build(deps): bump the minor-and-patch group across 1 directory with 7 updates by dependabot[bot] · Pull Request #65 · enketo/centro

dependabot · 2026-02-01T19:18:11Z

Bumps the minor-and-patch group with 7 updates in the / directory:

Package	From	To
compression	`1.7.4`	`1.8.1`
cookie-parser	`1.4.6`	`1.4.7`
cors	`2.8.5`	`2.8.6`
debug	`4.3.4`	`4.4.3`
morgan	`1.10.0`	`1.10.1`
pug	`3.0.2`	`3.0.3`
serve-favicon	`2.5.0`	`2.5.1`

Updates compression from 1.7.4 to 1.8.1

Release notes

Sourced from compression's releases.

v1.8.1

What's Changed

fix(docs): update multiple links from http to https by @Phillip9587 in expressjs/compression#222

ci: add dependabot for github actions by @bjohansebas in expressjs/compression#207

build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 by @dependabot[bot] in expressjs/compression#228

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 by @dependabot[bot] in expressjs/compression#229

build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by @dependabot[bot] in expressjs/compression#230

build(deps-dev): bump supertest from 6.2.3 to 6.3.4 by @dependabot[bot] in expressjs/compression#231

[StepSecurity] ci: Harden GitHub Actions by @step-security-bot in expressjs/compression#235

build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 by @dependabot[bot] in expressjs/compression#243

build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 by @dependabot[bot] in expressjs/compression#239

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/compression#240

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/compression#241

build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by @dependabot[bot] in expressjs/compression#244

deps: on-headers@1.1.0 by @UlisesGascon in expressjs/compression#246

Release: 1.8.1 by @UlisesGascon in expressjs/compression#247

New Contributors

@dependabot[bot] made their first contribution in expressjs/compression#228

@step-security-bot made their first contribution in expressjs/compression#235

Full Changelog: expressjs/compression@1.8.0...v1.8.1

v1.8.0

What's Changed

Refactor chunkLength function for improved readability and consistency by @Ayoub-Mabrouk in expressjs/compression#203

Refactor toBuffer function to simplify buffer check logic by @Ayoub-Mabrouk in expressjs/compression#201

ci: add CodeQL (SAST) by @bjohansebas in expressjs/compression#204

Use headersSent instead of _header by @maritz in expressjs/compression#129

Bugfix/use write head instead of implicit header by @Icehunter in expressjs/compression#170

feat: add default option by @bjohansebas in expressjs/compression#191

ci: update ci workflow by @bjohansebas in expressjs/compression#206

feat: support for brotli by @bjohansebas in expressjs/compression#194

docs: improve readme by @bjohansebas in expressjs/compression#209

docs: keywords field by @bjohansebas in expressjs/compression#210

refactor: simplify encoding negotiation logic by @bjohansebas in expressjs/compression#213

New Contributors

@Ayoub-Mabrouk made their first contribution in expressjs/compression#203

@maritz made their first contribution in expressjs/compression#129

@Icehunter made their first contribution in expressjs/compression#170

Full Changelog: expressjs/compression@1.7.5...v1.8.0

1.7.5

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/compression#186

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/compression#187

docs: fix spelling by @dijonkitchen in expressjs/compression#174

deps: bytes@3.1.2 by @bjohansebas in expressjs/compression#192

... (truncated)

Changelog

Sourced from compression's changelog.

1.8.1 / 2025-07-17

deps: on-headers@~1.1.0

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

1.8.0 / 2025-02-10

Use res.headersSent when available

Replace _implicitHeader with writeHead property

add brotli support for versions of node that support it

Add the enforceEncoding option for requests without Accept-Encoding header

1.7.5 / 2024-10-31

deps: Replace accepts with negotiator@~0.6.4

Add preference option

deps: bytes@3.1.2

Add petabyte (pb) support

Fix "thousandsSeparator" incorrecting formatting fractional part

Fix return value for un-parsable strings

deps: compressible@~2.0.18

Mark font/ttf as compressible

Remove compressible from multipart/mixed

deps: mime-db@'>= 1.43.0 < 2'

deps: safe-buffer@5.2.1

Commits

83a0c45 1.8.1
ce62713 deps: on-headers@1.1.0 (#246)
f4acb23 build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 (#244)
6eaebe6 build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (#241)
37e0623 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#240)
bc436b2 build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 (#239)
2f9f572 build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 (#243)
5f13b14 [StepSecurity] ci: Harden GitHub Actions (#235)
76e0945 build(deps-dev): bump supertest from 6.2.3 to 6.3.4 (#231)
ae6ee80 build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 (#230)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for compression since your current version.

Updates cookie-parser from 1.4.6 to 1.4.7

Release notes

Sourced from cookie-parser's releases.

1.4.7

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cookie-parser#103

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/cookie-parser#104

ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in expressjs/cookie-parser#100

deps: cookie@0.7.2 by @SamChatfield in expressjs/cookie-parser#116

Release: 1.4.7 by @UlisesGascon in expressjs/cookie-parser#117

New Contributors

@inigomarquinez made their first contribution in expressjs/cookie-parser#103

@arunsathiya made their first contribution in expressjs/cookie-parser#100

@SamChatfield made their first contribution in expressjs/cookie-parser#116

@UlisesGascon made their first contribution in expressjs/cookie-parser#117

Full Changelog: expressjs/cookie-parser@1.4.6...1.4.7

Changelog

Sourced from cookie-parser's changelog.

1.4.7 / 2024-10-08

deps: cookie@0.7.2

Fix object assignment of hasOwnProperty

deps: cookie@0.7.1

Allow leading dot for domain

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing

deps: cookie@0.7.0

perf: parse cookies ~10% faster

fix: narrow the validation of cookies to match RFC6265

fix: add main to package.json for rspack

deps: cookie@0.6.0

Add partitioned option

deps: cookie@0.5.0

Add priority option

Fix expires option to reject invalid dates

pref: improve default decode speed

pref: remove slow string split in parse

deps: cookie@0.4.2

pref: read value only when assigning in parse

pref: remove unnecessary regexp in parse

Commits

5d61e1e 1.4.7
ccf1f54 deps: cookie@0.7.2 (#116)
429cfd4 ci: Use GITHUB_OUTPUT envvar instead of set-output command (#100)
ca4c97e ci: fix errors in ci pipeline for node 8 and 9 (#104)
97bdf39 ci: add support for OSSF scorecard reporting (#103)
e5862bd build: Node.js@17.6
f0688d2 build: Node.js@14.19
44ec541 build: Node.js@16.14
695435a deps: cookie@0.4.2
f66e7e1 build: mocha@9.2.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cookie-parser since your current version.

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

Build: Node.js@12.16 and Node.js.13.12 by @smondal in expressjs/cors#189

Update README.md for origin function callback parameters by @dstudzinski in expressjs/cors#180

Suggest passing false for disallowed domains, not erroring by @shackpank in expressjs/cors#175

Changed the term whitelist to allowlist in Documentation by @jkasun in expressjs/cors#200

Fix typo in README by @alex-grover in expressjs/cors#207

Added new link & website in the README by @manjunath00 in expressjs/cors#269

Fix functions call with extra parameter by @LuisEGR in expressjs/cors#245

🐛 Fix readme status badge by @homersimpsons in expressjs/cors#306

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cors#321

ci: fix errors in ci github action for node 8 by @inigomarquinez in expressjs/cors#322

test: improved test robustness by @Alex-GF in expressjs/cors#320

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cors#341

ci: add CodeQL (SAST) by @bjohansebas in expressjs/cors#340

docs: remove broken link to demo site by @dpopp07 in expressjs/cors#344

OSSF Scorecard recommendations by @UlisesGascon in expressjs/cors#350

build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @dependabot[bot] in expressjs/cors#351

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in expressjs/cors#353

build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in expressjs/cors#354

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot[bot] in expressjs/cors#355

build(deps-dev): bump express from 4.17.1 to 4.21.2 by @dependabot[bot] in expressjs/cors#356

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in expressjs/cors#352

build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @dependabot[bot] in expressjs/cors#358

update the docs for per request config by @jonchurch in expressjs/cors#338

(fix): readme updated for #271 origin option for * by @dhananjaysa92 in expressjs/cors#289

ci: upgrade Node versions by @UlisesGascon in expressjs/cors#359

chore: add funding to package.json by @bjohansebas in expressjs/cors#363

build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @dependabot[bot] in expressjs/cors#371

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/cors#370

docs: Cleanup README by @efekrskl in expressjs/cors#374

chore: add node v25 by @imangas in expressjs/cors#375

Extend CI test matrix by @imangas in expressjs/cors#376

docs: simplify code examples with header comments by @jonchurch in expressjs/cors#386

docs: tweak intro, add note w/ browser enforcement, FAQ by @jonchurch in expressjs/cors#385

chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @Phillip9587 in expressjs/cors#388

Release: 2.8.6 by @UlisesGascon in expressjs/cors#390

New Contributors

@smondal made their first contribution in expressjs/cors#189

@dstudzinski made their first contribution in expressjs/cors#180

@shackpank made their first contribution in expressjs/cors#175

@jkasun made their first contribution in expressjs/cors#200

@alex-grover made their first contribution in expressjs/cors#207

@manjunath00 made their first contribution in expressjs/cors#269

@LuisEGR made their first contribution in expressjs/cors#245

@homersimpsons made their first contribution in expressjs/cors#306

@inigomarquinez made their first contribution in expressjs/cors#321

@Alex-GF made their first contribution in expressjs/cors#320

@carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

Improve documentation (API, context, examples...)

Remove additional markdown files from tarball

Commits

f00a8c1 2.8.6 (#390)
848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
bbf62a5 docs: simplify code examples with header comments (#386)
f442e77 Extend CI test matrix (#376)
d5cf6cd ci: add support for node@25 (#375)
7e6f7ee docs: revamp content (#374)
b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
9a9a760 chore: add funding to package.json (#363)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates debug from 4.3.4 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

4.4.1

What's Changed

fix(Issue-996): replace whitespaces in namespaces string with commas globally by @pdahal-cx in debug-js/debug#997

fixes #987 fallback to localStorage.DEBUG if debug is not defined by @lzilioli in debug-js/debug#988

New Contributors

@pdahal-cx made their first contribution in debug-js/debug#997

@lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

Upgrade ms to version 2.1.3 by @realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

Avoid using deprecated RegExp.$1 by @bluwy in debug-js/debug#969

New Contributors

@bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @calvintwr for the fix.

Commits

6b2c5fb 4.4.3
33330fa 4.4.1
98df33e remove istanbul
bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
7e3814c 4.4.0
d2d6bf0 fix inefficient .enable() regex and .enabled() test
bc60914 4.3.7
c63e96e Upgrade ms to version 2.1.3 (#819)
382864a remove archaic badges from readme
Additional commits viewable in compare view

Updates morgan from 1.10.0 to 1.10.1

Release notes

Sourced from morgan's releases.

1.10.1

What's Changed

renaming simple to sample in readme by @ryhinchey in expressjs/morgan#237

adding installation instructions to readme by @ryhinchey in expressjs/morgan#233

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/morgan#291

ci: replace travis with github actions by @inigomarquinez in expressjs/morgan#290

docs: add example output for log formats by @jonchurch in expressjs/morgan#299

ci: use ubuntu-latest by @bjohansebas in expressjs/morgan#301

ci: apply OSSF Scorecard security best practices by @UlisesGascon in expressjs/morgan#300

remove --bail by @jonchurch in expressjs/morgan#314

⬆️ bump on-headers by @ctcpip in expressjs/morgan#319

New Contributors

@inigomarquinez made their first contribution in expressjs/morgan#291

@jonchurch made their first contribution in expressjs/morgan#299

@bjohansebas made their first contribution in expressjs/morgan#301

@UlisesGascon made their first contribution in expressjs/morgan#300

@ctcpip made their first contribution in expressjs/morgan#319

Full Changelog: expressjs/morgan@1.10.0...1.10.1

Changelog

Sourced from morgan's changelog.

1.10.1 / 2025-07-17

deps: on-headers@~1.1.0

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

c1c7f10 🔖 1.10.1
eb896c2 ⬆️ bump on-headers
1c3eec6 remove --bail (#314)
b144728 ci: apply OSSF Scorecard security best practices (#300)
68c2d21 ci: use ubuntu-latest (#301)
8740a19 docs: add example output for log formats (#299)
efd6bff ci: migra to GitHub actions (#290)
3b89789 ci: add support for OSSF scorecard reporting (#291)
19a6aa5 docs: add installation section
b94f3ff docs: change simple to sample in example descriptions
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for morgan since your current version.

Updates pug from 3.0.2 to 3.0.3

Release notes

Sourced from pug's releases.

pug-code-gen@3.0.3

Bug Fixes

Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options (#3438)

pug@3.0.3

Bug Fixes

Update pug-code-gen with the following fix: (#3438)

Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

Commits

32acfe8 fix: ensure template names are valid identifiers (#3438)
4767caf refactor: convert pug-error to TypeScript (#3355)
a724446 chore: update character-parser (#3354)
6cca8f7 docs: fix GitHub format in README (#3335)
See full diff in compare view

Updates serve-favicon from 2.5.0 to 2.5.1

Release notes

Sourced from serve-favicon's releases.

2.5.1

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/serve-favicon#49

ci: replace travis with github action by @inigomarquinez in expressjs/serve-favicon#48

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/serve-favicon#50

deps: ms@2.1.1->2.1.3 by @legobeat in expressjs/serve-favicon#46

deps: safe-buffer@5.1.1->5.2.1 by @legobeat in expressjs/serve-favicon#45

fix: use ubuntu-latest as ci runner by @UlisesGascon in expressjs/serve-favicon#52

fix: update HISTORY file by @UlisesGascon in expressjs/serve-favicon#51

ci: apply OSSF Scorecard security best practices by @UlisesGascon in expressjs/serve-favicon#53

build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot in expressjs/serve-favicon#54

build(deps): bump github/codeql-action from 3.27.9 to 3.28.19 by @dependabot in expressjs/serve-favicon#55

build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot in expressjs/serve-favicon#56

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @dependabot in expressjs/serve-favicon#57

build(deps-dev): bump supertest from 7.0.0 to 7.1.1 by @dependabot in expressjs/serve-favicon#58

build(deps-dev): bump eslint-plugin-standard from 3.0.1 to 3.1.0 by @dependabot in expressjs/serve-favicon#59

build(deps-dev): bump eslint-plugin-markdown from 1.0.0-beta.6 to 1.0.2 by @dependabot in expressjs/serve-favicon#63

ci: upgrade Node versions by @UlisesGascon in expressjs/serve-favicon#64

build(deps-dev): bump mocha from 10.4.0 to 10.8.2 by @dependabot in expressjs/serve-favicon#60

build(deps-dev): bump eslint-plugin-import from 2.10.0 to 2.31.0 by @dependabot in expressjs/serve-favicon#62

build(deps-dev): bump eslint-plugin-promise from 3.7.0 to 3.8.0 by @dependabot in expressjs/serve-favicon#61

feat: remove appveyor by @UlisesGascon in expressjs/serve-favicon#66

docs: include scorecard badge by @UlisesGascon in expressjs/serve-favicon#67

feat: adopt flexible deps policy by @UlisesGascon in expressjs/serve-favicon#69

Release: 2.5.1 by @UlisesGascon in expressjs/serve-favicon#68

New Contributors

@inigomarquinez made their first contribution in expressjs/serve-favicon#49

@carpasse made their first contribution in expressjs/serve-favicon#50

@legobeat made their first contribution in expressjs/serve-favicon#46

@UlisesGascon made their first contribution in expressjs/serve-favicon#52

@dependabot made their first contribution in expressjs/serve-favicon#54

Full Changelog: expressjs/serve-favicon@2.5.0...2.5.1

Changelog

Sourced from serve-favicon's changelog.

