build(deps): bump the npm_and_yarn group across 6 directories with 15 updates by dependabot[bot] · Pull Request #269 · Coveros/codeveros

dependabot · 2026-03-21T10:40:00Z

Bumps the npm_and_yarn group with 4 updates in the /services/auth-service/nodejs directory: minimatch, flatted, koa and qs.
Bumps the npm_and_yarn group with 3 updates in the /services/gateway/nodejs directory: minimatch, flatted and qs.
Bumps the npm_and_yarn group with 4 updates in the /services/training-service/nodejs directory: minimatch, flatted, koa and qs.
Bumps the npm_and_yarn group with 11 updates in the /services/ui/angular directory:

Package	From	To
minimatch	`3.1.2`	`3.1.5`
flatted	`3.3.3`	`3.4.2`
qs	`6.14.0`	`6.14.2`
@angular/compiler	`20.3.15`	`20.3.16`
@angular/core	`20.3.15`	`20.3.18`
@modelcontextprotocol/sdk	`1.24.0`	`1.26.0`
axios	`1.13.2`	`1.13.6`
basic-ftp	`5.0.5`	`5.2.0`
dompurify	`3.2.6`	`3.3.3`
immutable	`3.8.2`	`3.8.3`
immutable	`5.1.4`	`5.1.5`
lodash	`4.17.21`	`4.17.23`

Bumps the npm_and_yarn group with 7 updates in the /services/ui/react directory:

Package	From	To
minimatch	`3.1.2`	`3.1.5`
flatted	`3.3.3`	`3.4.2`
axios	`1.13.2`	`1.13.6`
dompurify	`3.2.6`	`3.3.3`
immutable	`3.8.2`	`3.8.3`
rollup	`4.53.3`	`4.59.1`
react-router	`7.10.1`	`7.12.0`

Bumps the npm_and_yarn group with 4 updates in the /services/user-service/nodejs directory: minimatch, flatted, koa and qs.

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates koa from 3.1.1 to 3.1.2

Release notes

Sourced from koa's releases.

v3.1.2

What's Changed

fix: typo in troubleshooting.md by @WuMingDao in koajs/koa#1916

build(deps-dev): bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in koajs/koa#1921

build(deps): bump http-errors from 2.0.0 to 2.0.1 by @dependabot[bot] in koajs/koa#1919

build(deps): bump mime-types from 3.0.1 to 3.0.2 by @dependabot[bot] in koajs/koa#1918

docs: use correct term "Server-Sent Events" in guide by @jtr860830 in koajs/koa#1920

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in koajs/koa#1917

build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in koajs/koa#1922

fix(security): Host Header Injection via ctx.hostname by @killagu GHSA-7gcc-r8m5-44qm

New Contributors

@WuMingDao made their first contribution in koajs/koa#1916

@jtr860830 made their first contribution in koajs/koa#1920

Full Changelog: koajs/koa@v3.1.1...v3.1.2

Commits

c5a52e0 3.1.2
55ab9ba Merge commit from fork
fecd464 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922)
d2066cf build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#1917)
8694a06 docs: use correct term "Server-Sent Events" in guide (#1920)
096682b build(deps): bump mime-types from 3.0.1 to 3.0.2 (#1918)
8215c2e build(deps): bump http-errors from 2.0.0 to 2.0.1 (#1919)
cfe5ec6 build(deps-dev): bump qs from 6.14.0 to 6.14.1 (#1921)
0a6afa5 fix: typo in troubleshooting.md (#1916)
See full diff in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates koa from 3.1.1 to 3.1.2

Release notes

Sourced from koa's releases.

v3.1.2

What's Changed

fix: typo in troubleshooting.md by @WuMingDao in koajs/koa#1916

build(deps-dev): bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in koajs/koa#1921

build(deps): bump http-errors from 2.0.0 to 2.0.1 by @dependabot[bot] in koajs/koa#1919

build(deps): bump mime-types from 3.0.1 to 3.0.2 by @dependabot[bot] in koajs/koa#1918

docs: use correct term "Server-Sent Events" in guide by @jtr860830 in koajs/koa#1920

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in koajs/koa#1917

build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in koajs/koa#1922

fix(security): Host Header Injection via ctx.hostname by @killagu GHSA-7gcc-r8m5-44qm

