Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates#4

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-5f7823dd50
Open

Bump the npm_and_yarn group across 1 directory with 12 updates#4
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-5f7823dd50

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
@angular/common 4.4.3 20.3.25
@angular/compiler 4.4.3 20.3.25
@angular/core 4.4.3 20.3.25
body-parser 1.18.2 1.20.5
brace-expansion 1.1.8 1.1.15
cipher-base 1.0.4 1.0.7
express 4.15.5 4.22.2
jws 3.1.4 3.2.3
pbkdf2 3.0.14 3.1.6
sha.js 2.4.8 2.4.12

Updates @angular/common from 4.4.3 to 20.3.25

Release notes

Sourced from @​angular/common's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • 06be298 fix(http): preserve empty referrer option in HttpRequest
  • 9f443bc fix(common): Limits date format string length
  • fa940e1 fix(http): Rejects non-HTTP(S) URLs in JSONP requests
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • e2ef1ce fix(http): skip transfer cache for fetch credentialed requests
  • 3d135ce fix(common): add upper bounds for digitsInfo
  • 39a4b4c fix(common): sanitize placeholder
  • de7b2a6 fix(http): exclude withCredentials requests from transfer cache
  • 4233188 fix(http): skip TransferCache for cookie-bearing requests by default
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/common since your current version.


Updates @angular/compiler from 4.4.3 to 20.3.25

Release notes

Sourced from @​angular/compiler's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • a68ec70 fix(compiler): sanitize two-way properties
  • d40acc6 fix(compiler): prevent namespaced SVG <style> elements from being stripped
  • 7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
  • 36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
  • 823b37f test(compiler): remove obsolete schema_extractor import (#68926)
  • e345a58 fix(core): normalize tag names in runtime i18n attribute security context loo...
  • 8f35b18 fix(compiler): normalize tag names with custom namespaces in DomElementSchema...
  • 64a89e9 fix(compiler): sanitize dynamic href and xlink:href bindings on SVG a element...
  • 6404edf fix(compiler): strip namespaced SVG script elements during template compilati...
  • dc631ef fix(core): support prefix-insensitive DOM schema lookups and compile-time i18...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/compiler since your current version.


Updates @angular/core from 4.4.3 to 20.3.25

Release notes

Sourced from @​angular/core's releases.

20.3.25

common

Commit Description
fix - 9f443bc24c Limits date format string length
fix - 566ad05f20 skip transfer cache for uncacheable HTTP traffic
fix - 1a62130a6b use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Description
fix - a68ec702a0 sanitize two-way properties

core

Commit Description
fix - 768a349e6e harden TransferState restoration against DOM clobbering
fix - ca48b4728d validate lowercase SVG animation attribute names (#69270)

http

Commit Description
fix - 06be298267 preserve empty referrer option in HttpRequest
fix - fa940e1f4d Rejects non-HTTP(S) URLs in JSONP requests
fix - e2ef1ce72a skip transfer cache for fetch credentialed requests

platform-server

Commit Description
fix - 49368c1859 harden platform location origin validation during SSR
refactor - d55c94ad81 deprecate ServerXhr (#69256)

service-worker

Commit Description
fix - d65a5f457b Strips sensitive headers on cross-origin redirects

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

20.3.24

platform-server

Commit Description
fix - 6ca433e56b throw on suspicious URLs and restrict protocol-relative URLs
fix - 8680b5152f update domino to latest version

20.3.23

compiler

Commit Description
fix - d40acc6431 prevent namespaced SVG elements from being stripped

20.3.22

common

... (truncated)

Changelog

Sourced from @​angular/core's changelog.

20.3.25 (2026-06-10)

Deprecations

platform-server

  • XHR support in @angular/platform-server is deprecated. Use standard fetch APIs instead.

common

Commit Type Description
9f443bc24c fix Limits date format string length
566ad05f20 fix skip transfer cache for uncacheable HTTP traffic
1a62130a6b fix use cryptographically secure SHA-256 for transfer cache key generation

compiler

Commit Type Description
a68ec702a0 fix sanitize two-way properties

core

Commit Type Description
768a349e6e fix harden TransferState restoration against DOM clobbering
ca48b4728d fix validate lowercase SVG animation attribute names (#69270)

http

Commit Type Description
06be298267 fix preserve empty referrer option in HttpRequest
fa940e1f4d fix Rejects non-HTTP(S) URLs in JSONP requests
e2ef1ce72a fix skip transfer cache for fetch credentialed requests

platform-server

Commit Type Description
49368c1859 fix harden platform location origin validation during SSR
d55c94ad81 refactor deprecate ServerXhr (#69256)

service-worker

Commit Type Description
d65a5f457b fix Strips sensitive headers on cross-origin redirects

22.0.0 (2026-06-03)

Blog post "Announcing Angular v22".

Breaking Changes

compiler

  • This change will trigger the nullishCoalescingNotNullable and optionalChainNotNullable diagnostics on exisiting projects. You might want to disable those 2 diagnotiscs in your tsconfig temporarily.
  • data prefixed attribute no-longer bind inputs nor outputs.
  • The compiler will throw when there a when inputs, outputs or model are binding to the same input/outputs.
  • in variables will throw in template expressions.

compiler-cli

... (truncated)

Commits
  • ca48b47 fix(core): validate lowercase SVG animation attribute names (#69270)
  • 1a62130 fix(common): use cryptographically secure SHA-256 for transfer cache key gene...
  • 49368c1 fix(platform-server): harden platform location origin validation during SSR
  • 566ad05 fix(common): skip transfer cache for uncacheable HTTP traffic
  • 768a349 fix(core): harden TransferState restoration against DOM clobbering
  • 7ae6381 test(compiler-cli): align ngtsc sanitization expectations with modern DOM sch...
  • 6595409 test(core): update golden symbols and host bindings sanitization spec (#68926)
  • d86e4e7 fix(core): reject script element as a dynamic component host (#68926)
  • b8f1f72 test(core): remove obsolete blockquote cite host binding tests (#68926)
  • 36200bd test(core): update spec files to match 20.3.x limits and actual contexts (#68...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/core since your current version.


Updates body-parser from 1.18.2 to 1.20.5

Release notes

Sourced from body-parser's releases.

v1.20.5

What's Changed

The reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (> 100) on qs@6.14.2+. (expressjs/body-parser#716)

New Contributors

Special thanks to triager @​krzysdz for keeping this on our radar and effectively triaging the specific issue!

Full Changelog: expressjs/body-parser@1.20.4...1.20.5

1.20.4

What's Changed

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.5 / 2026-04-24

  • refactor(json): simplify strict mode error string construction
  • fix: extended urlencoded parsing of arrays with >100 elements (#716)
  • deps: qs@~6.15.1

1.20.4 / 2025-12-01

  • deps: qs@~6.14.0
  • deps: use tilde notation for dependencies
  • deps: http-errors@~2.0.1
  • deps: raw-body@~2.5.3

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2

1.20.1 / 2022-10-06

  • deps: qs@6.11.0
  • perf: remove unnecessary object clone

1.20.0 / 2022-04-02

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for body-parser since your current version.


Updates brace-expansion from 1.1.8 to 1.1.15

Release notes

Sourced from brace-expansion's releases.

v1.1.15

  • Backport v5.0.6 change to v1 (#111) 0b09384

juliangruber/brace-expansion@v1.1.14...v1.1.15

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

v1.1.11

brace-expansion

Brace expansion, as known from sh/bash, in JavaScript.

build status downloads Greenkeeper badge

testling badge

Example

var expand = require('brace-expansion');
expand('file-{a,b,c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
expand('-v{,,}')
// => ['-v', '-v', '-v']
expand('file{0..2}.jpg')
// => ['file0.jpg', 'file1.jpg', 'file2.jpg']
expand('file-{a..c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
expand('file{2..0}.jpg')
// => ['file2.jpg', 'file1.jpg', 'file0.jpg']
expand('file{0..4..2}.jpg')
// => ['file0.jpg', 'file2.jpg', 'file4.jpg']
</tr></table>

... (truncated)

Commits

Updates cipher-base from 1.0.4 to 1.0.7

Changelog

Sourced from cipher-base's changelog.

v1.0.7 - 2025-09-24

Commits

  • [Refactor] use to-buffer fd1e5ee
  • [Dev Deps] update @ljharb/eslint-config 08ba803

v1.0.6 - 2024-11-26

Commits

  • [Fix] io.js 3.0 - Node.js 5.3 typed array support b7ddd2a

v1.0.5 - 2024-11-17

Commits

  • [Tests] standard -> eslint, make test dir, etc ae02fd6
  • [Tests] migrate from travis to GHA 66387d7
  • [meta] fix package.json indentation 5c02918
  • [Fix] return valid values on multi-byte-wide TypedArray input 8fd1364
  • [meta] add auto-changelog 88dc806
  • [meta] add npmignore and safe-publish-latest 7a137d7
  • Only apps should have lockfiles 42528f2
  • [Deps] update inherits, safe-buffer 0e7a2d9
  • [meta] add missing engines.node f2dc13e
Commits
  • 0056718 v1.0.7
  • fd1e5ee [Refactor] use to-buffer
  • 08ba803 [Dev Deps] update @ljharb/eslint-config
  • f5249f9 v1.0.6
  • b7ddd2a [Fix] io.js 3.0 - Node.js 5.3 typed array support
  • f03cebf v1.0.5
  • 88dc806 [meta] add auto-changelog
  • 7a137d7 [meta] add npmignore and safe-publish-latest
  • 5c02918 [meta] fix package.json indentation
  • 8fd1364 [Fix] return valid values on multi-byte-wide TypedArray input
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for cipher-base since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.


Updates express from 4.15.5 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: expressjs/express@v4.22.1...v4.22.2

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

4....

Description has been truncated

Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `4.4.3` | `20.3.25` |
| [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `4.4.3` | `20.3.25` |
| [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `4.4.3` | `20.3.25` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.18.2` | `1.20.5` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.8` | `1.1.15` |
| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |
| [express](https://github.com/expressjs/express) | `4.15.5` | `4.22.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.1.4` | `3.2.3` |
| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.0.14` | `3.1.6` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.8` | `2.4.12` |



Updates `@angular/common` from 4.4.3 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/common)

Updates `@angular/compiler` from 4.4.3 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/compiler)

Updates `@angular/core` from 4.4.3 to 20.3.25
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/v20.3.25/packages/core)

Updates `body-parser` from 1.18.2 to 1.20.5
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md)
- [Commits](expressjs/body-parser@1.18.2...1.20.5)

Updates `brace-expansion` from 1.1.8 to 1.1.15
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.8...v1.1.15)

Updates `cipher-base` from 1.0.4 to 1.0.7
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.4...v1.0.7)

Updates `express` from 4.15.5 to 4.22.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md)
- [Commits](expressjs/express@4.15.5...v4.22.2)

Updates `jws` from 3.1.4 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.1.4...v3.2.3)

Updates `pbkdf2` from 3.0.14 to 3.1.6
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.0.14...v3.1.6)

Updates `send` from 0.15.6 to 0.19.2
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.15.6...0.19.2)

Updates `serve-static` from 1.12.6 to 1.16.3
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.12.6...v1.16.3)

Updates `sha.js` from 2.4.8 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.8...v2.4.12)

---
updated-dependencies:
- dependency-name: "@angular/common"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/compiler"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@angular/core"
  dependency-version: 20.3.25
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.15
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cipher-base
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.22.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pbkdf2
  dependency-version: 3.1.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants