Skip to content

Bump the npm_and_yarn group across 1 directory with 12 updates #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 12 updates #47

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 11, 2025

Bumps the npm_and_yarn group with 5 updates in the /gcp/cloud-functions/create-vm directory:

Package From To
@grpc/grpc-js 1.7.3 1.8.22
google-gax 3.5.2 3.6.1
body-parser 1.20.1 1.20.3
express 4.18.2 4.21.2
semver 5.7.1 7.7.2
semver 7.3.8 7.7.2

Updates @grpc/grpc-js from 1.7.3 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.22

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js@​1.8.21

  • Fix propagation of UNIMPLEMENTED error messages (#2528)

@​grpc/grpc-js 1.8.20

  • Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@​grpc/grpc-js 1.8.19

  • Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@​grpc/grpc-js 1.8.18

  • Fix reporting of call stacks in unary request errors (#2503)
  • Fix reporting of proxy info in channelz socket responses (#2503)

@​grpc/grpc-js 1.8.17

  • Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

  • Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

  • Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)
  • Ensure status and error events are consistently emitted asynchronously (#2456)

@​grpc/grpc-js 1.8.14

  • Fix sequencing of some events related to connectivity state changes (#2421)

@​grpc/grpc-js 1.8.13

  • Fix memory leak in channelz socket tracking (#2394)

@​grpc/grpc-js@​1.8.12

  • Fix an occasional type error when receiving DNS updates (#2380)
  • Fix ordering of events when handing requests on the server (#2376 contributed by @​phoenix741)

@​grpc/grpc-js 1.8.11

  • Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@​grpc/grpc-js 1.8.10

  • Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@​grpc/grpc-js 1.8.9

  • Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@​grpc/grpc-js 1.8.8

  • Remove progress field in returned status object (#2350)
  • Export InterceptingListener and NextCall types (#2351)
  • Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

... (truncated)

Commits
  • a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
  • 3b110cd grpc-js: Bump to 1.8.22
  • 8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
  • 00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
  • 969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
  • f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
  • ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
  • Additional commits viewable in compare view

Updates google-gax from 3.5.2 to 3.6.1

Changelog

Sourced from google-gax's changelog.

Changelog

npm history

4.6.1 (2025-05-15)

Bug Fixes

4.6.0 (2024-12-19)

Features

4.5.0 (2024-10-25)

Features

  • adds unit tests for sync and async reads of a pipeline transformation (#1663) (c7995c4)

Bug Fixes

4.4.1 (2024-09-04)

Bug Fixes

  • expose underlying error with timeouts or retries (#1650) (f4d037a)

4.4.0 (2024-08-27)

Features

... (truncated)

Commits

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]
Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates brace-expansion from 1.1.11 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

  • pkg: publish on tag 2.x 14f1d91
  • fmt ed7780a
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

  • pkg: publish on tag 1.x c460dbd
  • fmt ccb8ac6
  • Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

Updates cookie from 0.5.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

  • Add partitioned option
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.


Updates semver from 5.7.1 to 7.7.2

Release notes

Sourced from semver's releases.

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.2 (2025-05-12)

Bug Fixes

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

... (truncated)

Commits
  • 281055e chore: release 7.7.2 (#783)
  • fcafb61 fix: add missing 'use strict' directives (#780)
  • c760403 chore: template-oss-apply for workflow permissions (#784)
  • c99f336 fix: prerelease identifier starting with digits (#781)
  • 2677f2a chore: bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778)
  • 0b98655 chore: bump @​npmcli/template-oss from 4.23.4 to 4.23.6 (#760)
  • 30c438b chore: release 7.7.1 (#765)
  • af761c0 fix(inc): fully capture prerelease identifier (#764)
  • 2cfcbb5 chore: release 7.7.0 (#750)
  • d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 12 updates
a2e5c2f 
Bumps the npm_and_yarn group with 5 updates in the /gcp/cloud-functions/create-vm directory:

| Package | From | To |
| --- | --- | --- |
| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.7.3` | `1.8.22` |
| [google-gax](https://github.com/googleapis/gax-nodejs/tree/HEAD/gax) | `3.5.2` | `3.6.1` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.1` | `1.20.3` |
| [express](https://github.com/expressjs/express) | `4.18.2` | `4.21.2` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `7.7.2` |
| [semver](https://github.com/npm/node-semver) | `7.3.8` | `7.7.2` |



Updates `@grpc/grpc-js` from 1.7.3 to 1.8.22
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected])

Updates `google-gax` from 3.5.2 to 3.6.1
- [Release notes](https://github.com/googleapis/gax-nodejs/releases)
- [Changelog](https://github.com/googleapis/gax-nodejs/blob/main/gax/CHANGELOG.md)
- [Commits](https://github.com/googleapis/gax-nodejs/commits/v3.6.1/gax)

Updates `body-parser` from 1.20.1 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.1...1.20.3)

Updates `express` from 4.18.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.2...4.21.2)

Updates `brace-expansion` from 1.1.11 to 2.0.2
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v2.0.2)

Updates `cookie` from 0.5.0 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.5.0...v0.7.1)

Updates `express` from 4.18.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.2...4.21.2)

Updates `semver` from 5.7.1 to 7.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v7.7.2)

Updates `semver` from 7.3.8 to 7.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v7.7.2)

Updates `path-to-regexp` from 0.1.7 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12)

Updates `protobufjs` from 7.1.2 to 7.2.4
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.1.2...protobufjs-v7.2.4)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `word-wrap` from 1.2.3 to 1.2.5
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5)

---
updated-dependencies:
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.8.22
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: google-gax
  dependency-version: 3.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-version: 1.20.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 2.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.7.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 7.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 7.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-version: 0.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-version: 0.19.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-version: 1.16.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: word-wrap
  dependency-version: 1.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 11, 2025
This was referenced Jun 11, 2025
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants