chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates #6

dependabot · 2025-04-30T17:53:17Z

Bumps the npm_and_yarn group with 27 updates in the / directory:

Package	From	To
webpack	`5.21.0`	`5.94.0`
@babel/helpers	`7.12.13`	`7.27.1`
@babel/traverse	`7.12.13`	`7.27.1`
ansi-regex	`5.0.0`	`5.0.1`
axios	`0.21.1`	`0.21.4`
base-x	`3.0.8`	`3.0.11`
browserify-sign	`4.2.1`	`4.2.3`
browserslist	`4.16.3`	`4.24.4`
cookiejar	`2.1.2`	`2.1.4`
decode-uri-component	`0.2.0`	`0.2.2`
es5-ext	`0.10.53`	`0.10.64`
express	`4.17.1`	`4.21.2`
follow-redirects	`1.13.2`	`1.15.9`
http-cache-semantics	`4.1.0`	`4.1.1`
json5	`1.0.1`	`1.0.2`
loader-utils	`2.0.0`	`2.0.4`
minimist	`1.2.5`	`1.2.8`
normalize-url	`4.5.0`	`4.5.1`
qs	`6.5.2`	`6.5.3`
secp256k1	`4.0.2`	`4.0.4`
semver	`5.7.1`	`5.7.2`
shell-quote	`1.7.2`	`1.8.2`
shelljs	`0.8.4`	`0.8.5`
simple-get	`2.8.1`	`2.8.2`
tar	`4.4.13`	`4.4.19`
terser	`5.5.1`	`5.39.0`
tmpl	`1.0.4`	`1.0.5`

Updates webpack from 5.21.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

Correct tidle range's comutation for module federation

Consider runtime for pure expression dependency update hash

Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

eabf85d chore(release): 5.94.0
955e057 security: fix DOM clobbering in auto public path
9822387 test: fix
cbb86ed test: fix
5ac3d7f fix: unexpected asi generation with sequence expression
2411661 security: fix DOM clobbering in auto public path
b8c03d4 fix: unexpected asi generation with sequence expression
f46a03c revert: do not use heuristic fallback for "module-import"
60f1898 fix: do not use heuristic fallback for "module-import"
66306aa Revert "fix: module-import get fallback from externalsPresets"
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates @babel/helpers from 7.12.13 to 7.27.1

Release notes

Sourced from @babel/helpers's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
b1f9184 Reduce interopRequireWildcard size (#16538)
9c351e5 Use class and add type definitions for regenerator (#17220)
0f95b74 Reduce regeneratorRuntime size (#17213)
317e332 Enforce node protocol import (#17207)
14ef1e9 Babel 8 cleanup (#17211)
97105cb Re-convert regeneratorRuntime to helper format (#17205)
1b93b0c Move regenerator files to the relevant packages (#17205)
b953a8f Remove bundled regeneratorRuntime helper (#17205)
6874c25 Prepare LICENSE files for incorporating regenerator (#17205)
Additional commits viewable in compare view

Updates @babel/traverse from 7.12.13 to 7.27.1

Release notes

Sourced from @babel/traverse's releases.

v7.27.1 (2025-04-30)

Thanks @kermanx and @woaitsAryan for your first PRs!

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

All packages

#17207 Enforce node protocol import (@JLHwung)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

babel-parser

#17254 Allow using of as lexical declaration within for (@JLHwung)

#17230 Disallow get/set in TSPropertySignature (@JLHwung)

babel-parser, babel-types

#17193 Stricter TSImportType options parsing (@JLHwung)

🐛 Bug Fix

babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse

#17137 fix: do expressions should allow early exit (@kermanx)

babel-helper-wrap-function, babel-plugin-transform-async-to-generator

#17251 Fix: propagate argument evaluation errors through async promise chain (@magic-akari)

babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator

#17231 fix apply()/call() annotated as pure (@Lacsw)

babel-helper-fixtures, babel-parser

#17233 Create ChainExpression within TSInstantiationExpression (@JLHwung)

babel-generator, babel-parser

#17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@JLHwung)

babel-parser

#17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@JLHwung)

#17080 Fix start of TSParameterProperty (@JLHwung)

babel-compat-data, babel-preset-env

#17228 Update firefox bugfix compat data (@JLHwung)

babel-traverse

#17156 fix: Objects and arrays with multiple references should not be evaluated (@liuxingbaoyu)

babel-generator

#17216 Fix: support const type parameter in generator (@JLHwung)

💅 Polish

babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

#17221 Reduce generated names size for the 10th-11th (@nicolo-ribaudo)

🏠 Internal

babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17263 Remove unused regenerator-runtime dep in @babel/runtime (@nicolo-ribaudo)

babel-compat-data, babel-preset-env

#17256 Tune plugin compat data (@JLHwung)

babel-compat-data, babel-standalone

#17236 migrate babel-compat-data build script to mjs (@JLHwung)

