build(deps): bump the npm_and_yarn group across 3 directories with 21 updates by dependabot[bot] · Pull Request #18 · hashim21223445/agent-protocol

dependabot · 2025-09-10T17:08:34Z

Bumps the npm_and_yarn group with 5 updates in the /packages/sdk/js directory:

Package	From	To
express	`4.18.2`	`4.20.0`
tsup	`7.1.0`	`8.3.5`
multer	`1.4.5-lts.1`	`2.0.2`
express-openapi-validator	`5.0.4`	`5.6.0`
send	`0.18.0`	`0.19.0`
express	`4.20.0`	`4.21.2`

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
express	`4.19.2`	`4.20.0`
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
cookie	`0.6.0`	`0.7.1`
express	`4.20.0`	`4.21.2`
micromatch	`4.0.5`	`4.0.8`
multer	`1.4.5-lts.1`	`2.0.2`
express-openapi-validator	`5.1.6`	`5.6.0`
@nestjs/common	`10.3.0`	`11.1.6`
@openapitools/openapi-generator-cli	`2.13.1`	`2.23.1`

Bumps the npm_and_yarn group with 6 updates in the /apps/agentprotocol.ai directory:

Package	From	To
brace-expansion	`1.1.11`	`1.1.12`
braces	`3.0.2`	`3.0.3`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.6`	`3.3.11`
serialize-javascript	`6.0.1`	`6.0.2`
webpack	`5.88.2`	`5.101.3`

Updates express from 4.18.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: path-to-regexp@0.1.8 by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

path-to-regexp@0.1.10 by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to serve-static@0.16.0
9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 path-to-regexp@0.1.10 (#5902)
2a980ad merge-descriptors@1.0.3 (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: path-to-regexp@0.1.8 (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates tsup from 7.1.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

Run experimentalDts only once - by @aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

Add es2024 target - by @sxzz (4c8cd)

   🐞 Bug Fixes

Support TS 5.6 for svelte - by @sxzz (28b9c)

Add neutral value to platform options in schema.json - by @venables in egoist/tsup#982 (a03db)

Wider restriction for target option - by @odanado in egoist/tsup#1118 (1979b)

Add terser value to minify option in schema.json - by @damienbutt in egoist/tsup#991 (34951)

Change newlineKind to lf for experimentalDts - by @aryaemami59 in egoist/tsup#1234 (4584b)

Enable rollup output.compact when minify is enabled - by @hyrious in egoist/tsup#1232 (9cc86)

Support Node16 and NodeNext module resolution in experimentalDts - by @aryaemami59 in egoist/tsup#1225 (41c98)

    View changes on GitHub

v8.3.0

8.3.0 (2024-09-17)

Bug Fixes

fix experimentalDts file cleaning and watching (#1199) (76dc18b)

Features

add support for cts and mts config files (#1178) (ec811b3)

add support for async injectStyle (#1193) (f25a9db)

v8.2.4

8.2.4 (2024-08-02)

... (truncated)

Commits

cd03e1e chore: release v8.3.5
fddd451 fix: run experimentalDts only once (#1236)
21b1193 chore: release v8.3.4
580e03d ci: fix release workflow
01b38f2 chore: release v8.3.3
4f5b71e ci: fix release workflow
e80dad6 chore: release v8.3.2
f4af79a ci: fix release workflow (#1241)
4b72d61 chore: release v8.3.1
41c98ff fix: support Node16 and NodeNext module resolution in experimentalDts (...
Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/body-parser#522

ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in expressjs/body-parser#523

fix: pin to node@22.4.1 by @wesleytodd in expressjs/body-parser#527

deps: qs@6.12.3 by @melikhov-dev in expressjs/body-parser#521

Add OSSF Scorecard badge by @bjohansebas in expressjs/body-parser#531

Linter by @UlisesGascon in expressjs/body-parser#534

Release: 1.20.3 by @UlisesGascon in expressjs/body-parser#535

New Contributors

@inigomarquinez made their first contribution in expressjs/body-parser#522

@melikhov-dev made their first contribution in expressjs/body-parser#521

@bjohansebas made their first contribution in expressjs/body-parser#531

@UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

deps: qs@6.13.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

perf: skip value escaping when unnecessary

deps: raw-body@2.5.2

Commits

1752951 1.20.3
39744cf chore: linter (#534)
b2695c4 Merge commit from fork
ade0f3f add scorecard to readme (#531)
99a1bd6 deps: qs@6.12.3 (#521)
9478591 fix: pin to node@22.4.1
83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
9d4e212 chore: add support for OSSF scorecard reporting (#522)
ee91374 1.20.2
368a93a Fix strict json error message on Node.js 19+
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates brace-expansion from 1.1.11 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates cookie from 0.5.0 to 0.6.0

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

Allow leading dot for domain (#174)

Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec

Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

cf4658f 0.7.1
6a8b8f5 Allow leading dot for domain (#174)
58015c0 Remove more code and perf wins (#172)
ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates esbuild from 0.18.16 to 0.24.2

Release notes

Sourced from esbuild's releases.

v0.24.2

Fix regression with --define and import.meta (#4010, #4012, #4013)

The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

This fix was contributed by @sapphi-red.

v0.24.1
Allow es2024 as a target in tsconfig.json (#4004)

TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:
{
  "compilerOptions": {
    "target": "ES2024"
  }
}
As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

This fix was contributed by @billyjanitsch.
Allow automatic semicolon insertion after get/set

This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:
class Foo {
  get
  *x() {}
  set
  *y() {}
}
The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.
Allow quoted property names in --define and --pure (#4008)

The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:
// The following code now transforms to "return true;\n"
console.log(esbuild.transformSync(
  `return process.env['SOME-TEST-VAR']`,
  { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },
))

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11
Fix TypeScript-specific class transform edge case (#3559)

The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:
// Original code
class Foo extends Bar {
  #private = 1;
  public: any;
  constructor() {
    super();
  }
}
// Old output (with esbuild v0.19.9)
class Foo extends Bar {
constructor() {
super();
this.#private = 1;
}
#private;
}
// Old output (with esbuild v0.19.10)
class Foo extends Bar {
constructor() {
this.#private = 1;
super();
}
#private;
}
// New output
class Foo extends Bar {
#private = 1;
constructor() {
super();
}
}
Minifier: allow reording a primitive past a side-effect (#3568)

The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

745abd9 publish 0.24.2 to npm
79fd0b0 skip nulls in source map finalization (#4011)
4b9322f source map: avoid null entry for 0-length parts
199a0d3 close #4013: credit to @sapphi-red for the fix
947f99f fix #4010, fix #4012: import.meta regression
de9598f publish 0.24.1 to npm
15d56ca emit null source mappings for empty chunk content
8d98f6f fix #3985: entryPoint metadata for copy loader
0db1b82 fix #3998: avoid outbase in identifier names
7236472 close #3974: add support for netbsd on arm64
Additional commits viewable in compare view

Updates path-to-regexp from 0.1.7 to 0.1.10

Release notes

Sourced from path-to-regexp's releases.

Backtrack protection

Fixed

Add backtrack protection to parameters 29b96b4

This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

c827fce 0.1.10
29b96b4 Add backtrack protection to parameters
ac4c234 Update repo url (#314)
bdb6635 0.1.9
c4272e4 Allow a non-lookahead regex (#312)
51a1955 0.1.8
114f62d Add support for named matching groups (#301)
See full diff in compare view

Updates multer from 1.4.5-lts.1 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

What's Changed

add Arabic translation for README .. by @3imed-jaberi in expressjs/multer#762

Update README.md to fix issue #1114 by @Mohamed-Abdelfattah in expressjs/multer#1169

Improved documentation translation to Spanish by @juliomontenegro in expressjs/multer#1174

Translated to french by @AlanLg in expressjs/multer#1182

Improve the Brazilian Portuguese translation by @vitorRibeiro7 in expressjs/multer#1204

doc: uzbek language by @eugene0928 in expressjs/multer#1232

Fix a mistake with README-pt-br.md by @Igor-CA in expressjs/multer#1251

Update in Readme-pt-br and fix in Readme-ko by @carlosstenzel in expressjs/multer#1252

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/multer#1260

ci: replace travis with github action by @inigomarquinez in expressjs/multer#1259

docs: improve readability by @Sreejit-Sengupto in expressjs/multer#1255

test: add test for out-of-band error event by @LinusU in expressjs/multer#1294

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/multer#1290

Documentation: remove unfortunate abbreviation from readme by @MaddyGuthridge in expressjs/multer#1299

ci: use ubuntu-latest as default runner by @UlisesGascon in expressjs/multer#1308

ci: add CodeQL (SAST) by @bjohansebas in expressjs/multer#1289

Update readme badges by @bjohansebas in expressjs/multer#1268

📝 fix changelog information by @ctcpip in expressjs/multer#1316

master -> v2 by @ctcpip in expressjs/multer#1317

chore: fix typo by @saucecodee in expressjs/multer#993

Remove --save from README by @username1001 in expressjs/multer#929

feat - update link badge in docs by @carlosstenzel in expressjs/multer#1273

ci: change branch reference by @UlisesGascon in expressjs/multer#1319

♻️ use version tag for CI, fix CI badge, fix references to master/main by @ctcpip in expressjs/multer#1324

deps: update dependencies to latest versions by @bjohansebas in expressjs/multer#1328

📝 list languages in table to prevent GH right-aligning list due to RTL language by @ctcpip in expressjs/multer#1325

[StepSecurity] Apply security best practices by @step-security-bot in expressjs/multer#1311

