Bump the npm-dependencies group across 1 directory with 32 updates

[dependabot]

Bumps the npm-dependencies group with 30 updates in the / directory:

Package	From	To
body-parser	1.20.3	2.2.2
ejs	3.1.10	5.0.2
express	4.21.2	5.2.1
express-rate-limit	7.5.0	8.5.2
express-slow-down	2.0.3	3.1.0
helmet	8.0.0	8.2.0
i18next-browser-languagedetector	8.0.2	8.2.1
i18next-http-backend	3.0.1	4.0.0
morgan	1.10.0	1.10.1
pug	3.0.3	3.0.4
react-i18next	15.3.0	17.0.8
system-sleep	1.3.7	1.3.8
@babel/core	7.26.0	7.29.0
@babel/preset-env	7.26.0	7.29.5
@babel/preset-react	7.26.3	7.28.5
babel-loader	9.2.1	10.1.1
bootstrap	5.3.3	5.3.8
eslint	9.17.0	10.4.0
i18next	24.2.0	26.2.0
jquery	3.7.1	4.0.0
mocha	11.0.1	11.7.6
nyc	17.1.0	18.0.0
react	19.0.0	19.2.6
react-bootstrap	2.10.7	2.10.10
react-dom	19.0.0	19.2.6
react-redux	9.2.0	9.3.0
react-router-dom	7.1.1	7.15.1
supertest	7.0.0	7.2.2
webpack	5.97.1	5.107.1
webpack-cli	6.0.1	7.0.2

Updates body-parser from 1.20.3 to 2.2.2

Release notes

Sourced from body-parser's releases.

v2.2.2

What's Changed

• docs: update README links by @​efekrskl in expressjs/body-parser#673
• docs: release notes for the v1.20.4 release by @​Phillip9587 in expressjs/body-parser#674
• docs: update URL-encoded parser description to include ISO-8859-1 encoding support by @​Phillip9587 in expressjs/body-parser#679
• docs: use standard jsdoc tags everywhere by @​Phillip9587 in expressjs/body-parser#677
• deps: qs@^6.14.1 by @​UlisesGascon in expressjs/body-parser#689
• refactor(json): simplify strict mode error string construction by @​jonchurch in expressjs/body-parser#693
• Release: 2.2.2 by @​UlisesGascon in expressjs/body-parser#691

New Contributors

• @​efekrskl made their first contribution in expressjs/body-parser#673

Full Changelog: expressjs/body-parser@v2.2.1...v2.2.2

v2.2.1

Important: Security

• Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

• ci: add dependabot by @​Phillip9587 in expressjs/body-parser#593
• ci: use full SHAs for github action versions by @​Phillip9587 in expressjs/body-parser#594
• deps: type-is@^2.0.1 by @​Phillip9587 in expressjs/body-parser#599
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/body-parser#609
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in expressjs/body-parser#610
• build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @​dependabot[bot] in expressjs/body-parser#611
• build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @​dependabot[bot] in expressjs/body-parser#613
• build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @​dependabot[bot] in expressjs/body-parser#612
• ci: add codeql github workflows scanning by @​Phillip9587 in expressjs/body-parser#614
• ci: update CodeQL config to ignore the test directory by @​Phillip9587 in expressjs/body-parser#615
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/body-parser#620
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in expressjs/body-parser#619
• chore(deps): unpin devDependencies by @​Phillip9587 in expressjs/body-parser#616
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/body-parser#621
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/body-parser#623
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/body-parser#624
• chore: add funding to package.json by @​Phillip9587 in expressjs/body-parser#617
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/body-parser#625
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/body-parser#630
• refactor: move common request validation to read function by @​Phillip9587 in expressjs/body-parser#600
• deps: bump iconv-lite by @​bjohansebas in expressjs/body-parser#631
• doc: pull beta changelog forward into 2.0.0 by @​jonchurch in expressjs/body-parser#629
• refactor: optimize raw and text parsers with shared passthrough function by @​Phillip9587 in expressjs/body-parser#634
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#640
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in expressjs/body-parser#639
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#636
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @​dependabot[bot] in expressjs/body-parser#637
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @​dependabot[bot] in expressjs/body-parser#638
• deps: raw-body@^3.0.1 by @​Phillip9587 in expressjs/body-parser#641

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.2 / 2026-01-07

• deps: qs@^6.14.1
• refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

• Security fix for GHSA-wqch-xfxh-vrr4
• deps:
  • type-is@^2.0.1
  • iconv-lite@^0.7.0
    • Handle split surrogate pairs when encoding UTF-8
    • Avoid false positives in encodingExists by using prototype-less objects
  • raw-body@^3.0.1
  • debug@^4.4.3

2.2.0 / 2025-03-27

• refactor: normalize common options for all parsers
• deps:
  • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

• deps:
  • type-is@^2.0.0
  • debug@^4.4.0
  • Removed destroy
• refactor: prefix built-in node module imports
• use the node require cache instead of custom caching

2.0.2 / 2024-10-31

• remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

• Restore expected behavior extended to false

2.0.0 / 2024-09-10

Breaking Changes

• Node.js 18 is the minimum supported version

... (truncated)

Commits

• 3d24866 2.2.2 (#691)
• 8474a98 refactor(json): simplify strict mode error string construction (#693)
• 03f17c2 deps: qs@^6.14.1 (#689)
• ea1f25e docs: use standard jsdoc tags everywhere (#677)
• d7deef8 docs: update URL-encoded parser description to include ISO-8859-1 encoding su...
• b6f52aa docs: release notes for the v1.20.4 release (#674)
• 2965ca4 docs: update links (#673)
• d96b63d 2.2.1 (#659)
• b204886 sec: security patch for CVE-2025-13466
• e20e351 feat: remove history.md from being packaged on publish (#660)
• Additional commits viewable in compare view

Updates debug from 4.4.0 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

Commits

• 6b2c5fb 4.4.3
• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• See full diff in compare view

Updates ejs from 3.1.10 to 5.0.2

Release notes

Sourced from ejs's releases.

v5.0.2

Version 5.0.2

v5.0.1

Version 5.0.1

v4.0.1

Version 4.0.1

Changelog

Sourced from ejs's changelog.

EJS Version 5.0.1 Release Notes

Overview

EJS version 5.0.1 is a major release that removes deprecated options, fixes template behavior with custom delimiters, improves the CLI and build pipeline, and simplifies the package by moving Jake to a dev-only dependency.

Major Changes

Deprecated Option Removed

• Removed client option (Fixes #746): The legacy client flag and related code have been removed. This option produced browser-oriented template functions by inlining escape and rethrow helpers; it was unmaintained and broken. Use the standard browser bundle (ejs.min.js) or compile templates for the client using your own build setup.

Bug Fixes

• Custom delimiters and whitespace-slurp tags (Fixed #780): Whitespace-slurp tags (<%_ and _%> by default) now respect custom openDelimiter, delimiter, and closeDelimiter. Previously, the slurp regex was hardcoded to <%/%>, so custom delimiters did not work correctly with <%_/_%>-style tags.

CLI & Build

• CLI no longer depends on Jake: The ejs CLI now uses a bundled argument parser (lib/esm/parseargs.js / lib/cjs/parseargs.js) instead of the Jake program module. Jake remains a devDependency for the build (lint, compile, browserify, minify, test).
• Jake moved to devDependencies: Jake was moved from dependencies to devDependencies, so installing ejs as a dependency no longer pulls in Jake.
• Minification fix: The minify task now minifies the browserified ejs.js bundle (output of the browserify task) instead of lib/cjs/ejs.js, so the browser bundle is correctly minified.

Documentation & Examples

• JSDoc updates: Removed references to the client option and ClientFunction from options and template-function documentation.
• Examples: examples/client-compilation.html and examples/express/app.js updated to remove use of the client option; Express example no longer passes client: true.
• README: Removed broken link to the third-party EJS playground.

Code Quality

• Tests: Removed tests that targeted the removed client option behavior.
• Utils: Removed unused client-related code from lib/esm/utils.js.

Breaking Changes

Removed client Option

• Option removed: The client option is no longer supported. Passing client: true (or any value) is ignored; no error is thrown, but no

... (truncated)

Commits

• a464c96 Version 5.0.2
• b4f7b49 Hardening
• 2b15562 Added release notes
• f9ab0b7 Version 5.0.1
• 173c46f Bump version for release
• 35ad41b Removed Jake
• bf142d1 Updated version number
• 3cd835c Remove broken playground link
• 6e1289c Fix minification
• 5090873 Fixes #746, removed old 'client' flag
• Additional commits viewable in compare view

Updates express from 4.21.2 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 5.2.1 by @​UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @​dependabot[bot] in expressjs/express#6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @​Ayoub-Mabrouk in expressjs/express#6137
• increased code coverage of utils.js file by @​ashish3011 in expressjs/express#6386
• chore: remove duplicate word by @​dufucun in expressjs/express#6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @​dependabot[bot] in expressjs/express#6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/express#6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/express#6496
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6504
• ci: update codeql config by @​Phillip9587 in expressjs/express#6488
• chore: wider range for query test skip by @​jonchurch in expressjs/express#6512
• chore: fix typos in test by @​noritaka1166 in expressjs/express#6535
• ci: disable credential persistence for checkout actions by @​mertssmnoglu in expressjs/express#6522
• ci: allow manual triggering of workflow by @​shivarm in expressjs/express#6515
• test: add coverage for app.listen() variants by @​kgarg1 in expressjs/express#6476
• docs: move documentation and charters to the discussions and .github … by @​bjohansebas in expressjs/express#6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/express#6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/express#6548
• chore: enforce explicit Buffer import and add lint rule by @​shivarm in expressjs/express#6525
• chore: use node protocol for querystring by @​shivarm in expressjs/express#6520
• chore: fix typo by @​mountdisk in expressjs/express#6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/express#6618
• add deprecation warnings for redirect arguments undefined by @​bjohansebas in expressjs/express#6405
• ci: run CI when the markdown changes by @​bjohansebas in expressjs/express#6632
• doc: fix CONTRIBUTING link by @​jonchurch in expressjs/express#6653
• doc: update contributing guidelines and code of conduct links by @​ShubhamOulkar in expressjs/express#6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @​dependabot[bot] in expressjs/express#6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @​dependabot[bot] in expressjs/express#6678
• lint: add --fix flag to automatic fix linting issue by @​shivarm in expressjs/express#6644
• chore: ignore yarn.lock file and update example by @​shivarm in expressjs/express#6588
• lib: use req.socket over deprecated req.connection by @​bjohansebas in expressjs/express#6705
• doc: update express app example by @​shivarm in expressjs/express#6718
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/express#6675
• Remove history.md from being packaged on publish by @​sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: body-parser@^2.2.1
• A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0

... (truncated)

Commits

• dbac741 5.2.1
• 697547c Revert "sec: security patch for CVE-2024-51999"
• 4007ad1 Release: 5.2.0 (#6920)
• 2f64f68 sec: security patch for CVE-2024-51999
• ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
• 8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
• 30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
• 758d435 deps: body-parser@^2.2.1 (#6922)
• 77bcd52 docs: update emeritus triagers (#6890)
• f33caf1 Nominate to @​efekrskl for triage team (#6888)
• Additional commits viewable in compare view

Updates express-rate-limit from 7.5.0 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

v7.5.1

Changed

• Narrowed type of standardHeaders from string to just the supported values via a TypeScript const assertion (#506)

---

You can view the full changelog here.

Commits

• 9774693 8.5.2
• 0e94cc0 v8.5.2 changelog
• 9a583c5 feat: simplify IPv6 key generation (#633)
• 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
• 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
• 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
• dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
• 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
• 50cc3f6 8.5.1
• 92c8e3e chore: bump ip-address library to latest (#626)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-rate-limit since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates express-slow-down from 2.0.3 to 3.1.0

Changelog

Sourced from express-slow-down's changelog.

v3.1.0

Added

• legacyHeaders and standardHeaders options can now be passed through to express-rate-limit

v3.0.1

Fixed

• Only pass supported options to express-rate-limit to avoid triggering warning added for unexpected options in ERL v8.2.0

v3.0.0

Added

• Added support for grouping IPv6 addresses by subnet (defaults to /56) via upgrading express-rate-limit dependency to 8.x

v2.1.0

Fixed

• Changed distributed JS to no longer bundle in express-rate-limit, instead using the version installed via npm. This enables several new express-rate-limit features that have been released since v7.0.1.

Commits

• 796b401 3.1.0
• 116552c v3.1.0 changelog
• 9483035 Merge pull request #84 from Sigmabrogz/feat/support-headers
• 5e82865 lint
• 05cfbdd Be more explicit about standard headers draft versions in tests
• 3388dd3 feat: support headers options from express-rate-limit
• 5d8851b Merge pull request #79 from express-rate-limit/dependabot/npm_and_yarn/webpac...
• 4430dff build(deps-dev): bump webpack from 5.94.0 to 5.105.0
• e336ce5 build(deps-dev): bump lodash-es from 4.17.21 to 4.17.23 (#75)
• 883857f build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#76)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-slow-down since your current version.

Updates helmet from 8.0.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

• Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
• Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

• Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

Commits

• 638e43b 8.2.0
• fdf25a8 Update changelog for 8.2.0 release
• bd293b7 Update devDependencies to latest versions
• 81ce5cc Test supported Node versions on CI
• 807a888 Update to new URL
• d4e0128 Add direct link to FAQ
• 437d2eb Bump actions/setup-node from 6.3.0 to 6.4.0 (#537)
• a6bd779 Upgrade actions/setup-node to 6.3.0
• 1e09f5f Fix changelog typo
• d526f5c Bump Picomatch dev sub-dependency
• Additional commits viewable in compare view

Updates http-errors from 2.0.0 to 2.0.1

Release notes

Sourced from http-errors's releases.

v2.0.1

What's Changed

• Add support for OSSF scorecard reporting by @​carpasse in jshttp/http-errors#107
• refactor: improve toClassName function readability and JSDoc completeness by @​Ayoub-Mabrouk in jshttp/http-errors#112
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in jshttp/http-errors#113
• Add test for extending native errors w/o altering prototype by @​jonchurch in jshttp/http-errors#106
• remove --bail from test script by @​jonchurch in jshttp/http-errors#114
• [StepSecurity] Apply security best practices by @​step-security-bot in jshttp/http-errors#116
• build(deps): bump actions/checkout from 2.7.0 to 4.2.2 by @​dependabot[bot] in jshttp/http-errors#117
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot[bot] in jshttp/http-errors#118
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in jshttp/http-errors#119
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in jshttp/http-errors#121
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 by @​dependabot[bot] in jshttp/http-errors#123
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/http-errors#124
• remove --bail by @​jonchurch in jshttp/http-errors#125
• deps: update statuses and switch fixed versions to tilde (~) by @​Phillip9587 in jshttp/http-errors#126
• chore: add funding to package.json by @​Phillip9587 in jshttp/http-errors#130
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 by @​dependabot[bot] in jshttp/http-errors#131
• ci: add nodejs v18 - v24 to test matrix by @​Phillip9587 in jshttp/http-errors#127
• build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 by @​dependabot[bot] in jshttp/http-errors#129
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 by @​dependabot[bot] in jshttp/http-errors#133
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in jshttp/http-errors#132
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in jshttp/http-errors#138
• build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 by @​dependabot[bot] in jshttp/http-errors#137
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in jshttp/http-errors#134
• Release: 2.0.1 by @​UlisesGascon in jshttp/http-errors#140

New Contributors

• @​Ayoub-Mabrouk made their first contribution in jshttp/http-errors#112
• @​jonchurch made their first contribution in jshttp/http-errors#106
• @​step-security-bot made their first contribution in jshttp/http-errors#116
• @​dependabot[bot] made their first contribution in jshttp/http-errors#117
• @​UlisesGascon made their first contribution in jshttp/http-errors#124
• @​Phillip9587 made their first contribution in jshttp/http-errors#126

Full Changelog: jshttp/http-errors@v2.0.0...v2.0.1

Changelog

Sourced from http-errors's changelog.

2.0.1 / 2025-11-20

• deps: use tilde notation for dependencies
• deps: update statuses to 2.0.2

Commits

• 61aee57 2.0.1 (#140)
• 6acba1f build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#134)
• d2dcbbf build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 (#137)
• fa47a60 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#138)
• 09b3881 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#132)
• f1ad322 build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 (#133)
• 109fe03 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 (#129)
• 7a05446 ci: add nodejs v18 - v24 to test matrix (#127)
• 6dfaf49 build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 (#131)
• 535aebf chore: add funding to package.json (#130)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for http-errors since your current version.

Updates i18next-browser-languagedetector from 8.0.2 to 8.2.1

Changelog

Sourced from i18next-browser-languagedetector's changelog.

8.2.1

• Add missing typescript definition for hash options 33154

8.2.0

• feat: add support for hash detector 304

8.1.0

• feat: add support for Partitioned cookies 303

8.0.5

• check for common xss attack patterns on detected language

8.0.4

• fix localstorage check to try to address 297 300

8.0.3

• change localstorage check to try to address 297

Commits

• 7164126 8.2.1
• 6df69c7 release
• 1ffa1cf Add missing typescript definition for hash options (#315)
• 697d89b Bump js-yaml (#313)
• ce82da9 Bump lodash from 4.17.21 to 4.17.23 (#312)
• d05fe5a fix url in readme
• 9d1d7d2 Bump tmp from 0.2.1 to 0.2.5 (#309)
• 32f0429 Bump cipher-base from 1.0.4 to 1.0.6 (#307)
• 9c0db8f Bump sha.js from 2.4.11 to 2.4....

  Description has been truncated