chore(deps): bump the npm_and_yarn group in /functions with 26 updates #672

dependabot · 2025-06-11T21:14:22Z

Bumps the npm_and_yarn group in /functions with 26 updates:

Package	From	To
axios	`0.25.0`	`0.30.0`
ejs	`3.1.7`	`3.1.10`
semver	`5.7.1`	`5.7.2`
@babel/traverse	`7.20.5`	`7.27.4`
@grpc/grpc-js	`1.7.3`	`1.8.22`
google-gax	`3.5.2`	`3.6.1`
tar	`4.4.19`	`6.2.1`
@tensorflow/tfjs-node	`3.14.0`	`4.22.0`
body-parser	`1.20.1`	`1.20.3`
express	`4.18.2`	`4.21.2`
braces	`3.0.2`	`3.0.3`
cookie	`0.4.1`	`0.7.1`
cookie-parser	`1.4.6`	`1.4.7`
dicer	`0.3.0`	`removed`
busboy	`0.3.1`	`1.6.0`
follow-redirects	`1.14.8`	`1.15.9`
jose	`2.0.6`	`2.0.7`
json5	`2.2.1`	`2.2.3`
jsonwebtoken	`8.5.1`	`9.0.2`
firebase-admin	`11.3.0`	`11.11.1`
minimist	`1.2.5`	`1.2.8`
path-to-regexp	`0.1.7`	`0.1.12`
protobufjs	`7.1.2`	`7.2.4`
send	`0.18.0`	`0.19.0`
serve-static	`1.15.0`	`1.16.2`
word-wrap	`1.2.3`	`1.2.5`

Updates axios from 0.25.0 to 0.30.0

Release notes

Sourced from axios's releases.

Release v0.30.0

Release notes:

Bug Fixes

fix: modify log while request is aborted by @mori5321 in axios/axios#4917

fix: update CHANGELOG.md for v0.x by @TehZarathustra in axios/axios#6271

fix: modify upgrade guide for 0.28.1's breaking change by @nafeger in axios/axios#6787

fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @thatguyinabeanie in axios/axios#6829

fix: add allowAbsoluteUrls type by @thatguyinabeanie in axios/axios#6849

Contributors to this release

@mori5321 made their first contribution in axios/axios#4917

@TehZarathustra made their first contribution in axios/axios#6271

@nafeger made their first contribution in axios/axios#6787

@thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @Sean-Powell in axios/axios#6402

fix: omit nulls in params by @Willshaw in axios/axios#6394

fix(backport): fix paramsSerializer function validation by @solonzhu in axios/axios#6361

fix: Regular Expression Denial of Service (ReDoS) by @qiongshusheng in axios/axios#6708

Contributors to this release

@Sean-Powell made their first contribution in axios/axios#6402

@Willshaw made their first contribution in axios/axios#6394

@solonzhu made their first contribution in axios/axios#6361

@qiongshusheng made their first contribution in axios/axios#6708

Release v0.28.1

Release notes:

Release notes:

Bug Fixes

fix(backport): custom params serializer support (#6263)

fix(backport): uncaught ReferenceError req is not defined (#6307)

Release v0.28.0

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

... (truncated)

Changelog

Sourced from axios's changelog.

0.30.0 (2025-03-26)

Release notes:

Bug Fixes

fix: modify log while request is aborted (#4917)

fix: update CHANGELOG.md for v0.x (#6271)

fix: modify upgrade guide for 0.28.1's breaking change (#6787)

fix: backport allowAbsoluteUrls vulnerability fix to v0.x (#6829)

fix: add allowAbsoluteUrls type (#6849)

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

fix(backport): backport security fixes in commits #6167 and #6163 (#6402)

fix: omit nulls in params (#6394)

fix(backport): fix paramsSerializer function validation (#6361)

fix: regular expression denial of service (ReDoS) (#6708)

0.28.1 (2024-03-24)

Release notes:

Bug Fixes

fix(backport): custom params serializer support (#6263)

fix(backport): uncaught ReferenceError req is not defined (#6307)

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated (#4745)

Fixed timeout error message for HTTP (#4738)

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 (#4728)

Adding types for progress event callbacks (#4675)

Fixed max body length defaults (#4731)

... (truncated)

Commits

6e922e4 chore: added build artifacts
a06ed1e chore: added pre-release artifacts
c010622 feat: add type for allowAbsoluteUrls (#6849)
02c3c69 fix: backport allowAbsoluteUrls vuln fix to v0.x (#6829)
8603e67 docs: modify upgrade guide for 0.28.1's breaking change (#6787)
f0642ee fix(docs): update CHANGELOG.md for v0.x (#6271)
0630c32 fix: modify log while request is aborted (#4917)
7750b8c chore(release): prep release v0.29.0
4840cb2 fix: regular expression denial of service issues (#6708)
2e36cdb fix(backport): fix paramsSerializer function validation (#6361)
Additional commits viewable in compare view

Updates ejs from 3.1.7 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.20.5 to 7.27.4

Release notes

Sourced from @babel/traverse's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

babel-parser

#17312 fix(parser): properly handle optional markers in generator class methods (@magic-akari)

#17307 fix(parser): Terminate modifier parsing at newline (@magic-akari)

babel-generator, babel-parser

#17308 Improve import phase parsing (@JLHwung)

Committers: 7

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

Vik R (@vikr01)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

babel-parser

#17312 fix(parser): properly handle optional markers in generator class methods (@magic-akari)

#17307 fix(parser): Terminate modifier parsing at newline (@magic-akari)

babel-generator, babel-parser

#17308 Improve import phase parsing (@JLHwung)

v7.27.2 (2025-05-06)

🐛 Bug Fix

babel-parser

#17289 fix: @babel/parser/bin/index.js contains node: protocol require (@liuxingbaoyu)

#17291 fix: Private class method not found when TS and estree (@liuxingbaoyu)

babel-plugin-transform-object-rest-spread

#17281 Fix: improve object rest handling in array pattern (@JLHwung)

babel-plugin-transform-modules-commonjs, babel-template

#17284 fix(babel-template): Properly handle empty string replacements (@magic-akari)

🏃‍♀️ Performance

babel-cli

... (truncated)

Commits

7d06930 v7.27.4
05f28c8 [Babel 8] Change scope.{references,uids} to Set (#16624)
da5e371 v7.27.3
2d0c76e Improve integrations of using declaration with other transforms (#17330)
eebd3a0 v7.27.1
62af1a6 fix: do expressions should allow early exit (#17137)
8e23272 [Babel 8] perf: Improve traverse performance (#16965)
9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
4d39e9d Harden variable declarator validations (#17217)
6cd1c60 Reduce generated names size for the 10th-11th (#17221)
Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.7.3 to 1.8.22

Release notes

Sourced from @grpc/grpc-js's releases.

@grpc/grpc-js 1.8.22

Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@grpc/grpc-js@1.8.21

Fix propagation of UNIMPLEMENTED error messages (#2528)

@grpc/grpc-js 1.8.20

Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@grpc/grpc-js 1.8.19

Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@grpc/grpc-js 1.8.18

Fix reporting of call stacks in unary request errors (#2503)

Fix reporting of proxy info in channelz socket responses (#2503)

@grpc/grpc-js 1.8.17

Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@grpc/grpc-js 1.8.16

Fix missing transport trace logs (#2470)

@grpc/grpc-js 1.8.15

Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)

Ensure status and error events are consistently emitted asynchronously (#2456)

@grpc/grpc-js 1.8.14

Fix sequencing of some events related to connectivity state changes (#2421)

@grpc/grpc-js 1.8.13

Fix memory leak in channelz socket tracking (#2394)

@grpc/grpc-js@1.8.12

Fix an occasional type error when receiving DNS updates (#2380)

Fix ordering of events when handing requests on the server (#2376 contributed by @phoenix741)

@grpc/grpc-js 1.8.11

Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@grpc/grpc-js 1.8.10

Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@grpc/grpc-js 1.8.9

Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@grpc/grpc-js 1.8.8

Remove progress field in returned status object (#2350)

Export InterceptingListener and NextCall types (#2351)

Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

... (truncated)

Commits

a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
3b110cd grpc-js: Bump to 1.8.22
8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
Additional commits viewable in compare view

Updates google-gax from 3.5.2 to 3.6.1

Changelog

Sourced from google-gax's changelog.

Changelog

npm history

4.6.1 (2025-05-15)

Bug Fixes

remove debug statements (#1692) (5fb359f)

4.6.0 (2024-12-19)

Features

add error check for null response from API (#1681) (bdfef64)

add helpful warnings on paged calls (#1668) (9efaf46)

4.5.0 (2024-10-25)

Features

adds unit tests for sync and async reads of a pipeline transformation (#1663) (c7995c4)

Bug Fixes

add dependency to fix tests (#1658) (564e9e7)

overhaul of server streaming retries (#1653) (629f4c4)

4.4.1 (2024-09-04)

Bug Fixes

expose underlying error with timeouts or retries (#1650) (f4d037a)

4.4.0 (2024-08-27)

Features

Improve AuthClient Compatibility (#1641) (4edd33d)

... (truncated)

Commits

See full diff in compare view

Updates tar from 4.4.19 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

57493ee #332 ensuring close event is emited after stream has ended (@webark)

b003c64 #314 replace deprecated String.prototype.substr() (#314) (@CommanderRoot, @lukekarrys)

Documentation

f129929 #313 remove dead link to benchmarks (#313) (@yetzt)

c1faa9f add examples/explanation of using tar.t (@isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.4

Deprecate onentry in favor of onReadEntry for clarity.

7.3

Add onWriteEntry option

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

Add support for brotli compression

Add maxDepth option to prevent extraction into excessively deep folders.

6.1

remove dead link to benchmarks (#313) (@yetzt)

add examples/explanation of using tar.t (@isaacs)

ensure close event is emited after stream has ended (@webark)

... (truncated)

Commits

bef7b1e 6.2.1
fe8cd57 prevent extraction in excessively deep subfolders
fe7ebfd remove security.md
5bc9d40 6.2.0
fe1ef5e changelog 6.2
e483220 get rid of npm lint stuff
689928a ci that works outside of npm org
db6f539 file inference improvements for .tbr and .tgz
336fa8f refactor: dry and other pr comments
eeba222 chore: lint fixes
Additional commits viewable in compare view

Updates @tensorflow/tfjs-node from 3.14.0 to 4.22.0

Release notes

Sourced from @tensorflow/tfjs-node's releases.

tfjs-v4.22.0

Core (4.21.0 ==> 4.22.0)

Misc

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Fix typos in the documentation strings of the tfjs-core directory (#8413). Thanks, @gaikwadrahul8.

Data (4.21.0 ==> 4.22.0)

Misc

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

[tfjs-data] support async generator (#8408). Thanks, @tharvik.

Layers (4.21.0 ==> 4.22.0)

Misc

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Fix typos in the documentation strings of the tfjs-layers directory (#8411). Thanks, @gaikwadrahul8.

Converter (4.21.0 ==> 4.22.0)

Misc

Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @dbcp1.

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Node (4.21.0 ==> 4.22.0)

Misc

Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @dbcp1.

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Fix typos in the documentation strings of the tfjs-node directory (#8412). Thanks, @gaikwadrahul8.

Wasm (4.21.0 ==> 4.22.0)

Misc

Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @dbcp1.

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Cpu (4.21.0 ==> 4.22.0)

Misc

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

Webgl (4.21.0 ==> 4.22.0)

Misc

Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420). Thanks, @dbcp1.

Update monorepo to 4.22.0. (#8419). Thanks, @dbcp1.

WebGPU (4.21.0 ==> 4.22.0)

... (truncated)

Commits

e5d5e93 Update lockfiles branch tfjs_4.22.0_lockfiles lock files. (#8420)
5f8c906 Update monorepo to 4.22.0. (#8419)
8206e95 Fix typos in the documentation strings of the tfjs-node directory (#8412)
737b8f1 Update tar package version for tfjs-node & tfjs-node-gpu (#8280)
5092b04 Update installation steps for Windows / Mac OS X for tfjs-node in README.md (...
f224f1d Fix for windows installation #7341 (#8122)
b004ab6 Update broken link for MacOS Catalina guide in README.md (#8032)
89a0b8f [converter] fixed py import for auto tracking (#7982)
f4271a5 [tfjs-node] fixed range issue for int32 tensor with size larger than 2 ^ 24 (...
93e9af4 Build node addon before running tests (#7884)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by delhibabu, a new releaser for @tensorflow/tfjs-node since your current version.

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to [email protected] by @wesleytodd in expressjs/body-parser#527

deps: [email protected] by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: [email protected]

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: [email protected] (#521)
9478591 fix: pin to [email protected]
83db46aDescription has been truncated

Bumps the npm_and_yarn group in /functions with 26 updates: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.25.0` | `0.30.0` | | [ejs](https://github.com/mde/ejs) | `3.1.7` | `3.1.10` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.5` | `7.27.4` | | [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.7.3` | `1.8.22` | | [google-gax](https://github.com/googleapis/gax-nodejs/tree/HEAD/gax) | `3.5.2` | `3.6.1` | | [tar](https://github.com/isaacs/node-tar) | `4.4.19` | `6.2.1` | | [@tensorflow/tfjs-node](https://github.com/tensorflow/tfjs/tree/HEAD/tfjs-node) | `3.14.0` | `4.22.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.1` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.4.1` | `0.7.1` | | [cookie-parser](https://github.com/expressjs/cookie-parser) | `1.4.6` | `1.4.7` | | [dicer](https://github.com/mscdex/dicer) | `0.3.0` | `removed` | | [busboy](https://github.com/mscdex/busboy) | `0.3.1` | `1.6.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.8` | `1.15.9` | | [jose](https://github.com/panva/jose) | `2.0.6` | `2.0.7` | | [json5](https://github.com/json5/json5) | `2.2.1` | `2.2.3` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.2` | | [firebase-admin](https://github.com/firebase/firebase-admin-node) | `11.3.0` | `11.11.1` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.12` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.1.2` | `7.2.4` | | [send](https://github.com/pillarjs/send) | `0.18.0` | `0.19.0` | | [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.2` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Updates `axios` from 0.25.0 to 0.30.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.30.0/CHANGELOG.md) - [Commits](axios/axios@v0.25.0...v0.30.0) Updates `ejs` from 3.1.7 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.7...v3.1.10) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@babel/traverse` from 7.20.5 to 7.27.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-traverse) Updates `@grpc/grpc-js` from 1.7.3 to 1.8.22 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `google-gax` from 3.5.2 to 3.6.1 - [Release notes](https://github.com/googleapis/gax-nodejs/releases) - [Changelog](https://github.com/googleapis/gax-nodejs/blob/main/gax/CHANGELOG.md) - [Commits](https://github.com/googleapis/gax-nodejs/commits/v3.6.1/gax) Updates `tar` from 4.4.19 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.19...v6.2.1) Updates `@tensorflow/tfjs-node` from 3.14.0 to 4.22.0 - [Release notes](https://github.com/tensorflow/tfjs/releases) - [Changelog](https://github.com/tensorflow/tfjs/blob/master/cloudbuild-release.yml) - [Commits](https://github.com/tensorflow/tfjs/commits/tfjs-v4.22.0/tfjs-node) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.1...v0.7.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](expressjs/cookie-parser@1.4.6...1.4.7) Removes `dicer` Updates `busboy` from 0.3.1 to 1.6.0 - [Commits](mscdex/busboy@v0.3.1...v1.6.0) Updates `express` from 4.18.2 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.18.2...4.21.2) Updates `follow-redirects` from 1.14.8 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.8...v1.15.9) Updates `jose` from 2.0.6 to 2.0.7 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md) - [Commits](panva/jose@v2.0.6...v2.0.7) Updates `json5` from 2.2.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.1...v2.2.3) Updates `jsonwebtoken` from 8.5.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.2) Updates `firebase-admin` from 11.3.0 to 11.11.1 - [Release notes](https://github.com/firebase/firebase-admin-node/releases) - [Changelog](https://github.com/firebase/firebase-admin-node/blob/master/CHANGELOG.md) - [Commits](firebase/firebase-admin-node@v11.3.0...v11.11.1) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `protobufjs` from 7.1.2 to 7.2.4 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.1.2...protobufjs-v7.2.4) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: axios dependency-version: 0.30.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ejs dependency-version: 3.1.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.27.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-version: 1.8.22 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: google-gax dependency-version: 3.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 6.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@tensorflow/tfjs-node" dependency-version: 4.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie-parser dependency-version: 1.4.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dicer dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: busboy dependency-version: 1.6.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jose dependency-version: 2.0.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 2.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-version: 9.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: firebase-admin dependency-version: 11.11.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-version: 7.2.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-version: 1.2.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-06-11T21:14:24Z

Reviewers

The following users could not be added as reviewers: AravindVNair99. Either the username does not exist or it does not have the correct permissions to be added as a reviewer.

Assignees

The following users could not be added as assignees: AravindVNair99. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot · 2025-06-11T21:14:24Z

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

sonarqubecloud · 2025-06-11T21:15:14Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

stale · 2025-06-26T02:35:52Z

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

dependabot bot requested a review from aravindvnair99 as a code owner June 11, 2025 21:14

dependabot bot requested a review from aravindvnair99 June 11, 2025 21:14

dependabot bot assigned aravindvnair99 Jun 11, 2025

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 11, 2025

pull-request-size bot added the size/S label Jun 11, 2025

stale bot added the stale label Jun 26, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): bump the npm_and_yarn group in /functions with 26 updates #672

chore(deps): bump the npm_and_yarn group in /functions with 26 updates #672

Uh oh!

dependabot bot commented on behalf of github Jun 11, 2025

Uh oh!

dependabot bot commented on behalf of github Jun 11, 2025

Uh oh!

dependabot bot commented on behalf of github Jun 11, 2025

Uh oh!

sonarqubecloud bot commented Jun 11, 2025

Uh oh!

stale bot commented Jun 26, 2025

Uh oh!

Uh oh!

Uh oh!

chore(deps): bump the npm_and_yarn group in /functions with 26 updates #672

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group in /functions with 26 updates #672

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 11, 2025

Release v0.30.0

Release notes:

Bug Fixes

Contributors to this release

v0.29.0

Release notes:

Bug Fixes

Contributors to this release

Release v0.28.1

Release notes:

Release notes:

Bug Fixes

Release v0.28.0

Release notes:

Bug Fixes

Backports from v1.x:

0.30.0 (2025-03-26)

Release notes:

Bug Fixes

0.29.0 (2024-11-21)

Release notes:

Bug Fixes

0.28.1 (2024-03-24)

Release notes:

Bug Fixes

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

Backports from v1.x:

v3.1.10

v3.1.9

v3.1.8

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

Committers: 4

v7.27.3 (2025-05-27)

🐛 Bug Fix

Committers: 7

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

v7.27.3 (2025-05-27)

🐛 Bug Fix

v7.27.2 (2025-05-06)

🐛 Bug Fix

🏃‍♀️ Performance

@​grpc/grpc-js 1.8.22

@​grpc/grpc-js@​1.8.21

@​grpc/grpc-js 1.8.20

@​grpc/grpc-js 1.8.19

@​grpc/grpc-js 1.8.18

@​grpc/grpc-js 1.8.17

@​grpc/grpc-js 1.8.16

@​grpc/grpc-js 1.8.15

@​grpc/grpc-js 1.8.14

@​grpc/grpc-js 1.8.13

@​grpc/grpc-js@​1.8.12

`@grpc/grpc-js` 1.8.22

`@grpc/grpc-js@1`.8.21

`@grpc/grpc-js` 1.8.20

`@grpc/grpc-js` 1.8.19

`@grpc/grpc-js` 1.8.18

`@grpc/grpc-js` 1.8.17

`@grpc/grpc-js` 1.8.16

`@grpc/grpc-js` 1.8.15

`@grpc/grpc-js` 1.8.14

`@grpc/grpc-js` 1.8.13

`@grpc/grpc-js@1`.8.12

`@grpc/grpc-js` 1.8.11

`@grpc/grpc-js` 1.8.10

`@grpc/grpc-js` 1.8.9

`@grpc/grpc-js` 1.8.8