New Contributors

@3imed-jaberi made their first contribution in expressjs/multer#762

@Mohamed-Abdelfattah made their first contribution in expressjs/multer#1169

@juliomontenegro made their first contribution in expressjs/multer#1174

@AlanLg made their first contribution in expressjs/multer#1182

@vitorRibeiro7 made their first contribution in expressjs/multer#1204

@eugene0928 made their first contribution in expressjs/multer#1232

@Igor-CA made their first contribution in expressjs/multer#1251

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

Fix out-of-band error event from busboy (#1177)

Commits

e5db9ca 🔖 2.0.2
adfeaf6 🥅 improve error handling
e259a7e 🔖 2.0.1
35a3272 Fixes expressjs/multer#1233. Makes multer handle mi...
f897007 ci: apply security best practices (#1311)
061f4cb 📝 list languages in table to prevent GH right-aligning list due to RTL language
854d769 deps: update dependencies to latest versions (#1328)
256da2f ♻️ use version tag for CI, fix CI badge, fix references to master/main
dd9dde4 📝 fix badges in translation files (#1321)
dc2a880 ci: change branch reference
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates express-openapi-validator from 5.0.4 to 5.6.0

Release notes

Sourced from express-openapi-validator's releases.

v5.6.0

(2025-09-06)

Add deep discriminator support (#1106) (0c4fe03), closes #1106

Dependency bump for snyk and npm vulnerabilities (#1099) (99c370c), closes #1099

chore(deps): bump cookie and express (#1029) (e76e354), closes #1029

chore(deps): bump form-data from 3.0.1 to 3.0.4 in /examples/9-nestjs (#1097) (a582000), closes #1097

chore(deps): bump multer in /examples/4-eov-operations-babel (#1091) (4f97239), closes #1091

chore(deps): bump on-headers and morgan (#1094) (167b7e1), closes #1094

fix: examples/2-standard-multiple-api-specs/package.json & examples/2-standard-multiple-api-specs/pa (41a3821), closes #1098

fix: examples/3-eov-operations/package.json & examples/3-eov-operations/package-lock.json to reduce (574187f), closes #1095

fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.jso (4aab85d), closes #1100

fix: upgrade @types/multer from 1.4.12 to 1.4.13 (#1092) (ab6d1ab), closes #1092

(2025-07-27)

throw provided exception example (d2df3ed)

throw provided exception example (307cddd)

v5.5.8 (bcd119e)

fix: package.json & package-lock.json to reduce vulnerabilities (#1096) (2fc8a6a), closes #1096

chore: upgrade @apidevtools/json-schema-ref-parser to v14.x (#1090) (20077d2), closes #1090

chore(deps): bump multer and express-openapi-validator (#1085) (ac16300), closes #1085

(2025-06-11)

fix(#1071): Fix query param validation for literal bracket notation in param names (122ac9d)

fix(#1071): Fix query param validation for literal bracket notation in param names (#1084) (319b303), closes #1084

upgrade example to 5.5.6 (0b852b9)

chore(deps): bump multer in /examples/2-standard-multiple-api-specs (#1082) (631e4cc), closes #1082

(2025-06-07)

allErrors default remains false for >-5 (22ce174)

allErrors default remains false for >-5 (901c8dd)

allErrors default remains false for >-5 (0671ed9)Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

