Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
debug	2.2.0	4.3.6
ejs	2.7.4	3.1.10
express	4.13.4	4.19.2
log4js	0.6.38	6.9.1
morgan	1.6.1	1.10.0

Updates debug from 2.2.0 to 4.3.6

Release notes

Sourced from debug's releases.

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

... (truncated)

Commits

• c33b464 4.3.6
• 7956a45 Avoid using deprecated RegExp.$1
• 5464bdd 4.3.5
• f244ada update authorship contact info
• cac39b1 Fix/debug depth (#926)
• f66cb2d remove .github folder (and the outdated issue templates)
• d161662 Update ISSUE_TEMPLATE.md
• 12c1ad0 Update ISSUE_TEMPLATE.md
• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.13.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates log4js from 0.6.38 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

• fix(7922e82): regex for stacktrace - thanks @​lamweili
  • addresses #1377 which has a regression since 6.8.0 from #1363 at commit 7922e82

6.9.0

• feat: support for idempotent logging on browser - thanks @​aellerton
  • addresses #968, #1270, #1288, #1372
• docs: added that log4js.getLogger() may call log4js.configure() - thanks @​lamweili

6.8.0

• feat: added log4js.isConfigured() API - thanks @​lamweili
  • docs: added log4js.isConfigured() - thanks @​lamweili
• feat(layout): support a specifier on %m - thanks @​lamweili
• fix: tilde expansion for windows - thanks @​lamweili
• docs: updated typescript usage - thanks @​lamweili
• test: improved test for fileAppender - thanks @​lamweili
• ci: generate coverage report in both text and html - thanks @​lamweili
• ci: replaced deprecated github set-output - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps): bump streamroller from 3.1.3 to 3.1.5
  • chore(deps): updated package-lock.json
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.3.0 to 17.4.4
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.3.0 to 17.4.4
  • chore(deps-dev): bump eslint from 8.28.0 to 8.34.0
  • chore(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0
  • chore(deps-dev): bump eslint-import-resolver-node from 0.3.6 to 0.3.7
  • chore(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.5
  • chore(deps-dev): bump fs-extra from 10.1.0 to 11.1.0
  • chore(deps-dev): bump husky from 8.0.2 to 8.0.3
  • chore(deps-dev): bump prettier from 2.8.0 to 2.8.4
  • chore(deps-dev): bump tap from 16.3.2 to 16.3.4
  • chore(deps-dev): bump typescript from 4.9.3 to 4.9.5
  • chore(deps-dev): updated package-lock.json
• chore(deps-dev): bump json5 from 1.0.1 to 1.0.2 - thanks @​Dependabot

6.7.1

• type: updated Configuration.levels type to allow for custom log levels - thanks @​lamweili
• docs: fixed typo in layouts.md - thanks @​dtslvr
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.1.2 to 17.3.0
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.1.0 to 17.3.0
  • chore(deps-dev): bump eslint from 8.24.0 to 8.28.0
  • chore(deps-dev): bump husky from 8.0.1 to 8.0.2
  • chore(deps-dev): bump prettier from 2.7.1 to 2.8.0
  • chore(deps-dev): bump tap from 16.3.0 to 16.3.2

... (truncated)

Commits

• 26dcec6 6.9.1
• 63ae5b9 Merge pull request #1379 from log4js-node/update-docs
• 185fa66 docs: updated changelog for 6.9.1
• ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
• 2628688 fix(7922e82): regex for stacktrace
• b3919d8 6.9.0
• 7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
• f89e7b6 docs: updated changelog for 6.9.0
• 0082928 Merge pull request #1375 from log4js-node/update-docs
• c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates morgan from 1.6.1 to 1.10.0

Release notes

Sourced from morgan's releases.

1.10.0

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

1.8.1

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: debug@2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@0.7.2
• perf: enable strict mode in compiled functions

1.7.0

• Add digits argument to response-time token
• deps: depd@~1.1.0
  • Enable strict mode in more places
  • Support web browser loading

... (truncated)

Changelog

Sourced from morgan's changelog.

1.10.0 / 2020-03-20

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0 / 2017-09-26

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

1.8.1 / 2017-02-04

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: debug@2.6.0

... (truncated)

Commits

• c68d2ea 1.10.0
• aa718d7 Add :total-time token
• ce15462 build: remove deprecated Travis CI directive
• e13e0d3 build: Node.js@13.11
• f023828 build: use nyc for test coverage
• 30c0871 build: mocha@7.1.1
• 8114639 docs: document success color in dev format
• 5d8176f docs: update rotating-file-stream usage for 2.x
• c54194c tests: ignore branch coverage that varies
• 5659d2f build: Node.js@12.16
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.