New Contributors

@WuMingDao made their first contribution in koajs/koa#1916

@jtr860830 made their first contribution in koajs/koa#1920

Full Changelog: koajs/koa@v3.1.1...v3.1.2

Commits

c5a52e0 3.1.2
55ab9ba Merge commit from fork
fecd464 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922)
d2066cf build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#1917)
8694a06 docs: use correct term "Server-Sent Events" in guide (#1920)
096682b build(deps): bump mime-types from 3.0.1 to 3.0.2 (#1918)
8215c2e build(deps): bump http-errors from 2.0.0 to 2.0.1 (#1919)
cfe5ec6 build(deps-dev): bump qs from 6.14.0 to 6.14.1 (#1921)
0a6afa5 fix: typo in troubleshooting.md (#1916)
See full diff in compare view

Updates qs from 6.14.0 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates minimatch from 3.1.2 to 3.1.5

Commits

7bba978 3.1.5
bd25942 docs: add warning about ReDoS
1a9c27c fix partial matching of globstar patterns
1a2e084 3.1.4
ae24656 update lockfile
b100374 limit recursion for **, improve perf considerably
26ffeaa lockfile update
9eca892 lock node version to 14
00c323b 3.1.3
30486b2 update CI matrix and actions
Additional commits viewable in compare view

Updates flatted from 3.3.3 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates qs from 6.14.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.15.0

[New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)

[Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

d9b4c66 v6.15.0
cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
88e1563 [Fix] duplicates option should not apply to bracket notation keys
9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
85cc8ca v6.12.5
ffc12aa v6.11.4
0506b11 [actions] update reusable workflows
6a37faf [actions] update reusable workflows
8e8df5a [Fix] fix regressions from robustness refactor
d60bab3 v6.10.7
Additional commits viewable in compare view

Updates @angular/compiler from 20.3.15 to 20.3.16

Release notes

Sourced from @angular/compiler's releases.

20.3.16

core

Commit Description

sanitize sensitive attributes on SVG script elements

Changelog

Sourced from @angular/compiler's changelog.

20.3.16 (2026-01-07)

core

Commit Type Description

c2c2b4aaa8 fix sanitize sensitive attributes on SVG script elements

19.2.18 (2026-01-07)

core

Commit Type Description

26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description

8e808740c9 fix better types for a few expression AST nodes

63b1cdcf70 fix produce accurate span for typeof and void expressions

3c3ae0cb64 fix provide location information for literal map keys

523dbaf1c3 fix stop ThisReceiver inheritance from ImplicitReceiver

compiler-cli

Commit Type Description

4d9c4567ed fix ensure component import diagnostics are reported within the imports expression

cd405685af fix fix up spelling of diagnostic

778460fcca fix support qualified names in typeof type references

core

Commit Type Description

7c74674eb0 fix avoid leaking view data in animations

0edbee4550 fix explicitly cast signal node value to String

f9c29572d2 fix sanitize sensitive attributes on SVG script elements

forms

Commit Type Description

e3fba182f9 feat add [formField] directive

561772b152 fix allow custom controls to require dirty input

f0fb1d8581 fix allow custom controls to require hidden input

ec110f170b fix allow custom controls to require pending input

ae1dc16bb0 fix clean up abort listener after timeout

9748b0d5da fix support custom controls with non signal-based models

6bd22df987 fix Support readonly arrays in signal forms

router

| Commit | Type | Description |

... (truncated)

Commits

c2c2b4a fix(core): sanitize sensitive attributes on SVG script elements
See full diff in compare view

Updates @angular/core from 20.3.15 to 20.3.18

Release notes

Sourced from @angular/core's releases.

20.3.18

compiler

Commit Description

disallow translations of iframe src

core

Commit Description

sanitize translated attribute bindings with interpolations

sanitize translated form attributes

20.3.17

core

Commit Description

block creation of sensitive URI attributes from ICU messages

Breaking Changes

core

Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

(cherry picked from commit 03da204b6daa5e4583e0d0968c2107390bbd8235)

20.3.16

core

Commit Description

sanitize sensitive attributes on SVG script elements

Changelog

Sourced from @angular/core's changelog.

20.3.18 (2026-03-12)

compiler

Commit Type Description

02fbf08890 fix disallow translations of iframe src

core

Commit Type Description

72126f9a08 fix sanitize translated attribute bindings with interpolations

626bc8bc20 fix sanitize translated form attributes

22.0.0-next.3 (2026-03-12)

compiler

Commit Type Description

78dea55351 fix disallow translations of iframe src

core

Commit Type Description

999c14eaab fix reverts "feat(core): add support for nested animations"

de0eb4c656 fix sanitize translated form attributes

21.2.4 (2026-03-12)

compiler

Commit Type Description

ed2d324f9c fix disallow translations of iframe src

core

Commit Type Description

abbd8797bb fix reverts "feat(core): add support for nested animations"

d1dcd16c5b fix sanitize translated form attributes

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

createNgModuleRef was removed, use createNgModule instead

core

Commit Type Description

b918beda32 feat allow debouncing signals

... (truncated)

Commits

626bc8b fix(core): sanitize translated form attributes
72126f9 fix(core): sanitize translated attribute bindings with interpolations
7f9de3c fix(core): block creation of sensitive URI attributes from ICU messages
c2c2b4a fix(core): sanitize sensitive attributes on SVG script elements
See full diff in compare view

Updates @modelcontextprotocol/sdk from 1.24.0 to 1.26.0

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

v1.25.2

What's Changed

ci: trigger workflow on v1.x branch by @felixweinberger in modelcontextprotocol/typescript-sdk#1319

fix: README badges links destinations by @antonpk1 in modelcontextprotocol/typescript-sdk#907

fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by @pcarleton in modelcontextprotocol/typescript-sdk#1365

New Contributors

@antonpk1 made their first contribution in modelcontextprotocol/typescript-sdk#907

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.1...v1.25.2

1.25.1

What's Changed

spec types - backwards compatibility changes by @KKonstantinov in modelcontextprotocol/typescript-sdk#1306

chore: bump version for patch fix by @felixweinberger in modelcontextprotocol/typescript-sdk#1307

Full Changelog: modelcontextprotocol/typescript-sdk@1.25.0...1.25.1

1.25.0

What's Changed

list changed handlers on client constructor by @mattzcarey in modelcontextprotocol/typescript-sdk#1206

Role - moved from inline to reusable type by @KKonstantinov in modelcontextprotocol/typescript-sdk#1221

fix: use versioned npm tag for non-main branch releases by @pcarleton in modelcontextprotocol/typescript-sdk#1236

No automatic completion support unless needed - Revisited yet again by @cliffhall in modelcontextprotocol/typescript-sdk#1237

fix: Support updating output schema by @vincent0426 in

… updates Bumps the npm_and_yarn group with 4 updates in the /services/auth-service/nodejs directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted), [koa](https://github.com/koajs/koa) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 3 updates in the /services/gateway/nodejs directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 4 updates in the /services/training-service/nodejs directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted), [koa](https://github.com/koajs/koa) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 11 updates in the /services/ui/angular directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.14.2` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `20.3.15` | `20.3.16` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `20.3.15` | `20.3.18` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.24.0` | `1.26.0` | | [axios](https://github.com/axios/axios) | `1.13.2` | `1.13.6` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.2.0` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.3.3` | | [immutable](https://github.com/immutable-js/immutable-js) | `3.8.2` | `3.8.3` | | [immutable](https://github.com/immutable-js/immutable-js) | `5.1.4` | `5.1.5` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | Bumps the npm_and_yarn group with 7 updates in the /services/ui/react directory: | Package | From | To | | --- | --- | --- | | [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [axios](https://github.com/axios/axios) | `1.13.2` | `1.13.6` | | [dompurify](https://github.com/cure53/DOMPurify) | `3.2.6` | `3.3.3` | | [immutable](https://github.com/immutable-js/immutable-js) | `3.8.2` | `3.8.3` | | [rollup](https://github.com/rollup/rollup) | `4.53.3` | `4.59.1` | | [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.10.1` | `7.12.0` | Bumps the npm_and_yarn group with 4 updates in the /services/user-service/nodejs directory: [minimatch](https://github.com/isaacs/minimatch), [flatted](https://github.com/WebReflection/flatted), [koa](https://github.com/koajs/koa) and [qs](https://github.com/ljharb/qs). Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `koa` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@v3.1.1...v3.1.2) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `koa` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@v3.1.1...v3.1.2) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `qs` from 6.14.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) Updates `@angular/compiler` from 20.3.15 to 20.3.16 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.16/packages/compiler) Updates `@angular/core` from 20.3.15 to 20.3.18 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v20.3.18/packages/core) Updates `@modelcontextprotocol/sdk` from 1.24.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.24.0...v1.26.0) Updates `axios` from 1.13.2 to 1.13.6 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.2...v1.13.6) Updates `basic-ftp` from 5.0.5 to 5.2.0 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) Updates `tar` from 6.2.1 to 7.5.12 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.1...v7.5.12) Updates `dompurify` from 3.2.6 to 3.3.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.2.6...3.3.3) Updates `immutable` from 3.8.2 to 3.8.3 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v3.8.2...v3.8.3) Updates `immutable` from 5.1.4 to 5.1.5 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v3.8.2...v3.8.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `axios` from 1.13.2 to 1.13.6 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.2...v1.13.6) Updates `dompurify` from 3.2.6 to 3.3.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.2.6...3.3.3) Updates `immutable` from 3.8.2 to 3.8.3 - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](immutable-js/immutable-js@v3.8.2...v3.8.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `rollup` from 4.53.3 to 4.59.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.53.3...v4.59.1) Updates `react-router` from 7.10.1 to 7.12.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `koa` from 3.1.1 to 3.1.2 - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@v3.1.1...v3.1.2) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.15.0) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: koa dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: koa dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/compiler" dependency-version: 20.3.16 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 20.3.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 3.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 5.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dompurify dependency-version: 3.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: immutable dependency-version: 3.8.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.59.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 7.12.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: koa dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-25T21:00:06Z

Superseded by #270.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 21, 2026

dependabot bot mentioned this pull request Mar 21, 2026

build(deps): bump the npm_and_yarn group across 6 directories with 13 updates #268

Closed

github-actions bot added services ui user-service gateway auth-service training-service angular react labels Mar 21, 2026

dependabot bot closed this Mar 25, 2026

dependabot bot deleted the dependabot/npm_and_yarn/services/auth-service/nodejs/npm_and_yarn-79bc90b7f6 branch March 25, 2026 21:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 6 directories with 15 updates#269

build(deps): bump the npm_and_yarn group across 6 directories with 15 updates#269
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/services/auth-service/nodejs/npm_and_yarn-79bc90b7f6

dependabot bot commented on behalf of github Mar 21, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Commit	Type	Description
8e808740c9	fix	better types for a few expression AST nodes
63b1cdcf70	fix	produce accurate span for typeof and void expressions
3c3ae0cb64	fix	provide location information for literal map keys
523dbaf1c3	fix	stop ThisReceiver inheritance from ImplicitReceiver

Commit	Type	Description
4d9c4567ed	fix	ensure component import diagnostics are reported within the `imports` expression
cd405685af	fix	fix up spelling of diagnostic
778460fcca	fix	support qualified names in `typeof` type references

Commit	Type	Description
7c74674eb0	fix	avoid leaking view data in animations
0edbee4550	fix	explicitly cast signal node value to String
f9c29572d2	fix	sanitize sensitive attributes on SVG script elements

Commit	Type	Description
e3fba182f9	feat	add `[formField]` directive
561772b152	fix	allow custom controls to require `dirty` input
f0fb1d8581	fix	allow custom controls to require `hidden` input
ec110f170b	fix	allow custom controls to require `pending` input
ae1dc16bb0	fix	clean up abort listener after timeout
9748b0d5da	fix	support custom controls with non signal-based models
6bd22df987	fix	Support readonly arrays in signal forms

Commit	Description
	sanitize translated attribute bindings with interpolations
	sanitize translated form attributes

Commit	Type	Description
72126f9a08	fix	sanitize translated attribute bindings with interpolations
626bc8bc20	fix	sanitize translated form attributes

Commit	Type	Description
999c14eaab	fix	reverts "feat(core): add support for nested animations"
de0eb4c656	fix	sanitize translated form attributes

Commit	Type	Description
abbd8797bb	fix	reverts "feat(core): add support for nested animations"
d1dcd16c5b	fix	sanitize translated form attributes

Conversation

dependabot bot commented on behalf of github Mar 21, 2026

v3.1.2

What's Changed

New Contributors

6.15.0

6.14.2

6.14.1

6.15.0

6.14.2

6.14.1

v3.1.2

What's Changed

New Contributors

6.15.0

6.14.2

6.14.1

6.15.0

6.14.2

6.14.1

20.3.16

core

20.3.16 (2026-01-07)

core

19.2.18 (2026-01-07)

core

21.0.7 (2026-01-07)

compiler

compiler-cli

core

forms

router

20.3.18

compiler

core

20.3.17

core

Breaking Changes

core

20.3.16

core

20.3.18 (2026-03-12)

compiler

core

22.0.0-next.3 (2026-03-12)

compiler

core

21.2.4 (2026-03-12)

compiler

core

22.0.0-next.2 (2026-03-11)

Breaking Changes

core

core

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

v1.25.2

What's Changed

New Contributors

1.25.1

What's Changed

1.25.0

What's Changed

Uh oh!

dependabot bot commented on behalf of github Mar 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants