Bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
debug	2.2.0	2.6.9
ejs	2.7.4	3.1.10
express	4.13.4	4.19.2
log4js	0.6.38	6.4.0
morgan	1.6.1	1.9.1
ms	0.7.1	2.1.1
body-parser	1.13.3	1.20.2
serve-favicon	2.3.2	2.5.0
semver	4.3.2	removed
pg-promise	4.8.1	11.8.0

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.13.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates log4js from 0.6.38 to 6.4.0

Changelog

Sourced from log4js's changelog.

6.4.0 - BREAKING CHANGE 💥

New default file permissions may cause external applications unable to read logs. A manual code/configuration change is required.

• feat: added warnings when log() is used with invalid levels before fallbacking to INFO - thanks @​abernh
• feat: exposed Recording - thanks @​polo-language
• fix: default file permission to be 0o600 instead of 0o644 - thanks ranjit-git and @​lamweili
  • docs: updated fileSync.md and misc comments - thanks @​lamweili
• fix: file descriptor leak if repeated configure() - thanks @​lamweili
• fix: MaxListenersExceededWarning from NodeJS - thanks @​lamweili
  • test: added assertion for increase of SIGHUP listeners on log4js.configure() - thanks @​lamweili
• fix: missing TCP appender with Webpack and Typescript - thanks @​techmunk
• fix: dateFile appender exiting NodeJS on error - thanks @​4eb0da
  • refactor: using writer.writable instead of alive for checking - thanks @​lamweili
• fix: TCP appender exiting NodeJS on error - thanks @​jhonatanTeixeira
• fix: multiprocess appender exiting NodeJS on error - thanks @​harlentan
• test: update fakeFS.read as graceful-fs uses it - thanks @​lamweili
• test: update fakeFS.realpath as fs-extra uses it - thanks @​lamweili
• test: added tap.tearDown() to clean up test files
  • test: #1143 - thanks @​lamweili
  • test: #1022 - thanks @​abetomo
• type: improved @​types for AppenderModule - thanks @​nicobao
• type: Updated fileSync appender types - thanks @​lamweili
• type: Removed erroneous type in file appender - thanks @​vdmtrv
• type: Updated Logger.log type - thanks @​ZLundqvist
• type: Updated Logger._log type - thanks @​lamweili
• type: Updated Logger.level type - thanks @​lamweili
• type: Updated Levels.getLevel type - thanks @​saulzhong
• chore(deps): bump streamroller from 3.0.1 to 3.0.2 - thanks @​lamweili
• chore(deps): bump date-format from 4.0.2 to 4.0.3 - thanks @​lamweili
• chore(deps-dev): bump eslint from from 8.6.0 to 8.7.0 - thanks @​lamweili
• chore(deps-dev): bump nyc from 14.1.1 to 15.1.0 - thanks @​lamweili
• chore(deps-dev): bump eslint from 5.16.0 to 8.6.0 - thanks @​lamweili
• chore(deps): bump flatted from 2.0.2 to 3.2.4 - thanks @​lamweili
• chore(deps-dev): bump fs-extra from 8.1.0 to 10.0.0 - thanks @​lamweili
• chore(deps): bump streamroller from 2.2.4 to 3.0.1 - thanks @​lamweili
  • fix: compressed file ignores dateFile appender "mode" - thanks @​rnd-debug
  • fix: #1039 where there is an additional separator in filename (streamroller@3.0.0 changelog)
  • fix: #1035, #1080 for daysToKeep naming confusion (streamroller@3.0.0 changelog)
  • refactor: migrated from daysToKeep to numBackups due to streamroller@^3.0.0 - thanks @​lamweili
  • feat: allows for zero backups - thanks @​lamweili
• chore(deps): bump date-format from 3.0.0 to 4.0.2 - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0
  • chore(deps-dev): bump eslint-plugin-prettier from 3.4.1 to 4.0.0
  • chore(deps-dev): bump husky from 3.1.0 to 7.0.4
  • chore(deps-dev): bump prettier from 1.19.0 to 2.5.1
  • chore(deps-dev): bump typescript from 3.9.10 to 4.5.4
• chore(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0 - thanks @​lamweili

... (truncated)

Commits

• 9fdbed5 6.4.0
• 788c7a8 Merge pull request #1150 from log4js-node/update-changelog
• 7fdb141 chore: updated changelog for 6.4.0
• e6bd888 Merge pull request #1151 from log4js-node/feat-zero-backup
• ac599e4 allow for zero backup - in sync with https://github.com/log4js-node/streamrol...
• 53248cd Merge pull request #1149 from log4js-node/migrate-daysToKeep-to-numBackups
• 436d9b4 Merge pull request #1148 from log4js-node/update-docs
• d6b017e chore(docs): updated fileSync.md and misc comments
• d4617a7 chore(deps): migrated from daysToKeep to numBackups due to streamroller@^3.0.0
• 0ad0133 Merge pull request #1147 from log4js-node/update-deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates morgan from 1.6.1 to 1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

1.8.1

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: debug@2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@0.7.2
• perf: enable strict mode in compiled functions

1.7.0

• Add digits argument to response-time token
• deps: depd@~1.1.0
  • Enable strict mode in more places
  • Support web browser loading
• deps: on-headers@~1.0.1
  • perf: enable strict mode

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0 / 2017-09-26

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

1.8.1 / 2017-02-04

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: debug@2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@0.7.2
• perf: enable strict mode in compiled functions

1.7.0 / 2016-02-18

• Add digits argument to response-time token
• deps: depd@~1.1.0
  • Enable strict mode in more places

... (truncated)

Commits

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• Additional commits viewable in compare view

Updates ms from 0.7.1 to 2.1.1

Release notes

Sourced from ms's releases.

2.1.1

Patches

• Add full support for negative numbers: #104

Credits

Huge thanks to @​thevtm for helping!

2.1.0

Minor Changes

• Add "week" / "w" support: a2caead13ac7f9931338a1a51ab4e36ddb505e00
• Fixed match regex to support negative numbers: #96

Patches

• Applied a few text improvements: 15dc8c5b5a9e8372555400485a749ec04cc02444
• Fixed spelling of “millisecond” in description: #95
• Lockfile added: 2425ebdefcdd1c2b726c06f6a65c4f2dea58dee7

Credits

Huge thanks to @​yoavmmn and @​binki for helping!

2.0.0

Major Changes

• Limit str to 100 to avoid ReDoS of 0.3s: #89

Patches

• Ignored logs coming from npm: b1eaab752203e978492a4d540a7ae1d26e6306b1
• Bumped dependencies to the latest version: bcf57157678fd5afc691383145a35e116f9704d0
• Invalidated cache for slack badge: 94b995c1d6d5d13ec976a0c6849a3cca9b277e6b

Credits

Huge thanks to @​karenyavine for their help!

1.0.0

Major Changes

• Removed component specification: 1fbbe974cdcad96e592dcb65a7b2a8649f690420

Patches

• Test on LTS version of Node: c9b1fd319f0f9198d85ecf4ba83e46cc1216be04
• Removed XO: 94068ea6d518387670df277f740b1abada80ed48
• Use prettier and eslint: 57b3ef8e3423cae6254f94c5564a11b4492cff43

... (truncated)

Commits

• fe0bae3 2.1.1
• 7437f92 Add full support for negative numbers (#104)
• 845c302 2.1.0
• 17d719f Bumped dev depdenencies to the latest version
• 2425ebd Lockfile added
• f0bc0a2 Fixed match regex to support negative numbers (#96)
• a2caead Add "week" / "w" support
• e359eee Add reference to ms.macro (#99)
• fa0947f Fixed spelling of “millisecond” in description (#95)
• 826e137 updated package husky from 0.13.3 to 0.13.4 (#94)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by leo, a new releaser for ms since your current version.

Updates body-parser from 1.13.3 to 1.20.2

Release notes

Sourced from body-parser's releases.

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

1.19.0

• deps: bytes@3.1.0
  • Add petabyte (pb) support
• deps: http-errors@1.7.2

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6

... (truncated)

Commits

• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• Additional commits viewable in compare view

Updates serve-favicon from 2.3.2 to 2.5.0

Release notes

Sourced from serve-favicon's releases.

2.5.0

• Ignore requests without url property
• deps: ms@2.1.1
  • Add week
  • Add w

2.4.5

• deps: etag@~1.8.1
  • perf: replace regular expression with substring
• deps: fresh@0.5.2
  • Fix regression matching multiple ETags in If-None-Match
  • perf: improve If-None-Match token parsing

2.4.4

• deps: fresh@0.5.1
  • Fix handling of modified headers with invalid dates
  • perf: improve ETag match loop
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: safe-buffer@5.1.1

2.4.3

• Use safe-buffer for improved Buffer API
• deps: ms@2.0.0

2.4.2

• deps: ms@1.0.0

2.4.1

• Remove usage of res._headers private field
• deps: fresh@0.5.0
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • perf: skip checking modified time if ETag check failed
  • perf: skip parsing If-None-Match when no ETag header
  • perf: use Date.parse instead of new Date

2.4.0

• deps: etag@~1.8.0
  • Use SHA1 instead of MD5 for ETag hashing
  • Works with FIPS 140-2 OpenSSL configuration
• deps: fresh@0.4.0
  • Fix false detection of no-cache request directive
  • perf: enable strict mode
  • perf: hoist regular expressions
  • perf: remove duplicate conditional
  • perf: remove unnecessary boolean coercions
• perf: simplify initial argument checking

Changelog

Sourced from serve-favicon's changelog.

2.5.0 / 2018-03-29

• Ignore requests without url property
• deps: ms@2.1.1
  • Add week
  • Add w

2.4.5 / 2017-09-26

• deps: etag@~1.8.1
  • perf: replace regular expression with substring
• deps: fresh@0.5.2
  • Fix regression matching multiple ETags in If-None-Match
  • perf: improve If-None-Match token parsing

2.4.4 / 2017-09-11

• deps: fresh@0.5.1
  • Fix handling of modified headers with invalid dates
  • perf: improve ETag match loop
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: safe-buffer@5.1.1

2.4.3 / 2017-05-16

• Use safe-buffer for improved Buffer API
• deps: ms@2.0.0

2.4.2 / 2017-03-24

• deps: ms@1.0.0

2.4.1 / 2017-02-27

• Remove usage of res._headers private field
• deps: fresh@0.5.0
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • perf: skip checking modified time if ETag check failed
  • perf: skip parsing If-None-Match when no ETag header
  • perf: use Date.parse instead of new Date

... (truncated)

Commits

• 266aba1 2.5.0
• a047336 build: Node.js@9.8
• 83fee9c build: Node.js@8.10
• 5457281 build: Node.js@6.13
• 3a93328 lint: apply standard 11 style
• 06e69b1 Ignore requests without "url" property
• 061f378 build: support Node.js 9.x
• 669c1a1 build: Node.js@8.9
• 233027e build: Node.js@6.12
• 31d2028 build: eslint-plugin-node@5.2.1
• Additional commits viewable in compare view

Updates fresh from 0.3.0 to 0.5.2

Changelog

Sourced from fresh's changelog.

0.5.2 / 2017-09-13

• Fix regression matching multiple ETags in If-None-Match
• perf: improve If-None-Match token parsing

0.5.1 / 2017-09-11

• Fix handling of modified headers with invalid dates
• perf: improve ETag match loop

0.5.0 / 2017-02-21

• Fix incorrect result when If-None-Match has both * and ETags
• Fix weak ETag matching to match spec
• perf: delay reading header values until needed
• perf: skip checking modified time if ETag check failed
• perf: skip parsing If-None-Match when no ETag header
• perf: use Date.parse instead of new Date

0.4.0 / 2017-02-05

• Fix false detection of no-cache request directive
• perf: enable strict mode
• perf: hoist regular expressions
• perf: remove duplicate conditional
• perf: remove unnecessary boolean coercions

Commits

• 02df630 0.5.2
• 37cd4a2 build: Node.js@8.5
• 731c0eb build: Node.js@6.11
• 21a0f0c perf: improve If-None-Match token parsing
• ff5f257 Fix regression matching multiple ETags in If-None-Match
• e8a4aaf 0.5.1
• 7015bce perf: improve ETag match loop
• 7a2b460 Fix handling of modified headers with invalid dates
• 1599530 bench: add simple benchmarks
• 74793d9 build: eslint-plugin-node@5.1.1
• Additional commits viewable in compare view

Updates mime from 1.3.4 to 1.6.0

Changelog

Sourced from mime's changelog.

v1.6.0 (24/11/2017)

No changelog for this release.

---

v2.0.4 (24/11/2017)

• [closed] Switch to mime-score module for resolving extension contention issues. #182
• [closed] Update mime-db to 1.31.0 in v1.x branch #181

---

v1.5.0 (22/11/2017)

• [closed] need ES5 version ready in npm package #179
• [closed] mime-db no trace of iWork - pages / numbers / etc. #178
• [closed] How it works in brownser ? #176
• [closed] Missing ./Mime #175
• [closed] Vulnerable Regular Expression #167

---

v2.0.3 (25/09/2017)

No changelog for this release.

---

v1.4.1 (25/09/2017)

• [closed] Issue when bundling with webpack #172

---

v2.0.2 (15/09/2017)

• [V2] fs.readFileSync is not a function #165
• [closed] The extension for video/quicktime should map to .mov, not .qt #164
• [V2] [v2 Feedback request] Mime class API #163
• [V2] [v2 Feedback request] Resolving conflicts over extensions #162
• [V2] Allow callers to load module with official, full, or no defined types. #161
• [V2] Use "facets" to resolve extension conflicts #160
• [V2] Remove fs and path dependencies #152
• [V2] Default content-type should not be application/octet-stream #139
• [V2] reset mime-types #124
• [V2] Extensionless paths should return null or false #113

---

v2.0.1 (14/09/2017)

• [closed] Changelog for v2.0 does not mention breaking changes #171
• [closed] MIME breaking with 'class' declaration as it is without 'use strict mode' #170

---

... (truncated)

Commits

• 87b396e 1.6.0
• 4db5125 changelog
• 3668c6b Use mime-score module to resolve extension conflicts. Fixes #183
• 949b451 1.5.0
• 85672d3 application/font-woff -> font/woff
• 1f6281d chmod cli.js
• c0853d2 update to mime-db@v1.31.0
• 3004636 Generate CHANGELOG.md via github-release-notes
• eb24bae 1.4.1
• 855d0c4 Fix #167
• Additional commits viewable in compare view

Updates negotiator from 0.5.3 to 0.6.3

Release notes

Sourced from negotiator's releases.

0.6.3

• Revert "Lazy-load modules from main entry point"

0.6.2

• Fix sorting charset, encoding, and language with extra parameters

0.6.1

• perf: improve Accept parsing speed
• perf: improve Accept-Charset parsing speed
• perf: improve Accept-Encoding parsing speed
• perf: improve Accept-Language parsing speed

0.6.0

• Fix including type extensions in parameters in Accept parsing
• Fix parsing Accept parameters with quoted equals
• Fix parsing Accept parameters with quoted semicolons
• Lazy-load modules from main entry point
• perf: delay type concatenation until needed
• perf: enable strict mode
• perf: hoist regular expressions
• perf: remove closures getting spec properties
• perf: remove a closure from media type parsing
• perf: remove property delete from media type parsing

Changelog

Sourced from negotiator's changelog.

0.6.3 / 2022-01-22

• Revert "Lazy-load modules from main entry point"

0.6.2 / 2019-04-29

• Fix sorting charset, encoding, and language with extra parameters

0.6.1 / 2016-05-02

• perf: improve Accept parsing speed
• perf: improve Accept-Charset parsing speed
• perf: improve Accept-Encoding parsing speed
• perf: improve Accept-Language parsing speed

0.6.0 / 2015-09-29

• Fix including type extensions in parameters in Accept parsing
• Fix parsing Accept parameters with quoted equals
• Fix parsing Accept parameters with quoted semicolons
• Lazy-load modules from main entry point
• perf: delay type concatenation until needed
• perf: enable strict mode
• perf: hoist regular expressions
• perf: remove closures getting spec properties
• perf: remove a closure from media type parsing
• perf: remove property delete from media type parsing

Commits

• 40a5acb 0.6.3
• 438a9bc Revert "Lazy-load modules from main entry point"
• 6e155dd build: mocha@9.1.3
• 13be933 build: support Node.js 17.x