Other

#17232 Bump typescript-eslint to 8.29.1 (@JLHwung)

#17219 test: add basic typescript-eslint integration tests (@JLHwung)

#17205 Inline regenerator in the relevant packages (@nicolo-ribaudo)

babel-register

#16844 Migrate @babel/register to cts (@liuxingbaoyu)

babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types

#17207 Enforce node protocol import (@JLHwung)

babel-plugin-transform-regenerator

... (truncated)

Commits

eebd3a0 v7.27.1
62af1a6 fix: do expressions should allow early exit (#17137)
8e23272 [Babel 8] perf: Improve traverse performance (#16965)
9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
4d39e9d Harden variable declarator validations (#17217)
6cd1c60 Reduce generated names size for the 10th-11th (#17221)
a5c8992 fix: Objects and arrays with multiple references should not be evaluated (#17...
fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
5c350ea v7.27.0
582538c Allow traverseFast to exit early (#17169)
Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Commits

a9babce 5.0.1
4657833 fix incorrect format
c3c0b3f Fix potential ReDoS (#37)
178363b Move to GitHub Actions (#35)
0755e66 Add @Qix- to funding.yml
See full diff in compare view

Updates axios from 0.21.1 to 0.21.4

Release notes

Sourced from axios's releases.

v0.21.4

Fixes and Functionality:

Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Guillaume Fortaine

Yusuke Kawasaki

Dmitriy Mozgovoy

v0.21.3

Fixes and Functionality:

Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Julian Hollmann

v0.21.2

Fixes and Functionality:

Updating axios requests to be delayed by pre-emptive promise creation (#2702)

Adding "synchronous" and "runWhen" options to interceptors api (#2702)

Updating of transformResponse (#3377)

Adding ability to omit User-Agent header (#3703)

Adding multiple JSON improvements (#3688, #3763)

Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)

Adding parseInt to config.timeout (#3781)

Adding custom return type support to interceptor (#3783)

Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

Updating build dev dependancies (#3401)

Fixing builds running on Travis CI (#3538)

Updating follow rediect version (#3694, #3771)

Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)

Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)

Fixing tests by bumping karma-sauce-launcher version (#3813)

Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)

Remove duplication of item in changelog (#3523)

Fixing gramatical errors (#2642)

Fixing spelling error (#3567)

Moving gitpod metion (#2637)

Adding new axios documentation website link (#3681, #3707)

Updating documentation around dispatching requests (#3772)

... (truncated)

Changelog

Sourced from axios's changelog.

0.21.4 (September 6, 2021)

Fixes and Functionality:

Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Jay

Guillaume Fortaine

Yusuke Kawasaki

Dmitriy Mozgovoy

0.21.3 (September 4, 2021)

Fixes and Functionality:

Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

Jay

Julian Hollmann

0.21.2 (September 4, 2021)

Fixes and Functionality:

Updating axios requests to be delayed by pre-emptive promise creation (#2702)

Adding "synchronous" and "runWhen" options to interceptors api (#2702)

Updating of transformResponse (#3377)

Adding ability to omit User-Agent header (#3703)

Adding multiple JSON improvements (#3688, #3763)

Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)

Adding parseInt to config.timeout (#3781)

Adding custom return type support to interceptor (#3783)

Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

Updating build dev dependancies (#3401)

Fixing builds running on Travis CI (#3538)

Updating follow rediect version (#3694, #3771)

Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)

Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)

Fixing tests by bumping karma-sauce-launcher version (#3813)

Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)

Remove duplication of item in changelog (#3523)

... (truncated)

Commits

66c4602 Merge branch 'master' into release/0.21.4
fc15665 [Releasing] v0.21.4
c2714f0 [Updating] incorrect JSON syntax in README.md
0fc7248 fix json transform when data is pre-stringified (#4020)
90205f8 Change headers type to string record (#3021)
92b29d2 Make the default type of response data never (#3002)
4eeb3b1 Improved type-safety for AxiosRequestConfig (#2995)
cd7ff04 Adding HTTP status code to error.toJSON (#2956)
b5a1a67 Adding nodejs http.request option: insecureHTTPParser (#2930)
4f25380 Exposing the Axios constructor in index.d.ts (#2872)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates base-x from 3.0.8 to 3.0.11

Commits

043a888 3.0.11
2705ddd [backport 3.x] Prohibit char codes that would overflow the BASE_MAP
3d43c0e 3.0.10
0a35446 Improve decoding performance
4c10d33 3.0.9
c9dcddd Merge pull request #78 from cryptocoinjs/fix/space-alphabets
6c54632 Fix alphabets with space in them
69c09ed Merge pull request #73 from terrierscript/patch-1
1dd3795 Update README.md
See full diff in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates browserslist from 4.16.3 to 4.24.4

Release notes

Sourced from browserslist's releases.

