build(deps): bump debug, express, connect, morgan, serve-index, serve-static, extract-zip, grunt-contrib-watch and socket.io in /redux-devtools

[dependabot]

Bumps debug to 2.6.9 and updates ancestor dependencies debug, express, connect, morgan, serve-index, serve-static, extract-zip, grunt-contrib-watch and socket.io. These dependencies need to be updated together.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates express from 4.14.1 to 4.18.2

Release notes

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0

... (truncated)

Commits

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: Node.js@18.10
• f56ce73 build: supertest@6.3.0
• 24b3dc5 deps: qs@6.11.0
• 689d175 deps: body-parser@1.20.1
• 340be0f build: eslint@8.24.0
• 33e8dc3 docs: use Node.js name style
• 644f646 build: supertest@6.2.4
• ecd7572 build: Node.js@14.20
• Additional commits viewable in compare view

Updates connect from 3.6.3 to 3.7.0

Changelog

Sourced from connect's changelog.

3.7.0 / 2019-05-17

• deps: finalhandler@1.1.2
  • Set stricter Content-Security-Policy header
  • Fix 404 output for bad / missing pathnames
  • deps: encodeurl@~1.0.2
  • deps: parseurl@~1.3.3
  • deps: statuses@~1.4.0
• deps: parseurl@~1.3.3
• perf: remove substr call from FQDN mapping

3.6.6 / 2018-02-14

• deps: finalhandler@1.1.0
  • Use res.headersSent when available
• perf: remove array read-past-end

3.6.5 / 2017-09-22

• deps: debug@2.6.9
• deps: finalhandler@1.0.6
  • deps: debug@2.6.9

3.6.4 / 2017-09-20

• deps: finalhandler@1.0.5
  • deps: parseurl@~1.3.2
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: utils-merge@1.0.1

Commits

• fa8916e 3.7.0
• bd0d23d perf: remove substr call from FQDN mapping
• 1fcc562 build: fix the nyc build commands
• 0eeef74 docs: add connect logo
• a83c2dd docs: switch badges to badgen
• 56da514 deps: finalhandler@1.1.2
• f4e0868 build: nyc@14.1.1
• f85d157 build: use yaml eslint configuration
• 421f96c build: eslint@4.19.1
• 683fcbe build: support Node.js 12.x
• Additional commits viewable in compare view

Updates morgan from 1.8.2 to 1.10.0

Release notes

Sourced from morgan's releases.

1.10.0

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

Changelog

Sourced from morgan's changelog.

1.10.0 / 2020-03-20

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0 / 2017-09-26

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

Commits

• c68d2ea 1.10.0
• aa718d7 Add :total-time token
• ce15462 build: remove deprecated Travis CI directive
• e13e0d3 build: Node.js@13.11
• f023828 build: use nyc for test coverage
• 30c0871 build: mocha@7.1.1
• 8114639 docs: document success color in dev format
• 5d8176f docs: update rotating-file-stream usage for 2.x
• c54194c tests: ignore branch coverage that varies
• 5659d2f build: Node.js@12.16
• Additional commits viewable in compare view

Updates serve-index from 1.9.0 to 1.9.1

Release notes

Sourced from serve-index's releases.

1.9.1

• deps: accepts@~1.3.4
  • deps: mime-types@~2.1.16
• deps: debug@2.6.9
• deps: http-errors@~1.6.2
  • deps: depd@1.1.1
• deps: mime-types@~2.1.17
  • Add new mime types
  • deps: mime-db@~1.30.0
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp

Changelog

Sourced from serve-index's changelog.

1.9.1 / 2017-09-28

• deps: accepts@~1.3.4
  • deps: mime-types@~2.1.16
• deps: debug@2.6.9
• deps: http-errors@~1.6.2
  • deps: depd@1.1.1
• deps: mime-types@~2.1.17
  • Add new mime types
  • deps: mime-db@~1.30.0
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp

Commits

• a399faa 1.9.1
• fc69533 deps: parseurl@~1.3.2
• 45dbe4f docs: add express.static to the express example
• 76e3c3a deps: debug@2.6.9
• da37631 build: Node.js@8.3
• 3e09fb2 build: Node.js@6.11
• 0894f8c deps: mime-types@~2.1.17
• a4f1ef3 deps: http-errors@~1.6.2
• ccbeaeb deps: accepts@~1.3.4
• See full diff in compare view

Updates serve-static from 1.11.2 to 1.15.0

Release notes

Sourced from serve-static's releases.

1.15.0

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

1.14.1

• Set stricter CSP header in redirect response
• deps: send@0.17.1
  • deps: range-parser@~1.2.1

1.14.0

• deps: parseurl@~1.3.3
• deps: send@0.17.0
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call

1.13.2

• Fix incorrect end tag in redirects
• deps: encodeurl@~1.0.2
  • Fix encoding % as last character
• deps: send@0.16.2
  • deps: depd@~1.1.2
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0

1.13.1

• Fix regression when root is incorrectly set to a file
• deps: send@0.16.1

1.13.0

• deps: send@0.16.0
  • Add 70 new types for file extensions
  • Add immutable option
  • Fix missing </html> in default error & redirects
  • Set charset as "UTF-8" for .js and .json
  • Use instance methods on steam to check for listeners

... (truncated)

Changelog

Sourced from serve-static's changelog.

1.15.0 / 2022-03-24

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2 / 2021-12-15

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

1.14.1 / 2019-05-10

• Set stricter CSP header in redirect response
• deps: send@0.17.1
  • deps: range-parser@~1.2.1

1.14.0 / 2019-05-07

• deps: parseurl@~1.3.3
• deps: send@0.17.0
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call

1.13.2 / 2018-02-07

• Fix incorrect end tag in redirects
• deps: encodeurl@~1.0.2
  • Fix encoding % as last character
• deps: send@0.16.2
  • deps: depd@~1.1.2
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0

1.13.1 / 2017-09-29

... (truncated)

Commits

• 9b5a12a 1.15.0
• a39a0df docs: update CI link
• d702ea2 build: Node.js@17.8
• ff1510a deps: send@0.18.0
• 813c7e4 build: mocha@9.2.2
• 2e029f9 build: Node.js@17.7
• 3269f31 build: supertest@6.2.2
• 71cd4f8 build: mocha@9.2.1
• a5cdf62 build: Node.js@17.5
• 9d11e38 build: Node.js@16.14
• Additional commits viewable in compare view

Updates extract-zip from 1.6.5 to 1.7.0

Release notes

Sourced from extract-zip's releases.

1.7.0

Added

• Error handler for zipfile object (#67)

Changed

• Don't pin dependency requirements to specific versions (#88)

1.6.8

Dependencies

• Update mkdirp to 0.5.4.

Commits

• c2b1c17 1.7.0
• 990fc64 Add error handler to zipfile object (#67)
• 8285111 feat: don't pin dependency requirements (#88)
• 2a8df24 1.6.8
• 30ab06c build(deps): upgrade mkdirp to 0.5.4 for security
• 2b2a84e build: ignore lock files
• 422a39f 1.6.7
• 1cd5ceb Merge pull request #72 from maxogden/upgrade-concat-stream
• 4514f66 Travis: test Node 8 & 10 as well
• 3aeb1b1 Upgrade concat-stream to 1.6.2
• Additional commits viewable in compare view

Updates grunt-contrib-watch from 1.0.0 to 1.1.0

Changelog

Sourced from grunt-contrib-watch's changelog.

v1.1.0: date: 2018-05-12 changes: - Update to tiny-lr@1.1.1, lodash@4.17.10, async@2.6.0 v1.0.1: date: 2018-04-20 changes: - Update to gaze@1.1, lodash@4

Commits

• 3b7ddf4 v1.1.0
• 72b1214 Updating dependencies, async, lodash and tiny-lr
• 5adb27c Merge pull request #543 from digitalbazaar/master
• 6ec71e9 v1.0.1
• 7d20933 Update copyright year
• e3d19df Update ci configs
• d117574 Updating ci configs
• 99410a7 README.md: Fixed typos (#536)
• f07311b Update tiny-lr dependency to 1.x
• 7f8cf80 Add local grunt-cli
• Additional commits viewable in compare view

Updates socket.io from 1.7.4 to 4.5.4

Release notes

Sourced from socket.io's releases.

4.5.4

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Links:

• Diff: socketio/socket.io@4.5.3...4.5.4
• Client release: 4.5.4
• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

Links:

• Diff: socketio/socket.io@4.5.2...4.5.3
• Client release: 4.5.3
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.2

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

Links:

• Diff: socketio/socket.io@4.5.1...4.5.2
• Client release: 4.5.2
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.1

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#4351) (9b43c91)

Links:

• Diff: socketio/socket.io@4.5.0...4.5.1
• Client release: 4.5.1
• engine.io version: ~6.2.0

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.5.4 (2022-11-22)

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Dependencies

• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3 (2022-10-15)

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

4.5.2 (2022-09-02)

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

2.5.0 (2022-06-26)

Bug Fixes

• fix race condition in dynamic namespaces (05e1278)
• ignore packet received after disconnection (22d4bdf)
• only set 'connected' to true after middleware execution (226cc16)
• prevent the socket from joining a room after disconnection (f223178)

4.5.1 (2022-05-17)

Bug Fixes

... (truncated)

Commits

• 3b7ced7 chore(release): 4.5.4
• c00bb95 chore: bump engine.io to version 6.2.1
• 57e5f25 chore: bump socket.io-parser to version 4.2.1
• f4b6984 docs: add missing versions in the changelog
• 945c84b chore(release): 4.5.3
• d3d0a2d fix(typings): accept an HTTP2 server in the constructor
• 19b225b docs(examples): update dependencies of the basic CRUD example
• 8fae95d docs: add jsdoc for each public method
• e6f6b90 docs: add deprecation notice for the allSockets() method
• 596eb88 ci: upgrade to actions/checkout@3 and actions/setup-node@3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.