Skip to content

Bump the major-updates group with 5 updates#282

Open
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-major-updates-7f074b1c5f
Open

Bump the major-updates group with 5 updates#282
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-major-updates-7f074b1c5f

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the major-updates group with 5 updates:

Package From To
express 4.22.1 5.2.1
chai 4.5.0 6.2.2
chai-http 4.4.0 5.1.2
eslint 9.39.1 10.0.2
nyc 17.1.0 18.0.0

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits
  • 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
  • b38c22b chore: add legal-comments=none option (#1756)
  • 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
  • 678cd00 chore(deps): update dependencies (#1755)
  • c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
  • d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
  • 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
  • d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
  • 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
  • b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.


Updates chai-http from 4.4.0 to 5.1.2

Release notes

Sourced from chai-http's releases.

5.1.2

What's Changed

New Contributors

Full Changelog: chaijs/chai-http@5.1.1...5.1.2

5.1.1

What's Changed

Full Changelog: chaijs/chai-http@5.1.0...5.1.1

5.1.0

What's Changed

New Contributors

Full Changelog: chaijs/chai-http@5.0.0...5.1.0

5.0.0

What's Changed

... (truncated)

Commits

Updates eslint from 9.39.1 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

  • 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

  • 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
  • 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
  • 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

  • 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
  • 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

  • c87d5bd fix: update eslint (#20531) (renovate[bot])
  • d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
  • 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
  • 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

  • 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
  • 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
  • b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

  • e5c281f chore: updates for v9.39.3 release (Jenkins)
  • 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
  • 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
  • 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
  • da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
  • 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
  • 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

  • f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
  • a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
  • c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
  • fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
  • 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
  • 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
  • ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
  • 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
  • c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
  • 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
  • a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
  • a89059d feat!: Program range span entire source text (#20133) (Pixel998)
  • 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
  • f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits
  • 55122d6 10.0.2
  • 80f1e29 Build: changelog update for 10.0.2
  • 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
  • 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
  • 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
  • 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
  • 98cbf6b docs: update migration guide per Program range change (#20534)
  • 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
  • 0bd5497 10.0.1
  • ddb80ef Build: changelog update for 10.0.1
  • Additional commits viewable in compare view

Updates nyc from 17.1.0 to 18.0.0

Release notes

Sourced from nyc's releases.

nyc: v18.0.0

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

  • deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

  • deps: update dependencies pulling in old glob (#1612) (0707729)
Changelog

Sourced from nyc's changelog.

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

  • deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

  • deps: update dependencies pulling in old glob (#1612) (0707729)
Commits
  • 3ce6d97 chore(main): release nyc 18.0.0 (#1613)
  • b9f6781 build: publication is now manual again due to changes in tokens
  • 0707729 fix(deps)!: update dependencies pulling in old glob (#1612)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the major-updates group with 5 updates
e632834 
Bumps the major-updates group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` |
| [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.2` |
| [chai-http](https://github.com/chaijs/chai-http) | `4.4.0` | `5.1.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `10.0.2` |
| [nyc](https://github.com/istanbuljs/nyc) | `17.1.0` | `18.0.0` |


Updates `express` from 4.22.1 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.1...v5.2.1)

Updates `chai` from 4.5.0 to 6.2.2
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](chaijs/chai@v4.5.0...v6.2.2)

Updates `chai-http` from 4.4.0 to 5.1.2
- [Release notes](https://github.com/chaijs/chai-http/releases)
- [Changelog](https://github.com/chaijs/chai-http/blob/main/History.md)
- [Commits](chaijs/chai-http@4.4.0...5.1.2)

Updates `eslint` from 9.39.1 to 10.0.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.1...v10.0.2)

Updates `nyc` from 17.1.0 to 18.0.0
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/main/CHANGELOG.md)
- [Commits](istanbuljs/nyc@nyc-v17.1.0...nyc-v18.0.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: chai
  dependency-version: 6.2.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: chai-http
  dependency-version: 5.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: eslint
  dependency-version: 10.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: nyc
  dependency-version: 18.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 1, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants