Bump the npm_and_yarn group across 1 directory with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
@babel/helpers	7.16.3	7.29.2
@sideway/formula	3.0.0	3.0.1
ansi-regex	4.1.0	4.1.1
async	2.6.3	2.6.4
brace-expansion	1.1.11	1.1.13
braces	2.3.2	3.0.3
decode-uri-component	0.2.0	0.2.2
flatted	2.0.2	3.4.2
js-yaml	3.14.1	3.14.2
lodash	4.17.21	4.17.23
minimatch	3.0.4	3.1.5
nanoid	3.1.30	3.3.11
node-fetch	2.6.1	2.7.0
picomatch	2.3.0	2.3.2
ua-parser-js	0.7.31	0.7.41

Updates @babel/helpers from 7.16.3 to 7.29.2

Release notes

Sourced from @​babel/helpers's releases.

v7.29.2 (2026-03-16)

👓 Spec Compliance

• babel-parser
  • #17840 [7.x backport] async x => {} must be in leading pos (@​JLHwung)

🐛 Bug Fix

• babel-helpers, babel-plugin-transform-async-generator-functions, babel-preset-env, babel-runtime-corejs3
  • #17805 [7.x backport] fix: Properly handle await in finally (@​liuxingbaoyu)
• babel-preset-env
  • #17789 [7.x backport] preset-env include/exclude should accept bugfix plugins (@​JLHwung)

🏠 Internal

• #17813 chore: update eslint peer deps (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.1 (2026-02-04)

🐛 Bug Fix

• babel-standalone
  • #17771 [7.x backport] fix: ensure targets.esmodules is validated (@​JLHwung)
• babel-generator
  • #17776 [7.x backport] Fix undefined when 64 indents (@​liuxingbaoyu)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

... (truncated)

Commits

• 37d5595 v7.29.2
• 1c0a08d [7.x backport] fix: Properly handle await in finally (#17805)
• d7f4008 v7.28.6
• 99dcba5 chore: enable some ts-eslint rules (#17592)
• c1b55f6 Use eslint.config.mts (#17573)
• 35055e3 v7.28.4
• 18d88b8 Improve @​babel/core typings (#17471)
• ef155f5 v7.28.3
• 741cbd2 chore: fix various typos across codebase (#17476)
• cac0ff4 v7.28.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/helpers since your current version.

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

• 5b44c1b 3.0.1
• 9fbc20a chore: better number regex
• 41ae98e Cleanup
• c59f35e Move to Sideway
• See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

• 64735d2 v4.1.1
• 75a657d Fix potential ReDoS (#37)
• See full diff in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates brace-expansion from 1.1.11 to 1.1.13

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 6c353ca 1.1.13
• 7fd684f Backport fix for GHSA-f886-m6hf-6m8v (#95)
• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates cross-spawn from 6.0.5 to 7.0.3

Changelog

Sourced from cross-spawn's changelog.

7.0.3 (2020-05-25)

Bug Fixes

• detect path key based on correct environment (#133) (159e7e9)

7.0.2 (2020-04-04)

Bug Fixes

• fix worker threads in Node >=11.10.0 (#132) (6c5b4f0)

7.0.1 (2019-10-07)

Bug Fixes

• core: support worker threads (#127) (cfd49c9)

7.0.0 (2019-09-03)

⚠ BREAKING CHANGES

• drop support for Node.js < 8

• drop support for versions below Node.js 8 (#125) (16feb53)

Commits

• 7bc42bc chore(release): 7.0.3
• 159e7e9 fix: detect path key based on correct environment (#133)
• 7501971 chore(release): 7.0.2
• 6c5b4f0 fix: fix worker threads in Node >=11.10.0 (#132)
• c76e7bb chore: change postrelease script to push to current branch
• cfcc6f2 chore: change postrelease script to push to current branch
• eb565be chore: commit package-lock
• c86fe67 chore: use https in some links
• 5d0c852 chore: standardize postrelease script (screpto)
• aa7f227 chore(release): 7.0.1
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates flatted from 2.0.2 to 3.4.2

Commits

• 3bf0909 3.4.2
• 885ddcc fix CWE-1321
• 0bdba70 added flatted-view to the benchmark
• 2a02dce 3.4.1
• fba4e8f Merge pull request #89 from WebReflection/python-fix
• 5fe8648 added "when in Rome" also a test for PHP
• 53517ad some minor improvement
• b3e2a0c Fixing recursion issue in Python too
• c4b46db Add SECURITY.md for security policy and reporting
• f86d071 Create dependabot.yml for version updates
• Additional commits viewable in compare view

Updates js-yaml from 3.14.1 to 3.14.2

Changelog

Sourced from js-yaml's changelog.

[3.14.2] - 2025-11-15

Security

• Backported v4.1.1 fix to v3

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

[4.1.0] - 2021-04-15

Added

• Types are now exported as yaml.types.XXX.
• Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

• Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

[4.0.0] - 2021-01-03

Changed

• Check migration guide to see details for all breaking changes.
• Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.
• Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.
• yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.
• yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.
• !!binary now always mapped to Uint8Array on load.
• Reduced nesting of /lib folder.
• Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).
• dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.
• Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.
• Code snippet created in exceptions now contains multiple lines with line numbers.
• dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.
• dump() with skipInvalid=true now serializes invalid items in collections as null.
• Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.
• Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

• Added .mjs (es modules) support.
• Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.
• Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

... (truncated)

Commits

• 9963d36 3.14.2 released
• 10d3c8e dist rebuild
• 5278870 fix prototype pollution in merge (<<) (#731)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates micromatch from 3.1.10 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

4.0.4

• fix: Update picomatch to fix regression #179 (8becb55)

4.0.3

• Enforce newer version of picomatch with bugfixes

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

• Adds support for options.onMatch. See the readme for details
• Adds support for options.onIgnore. See the readme for details
• Adds support for options.onResult. See the readme for details

Breaking changes

• Require Node.js >= 8.6
• Removed support for passing an array of brace patterns to micromatch.braces().
• To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
• cache - caching and all related options and methods have been removed
• options.unixify was renamed to options.windows
• options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
• options.snapdragon was removed, as snapdragon is no longer used.
• options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

• micromatch results are directly compared to bash results
• in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
• micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates nanoid from 3.1.30 to 3.3.11

Release notes

Sourced from nanoid's releases.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

Changelog

Sourced from nanoid's changelog.

3.3.11

• Fixed React Native support.

3.3.10

• Fixed React Native support (by @​steida).

3.3.9

• Reduced npm package size.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

3.3.4

• Fixed --help in CLI (by @​Lete114).

3.3.3

• Reduced size (by Anton Khlynovskiy).

3.3.2

• Fixed enhanced-resolve support.

3.3.1

• Reduced package size.

3.3

• Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

• Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

• Reduced async exports size (by Artyom Arutyunyan).
• Moved from Jest to uvu (by Vitaly Baev).

3.1.31

• Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

Commits

• 37289ce Release 3.3.11 version
• 23690b7 Fix CI
• c147962 Fix RN support
• a83734e Move to manually ESM/CJS dual package
• bb12e8a Release 3.3.10 version
• 8f44264 Fix Expo support
• adf9b0c Release 3.3.9 version
• 1c6f088 Remove dev file from npm package
• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• Additional commits viewable in compare view

Updates node-fetch from 2.6.1 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates picomatch from 2.3.0 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

• fix: exception when glob pattern contains constructor by @​Jason3S in micromatch/picomatch#144
• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

2.3.1

Fixed

• Fixes bug when a pattern containing an expression after the closing parenthesis (/!(*.d).{ts,tsx}) was incorrectly converted to regexp (9f241ef).

Changed

• Some documentation improvements (f81d236, 421e0e7).

