Bump the npm_and_yarn group across 10 directories with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
next	12.3.1	14.2.5
axios	1.2.1	1.7.4
@nestjs/core	8.4.7	10.4.1
braces	3.0.2	3.0.3
ejs	3.1.8	3.1.10
follow-redirects	1.15.2	1.15.6
json5	1.0.1	1.0.2

Bumps the npm_and_yarn group with 1 update in the /activities-examples directory: axios.
Bumps the npm_and_yarn group with 1 update in the /expense directory: axios.
Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/driver directory: next and sharp.
Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/menu directory: next and sharp.
Bumps the npm_and_yarn group with 1 update in the /monorepo-folders/packages/backend-apis directory: express.
Bumps the npm_and_yarn group with 1 update in the /nestjs-exchange-rates directory: @nestjs/core.
Bumps the npm_and_yarn group with 1 update in the /patching-api directory: axios.
Bumps the npm_and_yarn group with 1 update in the /protobufs directory: protobufjs.
Bumps the npm_and_yarn group with 1 update in the /timer-examples directory: axios.

Updates next from 12.3.1 to 14.2.5

Release notes

Sourced from next's releases.

v14.2.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• avoid merging global css in a way that leaks into other chunk groups (#67373)
• Fix server action edge redirect with middleware rewrite (#67148)
• fix(next): reject protocol-relative URLs in image optimization (#65752)
• fix(next-swc): correct path interop to filepath for wasm (#65633)
• Use addDependency to track metadata route file changes (#66714)
• Fix noindex is missing on static not-found page (#67135)
• perf: improve retrieving versionInfo on Turbo HMR (#67309)
• fix(next/image): handle invalid url (#67465)
• fix(next): initial prefetch cache not set properly with different search params (#65977)
• fix: Backport class properties fix (#67377)
• Upgrade acorn (#67592)

Misc

• Log stdio for pull-turbo-cache script (#66759)
• Ensure turbo is setup when building in docker (#66804)

Credits

Huge thanks to @​devjiwonchoi, @​ijjk, @​emmerich, @​huozhi, @​kdy1, @​kwonoj, @​styfle, and @​sokra for helping!

v14.2.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: ensure route handlers properly track dynamic access (#66446)
• fix NextRequest proxy in edge runtime (#66551)
• Fix next/dynamic with babel and src dir (#65177)
• Use vercel deployment url for metadataBase fallbacks (#65089)
• fix(next/image): detect react@19 for fetchPriority prop (#65235)
• Fix loading navigation with metadata and prefetch (#66447)
• prevent duplicate RSC fetch when action redirects (#66620)
• ensure router cache updates reference the latest cache values (#66681)
• Prevent append of trailing slash in cases where path ends with a file extension (#66636)
• Fix inconsistency with 404 getStaticProps cache-control (#66674)
• Use addDependency to track metadata route file changes (#66714)
• Add timeout/retry handling for fetch cache (#66652)
• fix: app-router prefetch crash when an invalid URL is passed to Link (#66755)

Credits

Huge thanks to @​ztanner, @​ijjk, @​wbinnssmith, @​huozhi, and @​lubieowoce for helping!

Commits

• 0bf7f52 v14.2.5
• 30d6dfc fix: metadata route merging conflicts
• 186ec6b Log stdio for pull-turbo-cache script (#66759)
• 45656d3 Ensure turbo is setup when building in docker (#66804)
• 08e7fd1 Upgrade acorn (#67592)
• 1d08dab avoid merging global css in a way that leaks into other chunk groups (#67373)
• 21a9d59 Fix server action edge redirect with middleware rewrite (#67148)
• 1b10b13 fix(next): reject protocol-relative URLs in image optimization (#65752)
• c64c61d fix(next-swc): correct path interop to filepath for wasm (#65633)
• 6c661d2 Use addDependency to track metadata route file changes (#66714)
• Additional commits viewable in compare view

Updates axios from 1.2.1 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates @nestjs/core from 8.4.7 to 10.4.1

Release notes

Sourced from @​nestjs/core's releases.

v10.3.10 (2024-07-01)

Bug fixes

• core
  • #13712 fix(core): when using forward references on exports array (@​micalevisk)

Enhancements

• platform-fastify
  • #13734 feat(fastify-adapter): support for skipping middie registration (@​ancyrweb)

Dependencies

• Other
  • #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@​dependabot[bot])
  • #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@​dependabot[bot])
  • #13708 chore(deps-dev): bump nats from 2.26.0 to 2.27.0 (@​dependabot[bot])
  • #13709 chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 (@​dependabot[bot])
  • #13715 chore(deps-dev): bump graphql from 16.8.2 to 16.9.0 (@​dependabot[bot])
  • #13718 chore(deps-dev): bump engine.io-client from 6.5.4 to 6.6.0 (@​dependabot[bot])
  • #13724 chore(deps-dev): bump @​types/node from 20.14.6 to 20.14.9 (@​dependabot[bot])
  • #13672 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/26-queues (@​dependabot[bot])
  • #13693 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 (@​dependabot[bot])
  • #13699 chore(deps-dev): bump engine.io-client from 6.5.3 to 6.5.4 (@​dependabot[bot])
  • #13702 chore(deps-dev): bump @​types/node from 20.14.4 to 20.14.6 (@​dependabot[bot])
  • #13703 chore(deps): bump fast-json-stringify from 5.16.0 to 5.16.1 (@​dependabot[bot])
  • #13694 chore(deps-dev): bump mongoose from 8.4.1 to 8.4.3 (@​dependabot[bot])
  • #13695 chore(deps-dev): bump @​typescript-eslint/parser from 7.13.0 to 7.13.1 (@​dependabot[bot])
  • #13696 chore(deps-dev): bump @​types/node from 20.14.2 to 20.14.4 (@​dependabot[bot])
  • #13678 chore(deps-dev): bump graphql from 16.8.1 to 16.8.2 (@​dependabot[bot])
  • #13682 chore(deps-dev): bump mysql2 from 3.10.0 to 3.10.1 (@​dependabot[bot])
  • #13674 chore(deps-dev): bump prettier from 3.3.1 to 3.3.2 (@​dependabot[bot])
  • #13677 chore(deps-dev): bump lint-staged from 15.2.5 to 15.2.7 (@​dependabot[bot])
  • #13671 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/27-scheduling (@​dependabot[bot])
  • #13670 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/30-event-emitter (@​dependabot[bot])
  • #13667 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 (@​dependabot[bot])
  • #13665 chore(deps-dev): bump artillery from 2.0.14 to 2.0.15 (@​dependabot[bot])
  • #13660 chore(deps): bump @​grpc/grpc-js from 1.10.0 to 1.10.9 in /sample/04-grpc (@​dependabot[bot])
  • #13662 chore(deps-dev): bump @​grpc/grpc-js from 1.10.8 to 1.10.9 (@​dependabot[bot])
  • #13663 chore(deps-dev): bump @​fastify/multipart from 8.2.0 to 8.3.0 (@​dependabot[bot])
  • #13666 chore(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.13.0 (@​dependabot[bot])
  • #13669 chore(deps): bump uuid from 9.0.1 to 10.0.0 (@​dependabot[bot])
  • #13640 chore(deps-dev): bump nodemon from 3.1.2 to 3.1.3 (@​dependabot[bot])
  • #13641 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 (@​dependabot[bot])
  • #13642 chore(deps-dev): bump mongoose from 8.4.0 to 8.4.1 (@​dependabot[bot])
  • #13651 chore(deps-dev): bump prettier from 3.2.5 to 3.3.1 (@​dependabot[bot])
  • #13652 chore(deps-dev): bump @​types/node from 20.12.12 to 20.14.2 (@​dependabot[bot])
  • #13653 chore(deps-dev): bump cache-manager from 5.5.3 to 5.6.1 (@​dependabot[bot])
• platform-ws
  • #13690 chore(deps): bump ws from 8.17.0 to 8.17.1 (@​dependabot[bot])
• platform-fastify

... (truncated)

Commits

• 67f32e8 chore(@​nestjs) publish v10.4.1 release
• 6f624d1 chore: update readme
• 5bcd024 chore(@​nestjs) publish v10.4.0 release
• 821b080 fix(core): unhandled promise rejection in interceptors consumer
• b59d5ac chore(@​nestjs) publish v10.3.10 release
• 284f437 docs: update readme
• 136f035 fix(core): when using forward references on exports array
• 99d31e3 chore(deps): bump tslib from 2.6.2 to 2.6.3
• 013dbd3 chore: update readmes
• fcd2c58 chore(@​nestjs) publish v10.3.9 release
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates axios from 0.26.1 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates axios from 0.26.1 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}