Bump the npm_and_yarn group across 2 directories with 24 updates by dependabot[bot] · Pull Request #1 · AaronJessen/SpotifyAPI-NET

dependabot · 2026-01-22T19:00:29Z

Bumps the npm_and_yarn group with 18 updates in the /SpotifyAPI.Docs directory:

Package	From	To
@babel/helpers	`7.10.4`	`7.28.6`
@babel/traverse	`7.11.0`	`7.28.6`
algoliasearch-helper	`3.11.1`	`3.27.0`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cross-spawn	`7.0.3`	`7.0.6`
express	`4.18.2`	`4.22.1`
follow-redirects	`1.15.2`	`1.15.11`
http-proxy-middleware	`2.0.6`	`2.0.9`
lodash	`4.17.21`	`4.17.23`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.4`	`3.3.11`
node-forge	`1.3.1`	`1.3.3`
postcss	`8.4.19`	`8.5.6`
prismjs	`1.29.0`	`1.30.0`
serialize-javascript	`6.0.0`	`6.0.2`
webpack-dev-middleware	`5.3.3`	`5.3.4`
webpack	`5.76.1`	`5.104.1`

Bumps the npm_and_yarn group with 3 updates in the /SpotifyAPI.Web.Examples/Example.TokenSwap/Server directory: axios, body-parser and express.

Updates @babel/helpers from 7.10.4 to 7.28.6

Release notes

Sourced from @babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-react-jsx

#17555 perf: Use lighter traversal for jsx __source,__self (@liuxingbaoyu)

Committers: 7

Babel Bot (@babel-bot)

Eliot Pontarelli (@kolvian)

Huáng Jùnliàng (@JLHwung)

Kadhirash Sivakumar (@kadhirash)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

Changelog

Tags:

💥 [Breaking Change]

👓 [Spec Compliance]

🚀 [New Feature]

🐛 [Bug Fix]

📝 [Documentation]

🏠 [Internal]

💅 [Polish]

Note: Gaps between patch versions are faulty, broken or test releases.

This file contains the changelog starting from v7.15.0.

See CHANGELOG - v7.0.0 to v7.14.9 for v7.0.0 to v7.14.9 changes.

See CHANGELOG - v7 prereleases for v7.0.0-alpha.1 to v7.0.0-rc.4 changes.

See CHANGELOG - v4, CHANGELOG - v5, and CHANGELOG - v6 for v4.x-v6.x changes.

See CHANGELOG - 6to5 for the pre-4.0.0 version changelog.

See Babylon's CHANGELOG for the Babylon pre-7.0.0-beta.29 version changelog.

See babel-eslint's releases for the changelog before @babel/eslint-parser 7.8.0.

See eslint-plugin-babel's releases for the changelog before @babel/eslint-plugin 7.8.0.

v7.28.5 (2025-10-23)

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

#17519 fix: rest correctly returns plain array (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types

#17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)

babel-traverse

#17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

babel-types

#17494 Type checking babel-types scripts (@JLHwung)

... (truncated)

Commits

d7f4008 v7.28.6
99dcba5 chore: enable some ts-eslint rules (#17592)
c1b55f6 Use eslint.config.mts (#17573)
35055e3 v7.28.4
18d88b8 Improve @babel/core typings (#17471)
ef155f5 v7.28.3
741cbd2 chore: fix various typos across codebase (#17476)
cac0ff4 v7.28.2
f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
baa4cb8 v7.27.6
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/helpers since your current version.

Updates @babel/traverse from 7.11.0 to 7.28.6

Release notes

Sourced from @babel/traverse's releases.

v7.28.6 (2026-01-12)

Thanks @kadhirash and @kolvian for your first PRs!

🐛 Bug Fix

babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types

#17589 Improve Unicode handling in code-frame tokenizer (@JLHwung)

babel-plugin-transform-regenerator

#17556 fix: transform-regenerator correctly handles scope (@liuxingbaoyu)

babel-plugin-transform-react-jsx

#17538 fix: Keep jsx comments (@liuxingbaoyu)

💅 Polish

babel-core, babel-standalone

#17606 Polish(standalone): improve message on invalid preset/plugin (@JLHwung)

🏠 Internal

babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

#17580 Allow Babel 8 in compatible Babel 7 plugins (@nicolo-ribaudo)

🏃‍♀️ Performance

babel-plugin-transform-react-jsx

#17555 perf: Use lighter traversal for jsx __source,__self (@liuxingbaoyu)

Committers: 7

Babel Bot (@babel-bot)

Eliot Pontarelli (@kolvian)

Huáng Jùnliàng (@JLHwung)

Kadhirash Sivakumar (@kadhirash)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

coderaiser (@coderaiser)

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

Changelog

Tags:

💥 [Breaking Change]

👓 [Spec Compliance]

🚀 [New Feature]

🐛 [Bug Fix]

📝 [Documentation]

🏠 [Internal]

💅 [Polish]

Note: Gaps between patch versions are faulty, broken or test releases.

This file contains the changelog starting from v7.15.0.

See CHANGELOG - v7.0.0 to v7.14.9 for v7.0.0 to v7.14.9 changes.

See CHANGELOG - v7 prereleases for v7.0.0-alpha.1 to v7.0.0-rc.4 changes.

See CHANGELOG - v4, CHANGELOG - v5, and CHANGELOG - v6 for v4.x-v6.x changes.

See CHANGELOG - 6to5 for the pre-4.0.0 version changelog.

See Babylon's CHANGELOG for the Babylon pre-7.0.0-beta.29 version changelog.

See babel-eslint's releases for the changelog before @babel/eslint-parser 7.8.0.

See eslint-plugin-babel's releases for the changelog before @babel/eslint-plugin 7.8.0.

v7.28.5 (2025-10-23)

👓 Spec Compliance

babel-parser

#17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)

babel-helper-validator-identifier

#17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private

#17534 Allow mixing private destructuring and rest (@CO0Ki3)

babel-parser

#17521 Improve @babel/parser error typing (@JLHwung)

#17491 fix: improve ts-only declaration parsing (@JLHwung)

babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

#17519 fix: rest correctly returns plain array (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types

#17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)

babel-traverse

#17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

babel-types

#17494 Type checking babel-types scripts (@JLHwung)

... (truncated)

Commits

d7f4008 v7.28.6
905bc22 fix: lint errors in main branch (#17612)
a03e2b6 fix: path.evaluate correctly returns confident (#17584)
aac2c37 chore: Use Gulpfile.mts (#17579)
65c4a6b [Babel 8] fix: Improve traverse types (#17574)
99dcba5 chore: enable some ts-eslint rules (#17592)
c92c491 Improve Unicode handling in code-frame tokenizer (#17589)
c1b55f6 Use eslint.config.mts (#17573)
d1e1bad Fix traverse NodePath caching (#17568)
4cc3d88 [Babel 8] fix: Correctly handle export references (#17570)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @babel/traverse since your current version.

Updates algoliasearch-helper from 3.11.1 to 3.27.0

Release notes

Sourced from algoliasearch-helper's releases.

[email protected]

3.27.0 (2025-12-30)

Features

sortBy: support composition sorting strategies (#6841) (f7d7a66)

[email protected]

3.26.1 (2025-11-10)

Bug Fixes

refinementList: hide facets based on renderingContent when searched (#6792) (ee0d2e4)

refinementList: hide facets when when sortBy is provided (#6785) (cb92a6b)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by instantsearch-bot, a new releaser for algoliasearch-helper since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
9a7e3b2 chore: fix build status badge
0852683 chore(release): 7.0.5
640d391 fix: fix escaping bug introduced by backtracking
bff0c87 chore: remove codecov
a7c6abc chore: replace travis with github workflows
9b9246e chore(release): 7.0.4
5ff3a07 fix: disable regexp backtracking (#160)
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for [email protected] by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: [email protected] by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: [email protected] by @blakeembrey in expressjs/express#5956

deps: bump [email protected] by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

... (truncated)

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: [email protected]

4.21.2 / 2024-11-06

deps: [email protected]

Fix backtracking protection

deps: [email protected]

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: [email protected]

includes [email protected]

deps: [email protected]

deps: [email protected]

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

... (truncated)

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: [email protected] (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates follow-redirects from 1.15.2 to 1.15.11

Commits

21ef28a Release version 1.15.11 of the npm package.
7c88135 Roll back tree shaking.
6e389ba Release version 1.15.10 of the npm package.
5bc496e Shake me up before you go-go.
694d6b4 Bump minimist from 1.2.5 to 1.2.8
e4e55c7 Release version 1.15.9 of the npm package.
31a1abf Attempt much more gentle detection.
d2aaa97 Fix url field.
62558f0 Release version 1.15.8 of the npm package.
a8d1cee Return subtlety.
Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.6 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

fix(fixRequestBody): check readableLength by @chimurai in chimurai/http-proxy-middleware#1097

chore(package): v2.0.9 by @chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

fix(fixRequestBody): prevent multiple .write() calls by @chimurai in chimurai/http-proxy-middleware#1090

