build(deps): bump the npm_and_yarn group across 1 directory with 43 updates

[dependabot]

Bumps the npm_and_yarn group with 27 updates in the / directory:

Package	From	To
body-parser	1.9.0	1.20.3
dustjs-linkedin	2.5.0	3.0.0
ejs	1.0.0	3.1.10
express	4.12.4	4.20.0
express-fileupload	0.0.5	1.4.0
hbs	4.0.4	4.2.0
jquery	2.2.4	3.5.0
marked	0.3.5	4.0.10
moment	2.15.1	2.29.4
mongoose	4.2.4	5.13.20
ms	0.7.3	2.1.3
humanize-ms	1.0.1	1.2.1
typeorm	0.2.24	0.3.0
validator	13.5.2	13.7.0
snyk	1.278.1	1.1064.0
ajv	6.10.2	6.12.6
browserify-sign	4.0.4	4.2.3
cached-path-relative	1.0.2	1.1.0
ini	1.3.5	1.3.8
npmconf	0.0.24	2.1.3
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
minimist	0.0.8	1.2.8
tap	11.1.5	21.0.1
shell-quote	1.6.1	1.8.1
underscore	1.9.1	1.12.1
cfenv	1.2.2	1.2.4

Updates body-parser from 1.9.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates dustjs-linkedin from 2.5.0 to 3.0.0

Release notes

Sourced from dustjs-linkedin's releases.

v3.0.0

What's Changed

• Bump deps by @​sethkinast in linkedin/dustjs#734
• Prioritize resolution of .then by @​brianmhunt in linkedin/dustjs#736
• Don't use instanceof to determine if a Context is a Context by @​sethkinast in linkedin/dustjs#744
• place location provided by peg 0.9 onto the AST by @​jimmyhchan in linkedin/dustjs#706
• {?exists} and {^exists} now supports values from a promise by @​samuelms1 in linkedin/dustjs#753
• Decrease security vulnerabilities by upgrading cli dependency (#754 #748) by @​danactive in linkedin/dustjs#756
• fix: Security bug about prototype pollution by @​sumeetkakkar in linkedin/dustjs#805

New Contributors

• @​brianmhunt made their first contribution in linkedin/dustjs#736
• @​samuelms1 made their first contribution in linkedin/dustjs#753
• @​danactive made their first contribution in linkedin/dustjs#756
• @​sumeetkakkar made their first contribution in linkedin/dustjs#805

Full Changelog: linkedin/dustjs@v2.7.2...v3.0.0

v2.7.2

Notable Changes

Filters

Dust filter functions previously took one argument, the string to filter. They now accept a second argument, which is the current context.

Helpers

Dust helpers can now return primitives.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@return value="" filters="|s" /} 
{@return value=""}{.} World{/return}

v2.7.1

Notable Changes

dust.config.cache

In previous versions, setting dust.config.cache to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used. Setting it back to true means that previously-cached templates will be ready to use.

dust.onLoad

We have added a callback(null, compiledTemplate) signature to dust.onLoad.

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

You can still call the callback with uncompiled template source and Dust will compile and store it, while respecting your dust.config.cache setting.

... (truncated)

Changelog

Sourced from dustjs-linkedin's changelog.

v3.0.0 (2021/10/20 22:56 +00:00)

• #805 fix: Security bug about prototype pollution (@​sumeetkakkar)

list (2016/12/08 20:15 +00:00)

• #756 Decrease security vulnerabilities by upgrading cli dependency (#754 #748) (@​danactive)
• #753 {?exists} and {^exists} resolve Promises and check if the result exists (#753) (@​samuelms1)

v2.7.4 (2016/09/13 02:52 +00:00)

• #744 Don't use instanceof to determine if a Context is a Context. Instead use a flag on the instance itself so it can survive object merges. (@​sethkinast)

v2.6.3 (2016/07/26 18:03 +00:00)

• #736 Prioritize resolution of .then (@​brianmhunt)
• #735 Prioritize .then on thenable functios (#735) (@​brianmhunt)
• #734 Bump deps (@​sethkinast)
• #703 Upgrade to peg.js 0.9 (@​sethkinast)
• #705 When rendering with a Context object, use the templateName provided by the template (@​sethkinast)
• #701 Fix stacktrace logging for IE8 (@​sethkinast)
• #700 At DEBUG loglevel, log the full stack trace on errors (@​r1b)
• #690 Update deps (@​sethkinast)
• #689 Make the AMD loader pass the template directly rather than communicating via the cache (@​aredridel)

v2.7.2 (2015/06/08 20:41 +00:00)

• #673 Pass the current context to filters (@​sethkinast)
• #676 If a Promise is resolved with an array, iterate over it instead of rendering the whole array at once.

