#1688, #1703, #1704)

v3.1.1

• Allow redefining name property on wrapped functions.

v3.1.0

• Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
• Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
• Fixed a parsing bug in autoInject with complicated function bodies (#1663)
• Added ES6+ configuration for Browserify bundlers (#1653)
• Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

• Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
• Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table> 

... (truncated)

Commits

• 85fb18f Version 3.2.6
• 8c0c941 Update built files
• 5f756b4 Fix ReDoS (#1980)
• 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
• 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
• 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
• afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
• 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
• 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
• f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
• Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in