fix(fixRequestBody): handle invalid request by @chimurai in chimurai/http-proxy-middleware#1091

chore(package): v2.0.8 by @chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

v2.0.7

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7

v2.0.7-beta.1

Full Changelog: chimurai/http-proxy-middleware@v2.0.7-beta.0...v2.0.7-beta.1

v2.0.7-beta.0

Full Changelog: chimurai/http-proxy-middleware@v2.0.6...v2.0.7-beta.0

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

fix(fixRequestBody): check readableLength

v2.0.8

fix(fixRequestBody): prevent multiple .write() calls

fix(fixRequestBody): handle invalid request

v2.0.7

ci(github actions): add publish.yml

fix(filter): handle errors

Commits

617a7c9 chore(package): v2.0.9 (#1099)
d22d587 fix(fixRequestBody): check readableLength (#1097)
d03d51b chore(package): v2.0.8 (#1094)
c50dd06 fix(fixRequestBody): handle invalid request (#1091)
76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
1e92339 ci(github-actions): fix npm tag
90afb7c chore(package): v2.0.7
0b4274e fix(filter): handle errors
1bd6dd5 ci(github actions): add publish.yml
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with n...
Description has been truncated

Bumps the npm_and_yarn group with 18 updates in the /SpotifyAPI.Docs directory: | Package | From | To | | --- | --- | --- | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.10.4` | `7.28.6` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.11.0` | `7.28.6` | | [algoliasearch-helper](https://github.com/algolia/instantsearch) | `3.11.1` | `3.27.0` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.22.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.11` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.4` | `3.3.11` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [postcss](https://github.com/postcss/postcss) | `8.4.19` | `8.5.6` | | [prismjs](https://github.com/PrismJS/prism) | `1.29.0` | `1.30.0` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | | [webpack](https://github.com/webpack/webpack) | `5.76.1` | `5.104.1` | Bumps the npm_and_yarn group with 3 updates in the /SpotifyAPI.Web.Examples/Example.TokenSwap/Server directory: [axios](https://github.com/axios/axios), [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). Updates `@babel/helpers` from 7.10.4 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers) Updates `@babel/traverse` from 7.11.0 to 7.28.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-traverse) Updates `algoliasearch-helper` from 3.11.1 to 3.27.0 - [Release notes](https://github.com/algolia/instantsearch/releases) - [Commits](https://github.com/algolia/instantsearch/commits/[email protected]) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) Updates `express` from 4.18.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.15.2 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.11) Updates `http-proxy-middleware` from 2.0.6 to 2.0.9 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.6...v2.0.9) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.4 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.4...3.3.11) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `postcss` from 8.4.19 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.19...8.5.6) Updates `prismjs` from 1.29.0 to 1.30.0 - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/v2/CHANGELOG.md) - [Commits](PrismJS/prism@v1.29.0...v1.30.0) Updates `qs` from 6.11.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `webpack` from 5.76.1 to 5.104.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.76.1...v5.104.1) Updates `axios` from 0.21.2 to 0.30.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.2...v0.30.2) Updates `body-parser` from 1.19.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.19.2...1.20.3) Updates `express` from 4.17.3 to 4.22.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.18.2...v4.22.1) Updates `follow-redirects` from 1.14.8 to 1.15.11 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.11) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `qs` from 6.9.7 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.1) Updates `send` from 0.17.2 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.14.2 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.28.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: algoliasearch-helper dependency-version: 3.27.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cross-spawn dependency-version: 7.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-version: 2.0.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-version: 8.5.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: prismjs dependency-version: 1.30.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-version: 5.3.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.104.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.30.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 2 directories with 24 updates#1

Bump the npm_and_yarn group across 2 directories with 24 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/SpotifyAPI.Docs/npm_and_yarn-b6409a9340

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 22, 2026

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 7

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

Changelog

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

v7.28.6 (2026-01-12)

🐛 Bug Fix

💅 Polish

🏠 Internal

🏃‍♀️ Performance

Committers: 7

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

Changelog

v7.28.5 (2025-10-23)

👓 Spec Compliance

🐛 Bug Fix

🏠 Internal

[email protected]

3.27.0 (2025-12-30)

Features

[email protected]

3.26.1 (2025-11-10)

Bug Fixes

v1.1.12

7.0.6 (2024-11-18)

Bug Fixes

7.0.5 (2024-11-07)

Bug Fixes

7.0.4 (2024-11-07)

Bug Fixes

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

v2.0.9

What's Changed

v2.0.8

What's Changed

v2.0.7

v2.0.7-beta.1

v2.0.7-beta.0

v2.0.9

v2.0.8

v2.0.7

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!