Update Mend: high confidence minor and patch dependency updates (master) - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
async (source)	2.6.1 -> 2.6.4
body-parser	1.18.3 -> 1.20.2
cross-env	7.0.2 -> 7.0.3
express-session	1.15.6 -> 1.18.0
grunt (source)	1.0.3 -> 1.6.1
grunt-cli	1.3.2 -> 1.4.3
jshint (source)	2.12.0 -> 2.13.6
nodemon (source)	1.19.1 -> 1.19.4
underscore (source)	1.9.1 -> 1.13.6

---

Release Notes

caolan/async (async)

v2.6.4

Compare Source

v2.6.3

Compare Source

v2.6.2

Compare Source

expressjs/body-parser (body-parser)

v1.20.2

Compare Source

===================

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

v1.20.1

Compare Source

===================

• deps: qs@6.11.0
• perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

v1.19.2

Compare Source

===================

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

v1.19.1

Compare Source

===================

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

v1.19.0

Compare Source

===================

• deps: bytes@3.1.0
  • Add petabyte (pb) support
• deps: http-errors@1.7.2
  • Set constructor name when possible
  • deps: setprototypeof@1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: iconv-lite@0.4.24
  • Added encoding MIK
• deps: qs@6.7.0
  • Fix parsing array brackets after index
• deps: raw-body@2.4.0
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2
  • deps: iconv-lite@0.4.24
• deps: type-is@~1.6.17
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

kentcdodds/cross-env (cross-env)

v7.0.3

Compare Source

Bug Fixes

• add maintenance mode notice (fe80c84)

expressjs/session (express-session)

v1.18.0

Compare Source

===================

• Add debug log for pathname mismatch
• Add partitioned to cookie options
• Add priority to cookie options
• Fix handling errors from setting cookie
• Support any type in secret that crypto.createHmac supports
• deps: cookie@0.6.0
  • Fix expires option to reject invalid dates
  • perf: improve default decode speed
  • perf: remove slow string split in parse
• deps: cookie-signature@1.0.7

v1.17.3

Compare Source

===================

• Fix resaving already-saved new session at end of request
• deps: cookie@0.4.2

v1.17.2

Compare Source

===================

• Fix res.end patch to always commit headers
• deps: cookie@0.4.1
• deps: safe-buffer@5.2.1

v1.17.1

Compare Source

===================

• Fix internal method wrapping error on failed reloads

v1.17.0

Compare Source

===================

• deps: cookie@0.4.0
  • Add SameSite=None support
• deps: safe-buffer@5.2.0

v1.16.2

Compare Source

===================

• Fix restoring cookie.originalMaxAge when store returns Date
• deps: parseurl@~1.3.3

v1.16.1

Compare Source

===================

• Fix error passing data option to Cookie constructor
• Fix uncaught error from bad session data

v1.16.0

Compare Source

===================

• Catch invalid cookie.maxAge value earlier
• Deprecate setting cookie.maxAge to a Date object
• Fix issue where resave: false may not save altered sessions
• Remove utils-merge dependency
• Use safe-buffer for improved Buffer API
• Use Set-Cookie as cookie header name for compatibility
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
  • perf: remove argument reassignment
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

gruntjs/grunt (grunt)

v1.6.1

Compare Source

• Changelog updates 72f6f03
• Merge pull request #​1755 from gruntjs/rm-dep 8d4c183
• Add recursive 1c7d483
• Merge pull request #​1756 from gruntjs/downgrade-glob 2d4fd38
• Downgrade glob 902db7c
• Fix syntax 494f243
• remove mkdirp b01389e
• remove dep on rimraf and mkdirp 0072510

v1.6.0

Compare Source

• Merge pull request #​1750 from gruntjs/dep-update-jan28 2805dc3
• README updates 3f1e423
• Bump to 16 8fd096d
• Update more deps 42c5f95
• Bump eslint and node version 1d88050

v1.5.3

Compare Source

• Merge pull request #​1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #​1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

v1.5.2

Compare Source

• Update Changelog 7f15fd5
• Merge pull request #​1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

v1.5.1

Compare Source

• Merge pull request #​1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

v1.5.0

Compare Source

• Updated changelog b2b2c2b
• Merge pull request #​1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #​1736 from justlep/main fdc7056
• support .cjs extension e35fe54

v1.4.1

Compare Source

• Update Changelog e7625e5
• Merge pull request #​1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

v1.4.0

Compare Source

• Merge pull request #​1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #​1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #​1722 from gruntjs/update-through e86db1c
• Update deps 4952368

v1.3.0

Compare Source

• Merge pull request #​1720 from gruntjs/update-changelog-deps faab6be
• Update Changelog and legacy-util dependency 520fedb
• Merge pull request #​1719 from gruntjs/yaml-refactor 7e669ac
• Switch to use safeLoad for loading YML files via file.readYAML. e350cea
• Merge pull request #​1718 from gruntjs/legacy-log-bumo 7125f49
• Bump legacy-log 00d5907

v1.2.1

Compare Source

• Changelog update ae11839
• Merge pull request #​1715 from sibiraj-s/remove-path-is-absolute 9d23cb6
• Remove path-is-absolute dependency e789b1f

v1.2.0

Compare Source

• Allow usage of grunt plugins that are located in any location that
  is visible to Node.js and NPM, instead of node_modules directly
  inside package that have a dev dependency to these pluginhttps://github.com/gruntjs/grunt/pull/1677nt/pull/1677)
• Removed coffeescript from dependencies. To ease transition, if
  coffeescript is still around, Grunt will attempt to load it.
  If it is not, and the user loads a CoffeeScript file,
  Grunt will print a useful error indicating that the
  coffeescript package should be installed as a dev dependency.
  This is considerably more user-friendly than dropping the require entirely,
  but doing so is feasible with the latest grunt-cli as users
  may simply use grunt --require https://github.com/gruntjs/grunt/pull/1675thub.com/Remove coffeescript from dependencies. gruntjs/grunt#1675)
• Exposes Grunt Option keys for ease of use.
  (https://github.com/gruntjs/grunt/pull/15701570)
• Avoiding infinite loop on very long command names.
  (https://github.com/gruntjs/grunt/pull/16971697)

v1.1.0

Compare Source

• Update to mkdirp ~1.0.3
• Only support versions of Node >= 8

v1.0.4

Compare Source

gruntjs/grunt-cli (grunt-cli)

v1.4.3

Compare Source

• Fix preload option (#​147) 07f3b0d
• Revert liftoff (#​144) 4d691e2
• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.2

Compare Source

• Revert liftoff (#​144) 4d691e2
• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.1

Compare Source

• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.0

Compare Source

• Update changelog bbc4400
• Ignore package-lock 3fa5bf6
• Update deps, switch to actions (#​141) c271173
• Bump deps, required node version and ci (#​137) 84ebcb8

jshint/jshint (jshint)

v2.13.6

Compare Source

Bug Fixes

• Allow initializing const bindings to undef (fedaf6f)
• Correct error message (03b1a06)

v2.13.5

Compare Source

Bug Fixes

• Tolerate late definition of async function (#​3618) (5c256a2)

v2.13.4

Compare Source

Bug Fixes

• Remove shelljs (eb4609a)

v2.13.3

Compare Source

Bug Fixes

• Recognize ES2020 globals (b1426f1)

v2.13.2

Compare Source

Bug Fixes

• Add missing well-known globals (#​3582) (cc1adf6)
• add URL for node in src/vars.js (#​3570) (ca06e6a)
• change escape-sequence handler for double quotes (") (#​3566) (75e48b7)
• Limit "Too many Errors" (E043) to errors only (#​3562) (4a681b9)
• Tolerate keyword in object shorthand (057b1c6)
• Tolerate unterminated nullish coalescing (ecae54a)

v2.13.1

Compare Source

Bug Fixes

• Allow invoking result of optional chaining (71ec395)
• Allow optional chaining call as satement (11dc0a6)
• Tolerate dangling NewExpression (7c890aa)

v2.13.0

Compare Source

Bug Fixes

• Allow comma expression in MemberExpression (f05c8d1)
• Consider all exported bindings "used" (90228b7)
• Correct interpretation of ImportSpecifier (72a8102)
• Correct location for error (e831188)
• Correct location reported for directive (ee6aa68)
• Detect duplicate exported bindings (916c230)
• Don't warn when Function() is used without 'new'. (#​3531) (c13c5cc)
• Don't warn when RegExp() is used without 'new'. (#​3529) (c18a6e4)
• Enforce restrictions on new operand (c2719eb)
• Graduate BigInt support to esversion: 11 (553f816)
• Improve declaration parsing (a9bdc93)
• Report early reference with warning (2c1a5f8)
• Support RegExp Unicode property escapes (e7fa785)

Features

• Add support for "export * as ns from" (c46f464)
• Add support for import.meta (73d7e0d)
• Add support for dynamic import (6bfcaed)
• Add support for optional chaining (b125dbe)
• Implement support for nullish coalescing (f50b14d)

remy/nodemon (nodemon)

v1.19.4

Compare Source

Bug Fixes

• Replace jade references by pug (7d6c1a8), closes #​1595

v1.19.3

Compare Source

Bug Fixes

• to avoid confusion like in #​1528, always report used extension (eead311)

v1.19.2

Compare Source

Bug Fixes

• langauge around "watching" (#​1591) (12b66cd)

jashkenas/underscore (underscore)

v1.13.6

Compare Source

v1.13.5

Compare Source

v1.13.4

Compare Source

v1.13.3

Compare Source

v1.13.2

Compare Source

v1.13.1

Compare Source

v1.13.0

Compare Source

v1.12.1

Compare Source

v1.12.0

Compare Source

v1.11.0

Compare Source

v1.10.2

Compare Source

v1.10.1

Compare Source

v1.10.0

Compare Source

v1.9.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box