chore(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the development-dependencies group with 7 updates in the / directory:

Package	From	To
@changesets/cli	2.27.8	2.27.9
@types/node	20.17.1	20.17.6
typescript	5.5.4	5.6.3
vite	5.4.10	5.4.11
body-parser	1.20.2	1.20.3
express	4.19.2	4.21.1
express-session	1.18.0	1.18.1

Updates @changesets/cli from 2.27.8 to 2.27.9

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.27.9

Patch Changes

• #1458 400ab7b Thanks @​benmccann! - Moved @types/semver to devDependencies

• #1462 689e541 Thanks @​benmccann! - remove outdent dependency

Commits

• 7ccb22e Version Packages (#1464)
• 851fd37 Enable releases from next branch (#1475)
• 689e541 Remove outdent dependency (#1462)
• 4f172a2 remove deprecated get-workspaces package from the repo (#1461)
• db79dc9 upgrade human-id to v4 (#1457)
• 400ab7b Move @types/semver to devDependencies (#1458)
• See full diff in compare view

Updates @types/node from 20.17.1 to 20.17.6

Commits

• See full diff in compare view

Updates typescript from 5.5.4 to 5.6.3

Release notes

Sourced from typescript's releases.

TypeScript 5.6.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).
• fixed issues query for Typescript 5.6.3 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.6.1 (RC).
• fixed issues query for TypeScript v5.6.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).

... (truncated)

Commits

• d48a5cf Bump version to 5.6.3 and LKG
• fefa70a 🤖 Pick PR #60083 (Don't issue implicit any when obtai...) into release-5.6 (#...
• ff71692 [release-5.6] Remove tsbuildInfo specification error now that we need it for ...
• 1f44dcf 🤖 Pick PR #60157 (fix automatic type acquisition) into release-5.6 (#60169)
• a7e3374 Bump version to 5.6.2 and LKG
• 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
• 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
• 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
• 6212132 Update LKG
• bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
• Additional commits viewable in compare view

Updates vite from 5.4.10 to 5.4.11

Release notes

Sourced from vite's releases.

v5.4.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.11 (2024-11-11)

Commits

• c54c860 release: v5.4.11
• See full diff in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• Additional commits viewable in compare view

Updates express-session from 1.18.0 to 1.18.1

Release notes

Sourced from express-session's releases.

1.18.1

What's Changed

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/session#984
• dep: cookie@0.7.2 by @​knolleary in expressjs/session#997
• Release: 1.18.1 by @​UlisesGascon in expressjs/session#998

New Contributors

• @​inigomarquinez made their first contribution in expressjs/session#984
• @​knolleary made their first contribution in expressjs/session#997
• @​UlisesGascon made their first contribution in expressjs/session#998

Full Changelog: expressjs/session@v1.18.0...v1.18.1

Changelog

Sourced from express-session's changelog.

1.18.1 / 2024-10-08

• deps: cookie@0.7.2
  • Fix object assignment of hasOwnProperty
• deps: cookie@0.7.1
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: cookie@0.7.0
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack

Commits

• bbeca94 1.18.1
• 341b179 dep: cookie@0.7.2 (#997)
• 8f0a1c4 ci: add support for OSSF scorecard reporting (#984)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express-session since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 664099f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR