Skip to content

chore(deps): update dependency bcryptjs to version 3.x 🌟 (major) #1490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

chore(deps): update dependency bcryptjs to version 3.x 🌟 (major) #1490

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 4, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
bcryptjs 2.4.3 -> 3.0.2 age confidence
express (source) 4.20.0 -> 5.1.0 age confidence
express-jwt 6.1.2 -> 8.5.1 age confidence
express-validator (source) 6.15.0 -> 7.2.1 age confidence
nodemon (source) 2.0.22 -> 3.1.10 age confidence

Release Notes

dcodeIO/bcrypt.js (bcryptjs)

v3.0.2

Compare Source

Bug fixes
  • Use upstream fix to emit interop helpers (28e5103)

v3.0.1

Compare Source

Bug fixes
  • Separate ESM and UMD type definitions (e7055ca)

v3.0.0

Compare Source

Breaking changes
  • Modernize project structure (2f45985)
    The project now exports an ECMAScript module by default, albeit with an UMD fallback, ships with types, the dist/ directory no longer exists in version control, and Closure Compiler externs have been removed.
  • Generate 2b hashes by default (d36bfb4)
    This library was not affected by the bug that led to incrementing the bcrypt version from 2a to 2b, but nowadays most implementations use 2b, including the native bcrypt binding, so this change aligns with them. Existing hashes will continue to work, but test logic that generates hashes and compares them literally might need to be updated to account for the new default.
Features
  • Add helper to check for password input length (d5656b3)
Other
  • Update publish workflow (2a9bea9)
  • Add note on using the ESM variant in the browser (e09eb9a)
  • Update types (58333a1)
  • Merge lint and test workflows (2e3b176)
  • Fix tests (ec02e8a)
  • Update legacy fallback to handle crypto dependency (9db275f)
  • Update lint workflow title (ac70ac5)
  • Adapt crypto module usage for ESM environments (574d690)
  • Format with prettier (e746547)
  • Rename default branch to 'main' (548559d)
  • Update description to mention TypeScript support (4977df0)
  • Add stale action for issues and PRs (a84d4e4)
  • Fix typo (c8c9c01)
  • Fix Node.js version in CI (1b54cc4)
Backlog from v2
  • Added externs to .npmignore (#​124) (7e2e93a)
    The npm package does not need externs as it is needed only for closure compiler. Added it in .npmignore since bcryptjs overrides global module and process in WebStorm IDE.
  • Make sure the bin script uses LF (684fac6)
  • Post-merge; Clean up a bit (b09f7f2)
  • Improve safeStringCompare using xor (#​77) (648482a)
  • Added bin entry (49a1d1a)
expressjs/express (express)

v5.1.0

Compare Source

========================

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: [email protected]
  • deps: [email protected]

v5.0.1

Compare Source

==========

v5.0.0

Compare Source

=========================

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: [email protected]
    • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
  • change:
    • res.clearCookie will ignore user provided maxAge and expires options
  • deps: cookie-signature@^1.2.1
  • deps: [email protected]
  • deps: merge-descriptors@^2.0.0
  • deps: serve-static@^2.1.0
  • deps: [email protected]
  • deps: accepts@^2.0.0
  • deps: mime-types@^3.0.0
    • application/javascript => text/javascript
  • deps: type-is@^2.0.0
  • deps: content-disposition@^1.0.0
  • deps: finalhandler@^2.0.0
  • deps: fresh@^2.0.0
  • deps: body-parser@^2.0.1
  • deps: send@^1.1.0

v4.21.2

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

auth0/express-jwt (express-jwt)

v8.5.1

Compare Source

v8.5.0

Compare Source

v8.4.1

Compare Source

v8.4.0

Compare Source

v8.3.0

Compare Source

v8.2.1

Compare Source

v8.2.0

Compare Source

v8.1.0

Compare Source

v8.0.0

Compare Source

v7.7.8

Compare Source

v7.7.7

Compare Source

v7.7.6

Compare Source

v7.7.5

Compare Source

v7.7.4

Compare Source

v7.7.3

Compare Source

v7.7.2

Compare Source

v7.7.1

Compare Source

v7.7.0

Compare Source

v7.6.2

Compare Source

v7.6.1

Compare Source

v7.6.0

Compare Source

v7.5.2

Compare Source

v7.5.1

Compare Source

v7.5.0

Compare Source

v7.4.3

Compare Source

v7.4.2

Compare Source

v7.4.1

Compare Source

v7.4.0

Compare Source

v7.3.0

Compare Source

v7.2.0

Compare Source

v7.1.0

Compare Source

v7.0.0

Compare Source

express-validator/express-validator (express-validator)

v7.2.1

Compare Source

  • Clone non-primitive replacement values when using #default()/#replace() to avoid object reference reuse (#​1316)

v7.2.0

Compare Source

v7.1.0

Compare Source

v7.0.1

Compare Source

  • Fixed checkSchema() warning that known validators are unknown when its value is false - #​1223

v7.0.0

Compare Source

🚀 🙌 First major version in almost 4 years! 🚀 🤯
Thanks everybody for having the patience. Hopefully this version brings many improvements to your developer experience!

Breaking changes 💥

  • Minimum supported Node.js version is now 14+
  • Removed deprecated APIs - #​993
    • Import paths express-validator/check and express-validator/filter
    • Sanitization-only middlewares (e.g. sanitize(), sanitizeBody(), etc)
    • Deprecated TypeScript types (ValidationParamSchema and ValidationSchema)
  • isObject() validator now assumes options.strict = true by default
  • Validation errors changed shape
    • Field validation errors param property has been renamed to path
    • oneOf() validation errors no longer have a param: '_error' property
  • (TypeScript only) The ValidationError type is now a discriminated union, it might be necessary to use switch or if statements to check that you're dealing with the type that you want to debug/format
  • oneOf() signature changed: from oneOf(chains, message) to oneOf(chains, options: { message, errorType })
  • oneOf() default error structure now groups errors by their... validation group!, instead of in a flat list

Checkout the migration guide for examples on how to work around some of these:
https://express-validator.github.io/docs/migration-v6-to-v7

New features ✨

Bug fixes 🐛

New Contributors

Full Changelog: express-validator/express-validator@v6.15.0...v7.0.0

remy/nodemon (nodemon)

v3.1.10

Compare Source

Bug Fixes

v3.1.9

Compare Source

Bug Fixes
  • maintain backward support for exitcrash (9c9de6e)

v3.1.8

Compare Source

Bug Fixes

v3.1.7

Compare Source

Bug Fixes

v3.1.6

Compare Source

Bug Fixes

v3.1.5

Compare Source

Bug Fixes
  • add missing ignore option to type defintion of config (#​2224) (254c2ab)

v3.1.4

Compare Source

Bug Fixes

v3.1.3

Compare Source

Bug Fixes

v3.1.2

Compare Source

Bug Fixes

v3.1.1

Compare Source

Bug Fixes

v3.1.0

Compare Source

Features

v3.0.3

Compare Source

Bug Fixes

v3.0.2

Compare Source

Bug Fixes

v3.0.1

Compare Source

Bug Fixes

v3.0.0

Compare Source

Bug Fixes
Features
  • always use polling on IBM i (3b58104)
BREAKING CHANGES
  • official support for node@8 dropped.

However there's no function being used in semver that breaks node 8,
so it's technically still possible to run with node 8, but it will
no longer be supported (or tested in CI).

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cypress-app-bot
Copy link

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

@renovate renovate bot force-pushed the renovate/major-express branch from 1ef3d58 to 377156d Compare March 1, 2024 07:50
@renovate renovate bot force-pushed the renovate/major-express branch from 377156d to 65b8dac Compare June 1, 2024 04:58
@renovate renovate bot force-pushed the renovate/major-express branch from 65b8dac to ab4ebca Compare July 1, 2024 04:34
@renovate renovate bot changed the title chore(deps): update dependency express-jwt to version 8.x 🌟 (major) chore(deps): update dependency express-jwt to version 7.x 🌟 (major) Jul 1, 2024
@renovate renovate bot force-pushed the renovate/major-express branch from ab4ebca to a3a7949 Compare August 1, 2024 06:46
@renovate renovate bot changed the title chore(deps): update dependency express-jwt to version 7.x 🌟 (major) chore(deps): update dependency express-jwt to version 8.x 🌟 (major) Aug 1, 2024
@renovate renovate bot force-pushed the renovate/major-express branch from a3a7949 to 7581e6b Compare October 1, 2024 06:26
@renovate renovate bot force-pushed the renovate/major-express branch from 7581e6b to 7bac590 Compare December 1, 2024 06:40
@renovate renovate bot force-pushed the renovate/major-express branch from 7bac590 to b217a6a Compare March 1, 2025 06:14
@renovate renovate bot changed the title chore(deps): update dependency express-jwt to version 8.x 🌟 (major) chore(deps): update dependency bcryptjs to version 3.x 🌟 (major) Mar 1, 2025
@renovate renovate bot force-pushed the renovate/major-express branch from b217a6a to 0d466de Compare April 1, 2025 06:55
@renovate renovate bot force-pushed the renovate/major-express branch from 0d466de to 75e4fce Compare June 1, 2025 05:31
@renovate renovate bot force-pushed the renovate/major-express branch from 75e4fce to 3397d60 Compare August 1, 2025 04:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cypress-app-bot