Bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
axios	0.19.2	0.28.0
luxon	1.22.2	1.28.1
express	4.17.1	4.19.2
follow-redirects	1.5.10	1.15.6
@slack/web-api	5.8.0	5.15.0
hosted-git-info	2.8.8	2.8.9
json-bigint	0.3.0	1.0.0
googleapis	39.2.0	134.0.0
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
path-parse	1.0.6	1.0.7
qs	6.7.0	6.11.0
body-parser	1.19.0	1.20.2
y18n	3.2.1	3.2.2
yargs-parser	4.2.1	18.1.3
@slack/events-api	2.3.2	2.3.4

Updates axios from 0.19.2 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates luxon from 1.22.2 to 1.28.1

Changelog

Sourced from luxon's changelog.

Changelog

3.4.4 (2023-11-12)

• Localized week support (#1454)
• Added custom inspect for Node (#1526)
• Fix sorting in Interval.splitAt (#1524)

3.4.3 (2023-09-05)

• Fixes another regression from 3.4.0 (#1496)

3.4.2 (2023-08-26)

• Fixes regression from 3.4.1 (#1493)

3.4.1 (2023-08-23)

• Fixes for regressions from 3.4.0 (#1482 and #1488)

3.4.0 (2023-08-08)

• Fix type checking on input zones
• Fix Islamic months listing
• Fix normalize() for negative inputs

3.3.0 (2023-03-03)

• Fix off-by-one in Interval#count (#1308)
• Support formatting for custom zones (#1377)
• Fix parsing for narrow spaces (#1369)
• Handle leap year issue with AD 100 (#1390)
• Allow parsing of just an offset

3.2.1 (2023-01-04)

• Fix for RFC-2822 regex vulnerability
• Better handling of BCP tags with -x- extensions

3.2.0 (2022-12-29)

• Allow timeZone to be specified as an intl option
• Fix for diff's handling of end-of-month when crossing leap years (#1340)
• Add Interval.toLocaleString() (#1320)

3.1.1 (2022-11-28)

• Add Settings.twoDigitCutoffYear

3.1.0 (2022-10-31)

... (truncated)

Commits

• 16a1aa3 bump to 1.38.1
• 612e0c7 fix rfc2822 regex
• 9dcec8c bump to 1.28.0
• a0f42a2 Fixed small typo (#952)
• 307b135 Docs typo on dst weirdness (#962)
• 1f99fdd fix ISO year-ordinal strings with offsets (#966)
• e0c8f87 .toSeconds() returns seconds.milliseconds (#944)
• 2d66ce4 Clarify toFormat docs (#938)
• 043f2b9 bump to 1.27.0
• 6ae0524 update node install instructions. Closes #682
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.5.10 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates @slack/web-api from 5.8.0 to 5.15.0

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​5.15.0

• Updated axios dependency to fix security issue (#1142) - Thanks @​stevengill
• Added auth.teams.list api method (#1137, #1139) - Thanks @​stevengill, @​daveagill
• Added support for admin.barriers.* methods (#1126, #1127) - Thanks @​misscoded
• Migrated CI over to GitHub Actions (slackapi/node-slack-sdk#1129) - Thanks @​stevengill

@​slack/web-api@​5.14.0

• added support for org wide app installations. This includes adding team_id as an optional argument to various web-api methods and adding team_id as an optional parameter to WebClientOptions so it will be automatically passed along to any web-api calls being made. (#1046) - Thanks @​stevengill
• Update ViewsUpdateArguments to accommodate external_id and view_id (#1002, #1116) - thanks @​misscoded
• Added admin.users.session.list method (#1111) - thanks @​stevengill

@​slack/web-api@​5.13.0

Added the following API method:

• admin.conversations.archive
• admin.conversations.convertToPrivate
• admin.conversations.create
• admin.conversations.delete
• admin.conversations.disconnectShared
• admin.conversations.ekm.listOriginalConnectedChannelInfo
• admin.conversations.getConversationPrefs
• admin.conversations.getTeams
• admin.conversations.invite
• admin.conversations.rename
• admin.conversations.search
• admin.conversations.setConversationPrefs
• admin.conversations.unarchive
• admin.emoji.add
• admin.emoji.addAlias
• admin.emoji.list
• admin.emoji.remove
• admin.emoji.rename
• admin.users.session.invalidate
• apps.event.authorizations.list
• apps.uninstall

(#1093, #1098, #1099) - thanks @​stevengill, @​cjdenio & @​mwbrooks

@​slack/web-api@​5.12.0

• Adds new Web API methods as part of the Workflow Steps from Apps functionality (#1094) - thanks @​misscoded. NOTE: This feature is currently in open beta, and some details may change between now and when the beta is complete.
  • workflows.stepCompleted
  • workflows.stepFailed
  • workflows.updateStep

Commits

• 75cafb2 Publish
• 44b06ca Merge pull request #1140 from mlarraz/axios
• f6a6890 Update axios on webhook package
• 53866de Merge pull request #1139 from stevengill/issue-1137
• a837085 added auth.teams.list method
• 73bb9f6 Merge pull request #1129 from stevengill/github-action
• 5fbfcbb Fixed merge conflict
• 377c3af removed references to travis
• dc9189a migrating to github actions
• 2e9ad58 updated axios dependency to 0.21.1
• Additional commits viewable in compare view

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates json-bigint from 0.3.0 to 1.0.0

Commits

• 390482a 1.0.0
• f2d8f83 typo
• 6ee392e Merge pull request #37 from sidorares/fix/prototype
• c85a430 MAJOR: Add protoAction and constructorAction options
• 4c2dbf4 build: add node 14
• b348ea3 fix assertion after chai upgrade
• 725777c add files section and bump deps
• ebd1d91 add prettier config
• 6c659f5 Merge pull request #36 from babyadoresorange/master
• 1556563 update README
• Additional commits viewable in compare view

Updates googleapis from 39.2.0 to 134.0.0

Release notes

Sourced from googleapis's releases.

googleapis: v134.0.0

134.0.0 (2024-03-12)

⚠ BREAKING CHANGES

• This release has breaking changes.
• This release has breaking changes.
• This release has breaking changes.

Features

• androidpublisher: update the API (e4b9a48)
• composer: update the API (079615e)
• compute: update the API (38e7737)
• dataform: update the API (3b30605)
• regenerate index files (f453603)
• run the generator (#3434) (f0db524)
• run the generator (#3441) (f832463)
• run the generator (#3447) (873b559)
• testing: update the API (a188b41)

Bug Fixes

• bigquerydatatransfer: update the API (05c5eb7)
• change packageJson sideEffects to boolean (#3435) (e9aabeb), closes #3428
• cloudidentity: update the API (f35c89f)
• cloudtasks: update the API (1415619)
• networkconnectivity: update the API (55a5a31)
• notebooks: update the API (c0cafa8)

Commits

• 7500df9 chore: release main
• 7f4e0ea chore: release main
• 3bf7103 chore: release main
• e9aabeb fix: change packageJson sideEffects to boolean (#3435)
• 873b559 feat: run the generator (#3447)
• f832463 feat: run the generator (#3441)
• f0db524 feat: run the generator (#3434)
• f453603 feat: regenerate index files
• a188b41 feat(testing): update the API
• c0cafa8 fix(notebooks): update the API
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's release...

Description has been truncated