4.24.4

Improved performance by using caching better (by @thoughtspile).

4.24.3

Updated Firefox ESR (by @fpapado).

4.24.2

Clarify outdated caniuse-lite warning text.

4.24.1

Added months since last caniuse-lit... Description has been truncated

…pdates Bumps the npm_and_yarn group with 27 updates in the / directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.21.0` | `5.94.0` | | [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.12.13` | `7.27.1` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.13` | `7.27.1` | | [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` | | [axios](https://github.com/axios/axios) | `0.21.1` | `0.21.4` | | [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.8` | `3.0.11` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [browserslist](https://github.com/browserslist/browserslist) | `4.16.3` | `4.24.4` | | [cookiejar](https://github.com/bmeck/node-cookiejar) | `2.1.2` | `2.1.4` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.53` | `0.10.64` | | [express](https://github.com/expressjs/express) | `4.17.1` | `4.21.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.13.2` | `1.15.9` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `2.0.0` | `2.0.4` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [normalize-url](https://github.com/sindresorhus/normalize-url) | `4.5.0` | `4.5.1` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.2` | `4.0.4` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.2` | `1.8.2` | | [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` | | [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` | | [tar](https://github.com/isaacs/node-tar) | `4.4.13` | `4.4.19` | | [terser](https://github.com/terser/terser) | `5.5.1` | `5.39.0` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | Updates `webpack` from 5.21.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.21.0...v5.94.0) Updates `@babel/helpers` from 7.12.13 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-helpers) Updates `@babel/traverse` from 7.12.13 to 7.27.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-traverse) Updates `ansi-regex` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) Updates `axios` from 0.21.1 to 0.21.4 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.21.4/CHANGELOG.md) - [Commits](axios/axios@v0.21.1...v0.21.4) Updates `base-x` from 3.0.8 to 3.0.11 - [Commits](cryptocoinjs/base-x@v3.0.8...v3.0.11) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `browserslist` from 4.16.3 to 4.24.4 - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](browserslist/browserslist@4.16.3...4.24.4) Updates `cookiejar` from 2.1.2 to 2.1.4 - [Commits](https://github.com/bmeck/node-cookiejar/commits) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `es5-ext` from 0.10.53 to 0.10.64 - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.64) Updates `express` from 4.17.1 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.17.1...4.21.2) Updates `follow-redirects` from 1.13.2 to 1.15.9 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.13.2...v1.15.9) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `loader-utils` from 2.0.0 to 2.0.4 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md) - [Commits](webpack/loader-utils@v2.0.0...v2.0.4) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `normalize-url` from 4.5.0 to 4.5.1 - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `secp256k1` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.2...v4.0.4) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `send` from 0.17.1 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.17.1...0.19.0) Updates `serve-static` from 1.14.1 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.14.1...v1.16.2) Updates `shell-quote` from 1.7.2 to 1.8.2 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.2) Updates `shelljs` from 0.8.4 to 0.8.5 - [Release notes](https://github.com/shelljs/shelljs/releases) - [Changelog](https://github.com/shelljs/shelljs/blob/main/CHANGELOG.md) - [Commits](shelljs/shelljs@v0.8.4...v0.8.5) Updates `simple-get` from 2.8.1 to 2.8.2 - [Commits](feross/simple-get@v2.8.1...v2.8.2) Updates `tar` from 4.4.13 to 4.4.19 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v4.4.13...v4.4.19) Updates `terser` from 5.5.1 to 5.39.0 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v5.5.1...v5.39.0) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.94.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@babel/helpers" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-version: 7.27.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ansi-regex dependency-version: 5.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 0.21.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: base-x dependency-version: 3.0.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-version: 4.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserslist dependency-version: 4.24.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookiejar dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: es5-ext dependency-version: 0.10.64 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.15.9 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-cache-semantics dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-version: 2.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: normalize-url dependency-version: 4.5.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-version: 5.7.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-version: 1.8.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shelljs dependency-version: 0.8.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: simple-get dependency-version: 2.8.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 4.4.19 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-version: 5.39.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-version: 1.0.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates #6

chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates #6

Uh oh!

dependabot bot commented on behalf of github Apr 30, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates #6

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates #6

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 30, 2025

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

New Features

v5.92.1

Bug Fixes

v5.92.0

Bug Fixes

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

💅 Polish

🏠 Internal

v5.0.1

Fixes (backport of 6.0.1 to v5)

v0.21.4

Fixes and Functionality:

v0.21.3

Fixes and Functionality:

v0.21.2

Fixes and Functionality:

Internal and Tests:

Documentation:

0.21.4 (September 6, 2021)

0.21.3 (September 4, 2021)

0.21.2 (September 4, 2021)

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

4.24.4

4.24.3

4.24.2

4.24.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Fixes (backport of `6.0.1` to v5)