chore(deps): bump the npm_and_yarn group across 13 directories with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /examples/soap-with-custom-function directory: axios and lodash.
Bumps the npm_and_yarn group with 4 updates in the /examples/soap-with-custom-function/server directory: axios, lodash, body-parser and express.
Bumps the npm_and_yarn group with 3 updates in the /packages/artillery/test/cloud-e2e/fargate/fixtures/mixed-hierarchy directory: lodash, aws-sdk and @babel/helpers.
Bumps the npm_and_yarn group with 5 updates in the /examples/artillery-engine-example directory:

Package	From	To
lodash	4.17.21	4.17.23
brace-expansion	2.0.1	2.0.2
brace-expansion	1.1.11	1.1.12
cross-spawn	7.0.3	7.0.6
prismjs	1.29.0	1.30.0
tar	6.2.0	7.5.6

Bumps the npm_and_yarn group with 3 updates in the /examples/functional-testing-with-expect-plugin directory: body-parser, express and brace-expansion.
Bumps the npm_and_yarn group with 3 updates in the /examples/graphql-api-server directory: body-parser, express and sha.js.
Bumps the npm_and_yarn group with 3 updates in the /examples/k8s-testing-with-kubectl-artillery directory: body-parser, express and cookie.
Bumps the npm_and_yarn group with 3 updates in the /examples/track-custom-metrics directory: body-parser, express and on-headers.
Bumps the npm_and_yarn group with 3 updates in the /examples/http-socketio-server directory: body-parser, express and cookie.
Bumps the npm_and_yarn group with 2 updates in the /examples/scenario-weights directory: body-parser and express.
Bumps the npm_and_yarn group with 3 updates in the /examples/using-cookies directory: body-parser, express and cookie.
Bumps the npm_and_yarn group with 4 updates in the /examples/http-file-uploads directory: body-parser, express, brace-expansion and multer.
Bumps the npm_and_yarn group with 1 update in the /examples/socket-io directory: cookie.

Updates axios from 0.27.2 to 1.13.2

Release notes

Sourced from axios's releases.

Release v1.13.2

Release notes:

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

Release v1.13.1

Release notes:

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

Release v1.13.0

Release notes:

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
• resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

• http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.2 (2025-11-04)

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

1.13.1 (2025-10-28)

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

1.13.0 (2025-10-27)

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
• resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

• http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge

... (truncated)

Commits

• 08b84b5 chore(release): v1.13.2 (#7207)
• 8d37233 fix(http): fix 'socket hang up' bug for keep-alive requests when using timeou...
• 12c314b perf(http): fix early loop exit; (#7202)
• f6d79e7 chore(sponsor): update sponsor block (#7203)
• 0588880 fix(http): use default export for http2 module to support stubs; (#7196)
• 1ef8e72 chore(release): v1.13.1 (#7194)
• bcd5581 fix(http): fixed a regression that caused the data stream to be interrupted f...
• c9b3371 chore: enhance styling and responsiveness in client.html (#7173)
• 9ead04d [Release] v1.13.0 (#7189)
• d000fbf fix(http2): fix possible race condition when handling http2 stream on almost ...
• Additional commits viewable in compare view

Updates form-data from 4.0.0 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

... (truncated)

Commits

• 68ff7dd v4.0.5
• 5822467 [Dev Deps] update @ljharb/eslint-config, eslint
• 76d0dee [Fix] set Symbol.toStringTag in the proper place
• 16e0076 [Tests] Switch to newer v8 prediction library; enable node 24 testing
• 41996f5 v4.0.4
• 316c82b [meta] actually ensure the readme backup isn’t published
• 2300ca1 [meta] fix readme capitalization
• 811f682 [meta] add auto-changelog
• 5e34080 [Tests] fix linting errors
• 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Updates formidable from 3.5.1 to 3.5.4

Release notes

Sourced from formidable's releases.

v3.5.3

What's Changed

• Fix existing test failure by @​ryhmrt in node-formidable/formidable#990

• update Ryan Dahl x account link by @​moetezch in node-formidable/formidable#989

• update failing tests

• update CI/CD workflows and actions;

• update CodeQL github action for security analysis

• update readme, links and badges

• update to use cuid2 (battle-tested @paralleldrive/cuid2 package) for better random names - should not be breaking anything since it's still 25 characters long, but a lot safer and faster.

New Contributors

• @​ryhmrt made their first contribution in node-formidable/formidable#990
• @​moetezch made their first contribution in node-formidable/formidable#989

Full Changelog: node-formidable/formidable@v3.5.2...v3.5.3

v3.5.2

No release notes provided.

Changelog

Sourced from formidable's changelog.

3.5.4

• fix the os.machine breaking some dependents, fix #994
• add Node 16, 18, 20, 22 to CI/CD

3.5.3

• security report by ZAST.AI help for some vulnerabilities addressing (primarily the random names generation)
• update failing tests
• update CI/CD workflows and actions;
• update CodeQL github action for security analysis
• update readme, links and badges
• update to use cuid2 (battle-tested @paralleldrive/cuid2 package) for better random names - should not be breaking anything since it's still 25 characters long, but a lot safer and faster.

3.5.2

• fix: (#982) make it easier to import hexoid with webpack

Commits

• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates xml-crypto from 3.2.0 to 6.1.2

Release notes

Sourced from xml-crypto's releases.

v6.1.2

• Remove all reference XML data if any are corrupted (#502) (cac1c8d)

v6.1.1

• Adjust deprecation to better reflect real-world usage (#499) (ab1c69e)

v6.1.0

• Introduce new .getSignedReferences() function of signature to help prevent signature wrapping attacks (#489) (badaf20)

v6.0.1

• Merge commit from fork (8ac6118)

This addresses two critical CVE:

• CVE-2025-29774
• CVE-2025-29775

v6.0.0

• Bump github/codeql-action from 2 to 3 (#434) (627d83f)
• Set getCertFromKeyInfo to noop (#445) (2120172)
• Chore: Update README.md (#432) (f8cbbb7)

v5.1.1

• fix: template literal (#443) (1ceedc8)

v5.1.0

• Bump @​typescript-eslint/parser from 6.13.0 to 6.18.1 (#442) (ecbedd9)
• Bump @​typescript-eslint/eslint-plugin from 6.13.0 to 6.18.1 (#441) (9eb9002)
• Bump follow-redirects from 1.15.3 to 1.15.4 (#440) (6f363ab)
• Bump eslint from 8.54.0 to 8.56.0 (#436) (bf163dd)
• Bump @​types/node from 16.18.65 to 16.18.69 (#435) (4f98697)
• Bump release-it from 16.2.1 to 16.3.0 (#428) (4d3711a)
• Enhance derToPem to support XML pretty-print (#439) (6e95c60)

v5.0.0

• Bump @​typescript-eslint/eslint-plugin from 5.62.0 to 6.13.0 (#422) (66d887b)
• Bump @​prettier/plugin-xml from 3.2.1 to 3.2.2 (#423) (7410d2e)
• Bump @​types/mocha from 10.0.2 to 10.0.6 (#421) (36bcf0e)
• Bump @​types/chai from 4.3.6 to 4.3.11 (#419) (ef513da)
• Bump prettier from 3.0.3 to 3.1.0 (#418) (09176a5)
• Bump typescript from 5.2.2 to 5.3.2 (#415) (f3da589)
• Bump eslint from 8.51.0 to 8.54.0 (#414) (b7c90f5)
• Bump actions/setup-node from 3 to 4 (#413) (9602607)
• Bump @​babel/traverse from 7.22.4 to 7.23.2 (#407) (552a6d6)
• Bump actions/checkout from 3 to 4 (#392) (7ad9a5f)
• Bump eslint-plugin-deprecation from 1.4.1 to 2.0.0 (#390) (0f11269)
• Bump typescript from 5.1.6 to 5.2.2 (#383) (8cf4966)
• Bump eslint-config-prettier from 8.8.0 to 9.0.0 (#381) (9584e48)
• Mark getKeyInfo() private as it has no public consumers (#412) (1099f59)
• Remove the default for getKeyInfoContent forcing a consumer to choose (#411) (468d674)

... (truncated)

Changelog

Sourced from xml-crypto's changelog.

6.1.2 (2025-04-24)

🐛 Bug Fixes

• [bug] [security] Remove all reference XML data if any are corrupted #502

---

v6.1.1 (2025-04-21)

🚀 Minor Changes

• [enhancement] Adjust deprecation to better reflect real-world usage #499

---

v6.1.0 (2025-04-09)

🚀 Minor Changes

• [enhancement] Introduce new .getSignedReferences() function of signature to help prevent signature wrapping attacks #489

---

v6.0.1 (2025-03-14)

• Address CVEs: CVE-2025-29774 and CVE-2025-29775

---

v6.0.0 (2024-01-26)

💣 Major Changes

• [breaking-change] Set getCertFromKeyInfo to noop #445

🔗 Dependencies

• [dependencies] [github_actions] Bump github/codeql-action from 2 to 3 #434

📚 Documentation

• [documentation] Chore: Update README.md #432

---

v5.1.1 (2024-01-17)

🐛 Bug Fixes

... (truncated)

Commits

• ef8ba25 Release 6.1.2
• cac1c8d Remove all reference XML data if any are corrupted (#502)
• 5c96990 Release 6.1.1
• ab1c69e Adjust deprecation to better reflect real-world usage (#499)
• 0a94b95 Release 6.1.0
• badaf20 Introduce new .getSignedReferences() function of signature to help prevent si...
• d80e5b7 Release 6.0.1
• 8ac6118 Merge commit from fork
• 0ed7ab2 Release 6.0.0
• 627d83f Bump github/codeql-action from 2 to 3 (#434)
• Additional commits viewable in compare view

Updates axios from 0.27.2 to 1.13.2

Release notes

Sourced from axios's releases.

Release v1.13.2

Release notes:

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

Release v1.13.1

Release notes:

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

Release v1.13.0

Release notes:

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
• resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

• http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.2 (2025-11-04)

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
• http: use default export for http2 module to support stubs; (#7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

1.13.1 (2025-10-28)

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

1.13.0 (2025-10-27)

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#7155) (015faec)
• resolve issue #7131 (added spacing in mergeConfig.js) (#7133) (9b9ec98)

Features

• http: add HTTP2 support; (#7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge

... (truncated)

Commits

• 08b84b5 chore(release): v1.13.2 (#7207)
• 8d37233 fix(http): fix 'socket hang up' bug for keep-alive requests when using timeou...
• 12c314b perf(http): fix early loop exit; (#7202)
• f6d79e7 chore(sponsor): update sponsor block (#7203)
• 0588880 fix(http): use default export for http2 module to support stubs; (#7196)
• 1ef8e72 chore(release): v1.13.1 (#7194)
• bcd5581 fix(http): fixed a regression that caused the data stream to be interrupted f...
• c9b3371 chore: enhance styling and responsiveness in client.html (#7173)
• 9ead04d [Release] v1.13.0 (#7189)
• d000fbf fix(http2): fix possible race condition when handling http2 stream on almost ...
• Additional commits viewable in compare view

Updates form-data from 4.0.0 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	lodash@​4.17.23

View full report