Closes #674 (@​sethkinast)

• #647 Allow helpers to return primitives

Previously returning a primitive would crash rendering with no way to recover. You can still return a Chunk and do more complex work if you need to.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@​return value="" filters="|s" /} {@​return value=""}{.} World{/return}

Closes #645 (@​sethkinast)

• #664 Be slightly pickier about what Dust thinks a Stream is.

Closes #663 (@​sethkinast)

• #661 Add saucelabs integration (@​sethkinast)
• #658 Refactor testing frameworks

Closes #649 Closes #602 Closes #642 (@​sethkinast)

• #660 Grammar: s/char/character/ to avoid using a reserved name

Closes #659 (@​sethkinast)

v2.7.1 (2015/04/30 20:32 +00:00)

• #655 Update CommonJS example to make use of new onLoad behavior (@​sethkinast)
• #653 Fix array iteration when context is undefined (@​sethkinast)
• #641 Add a cb(null, compiledTemplate) signature to dust.onLoad

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

dust.cache behavior has been changed slightly. Before, setting it to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used, but if it's set to true again previously-cached templates will be ready to use. (@​sethkinast)

• #650 Pin jasmine@2.2.x for grunt-jasmine-nodejs (@​sethkinast)
• #646 Update AMD and CommonJS examples (@​sethkinast)
• #637 CommonJS example (@​sethkinast)
• #638 Preserve compiler backwards compatibility with pre-2.7 versions (@​sethkinast)
• #639 Fix failing test on Windows (@​sethkinast)

v2.7.0 (2015/04/17 23:23 +00:00)

• #636 Fix failing tests in IE8 (@​sethkinast)
• #633 Drop Node 0.8 (@​sethkinast)
• #635 Resolve dynamic partial names via original context (@​sethkinast)
• #631 Try to avoid creating Stacks with no content when possible (@​sethkinast)
• #613 Refactor template compilation

• dust.render and dust.stream now accept a compiled template function in addition to a template name.
• dust.compile no longer requires a template name, and will compile an anonymous template without one (so --name is no longer required for dustc either)
• dust.load is removed from the public API
• dust.renderSource is moved to the compiler, so it's only included in dust-full now (Fixes #412)
• dust.compileFn is moved to the compiler, so it's only included in dust-full now
• add dust.isTemplateFn
• add dust.config.cache = true, set to false to disable caching and load templates again every time (Fixes #451)
• add dust.config.cjs = false, set to true to compile templates as CommonJS modules
• add --cjs flag to dustc
• Move a bunch of exposed compiler stuff under dust.compiler (but leave it exposed until 2.8) (@​sethkinast)

• #624 dustc always creates templates with forward slashes (@​sethkinast)
• #617 Add chunk.stream to allow streamables in context (@​sethkinast)
• #610 clean up PEG grammar a little bit (@​sethkinast)
• #622 Fix behavior of Context#resolve when resolving a context function that returns a Chunk (@​sethkinast)

... (truncated)

Commits

• 2e8795c Release v3.0.0
• 6f98371 merge from 2.7
• db6d8b9 Merge pull request #805 from sumeetkakkar/fix/proto-pollution
• ddb6523 fix for prototype pollution vulnerability
• 822222e Release v2.7.5
• d0f955d Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
• e0e25f7 Merge pull request #756 from danactive/master
• eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
• d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (#753)
• 9a08207 Release v2.7.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by krakenjs, a new releaser for dustjs-linkedin since your current version.

Updates ejs from 1.0.0 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

v2.7.4

Bug fixes

• Fixed Node 4 support, which broke in v2.7.3 (mde/ejs@5e42d6c, @​mde)

v2.7.3

Bug fixes

• Made the post-install message more discreet by following the example of opencollective-postinstall (mde/ejs@228d8e4, @​mde)

v2.7.2

Features

• Added support for destructuring locals (#452, @​ExE-Boss)
• Added support for disabling legacy include directives (#458, #459, @​ExE-Boss)
• Compiled functions are now shown in the debugger (#456, @​S2-)
• function.name is now set to the file base name in environments that support this (#466, @​ExE-Boss)

Bug Fixes

• The error message when async != true now correctly mention the existence of the async option (#460, @​ExE-Boss)
• Improved performance of HTML output generation (#470, @​nwoltman)

v2.7.1

Deprecated:

• Added deprecation notice for use of require.extensions (@​mde)

v2.6.2

• Correctly pass custom escape function to includes (@​alecgibson)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by mde, a new releaser for ejs since your current version.

Updates express from 4.12.4 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: path-to-regexp@0.1.8 by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• path-to-regexp@0.1.10 by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1

... (truncated)

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates express-fileupload from 0.0.5 to 1.4.0

Release notes

Sourced from express-fileupload's releases.

v1.4.0

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in richardgirges/express-fileupload#310
• Upgrade busboy version by @​duterte in richardgirges/express-fileupload#315

New Contributors

• @​dependabot made their first contribution in richardgirges/express-fileupload#310
• @​duterte made their first contribution in richardgirges/express-fileupload#315

Full Changelog: richardgirges/express-fileupload@v1.3.1...v1.4.0

1.3.1

Updates

• Have promiseCallback make callbacks and promises behave the same (#302)
• Fix prototype pollution in utilities.js (#301)
• Switch to CircleCI (ddf553060a1041c1f36a696b1ae8b52d24083140)
• End support for Node versions < 12 (ab3d252a28c8eb1c003528fecc5e1ef38f8954c3)

1.2.1

Updates:

• (Fix) Stopped additional responses from being sent if a limit handler exists (#264)
• Unhandled promise rejection warning (#257)
• Changed example (#255)
• Passing a Buffer body will pollute req.body when used along with processNested (#291)

1.2.0

Bug Fixes

#241 Cleanup temporary files - @​nusu

1.1.10

Updates:

Additional prototype-pollution security fix when using processNested (#239)

1.1.9

Updates:

Second prototype pollution security vulnerability fix when using processNested (#236)

1.1.8

Updates:

Fixed prototype pollution security vulnerability when using processNested (#236)

1.1.7-alpha.4

Updates:

• Updated README.md thanks to @​tycrek , @​eartharoid, @​Code42Cate
• Some code refactoring to make it lighter and more readable.
• Updated dependencies.

Fixes:

• Fix empty file issue(#226)
• Fix temp file write timing issue(#184). Thanks to @​somewind

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by richardgirges, a new releaser for express-fileupload since your current version.

Updates hbs from 4.0.4 to 4.2.0

Changelog

Sourced from hbs's changelog.

4.2.0 / 2021-11-16

• Add rename option to registerPartials
• Ensure all partials are registered before rendering
• Fix function context in async helpers
• deps: walk@2.3.15

4.1.2 / 2021-04-15

• deps: handlebars@4.7.7

4.1.1 / 2020-04-03

• deps: handlebars@4.7.6

4.1.0 / 2020-01-14

• deps: handlebars@4.5.3
  • Add handlebars.parseWithoutProcessing
  • Add support for iterable objects in #each helper
  • Block access to non-enumerable special properties on objects
  • Fix error when helper defined with array properties
  • Fix parsing of empty raw blocks
  • Fix work-around for constructor blocking
  • Validate arguments to #if, #unless and #with helpers

4.0.6 / 2019-10-09

• deps: handlebars@4.3.5
  • Fix error object inheritance
  • Fix work-around for constructor blocking

4.0.5 / 2019-09-27

• Fix async helpers not working when cache enabled
• Fix handling of exceptions from layout
• Fix handling of exceptions when cache enabled
• deps: handlebars@4.3.3
  • Block calling helperMissing and blockHelperMissing from templates
  • Fix work-around for constructor blocking
• deps: walk@2.3.14

Commits

• 5790e5e v4.2.0
• 1ef46ee build: Node.js@16.13
• 9771a6f build: mocha@9.1.3
• e501201 build: update CI for npm TLS upgrade
• 9f1fee2 docs: fix linux build badge
• 9bd9de2 docs: add preamble to install section
• 73559c1 Add rename option to registerPartials
• 3b34543 build: Node.js@16.10
• df4fd3d build: Node.js@14.18
• e5e6e39 deps: walk@2.3.15
• Additional commits viewable in compare view

Updates jquery from 2.2.4 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates marked from 0.3.5 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

• security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

• retain line breaks in tokens properly (#2341) (a9696e2)

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

• spaces on a newline after a table (#2319) (f82ea2c)

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

• Fix every third list item broken (#2318) (346b162), closes #2314

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

• speed up parsing long lists (#2302) (e0005d8)

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

• table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for marked since your current version.

Updates moment from 2.15.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: