chore(deps): bump the npm_and_yarn group across 10 directories with 16 updates #19

dependabot · 2025-08-29T17:53:46Z

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
express	`4.21.2`	`5.1.0`
@types/express	`4.17.17`	`5.0.3`
form-data	`3.0.1`	`3.0.4`
semver	`7.6.0`	`7.7.2`
@types/semver	`7.5.8`	`7.7.0`
vite	`4.5.9`	`4.5.14`
webpack	`5.91.0`	`5.94.0`
mongoose	`6.13.8`	`8.18.0`
body-parser	`1.20.3`	`2.2.0`
nodemailer	`6.9.15`	`7.0.5`
@types/nodemailer	`6.4.16`	`7.0.1`

Bumps the npm_and_yarn group with 4 updates in the /examples/custom-server directory: express, webpack, ws and payload.
Bumps the npm_and_yarn group with 1 update in the /examples/db-example directory: payload.
Bumps the npm_and_yarn group with 4 updates in the /examples/hierarchy directory: express, webpack, ws and payload.
Bumps the npm_and_yarn group with 3 updates in the /examples/live-preview/payload directory: express, ws and payload.
Bumps the npm_and_yarn group with 4 updates in the /examples/nested-docs/payload directory: express, webpack, ws and payload.
Bumps the npm_and_yarn group with 4 updates in the /examples/testing directory: express, webpack, ws and payload.
Bumps the npm_and_yarn group with 2 updates in the /templates/blank directory: express and payload.
Bumps the npm_and_yarn group with 2 updates in the /templates/ecommerce directory: express and payload.
Bumps the npm_and_yarn group with 2 updates in the /templates/website directory: express and payload.

Updates express from 4.21.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

Update captains by @UlisesGascon in expressjs/express#6027

build: Node.js 23.0 by @bjohansebas in expressjs/express#6075

Add funding field (v5) by @bjohansebas in expressjs/express#6064

✅ add discarded middleware test by @ctcpip in expressjs/express#5819

update homepage link http to https by @bjohansebas in expressjs/express#5920

Improve readme by @bjohansebas in expressjs/express#5994

Add bjohansebas as repo captain for expressjs.com by @crandmck in expressjs/express#6058

Remove Object.setPrototypeOf polyfill by @Phillip9587 in expressjs/express#6081

fix(buffer): use node:buffer instead of safe-buffer by @bhavya3024 in expressjs/express#6071

docs: Add DCO by @UlisesGascon in expressjs/express#6048

cleanup: remove promise support check from tests by @Phillip9587 in expressjs/express#6148

Use loop for acceptParams by @blakeembrey in expressjs/express#6066

Improve documentation step in release process by @bjohansebas in expressjs/express#6150

cleanup: remove unnecessary require for global Buffer by @Phillip9587 in expressjs/express#6146

cleanup: remove AsyncLocalStorage check by @Phillip9587 in expressjs/express#6147

update history.md for acceptParams change by @jonchurch in expressjs/express#6177

docs: add @rxmarbles to the triage team by @UlisesGascon in expressjs/express#6151

refactor: improve readability by @sazk07 in expressjs/express#6173

docs: clarify the security process in the triage role by @bjohansebas in expressjs/express#6217

chore: replace methods dependency with standard library by @jonkoops in expressjs/express#6196

Remove utils-merge dependency - use spread syntax instead by @Phillip9587 in expressjs/express#6091

fix(securite): fix vulnerabilities by @Abdel-Monaam-Aouini in expressjs/express#6211

refactor: prefix built-in node module imports by @slagiewka in expressjs/express#6236

fix: remove download size badges by @wesleytodd in expressjs/express#6266

Remove unused depd dependency by @jonkoops in expressjs/express#6197

fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @hamirmahal in expressjs/express#6256

Add support for OSSF scorecard reporting by @UlisesGascon in expressjs/express#5431

docs: add @Phillip9587 to the triage team by @bjohansebas in expressjs/express#6276

fix: added a missing semicolon in css styles in examples/auth by @pr4j3sh in expressjs/express#6297

docs: include team email in the security policy by @UlisesGascon in expressjs/express#6278

refactor: simplify normalizeTypes function by @Ayoub-Mabrouk in expressjs/express#6097

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6314

ci: fix npm install --include typo by @Phillip9587 in expressjs/express#6324

ci: updated scorecard actions by @Phillip9587 in expressjs/express#6322

build(deps): use carat notation for dependency versions by @dpopp07 in expressjs/express#6317

chore(deps): update debug to ^4.4.0 by @Phillip9587 in expressjs/express#6313

docs: retroactively note 5.0.0-beta.1 api change in history file by @dpopp07 in expressjs/express#6333

feat(deps): body-parser@^2.1.0 by @wesleytodd in expressjs/express#6332

feat(deps): router@^2.1.0 by @wesleytodd in expressjs/express#6331

Update repo captains by @UlisesGascon in expressjs/express#6234

deps: upgrade nyc by @agungjati in expressjs/express#6122

fix (deps): update deps by @wesleytodd in expressjs/express#6337

response: add support for ETag option in res.sendFile by @juanarbol in expressjs/express#6073

Update multiple links to use https instead of http by @Phillip9587 in expressjs/express#6338

Extend res.links() to allow adding multiple links with the same rel #2729 by @andvea in expressjs/express#4885

docs: update emeritus triagers by @UlisesGascon in expressjs/express#6345

docs: update guidance for triager nominations by @bjohansebas in expressjs/express#6349

docs: clarify guidelines for becoming a committer by @bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

Add support for Uint8Array in res.send()

Add support for ETag option in res.sendFile()

Add support for multiple links with the same rel in res.links()

Add funding field to package.json

perf: use loop for acceptParams

refactor: prefix built-in node module imports

deps: remove setprototypeof

deps: remove safe-buffer

deps: remove utils-merge

deps: remove methods

deps: remove depd

deps: debug@^4.4.0

deps: body-parser@^2.2.0

deps: router@^2.2.0

deps: content-type@^1.0.5

deps: finalhandler@^2.1.0

deps: qs@^6.14.0

deps: [email protected]

deps: [email protected]

5.0.1 / 2024-10-08

Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

remove:

path-is-absolute dependency - use path.isAbsolute instead

breaking:

res.status() accepts only integers, and input must be greater than 99 and less than 1000

will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range

will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs

deps: [email protected]

res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.

change:

res.clearCookie will ignore user provided maxAge and expires options

deps: cookie-signature@^1.2.1

deps: [email protected]

deps: merge-descriptors@^2.0.0

deps: serve-static@^2.1.0

deps: [email protected]

deps: accepts@^2.0.0

deps: mime-types@^3.0.0

application/javascript => text/javascript

deps: type-is@^2.0.0

deps: content-disposition@^1.0.0

... (truncated)

Commits

cd7d439 5.1.0
4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
cb4c56e fix(docs): remove @mertcanaltin from Triagers (#6408)
7b44e1d ci: use full SHAs for github action versions
eb6d125 deps: router@^2.2.0 (#6417)
f1a2dc8 deps: type-is@^2.0.1 (#6420)
6b51e8e deps: body-parser@^2.2.0 (#6419)
1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
9e97144 feat(deps): [email protected] (#6373)
29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
Additional commits viewable in compare view

Updates @types/express from 4.17.17 to 5.0.3

Commits

See full diff in compare view

Updates form-data from 3.0.1 to 3.0.4

Release notes

Sourced from form-data's releases.

v3.0.2

Fixes

npmignore temporary build files (#532)

move util.isArray to Array.isArray (#564)

Tests

migrate from travis to GHA

Changelog

Sourced from form-data's changelog.

v3.0.4 - 2025-07-16

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] update linting config f5e7eb0

[meta] add auto-changelog d2eb290

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 e8c574c

[Fix] Switch to using crypto random for boundary values c6ced61

[Refactor] use hasown 1a78b5d

[Fix] validate boundary type in setBoundary() method 70bbaa0

[Tests] add tests to check the behavior of getBoundary with non-strings b22a64e

[meta] actually ensure the readme backup isn’t published 0150851

[meta] remove local commit hooks fc42bb9

[Dev Deps] remove unused deps a14d09e

[meta] fix scripts to use prepublishOnly 11d9f73

[meta] fix readme capitalization fc38b48

v3.0.3 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

[Refactor] use Object.prototype.hasOwnProperty.call 7fecefe

[Dev Deps] update @types/node, browserify, coveralls, cross-spawn, eslint, formidable, in-publish, pkgfiles, pre-commit, puppeteer, request, tape, typescript 8261fcb

Only apps should have lockfiles b82f590

[Dev Deps] pin request which via tough-cookie ^2.4 depends on psl e5df7f2

[Deps] update mime-types 5a5bafe

v3.0.2 - 2024-10-10

Merged

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Commits

[Tests] migrate from travis to GHA 8fdb3bc

[eslint] clean up ignores 3217b3d

fix: move util.isArray to Array.isArray (#564) edb555a

Commits

9c82fcd v3.0.4
e8c574c [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
c6ced61 [Fix] Switch to using crypto random for boundary values
0150851 [meta] actually ensure the readme backup isn’t published
fc38b48 [meta] fix readme capitalization
d2eb290 [meta] add auto-changelog
fc42bb9 [meta] remove local commit hooks
a14d09e [Dev Deps] remove unused deps
002b9b0 [Fix] append: avoid a crash on nullish values
70bbaa0 [Fix] validate boundary type in setBoundary() method
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Updates semver from 7.6.0 to 7.7.2

Release notes

Sourced from semver's releases.

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

fcafb61 #780 add missing 'use strict' directives (#780) (@Fdawgs)

c99f336 #781 prerelease identifier starting with digits (#781) (@mbtools)

Chores

c760403 #784 template-oss-apply for workflow permissions (#784) (@wraithgar)

2677f2a #778 bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@dependabot[bot], @npm-cli-bot)

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide)

Documentation

2975ece #719 fix extra backtick typo (#719) (@stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

6466ba9 #713 lru: use map.delete() directly (#713) (@negezor, @lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.2 (2025-05-12)

Bug Fixes

fcafb61 #780 add missing 'use strict' directives (#780) (@Fdawgs)

c99f336 #781 prerelease identifier starting with digits (#781) (@mbtools)

Chores

c760403 #784 template-oss-apply for workflow permissions (#784) (@wraithgar)

2677f2a #778 bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@dependabot[bot], @npm-cli-bot)

7.7.1 (2025-02-03)

Bug Fixes

af761c0 #764 inc: fully capture prerelease identifier (#764) (@wraithgar)

7.7.0 (2025-01-29)

Features

0864b3c #753 add "release" inc type (#753) (@mbtools)

Bug Fixes

d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@eminberkayd, berkay.daglar)

8a34bde #754 add identifier validation to inc() (#754) (@mbtools)

Documentation

67e5478 #756 readme: added missing period for consistency (#756) (@shaymolcho)

868d4bb #749 clarify comment about obsolete prefixes (#749) (@mbtools, @ljharb)

Chores

145c554 #741 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])

753e02b #747 bump @npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@dependabot[bot], @npm-cli-bot)

0b812d5 #744 postinstall for dependabot template-oss PR (@hashtagchris)

7.6.3 (2024-07-16)

Bug Fixes

73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide)

Documentation

2975ece #719 fix extra backtick typo (#719) (@stdavis)

7.6.2 (2024-05-09)

Bug Fixes

6466ba9 #713 lru: use map.delete() directly (#713) (@negezor, @lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

c570a34 #704 linting: no-unused-vars (@wraithgar)

ad8ff11 #704 use internal cache implementation (@mbtools)

ac9b357 #682 typo in compareBuild debug message (#682) (@mbtools)

... (truncated)

Commits

281055e chore: release 7.7.2 (#783)
fcafb61 fix: add missing 'use strict' directives (#780)
c760403 chore: template-oss-apply for workflow permissions (#784)
c99f336 fix: prerelease identifier starting with digits (#781)
2677f2a chore: bump @npmcli/template-oss from 4.23.6 to 4.24.3 (#778)
0b98655 chore: bump @npmcli/template-oss from 4.23.4 to 4.23.6 (#760)
30c438b chore: release 7.7.1 (#765)
af761c0 fix(inc): fully capture prerelease identifier (#764)
2cfcbb5 chore: release 7.7.0 (#750)
d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
Additional commits viewable in compare view

Updates @types/semver from 7.5.8 to 7.7.0

Commits

See full diff in compare view

Updates vite from 4.5.9 to 4.5.14

Release notes

Sourced from vite's releases.

v4.5.14

Please refer to CHANGELOG.md for details.

v4.5.13

Please refer to CHANGELOG.md for details.

v4.5.12

Please refer to CHANGELOG.md for details.

v4.5.11

Please refer to CHANGELOG.md for details.

v4.5.10

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

4.5.14 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19967) (7739479), closes #19965 #19967

chore: run format (99afb60)

4.5.13 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19832) (41f3819), closes #19830 #19832

4.5.12 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19785) (0a3dcf5), closes #19782 #19785

4.5.11 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19763) (26e1764), closes #19761 #19763

4.5.10 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19704) (315695e), closes #19702 #19704

Commits

9bfe2b1 release: v4.5.14
7739479 fix: backport #19965, check static serve file inside sirv (#19967)
99afb60 chore: run format
cd60e8b release: v4.5.13
41f3819 fix: backport #19830, reject requests with # in request-target (#19832)
6104add release: v4.5.12
0a3dcf5 fix: backport #19782, fs check with svg and relative paths (#19785)
07ddc3e release: v4.5.11
26e1764 fix: backport #19761, fs check in transform middleware (#19763)
86e7a6b release: v4.5.10
Additional commits viewable in compare view

Updates webpack from 5.91.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Updates mongoose from 6.13.8 to 8.18.0

Release notes

Sourced from mongoose's releases.

8.18.0 / 2025-08-22

feat(schema): support for union types #15574 #10894

fix: trim long strings in minLength and maxLength error messages and display the string length #15571 #15550

types(connection+collection): make BaseCollection and BaseConnection usable as values #15575 #15548

types: remove logic that omits timestamps when virtuals, methods, etc. options set #15577 #12807

8.17.2 / 2025-08-18

fix: avoid Model.validate() hanging when all paths fail casting #15580 #15579 piotracalski

types(document): better support for flattenObjectIds and versionKey options for toObject() and toJSON() #15582 #15578

docs: fix docs jsdoc tags and add UUID to be listed #15585

docs(document): fix code sample that errors with "Cannot set properties of undefined" #15589

8.17.1 / 2025-08-07

fix(query): propagate read preference and read concern to populate if read() called after populate() #15567 #15553

fix(model): call correct function in autoSearchIndex #15569 #15565

fix(model): allow setting statics option on discriminator schema #15568 #15556

fix(model): remove unnecessary conversion of undefined -> null in findById #15566 #15551

types: allow passing in projections without as const #15564 #15557

types: support maxLength and minLength in SchemaTypeOptions #15570 #4720

8.17.0 / 2025-07-30

feat: upgrade mongodb -> 6.18.0 #15552

feat(mongoose): export base Connection and Collection classes #15548

feat: make Schema.prototype.$conditionalHandlers public #15497

types: automatically infer discriminator type #15547 #15535

types: make versionKey: false disable __v from hydrated document #15524 #15511

types: indicate support for mongodb abort #15549 GalacticHypernova

types: add options property to schemas #15524

types(schematype): make defaultOptions static and add schemaOptions to DocumentArray #15529 #15524

8.16.5 / 2025-07-25

fix(map): avoid throwing required error if saving map of primitives with required: true #15542

types(model): export MongooseBulkWriteResult type #15546

types(connection): add base to connection type #15544

8.16.4 / 2025-07-16

fix(connection): avoid calling connection.close() internally with force: Object #15534 #15531

types(schema): handle required: string in schema definitions #15538 #15536

types(document): allow calling $isDefault() with no args #15528 #15522

types: infer Typescript string enums #15530 ruiaraujo

types: pass TModelType down to schema statics #15537

8.16.3 / 2025-07-10

... (truncated)

Changelog

Sourced from mongoose's changelog.

8.18.0 / 2025-08-22

feat(schema): support for union types Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

…6 updates Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.21.2` | `5.1.0` | | [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.17` | `5.0.3` | | [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` | | [semver](https://github.com/npm/node-semver) | `7.6.0` | `7.7.2` | | [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) | `7.5.8` | `7.7.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.5.9` | `4.5.14` | | [webpack](https://github.com/webpack/webpack) | `5.91.0` | `5.94.0` | | [mongoose](https://github.com/Automattic/mongoose) | `6.13.8` | `8.18.0` | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.3` | `2.2.0` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.15` | `7.0.5` | | [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer) | `6.4.16` | `7.0.1` | Bumps the npm_and_yarn group with 4 updates in the /examples/custom-server directory: [express](https://github.com/expressjs/express), [webpack](https://github.com/webpack/webpack), [ws](https://github.com/websockets/ws) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 1 update in the /examples/db-example directory: [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 4 updates in the /examples/hierarchy directory: [express](https://github.com/expressjs/express), [webpack](https://github.com/webpack/webpack), [ws](https://github.com/websockets/ws) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 3 updates in the /examples/live-preview/payload directory: [express](https://github.com/expressjs/express), [ws](https://github.com/websockets/ws) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 4 updates in the /examples/nested-docs/payload directory: [express](https://github.com/expressjs/express), [webpack](https://github.com/webpack/webpack), [ws](https://github.com/websockets/ws) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 4 updates in the /examples/testing directory: [express](https://github.com/expressjs/express), [webpack](https://github.com/webpack/webpack), [ws](https://github.com/websockets/ws) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 2 updates in the /templates/blank directory: [express](https://github.com/expressjs/express) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 2 updates in the /templates/ecommerce directory: [express](https://github.com/expressjs/express) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Bumps the npm_and_yarn group with 2 updates in the /templates/website directory: [express](https://github.com/expressjs/express) and [payload](https://github.com/payloadcms/payload/tree/HEAD/packages/payload). Updates `express` from 4.21.2 to 5.1.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `@types/express` from 4.17.17 to 5.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/v3.0.4/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `semver` from 7.6.0 to 7.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.7.2) Updates `@types/semver` from 7.5.8 to 7.7.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver) Updates `vite` from 4.5.9 to 4.5.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.14/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.14/packages/vite) Updates `webpack` from 5.91.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.94.0) Updates `mongoose` from 6.13.8 to 8.18.0 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@6.13.8...8.18.0) Updates `body-parser` from 1.20.3 to 2.2.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...v2.2.0) Updates `nodemailer` from 6.9.15 to 7.0.5 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v6.9.15...v7.0.5) Updates `@types/nodemailer` from 6.4.16 to 7.0.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer) Updates `serve-static` from 1.16.2 to 1.15.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.16.2...v1.15.0) Updates `cookie` from 0.7.1 to 0.7.2 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.7.1...v0.7.2) Updates `path-to-regexp` from 0.1.12 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.12...v1.9.0) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `webpack` from 5.89.0 to 5.91.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.94.0) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `payload` from 2.2.2 to 3.54.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `payload` from 2.32.3 to 3.54.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `webpack` from 5.90.0 to 5.91.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.94.0) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `payload` from 2.8.2 to 3.44.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `payload` from 2.16.1 to 3.54.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `webpack` from 5.89.0 to 5.91.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.94.0) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `payload` from 2.4.0 to 3.54.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `webpack` from 5.89.0 to 5.91.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.91.0...v5.94.0) Updates `ws` from 7.5.9 to 7.5.10 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@7.5.9...7.5.10) Updates `payload` from 2.4.0 to 3.44.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.20.0 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `payload` from 2.19.3 to 3.44.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.20.0 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `payload` from 2.19.3 to 3.44.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) Updates `express` from 4.20.0 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.21.2...v5.1.0) Updates `payload` from 2.19.3 to 3.44.0 - [Release notes](https://github.com/payloadcms/payload/releases) - [Commits](https://github.com/payloadcms/payload/commits/v3.54.0/packages/payload) --- updated-dependencies: - dependency-name: express dependency-version: 5.1.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@types/express" dependency-version: 5.0.3 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 7.7.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@types/semver" dependency-version: 7.7.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 4.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mongoose dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nodemailer dependency-version: 7.0.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@types/nodemailer" dependency-version: 7.0.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.15.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 1.9.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.91.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.54.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.91.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.44.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.54.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.91.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.54.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.91.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-version: 7.5.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.44.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.44.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.44.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: payload dependency-version: 3.44.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-09-10T13:30:46Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Aug 29, 2025

chore: merge from main

8adc4d5

finkinfridom added 2 commits September 12, 2025 14:21

chore: merge

c3a7c7f

chore: merge

a6038fe

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 10 directories with 16 updates #19

chore(deps): bump the npm_and_yarn group across 10 directories with 16 updates #19

Uh oh!

dependabot bot commented on behalf of github Aug 29, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Sep 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the npm_and_yarn group across 10 directories with 16 updates #19

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 10 directories with 16 updates #19

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.1.0

What's Changed

5.1.0 / 2025-03-31

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

v3.0.2

Fixes

Tests

v3.0.4 - 2025-07-16

Fixed

Commits

v3.0.3 - 2025-02-14

Merged

Fixed

Commits

v3.0.2 - 2024-10-10

Merged

Commits

v7.7.2

7.7.2 (2025-05-12)

Bug Fixes

Chores

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

v7.7.0

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

7.7.2 (2025-05-12)

Bug Fixes

Chores

7.7.1 (2025-02-03)

Bug Fixes

7.7.0 (2025-01-29)

Features

Bug Fixes

Documentation

Chores

7.6.3 (2024-07-16)

Bug Fixes

Documentation

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

v4.5.14

v4.5.13

v4.5.12

v4.5.11

v4.5.10

4.5.14 (2025-04-30)

4.5.13 (2025-04-10)

4.5.12 (2025-04-03)

4.5.11 (2025-03-31)

4.5.10 (2025-03-24)

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

dependabot bot commented on behalf of github Aug 29, 2025 •

edited

Loading