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

• Fix bad text values in parse #126, thanks to @​connor4312

Changed

• Remove process global to work outside of node #129, thanks to @​styfle
• Add sideEffects to package.json #128, thanks to @​frandiox
• Removed os, make compatible browser environment. See #124, thanks to @​gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

• 81cba8d Publish 2.3.2
• fc1f6b6 Merge commit from fork
• eec17ae Merge commit from fork
• 78f8ca4 Merge pull request #156 from micromatch/backport-144
• 3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
• 5467a5a 2.3.1
• 9f241ef Merge pull request #102 from micromatch/ISSUE-93_incorrect_extglob_expanding
• ac3cb66 fix: support stars in negation extglobs with expression after closing parenth...
• 719d348 Merge pull request #85 from XhmikosR/codeql
• ac74e57 Merge pull request #91 from XhmikosR/patch-1
• Additional commits viewable in compare view

Updates react-devtools-core from 4.21.0 to 6.1.5

Release notes

Sourced from react-devtools-core's releases.

eslint-plugin-react-hooks@5.0.0 (Oct 11, 2024)

This release only contains eslint-plugin-react-hooks. Notably, new violations and support for ESLint v9 were added.

eslint-plugin-react-hooks

• New Violations: Component names now need to start with an uppercase letter instead of a non-lowercase letter. This means _Button or _component are no longer valid. (@​kassens) in #25162 For example, in

  function _Component() {
    useState()
    ^^^^^^^^ A React Hook "useState" is called in function "_Component" which is neither a Component nor a custom React Hook function.
  }

  _Component should be renamed to Component.

• Add support for ESLint v9. (@​eps1lon in #28773)
• Consider dispatch from useActionState stable. (@​eps1lon in #29665)
• Accept as expression in callback. (@​StyleShit in #28202)
• Accept as expressions in deps array. (@​StyleShit in #28189)
• Treat React.use() the same as use(). (@​kassens in #27769)
• Move use() lint to non-experimental. (@​kassens in #27768)
• Support Flow as expressions. (@​cpojer in #27590)
• Allow useEffect(fn, undefined). (@​kassens in #27525)
• Disallow hooks in async functions. (@​acdlite in #27045)
• Rename experimental useEvent to useEffectEvent. (@​sebmarkbage in #25881)
• Lint for presence of useEvent functions in dependency lists. (@​poteto in #25512)
• Check useEvent references instead. (@​poteto in #25319)
• Update RulesOfHooks with useEvent rules. (@​poteto in #25285)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by hoxyq, a new releaser for react-devtools-core since your current version.

Updates send from 0.17.1 to 0.19.2

Release notes

Sourced from send's releases.

0.19.2

What's Changed

• deps: use tilde notation and update certain dependencies by @​Phillip9587 in pillarjs/send#279
• Release: 0.19.2 by @​UlisesGascon in pillarjs/send#280

Full Changelog: pillarjs/send@0.19.1...0.19.2

0.19.1

What's Changed

• fix(deps): encodeurl@~2.0.0 by @​wesleytodd in pillarjs/send#240

Full Changelog: pillarjs/send@0.19.0...0.19.1

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.2 / 2025-12-15

• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: statuses@~2.0.2

0.19.1 / 2024-10-09

• deps: encodeurl@~2.0.0

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

0.18.0 / 2022-03-23

• Fix emitted 416 error missing headers property
• Limit the headers removed for 304 response
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: destroy@1.2.0
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: statuses@2.0.1

0.17.2 / 2021-12-11

• pref: ignore empty http tokens
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: ms@2.1.3

Commits

• 34ba03b 0.19.2 (#280)
• e53e4e5 deps: use tilde notation and update certain dependencies (#279)
• 19efaa3 0.19.1
• 0a9fa80 fix(deps): encodeurl@~2.0.0 (#240)
• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• b69cbb3 0.18.0
• f53edbb Limit the headers removed for 304 response
• 706d6dd docs: add security policy
• b690ba4 docs: fix linux build badge link
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.14.1 to 1.16.3

Release notes

Sourced from serve-static's releases.

v1....

Description has been truncated