Skip to content

Bump the npm_and_yarn group across 2 directories with 5 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-69715c11bc
Open

Bump the npm_and_yarn group across 2 directories with 5 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-69715c11bc

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026

Bumps the npm_and_yarn group with 4 updates in the / directory: body-parser, jsonwebtoken, knex and morgan.
Bumps the npm_and_yarn group with 1 update in the /public directory: jquery.

Updates body-parser from 1.9.3 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

  • deps: qs@^6.14.1
  • refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

2.0.2 / 2024-10-31

  • remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

  • Restore expected behavior extended to false

2.0.0 / 2024-09-10

Breaking Changes

  • Node.js 18 is the minimum supported version

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates jsonwebtoken from 5.7.0 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

  • updates jws version to 4.0.1.

9.0.2 - 2023-08-30

  • security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
  • refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

  • fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

Docs

8.5.0 - 2019-02-20

New Functionality

Test Improvements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates knex from 0.9.0 to 3.2.8

Release notes

Sourced from knex's releases.

3.2.8

What's Changed

Full Changelog: knex/knex@3.2.7...3.2.8

3.2.7

What's Changed

New Contributors

Full Changelog: knex/knex@3.2.6...3.2.7

3.2.6

What's Changed

Full Changelog: knex/knex@3.2.3...3.2.6

3.2.3

What's Changed

Full Changelog: knex/knex@3.2.1...3.2.3

3.2.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from knex's changelog.

Master (Unreleased)

Bug fixes

  • Reverts the breaking changes added in #6227. This means that the ESM import of Knex is reverted to import { knex } from 'knex/knex.mjs #6422
  • fix(types): allow a QueryBuilder type as a value in an update #6419

3.2.7 - 27 March, 2026

Bug fixes

  • fix sqlite DDL operations failing inside transactions #6408
  • fix: handle lowercase INFORMATION_SCHEMA keys in MySQL renameColumn #6407
  • fix: clone config in client constructor #5633
  • fix: remove __knexTxId from transaction connection on release #5288
  • fix: correct binding order in delete with subquery join #6412
  • chore: omit ./scripts from published package #6356

3.2.6 - 24 March, 2026

Bug fixes

  • Fix module exports #6406

3.2.5 - 23 March, 2026

Bug fixes

3.2.4 - 23 March, 2026

Bug fixes

  • Fix ESM type exports #6404

3.2.1 - 22 March, 2026

Bug fixes

  • Fix subpath imports broken by exports field added in 3.2.0. Packages relying on deep imports (e.g. knex/lib/dialects/sqlite3/index) were blocked by the restrictive exports map

Docs

  • Add VitePress blog with archive and UTC post dates (#6397)

3.2.0 - 22 March, 2026

New features

... (truncated)

Commits
  • 8198fa6 release 3.2.8
  • a077f37 chore: update changelog & release script
  • 94185ae fix: revert exports map added in #6227 (#6422)
  • e7f24c1 fix: TS types for update with subquery (#6419)
  • 633b4a4 release 3.2.7
  • d9faa34 fix: clone config in client constructor (#5633)
  • c5e731c fix: invalid GH workflow.yml files from 7e04e0a
  • 699ce7a fix: remove __knexTxId from connection on release (#5288)
  • 7e04e0a chore: only use dockerhub install if username is available
  • c88c8ee chore: add dockerhub credentials to prevent CI rate limiting (#6418)
  • Additional commits viewable in compare view

Updates morgan from 1.5.3 to 1.10.1

Release notes

Sourced from morgan's releases.

1.10.1

What's Changed

New Contributors

Full Changelog: expressjs/morgan@1.10.0...1.10.1

1.10.0

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
    • deps: safe-buffer@5.1.2
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

... (truncated)

Changelog

Sourced from morgan's changelog.

1.10.1 / 2025-07-17

1.10.0 / 2020-03-20

  • Add :total-time token
  • Fix trailing space in colored status code for dev format
  • deps: basic-auth@~2.0.1
    • deps: safe-buffer@5.1.2
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0 / 2017-09-26

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

1.8.1 / 2017-02-04

  • deps: debug@2.6.1
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for morgan since your current version.


Updates jquery from 2.2.4 to 4.0.0

Release notes

Sourced from jquery's releases.

Release 4.0.0

Changelog

https://blog.jquery.com/2026/01/17/jquery-4-0-0/

Ajax

  • Don't treat array data as binary (992a1911)
  • Allow processData: true even for binary data (ce264e07)
  • Support binary data (including FormData) (a7ed9a7b)
  • Support headers for script transport even when cross-domain (#5142, 6d136443)
  • Support null as success functions in jQuery.get (#4989, 74978b7e)
  • Don't auto-execute scripts unless dataType provided (#4822, 025da4dd)
  • Make responseJSON work for erroneous same-domain JSONP requests (68b4ec59)
  • Execute JSONP error script responses (#4771, a1e619b0)
  • Avoid CSP errors in the script transport for async requests (#3969, 07a8e4a1)
  • Drop the json to jsonp auto-promotion logic (#1799, #3376, e7b3bc48)
  • Overwrite s.contentType with content-type header value, if any (#4119, 7fb90a6b)
  • Deprecate AJAX event aliases, inline event/alias into deprecated (23d53928)
  • Do not execute scripts for unsuccessful HTTP responses (#4250, 50871a5a)
  • Simplify jQuery.ajaxSettings.xhr (#1967, abdc89ac)

Attributes

  • Make .attr( name, false ) remove for all non-ARIA attrs (#5388, 063831b6)
  • Shave off a couple of bytes (b40a4807)
  • Don't stringify attributes in the setter (#4948, 4250b628)
  • Drop the toggleClass(boolean|undefined) signature (#3388, a4421101)
  • Refactor val(): don't strip carriage return, isolate IE workarounds (ff281991)
  • Don't set the type attr hook at all outside of IE (9e66fe9a)

CSS

  • Fix dimensions of table <col> elements (#5628, eca2a564)
  • Drop the cache in finalPropName (640d5825)
  • Tests: Fix tests & support tests under CSS Zoom (#5489, 071f6dba)
  • Fix reliableTrDimensions support test for initially hidden iframes (b1e66a5f)
  • Selector: Align with 3.x, remove the outer selector.js wrapper (53cf7244)
  • Make the reliableTrDimensions support test work with Bootstrap CSS (#5270, 65b85031)
  • Make offsetHeight( true ), etc. include negative margins (#3982, bce13b72)
  • Return undefined for whitespace-only CSS variable values (#5120) (7eb00196)
  • Don’t trim whitespace of undefined custom property (#5105, ed306c02)
  • Skip falsy values in addClass( array ), compress code (#4998, a338b407)
  • Justify use of rtrim on CSS property values (655c0ed5)
  • Trim whitespace surrounding CSS Custom Properties values (#4926, efadfe99)
  • Include show, hide & toggle methods in the jQuery slim build (297d18dd)
  • Remove the opacity CSS hook (865469f5)
  • Workaround buggy getComputedStyle on table rows in IE/Edge (#4490, 26415e08)
  • Don't automatically add "px" to properties with a few exceptions (#2795, 00a9c2e5)

... (truncated)

Commits
  • 4f2fae0 Release: 4.0.0
  • c838cfb Release: remove dist files from main branch
  • 9752519 Release: 4.0.0-rc.2
  • c128d5d Release: Update AUTHORS.txt
  • 5fe9c29 Build: De-dupe three authors via mailmap
  • afdd032 Build: Post beta browser tests errors to jquery/dev on Matrix
  • 546a1eb Build: Bump the github-actions group with 4 updates
  • ec738b3 Build: Fix Chrome beta tests
  • c28c26a Build: Add periodic tests on beta versions of browsers
  • f513413 Build: Bump the github-actions group with 2 updates
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by timmywil, a new releaser for jquery since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 2 directories with 5 updates
23165a5 
Bumps the npm_and_yarn group with 4 updates in the / directory: [body-parser](https://github.com/expressjs/body-parser), [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken), [knex](https://github.com/knex/knex) and [morgan](https://github.com/expressjs/morgan).
Bumps the npm_and_yarn group with 1 update in the /public directory: [jquery](https://github.com/jquery/jquery).


Updates `body-parser` from 1.9.3 to 2.2.2
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.9.3...v2.2.2)

Updates `jsonwebtoken` from 5.7.0 to 9.0.3
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v5.7.0...v9.0.3)

Updates `knex` from 0.9.0 to 3.2.8
- [Release notes](https://github.com/knex/knex/releases)
- [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md)
- [Commits](knex/knex@0.9.0...3.2.8)

Updates `morgan` from 1.5.3 to 1.10.1
- [Release notes](https://github.com/expressjs/morgan/releases)
- [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md)
- [Commits](expressjs/morgan@1.5.3...1.10.1)

Updates `jquery` from 2.2.4 to 4.0.0
- [Release notes](https://github.com/jquery/jquery/releases)
- [Changelog](https://github.com/jquery/jquery/blob/main/changelog.md)
- [Commits](jquery/jquery@2.2.4...4.0.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.2.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsonwebtoken
  dependency-version: 9.0.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: knex
  dependency-version: 3.2.8
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: morgan
  dependency-version: 1.10.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jquery
  dependency-version: 4.0.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants