Bump the npm_and_yarn group across 3 directories with 24 updates

[dependabot]

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
rollup	3.29.4	3.29.5
@adobe/css-tools	4.3.1	4.4.2
@babel/traverse	7.22.15	7.27.0
@koa/cors	4.0.0	5.0.0
oidc-provider	8.4.0	8.8.1
serialize-javascript	6.0.1	6.0.2
mocha	10.2.0	10.8.2
axios	0.27.2	1.8.4
start-server-and-test	2.0.1	2.0.11
braces	3.0.2	3.0.3
got	9.6.0	13.0.0
browserstack-cypress-cli	1.25.3	1.32.7
path-to-regexp	1.8.0	6.3.0
ws	8.14.0	8.18.1
ws	7.5.9	8.18.1

Bumps the npm_and_yarn group with 1 update in the /examples/nextjs-app directory: next.
Bumps the npm_and_yarn group with 3 updates in the /examples/users-api directory: jose, path-to-regexp and express.

Updates rollup from 3.29.4 to 3.29.5

Release notes

Sourced from rollup's releases.

v3.29.5

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

3.29.5

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

• #5670: refactor: Use object.prototype to check for reserved properties (@​YuHyeonWook)
• #5671: Fix DOM Clobbering CVE (@​lukastaegert)

4.22.3

2024-09-21

Bug Fixes

• Ensure that mutations in modules without side effects are observed while properly handling transitive dependencies (#5669)

Pull Requests

• #5669: Ensure impure dependencies of pure modules are added (@​lukastaegert)

4.22.2

2024-09-20

Bug Fixes

• Revert fix for side effect free modules until other issues are investigated (#5667)

Pull Requests

• #5667: Partially revert #5658 and re-apply #5644 (@​lukastaegert)

4.22.1

... (truncated)

Commits

• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• See full diff in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.2

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.2 / 2025-02-12

• Fix regular expression for quoted values in parentheses

4.4.0 / 2024-06-05

• add support for @​starting-style #319

4.3.3 / 2024-01-24

• Update export property #271

4.3.2 / 2023-11-28

• Fix redos vulnerability with specific crafted css string - CVE-2023-48631
• Fix Problem parsing with :is() and nested :nth-child() #211

Commits

• See full diff in compare view

Updates @babel/traverse from 7.22.15 to 7.27.0

Release notes

Sourced from @​babel/traverse's releases.

v7.27.0 (2025-03-24)

Thanks @​ishchhabra and @​vovkasm for your first PRs!

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Ish Chhabra (@​ishchhabra)
• Vladimir Timofeev (@​vovkasm)
• @​liuxingbaoyu

v7.26.10 (2025-03-11)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.0 (2025-03-24)

👓 Spec Compliance

• babel-generator, babel-parser
  • #16977 Default importAttributesKeyword to with (@​JLHwung)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-traverse, babel-types
  • #17169 Allow traverseFast to exit early (@​liuxingbaoyu)
• babel-parser, babel-types
  • #17110 Add ImportAttributes to Standardized and move its parser test fixtures (@​JLHwung)
• babel-generator
  • #17100 fix(babel-generator): add named export of generate function (@​vovkasm)
• babel-parser, babel-template
  • #17149 Add allowYieldOutsideFunction to parser (@​liuxingbaoyu)
• babel-plugin-transform-typescript, babel-traverse
  • #17102 feat: Add upToScope parameter to hasBinding (@​liuxingbaoyu)
• babel-parser
  • #17082 Support ESTree AccessorProperty (@​JLHwung)
• babel-types
  • #17162 feat(babel-types): Add support for BigInt literal conversion in valueToNode (@​ishchhabra)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16816 fix: Class reference in type throws error (@​liuxingbaoyu)
• babel-traverse
  • #17170 fix: Reset child scopes when scope.crawl() (@​liuxingbaoyu)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17118 Fix: align behaviour to tsc rewriteRelativeImportExtensions (@​JLHwung)
• babel-cli
  • #17182 fix: @babel/cli generates duplicate inline source maps (@​liuxingbaoyu)
• babel-plugin-transform-named-capturing-groups-regex, babel-types
  • #17175 Generate computed proto key (@​JLHwung)

🏃‍♀️ Performance

• babel-types
  • #16870 perf: Improve builders of @babel/types (@​liuxingbaoyu)
• babel-helper-create-regexp-features-plugin
  • #17176 fix: improve duplicate named groups check (@​JLHwung)

v7.26.10 (2025-03-11)

👓 Spec Compliance

• babel-parser
  • #17159 Disallow decorator in array pattern (@​JLHwung)

🐛 Bug Fix

• babel-parser, babel-template
  • #17164 Fix: always initialize ExportDeclaration attributes (@​JLHwung)
• babel-core
  • #17142 fix: "Map maximum size exceeded" in deepClone (@​liuxingbaoyu)

... (truncated)

Commits

• 5c350ea v7.27.0
• 582538c Allow traverseFast to exit early (#17169)
• 4ad63a4 [Babel 8] Remove BLOCK_SCOPED_SYMBOL and NOT_LOCAL_BINDING (#17148)
• 0d0d577 fix: Reset child scopes when scope.crawl() (#17170)
• c51cffd feat: Add upToScope parameter to hasBinding (#17102)
• f902742 chore: Update TS 5.8 (#17185)
• b1bca3d fix: Uninitialized var declarator in loop marked as constantViolation (#17168)
• e1ce99d v7.26.10
• 51ec746 fix: Should not evaluate vars in child scope (#17151)
• 64bca7b v7.26.9
• Additional commits viewable in compare view

Updates @koa/cors from 4.0.0 to 5.0.0

Changelog

Sourced from @​koa/cors's changelog.

5.0.0 / 2023-12-11

others

• [f31dac9] - Merge pull request from GHSA-qxrj-hx23-xp82 (fengmk2 )

Commits

• c33bd69 Release 5.0.0
• f31dac9 Merge pull request from GHSA-qxrj-hx23-xp82
• See full diff in compare view

Updates oidc-provider from 8.4.0 to 8.8.1

Release notes

Sourced from oidc-provider's releases.

v8.8.1

Fixes

• add "exp" to Logout Tokens (c6c01f1), closes #1295

Documentation

• update spec links (076ee58)

v8.8.0

Features

• mark RFC9701 (features.jwtIntrospection) as stable (e2a2de2)

v8.7.0

Features

• allow own KeyGrip instances in cookies.keys configuration (d5d2900)

v8.6.1

Fixes

• allow specifying the user-agent header for outgoing requests (#1287) (c77513c)

v8.6.0

Features

• add a helper for asserting JWT Client Auth claims and header (82d4e50)

Documentation

• update verbiage "provider" > "authorization server" (3768192)

Refactor

• move assertJwtClaimsAndHeader after regular JWT claims set validation (05f6bf4)

v8.5.3

Fixes

• normalize single string set-cookie headers (6effeed)

v8.5.2

Refactor

• remove use of node:url in favour of WHATWG URL (0dc59a1)

... (truncated)

Changelog

Sourced from oidc-provider's changelog.

8.8.1 (2025-03-06)

Fixes

• add "exp" to Logout Tokens (c6c01f1), closes #1295

Documentation

• update spec links (076ee58)

8.8.0 (2025-02-17)

Features

• mark RFC9701 (features.jwtIntrospection) as stable (e2a2de2)

8.7.0 (2025-02-13)

Features

• allow own KeyGrip instances in cookies.keys configuration (d5d2900)

8.6.1 (2025-01-19)

Fixes

• allow specifying the user-agent header for outgoing requests (#1287) (c77513c)

8.6.0 (2024-11-21)

Features

• add a helper for asserting JWT Client Auth claims and header (82d4e50)

Documentation

• update verbiage "provider" > "authorization server" (3768192)

Refactor

• move assertJwtClaimsAndHeader after regular JWT claims set validation (05f6bf4)

... (truncated)

Commits

• c44aa53 chore(release): 8.8.1
• 076ee58 docs: update spec links
• c6c01f1 fix: add "exp" to Logout Tokens
• 4ea264e chore: cleanup .github
• 793e07e chore: add SECURITY.md
• 6a7040d ci: only use dependabot defaults
• 6fffbe1 chore(release): 8.8.0
• e2a2de2 feat: mark RFC9701 (features.jwtIntrospection) as stable
• 14da4d2 chore(release): 8.7.0
• d5d2900 feat: allow own KeyGrip instances in cookies.keys configuration
• Additional commits viewable in compare view

Updates serialize-javascript from 6.0.1 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

• fix: serialize URL string contents to prevent XSS (#173) f27d65d
• Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
• docs: update readme with URL support (#146) 0d88527
• chore: update node version and lock file e2a3a91
• fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

Commits

• b71ec23 6.0.2
• f27d65d fix: serialize URL string contents to prevent XSS (#173)
• 02499c0 Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171)
• 0d88527 docs: update readme with URL support (#146)
• e2a3a91 chore: update node version and lock file
• 5a1fa64 fix typo (#164)
• See full diff in compare view

Updates mocha from 10.2.0 to 10.8.2

Release notes

Sourced from mocha's releases.

v10.8.2

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#5132) (e536ab2)

v10.8.1

10.8.1 (2024-10-29)

🩹 Fixes

• handle case of invalid package.json with no explicit config (#5198) (f72bc17)
• Typos on mochajs.org (#5237) (d8ca270)
• use accurate test links in HTML reporter (#5228) (68803b6)

v10.8.0

10.8.0 (2024-10-29)

🌟 Features

• highlight browser failures (#5222) (8ff4845)

🩹 Fixes

• remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

... (truncated)

Changelog

Sourced from mocha's changelog.

10.8.2 (2024-10-30)

🩹 Fixes

• support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
• test link in html reporter (#5224) (f054acc)

📚 Documentation

• indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

• fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

• deps: bump the github-actions group with 1 update (#5132) (e536ab2)

10.8.1 (2024-10-29)

🩹 Fixes

• handle case of invalid package.json with no explicit config (#5198) (f72bc17)
• Typos on mochajs.org (#5237) (d8ca270)
• use accurate test links in HTML reporter (#5228) (68803b6)

10.8.0 (2024-10-29)

🌟 Features

• highlight browser failures (#5222) (8ff4845)

🩹 Fixes

• remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

• add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
• adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
• update README, LICENSE and fix outdated (#5197) (1203e0e)

🧹 Chores

• fix npm scripts on windows (#5219) (1173da0)
• remove trailing whitespace in SECURITY.md (7563e59)

10.7.3 (2024-08-09)

... (truncated)

Commits

• 05097db chore(main): release 10.8.2 (#5239)
• 14e640e docs: indicate 'exports' interface does not work in browsers (#5181)
• 881e3b0 chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...
• f054acc fix: test link in html reporter (#5224)
• e536ab2 build(deps): bump the github-actions group with 1 update (#5132)
• ba0fefe fix: support errors with circular dependencies in object values with --parall...
• f44f71b chore(main): release 10.8.1 (#5238)
• f72bc17 fix: handle case of invalid package.json with no explicit config (#5198)
• 68803b6 fix: use accurate test links in HTML reporter (#5228)
• d8ca270 fix: Typos on mochajs.org (#5237)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates axios from 0.27.2 to 1.8.4

Release notes

Sourced from axios's releases.

Release v1.8.4

Release notes:

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

Contributors to this release

• Marc Hassan

Release v1.8.3

Release notes:

Bug Fixes

• add missing type for allowAbsoluteUrls (#6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

Release v1.8.2

Release notes:

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

• examples: application crashed when navigating examples in browser (#5938) (1260ded)
• missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
• utils: replace getRandomValues with crypto module (#6788) (23a25af)

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.4 (2025-03-19)

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

Contributors to this release

• Marc Hassan

1.8.3 (2025-03-10)

Bug Fixes

• add missing type for allowAbsoluteUrls (#6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

1.8.0 (2025-02-25)

... (truncated)

Commits

• 9f6f97b chore(release): v1.8.4 (#6844)
• f10c2e0 fix(buildFullPath): handle allowAbsoluteUrls: false without baseURL (#6833)
• 1e6632c chore(deps): bump tj-actions/changed-files in the github-actions group (#6838)
• 39ec206 chore(release): v1.8.3 (#6819)
• 10fa70e fix: add missing type for allowAbsoluteUrls (#6818)
• 7821ef9 docs: update readme to include bun install (#6811)
• ec159e5 fix(xhr/fetch): pass allowAbsoluteUrls to buildFullPath in xhr and `fet...
• a9f7689 chore(release): v1.8.2 (#6812)
• fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
• 9812045 chore(sponsor): update sponsor block (#6804)
• Additional commits viewable in compare view

Updates start-server-and-test from 2.0.1 to 2.0.11

Release notes

Sourced from start-server-and-test's releases.

v2.0.11

2.0.11 (2025-03-13)

Bug Fixes

• deps: update dependency wait-on to v8.0.3 (#400) (005ee08)

v2.0.10

2.0.10 (2025-01-14)

Bug Fixes

• deps: update dependency wait-on to v8.0.2 (#399) (a514875)

v2.0.9

2.0.9 (2024-12-11)

Bug Fixes

• deps: update dependency debug to v4.4.0 (#397) (0f057d7)

v2.0.8

2.0.8 (2024-09-16)

Bug Fixes

• deps: update dependency wait-on to v8.0.1 (fe1c25d)

v2.0.7

2.0.7 (2024-09-09)

Bug Fixes

• deps: update dependency wait-on to v8 (#386) (d814a72)

v2.0.6

2.0.6 (2024-09-08)

Bug Fixes

• deps: update dependency debug to v4.3.7 (78c6f53)

v2.0.5

2.0.5 (2024-07-29)

... (truncated)

Commits

• 005ee08 fix(deps): update dependency wait-on to v8.0.3 (#400)
• a514875 fix(deps): update dependency wait-on to v8.0.2 (#399)
• 0f057d7 fix(deps): update dependency debug to v4.4.0 (#397)
• fe1c25d fix(deps): update dependency wait-on to v8.0.1
• d814a72 fix(deps): update dependency wait-on to v8 (#386)
• 78c6f53 fix(deps): update dependency debug to v4.3.7
• 8ebb70b fix(deps): update dependency debug to v4.3.6
• dd8a2d7 fix(deps): update dependency debug to v4.3.5
• ad35c2e fix(deps): update dependency wait-on to v7.2.0 (#374)
• efe7384 fix(deps): update dependency wait-on to v7.1.0
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates got from 9.6.0 to 13.0.0

Release notes

Sourced from got's releases.

v13.0.0

As a reminder, Got continues to require ESM. For TypeScript users, this includes having "module": "node16", "moduleResolution": "node16" in your tsconfig.

Breaking

• Require Node.js 16 52a1063
• Change the enableUnixSockets option to be false by default 852c312
  • Most users don't need it.

Improvements

• Allow specifying undefined for options (#2258) 1cefe8b

sindresorhus/got@v12.6.1...v13.0.0

v12.6.1

• Fix get-stream import statement (#2266) 67d5039

sindresorhus/got@v12.6.0...v12.6.1

v12.6.0

• Update dependencies 88c88fb 979272e
• Loosen URL validation strictness (#2200) 0ca0b7f

sindresorhus/got@v12.5.3...v12.6.0

v12.5.3

• Fix abort event listeners not always being cleaned up (#2162) 3cc40b5

sindresorhus/got@v12.5.2...v12.5.3

v12.5.2

• Improve TypeScript 4.9 compatibility (#2163) 39f83b6

sindresorhus/got@v12.5.1...v12.5.2

v12.5.1

• Fix compatibility with TypeScript and ESM 3b3ea67
• Fix request body not being properly cached (#2150) 3e9d3af

sindresorhus/got@v12.5.0...v12.5.1

v12.5.0

• Disable method rewriting on 307 and 308 status codes (#2145) e049e94
• Upgrade dependencies 8630815 f0ac0b3 4c3762a

sindresorhus/got@v12.4.1...v12.5.0

v12.4.1

Fixes

... (truncated)

Commits

• b1d61c1 13.0.0
• 81447e9 Tweaks

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.