… updates Bumps the npm_and_yarn group with 5 updates in the /packages/sdk/js directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.20.0` | | [tsup](https://github.com/egoist/tsup) | `7.1.0` | `8.3.5` | | [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` | | [express-openapi-validator](https://github.com/cdimascio/express-openapi-validator) | `5.0.4` | `5.6.0` | | [send](https://github.com/pillarjs/send) | `0.18.0` | `0.19.0` | | [express](https://github.com/expressjs/express) | `4.20.0` | `4.21.2` | Bumps the npm_and_yarn group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.20.0` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `0.7.1` | | [express](https://github.com/expressjs/express) | `4.20.0` | `4.21.2` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` | | [express-openapi-validator](https://github.com/cdimascio/express-openapi-validator) | `5.1.6` | `5.6.0` | | [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `10.3.0` | `11.1.6` | | [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli) | `2.13.1` | `2.23.1` | Bumps the npm_and_yarn group with 6 updates in the /apps/agentprotocol.ai directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.11` | | [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` | | [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.101.3` | Updates `express` from 4.18.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.20.0) Updates `tsup` from 7.1.0 to 8.3.5 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v7.1.0...v8.3.5) Updates `body-parser` from 1.20.1 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `brace-expansion` from 1.1.11 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `cookie` from 0.5.0 to 0.6.0 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.1) Updates `esbuild` from 0.18.16 to 0.24.2 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md) - [Commits](evanw/esbuild@v0.18.16...v0.24.2) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `express-openapi-validator` from 5.0.4 to 5.6.0 - [Release notes](https://github.com/cdimascio/express-openapi-validator/releases) - [Changelog](https://github.com/cdimascio/express-openapi-validator/blob/master/CHANGE_HISTORY.md) - [Commits](cdimascio/express-openapi-validator@v5.0.4...v5.6.0) Updates `rollup` from 3.26.3 to 4.50.1 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG-3.md) - [Commits](rollup/rollup@v3.26.3...v4.50.1) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `express` from 4.20.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.20.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.20.0) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.1...1.20.3) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.1) Updates `express` from 4.20.0 to 4.21.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.20.0) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `express-openapi-validator` from 5.1.6 to 5.6.0 - [Release notes](https://github.com/cdimascio/express-openapi-validator/releases) - [Changelog](https://github.com/cdimascio/express-openapi-validator/blob/master/CHANGE_HISTORY.md) - [Commits](cdimascio/express-openapi-validator@v5.0.4...v5.6.0) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) Updates `@nestjs/common` from 10.3.0 to 11.1.6 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v11.1.6/packages/common) Updates `@openapitools/openapi-generator-cli` from 2.13.1 to 2.23.1 - [Release notes](https://github.com/OpenAPITools/openapi-generator-cli/releases) - [Changelog](https://github.com/OpenAPITools/openapi-generator-cli/blob/master/.releaserc) - [Commits](OpenAPITools/openapi-generator-cli@v2.13.1...v2.23.1) Updates `axios` from 1.6.5 to 1.11.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.5...v1.11.0) Updates `form-data` from 4.0.0 to 4.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.4) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.6 to 3.3.11 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.11) Updates `serialize-javascript` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.1...v6.0.2) Updates `webpack` from 5.88.2 to 5.101.3 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.88.2...v5.101.3) --- updated-dependencies: - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tsup dependency-version: 8.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.6.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.24.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.10 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express-openapi-validator dependency-version: 5.6.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 4.50.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookie dependency-version: 0.7.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.21.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express-openapi-validator dependency-version: 5.6.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@nestjs/common" dependency-version: 11.1.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@openapitools/openapi-generator-cli" dependency-version: 2.23.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.11.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-version: 4.0.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.101.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

semanticdiff-com · 2025-09-10T17:08:38Z

Review changes with

Changed Files

File	Status
apps/agentprotocol.ai/package-lock.json	51% smaller
package-lock.json	Unsupported file format
package.json	0% smaller
packages/sdk/js/package-lock.json	Unsupported file format
packages/sdk/js/package.json	0% smaller

snyk-io · 2025-09-10T17:08:56Z

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

mergify · 2025-09-10T17:09:31Z

🧪 CI Insights

Here's what we observed from your CI run for 94c5463.

🟢 All jobs passed!

But CI Insights is watching 👀

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 3 directories with 21 updates#18

build(deps): bump the npm_and_yarn group across 3 directories with 21 updates#18
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/packages/sdk/js/npm_and_yarn-3ce09b0a2b

dependabot bot commented on behalf of github Sep 10, 2025 •

edited

Loading

Uh oh!

semanticdiff-com bot commented Sep 10, 2025 •

edited

Loading

Uh oh!

snyk-io bot commented Sep 10, 2025

Uh oh!

mergify bot commented Sep 10, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

v8.3.5

🐞 Bug Fixes

View changes on GitHub

v8.3.4

View changes on GitHub

v8.3.3

View changes on GitHub

v8.3.1

🚀 Features

🐞 Bug Fixes

View changes on GitHub

v8.3.0

8.3.0 (2024-09-17)

Bug Fixes

Features

v8.2.4

8.2.4 (2024-08-02)

1.20.3

What's Changed

Important

Other changes

New Contributors

1.20.2

1.20.3 / 2024-09-10

1.20.2 / 2023-02-21

v1.1.12

0.7.1

0.7.0

v0.24.2

v0.24.1

Changelog: 2023

0.19.11

Backtrack protection

Support non-lookahead regex output

Support named matching groups in RegExp

v2.0.2

Important

v2.0.1

Important

What's Changed

New Contributors

2.0.2

2.0.1

2.0.0

1.4.5-lts.2

v5.6.0

(2025-09-06)

(2025-07-27)

(2025-06-11)

(2025-06-07)

Uh oh!

semanticdiff-com bot commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

snyk-io bot commented Sep 10, 2025

🎉 Snyk checks have passed. No issues have been found so far.

Uh oh!

mergify bot commented Sep 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🧪 CI Insights

🟢 All jobs passed!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

dependabot bot commented on behalf of github Sep 10, 2025 •

edited

Loading

Support named matching groups in `RegExp`

semanticdiff-com bot commented Sep 10, 2025 •

edited

Loading

mergify bot commented Sep 10, 2025 •

edited

Loading