2.5.1 / 2025-06-10

deps:

safe-buffer@5.2.1

ms@2.1.3

Commits

83da8d5 2.5.1 (#68)
c03a88b feat: adopt flexible deps policy (#69)
262b7bf docs: include scorecard badge (#67)
47663ae feat: remove appveyor (#66)
d83f56c build(deps-dev): bump eslint-plugin-promise from 3.7.0 to 3.8.0 (#61)
872a751 build(deps-dev): bump eslint-plugin-import from 2.10.0 to 2.31.0 (#62)
19e8af3 build(deps-dev): bump mocha from 10.4.0 to 10.8.2 (#60)
d976602 ci: upgrade Node versions (#64)
623e26e build(deps-dev): bump eslint-plugin-markdown from 1.0.0-beta.6 to 1.0.2 (#63)
14fae4f build(deps-dev): bump eslint-plugin-standard from 3.0.1 to 3.1.0 (#59)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for serve-favicon since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates Bumps the minor-and-patch group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [compression](https://github.com/expressjs/compression) | `1.7.4` | `1.8.1` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.4.6` | `1.4.7` | | [cors](https://github.com/expressjs/cors) | `2.8.5` | `2.8.6` | | [debug](https://github.com/debug-js/debug) | `4.3.4` | `4.4.3` | | [morgan](https://github.com/expressjs/morgan) | `1.10.0` | `1.10.1` | | [pug](https://github.com/pugjs/pug) | `3.0.2` | `3.0.3` | | [serve-favicon](https://github.com/expressjs/serve-favicon) | `2.5.0` | `2.5.1` | Updates `compression` from 1.7.4 to 1.8.1 - [Release notes](https://github.com/expressjs/compression/releases) - [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md) - [Commits](expressjs/compression@1.7.4...v1.8.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.4.6...1.4.7) Updates `cors` from 2.8.5 to 2.8.6 - [Release notes](https://github.com/expressjs/cors/releases) - [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md) - [Commits](expressjs/cors@v2.8.5...v2.8.6) Updates `debug` from 4.3.4 to 4.4.3 - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@4.3.4...4.4.3) Updates `morgan` from 1.10.0 to 1.10.1 - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.10.0...1.10.1) Updates `pug` from 3.0.2 to 3.0.3 - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3) Updates `serve-favicon` from 2.5.0 to 2.5.1 - [Release notes](https://github.com/expressjs/serve-favicon/releases) - [Changelog](https://github.com/expressjs/serve-favicon/blob/master/HISTORY.md) - [Commits](expressjs/serve-favicon@2.5.0...2.5.1) --- updated-dependencies: - dependency-name: compression dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: cookie-parser dependency-version: 1.4.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: cors dependency-version: 2.8.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: debug dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: morgan dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: pug dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: serve-favicon dependency-version: 2.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file frontend labels Feb 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

build(deps): bump the minor-and-patch group across 1 directory with 7 updates#65

build(deps): bump the minor-and-patch group across 1 directory with 7 updates#65
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/minor-and-patch-74eb2ba4d2

dependabot bot commented on behalf of github Feb 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 1, 2026

v1.8.1

What's Changed

New Contributors

v1.8.0

What's Changed

New Contributors

1.7.5

What's Changed

1.8.1 / 2025-07-17

1.8.0 / 2025-02-10

1.7.5 / 2024-10-31

1.4.7

What's Changed

New Contributors

1.4.7 / 2024-10-08

v2.8.6

What's Changed

New Contributors

2.8.6 / 2026-01-22

4.4.3

4.4.1

What's Changed

New Contributors

4.4.0

4.3.7

What's Changed

4.3.6

What's Changed

New Contributors

4.3.5

Patch

1.10.1

What's Changed

New Contributors

1.10.1 / 2025-07-17

pug-code-gen@3.0.3

Bug Fixes

pug@3.0.3

Bug Fixes

2.5.1

What's Changed

New Contributors

2.5.1 / 2025-06-10

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants