Bump the npm_and_yarn group across 1 directory with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: superstatic and webpack-dev-server.

Updates superstatic from 4.0.3 to 5.0.2

Release notes

Sourced from superstatic's releases.

v5.0.2

v5.0.1

v5.0.0

v4.3.0

v4.2.1

v4.2.0

v4.1.1

4.1.0

• Adds support for extensible rewriters. (#229)
• Redirects now preserve query parameters. (#228)
• Superstatic now supports hosting-nested config to support current firebase.json format. (#222, #227)

Commits

• 95e4312 [firebase-release] Updated Superstatic to 5.0.2
• e465bd4 Merge pull request #257 from firebase/mb-changelog
• 5dabf63 Update changelog.txt
• e396ff6 Disallow upward tree traversal in Windows. (#254)
• 6628c8b Fixes deprecation warnings on install due to outdated mocha (#248)
• 156b4fa [firebase-release] Removed change log and reset repo after 5.0.1 release
• 4be298d [firebase-release] Updated Superstatic to 5.0.1
• 7b0d08e Patch notes for v5.0.1 (#246)
• 19bedc4 Remove iltorb dependency (#245)
• 62d44bb [firebase-release] Removed change log and reset repo after 5.0.0 release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by firebase-ops, a new releaser for superstatic since your current version.

Updates webpack-dev-server from 1.16.2 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

v5.1.0

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

v5.0.4

5.0.4 (2024-03-19)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

5.1.0 (2024-09-03)

Features

• add visual progress indicators (a8f40b7)
• added the app option to be Function (by default only with connect compatibility frameworks) (3096148)
• allow the server option to be Function (#5275) (02a1c6d)
• http2 support for connect and connect compatibility frameworks which support HTTP2 (#5267) (6509a3f)

Bug Fixes

• check the platform property to determinate the target (#5269) (c3b532c)
• ipv6 output (#5270) (06005e7)
• replace rimraf with rm (#5162) (1a1561f)
• replace default gateway (#5255) (f5f0902)
• support devServer: false (#5272) (8b341cb)

5.0.4 (2024-03-19)

Bug Fixes

... (truncated)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Updates cookie from 0.3.1 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

0.4.1

• Fix maxAge option to reject invalid values

0.4.0

• Add SameSite=None support

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.14.0 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates http-proxy from 1.15.1 to 1.18.1

Release notes

Sourced from http-proxy's releases.

Long overdue maintenance

Due to some great contributions I'm happy to announce a new release of http-proxy containing numerous bug fixes, feature additions and documentation improvements. Thanks to all who contributed for their patience and willingness to contribute despite perceived stagnation in activity in the project. I welcome all contributions and those who are interested in getting more involved with the project. Below I will highlight the changes that landed in the latest version but you can find the full diff of the changes in nodejitsu/node-http-proxy#1251

• Add option to rewrite path of set-cookie headers. @​swillis12
• Add option for overriding http METHOD when proxying request @​AydinChavez
• Feature: selfHandleResponse for taking responsibility in returning your own response when listening on the proxyRes event. @​cpd0101 @​guoxiangyang
• Add followRedirects option @​n30n0v
• Document timeout option @​jlaamanen
• Fix documentation typos @​carpsareokiguess
• Document buffer option @​jonhunter1977
• Include websocket non-upgrade response instead of just closing the socket. Allows auth schemes to be possible with websocket proxying. @​Tigge
• Stop using the writeHead method explicitly and let node handle it internally to prevent thrown errors @​jakefurler
• Be more defensive in handling of detecting response state when proxying @​thiagobustamante

Changelog

Sourced from http-proxy's changelog.

v1.18.1 - 2020-05-17

Merged

• Skip sending the proxyReq event when the expect header is present [#1447](https://github.com/http-party/node-http-proxy/issues/1447)
• Remove node6 support, add node12 to build [#1397](https://github.com/http-party/node-http-proxy/issues/1397)

1.18.0 - 2019-09-18

Merged

• Added in auto-changelog module set to keepachangelog format [#1373](https://github.com/http-party/node-http-proxy/issues/1373)
• fix 'Modify Response' readme section to avoid unnecessary array copying [#1300](https://github.com/http-party/node-http-proxy/issues/1300)
• Fix incorrect target name for reverse proxy example [#1135](https://github.com/http-party/node-http-proxy/issues/1135)
• Fix modify response middleware example [#1139](https://github.com/http-party/node-http-proxy/issues/1139)
• [dist] Update dependency async to v3 [#1359](https://github.com/http-party/node-http-proxy/issues/1359)
• Fix path to local http-proxy in examples. [#1072](https://github.com/http-party/node-http-proxy/issues/1072)
• fix reverse-proxy example require path [#1067](https://github.com/http-party/node-http-proxy/issues/1067)
• Update README.md [#970](https://github.com/http-party/node-http-proxy/issues/970)
• [dist] Update dependency request to ~2.88.0 [SECURITY] [#1357](https://github.com/http-party/node-http-proxy/issues/1357)
• [dist] Update dependency eventemitter3 to v4 [#1365](https://github.com/http-party/node-http-proxy/issues/1365)
• [dist] Update dependency colors to v1 [#1360](https://github.com/http-party/node-http-proxy/issues/1360)
• [dist] Update all non-major dependencies [#1356](https://github.com/http-party/node-http-proxy/issues/1356)
• [dist] Update dependency agentkeepalive to v4 [#1358](https://github.com/http-party/node-http-proxy/issues/1358)
• [dist] Update dependency nyc to v14 [#1367](https://github.com/http-party/node-http-proxy/issues/1367)
• [dist] Update dependency concat-stream to v2 [#1363](https://github.com/http-party/node-http-proxy/issues/1363)
• x-forwarded-host overwrite for mutli level proxies [#1267](https://github.com/http-party/node-http-proxy/issues/1267)
• [refactor doc] Complete rename to http-party org. [#1362](https://github.com/http-party/node-http-proxy/issues/1362)
• Highlight correct lines for createProxyServer [#1117](https://github.com/http-party/node-http-proxy/issues/1117)
• Fix docs for rewrite options - 201 also handled [#1147](https://github.com/http-party/node-http-proxy/issues/1147)
• Update .nyc_output [#1339](https://github.com/http-party/node-http-proxy/issues/1339)
• Configure Renovate [#1355](https://github.com/http-party/node-http-proxy/issues/1355)
• [examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded [#1264](https://github.com/http-party/node-http-proxy/issues/1264)

Commits

• [dist] New test fixtures. 7e4a0e5
• [dist] End of an era. a9b09cc
• [dist] Version bump. 1.18.0 9bbe486
• [fix] Latest versions. 59c4403
• [fix test] Update tests. dd1d08b
• [dist] Update dependency ws to v3 [SECURITY] b00911c
• [dist] .gitattributes all the things. fc93520
• [dist] Regenerate package-lock.json. 16d4f8a

1.17.0 - 2018-04-20

Merged

• Fix overwriting of global options [#1074](https://github.com/http-party/node-http-proxy/issues/1074)

... (truncated)

Commits

• 9b96cd7 1.18.1
• 335aeeb Skip sending the proxyReq event when the expect header is present (#1447)
• dba3966 Remove node6 support, add node12 to build (#1397)
• 9bbe486 [dist] Version bump. 1.18.0
• 6e4bef4 Added in auto-changelog module set to keepachangelog format (#1373)
• d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)
• 244303b Fix incorrect target name for reverse proxy example (#1135)
• b4028ba Fix modify response middleware example (#1139)
• 77a9815 [dist] Update dependency async to v3 (#1359)
• c662f9e Fix path to local http-proxy in examples. (#1072)
• Additional commits viewable in compare view

Updates morgan from 1.7.0 to 1.10.1

Release notes

Sourced from morgan's releases.

1.10.1

What's Changed

• renaming simple to sample in readme by @​ryhinchey in expressjs/morgan#237
• adding installation instructions to readme by @​ryhinchey in expressjs/morgan#233
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/morgan#291
• ci: replace travis with github actions by @​inigomarquinez in expressjs/morgan#290
• docs: add example output for log formats by @​jonchurch in expressjs/morgan#299
• ci: use ubuntu-latest by @​bjohansebas in expressjs/morgan#301
• ci: apply OSSF Scorecard security best practices by @​UlisesGascon in expressjs/morgan#300
• remove --bail by @​jonchurch in expressjs/morgan#314
• ⬆️ bump on-headers by @​ctcpip in expressjs/morgan#319

New Contributors

• @​inigomarquinez made their first contribution in expressjs/morgan#291
• @​jonchurch made their first contribution in expressjs/morgan#299
• @​bjohansebas made their first contribution in expressjs/morgan#301
• @​UlisesGascon made their first contribution in expressjs/morgan#300
• @​ctcpip made their first contribution in expressjs/morgan#319

Full Changelog: expressjs/morgan@1.10.0...1.10.1

1.10.0

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

... (truncated)

Changelog

Sourced from morgan's changelog.

1.10.1 / 2025-07-17

• deps: on-headers@~1.1.0
  • Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

1.10.0 / 2020-03-20

• Add :total-time token
• Fix trailing space in colored status code for dev format
• deps: basic-auth@~2.0.1
  • deps: safe-buffer@5.1.2
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0 / 2017-09-26

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: debug@2.6.9
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

• deps: debug@2.6.8
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0

1.8.1 / 2017-02-04

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

... (truncated)

Commits

• c1c7f10 🔖 1.10.1
• eb896c2 ⬆️ bump on-headers
• 1c3eec6 remove --bail (#314)
• b144728 ci: apply OSSF Scorecard security best practices (#300)
• 68c2d21 ci: use ubuntu-latest (#301)
• 8740a19 docs: add example output for log formats (#299)
• efd6bff ci: migra to GitHub actions (#290)
• 3b89789 ci: add support for OSSF scorecard reporting (#291)
• 19a6aa5 docs: add installation section
• b94f3ff docs: change simple to sample in example descriptions
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for morgan since your current version.

Updates on-headers from 1.0.1 to 1.1.0

Release notes

Sourced from on-headers's releases.

1.1.0

Important

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

What's Changed

• Migrate CI pipeline to GitHub actions by @​carpasse in jshttp/on-headers#12
• fix README.md badges by @​carpasse in jshttp/on-headers#13
• add OSSF scorecard action by @​carpasse in jshttp/on-headers#14
• fix: use ubuntu-latest as ci runner by @​UlisesGascon in jshttp/on-headers#19
• ci: apply OSSF Scorecard security best practices by @​UlisesGascon in jshttp/on-headers#20
• 👷 add upstream change detection by @​ctcpip in jshttp/on-headers#31
• ✨ add script to update known hashes by @​ctcpip in jshttp/on-headers#32
• 💚 update CI - add newer node versions by @​ctcpip in jshttp/on-headers#33

New Contributors

• @​carpasse made their first contribution in jshttp/on-headers#12
• @​UlisesGascon made their first contribution in jshttp/on-headers#19
• @​ctcpip made their first contribution in jshttp/on-headers#31

Full Changelog: jshttp/on-headers@v1.0.2...v1.1.0

1.0.2

• Fix res.writeHead patch missing return value

Changelog

Sourced from on-headers's changelog.

1.1.0 / 2025-07-17

• Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

1.0.2 / 2019-02-21

• Fix res.writeHead patch missing return value

Commits

• 4b017af 1.1.0
• b636f2d ♻️ refactor header array code
• 3e2c2d4 ✨ ignore falsy header keys, matching node behavior
• 172eb41 ✨ support duplicate headers
• c6e3849 🔒️ fix array handling
• 6893518 💚 update CI - add newer node versions
• 56a345d ✨ add script to update known hashes
• 175ab21 👷 add upstream change detection (#31)
• ce0b2c8 ci: apply OSSF Scorecard security best practices (#20)
• 1a38c54 fix: use ubuntu-latest as ci runner (#19)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for on-headers since your current version.

Updates open from 0.0.5 to 10.2.0

Release notes

Sourced from open's releases.

v10.2.0

• Add support for Brave browser (#362) b62b99e

---

sindresorhus/open@v10.1.2...v10.2.0

v10.1.2

• Fix detection of Windows default browser from WSL (#358) 6187a82

---

sindresorhus/open@v10.1.1...v10.1.2

v10.1.1

• Fix: Use correct bundle ID for Microsoft Edge (#356) 55537f1

---

sindresorhus/open@v10.1.0...v10.1.1

v10.1.0

• Linux: Update xdg-open to 1.2.1 (#338) c702c66

sindresorhus/open@v10.0.4...v10.1.0

v10.0.4

• Fix support for passing predefined app to openApp() (#335) d9e7422

sindresorhus/open@v10.0.3...v10.0.4

v10.0.3

• Fix target option on macOS (#332) b597dec

sindresorhus/open@v10.0.2...v10.0.3

v10.0.2

• Fix Linux compatibility 798cd93

sindresorhus/open@v10.0.1...v10.0.2

v10.0.1

• Add Windows environment variable fallback for some broken systems (#328) 8e69be4

sindresorhus/open@v10.0.0...v10.0.1

v10.0.0

Breaking

• Require Node.js 18 5628dc8

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by sindresorhus, a new releaser for open since your current version.

Updates send from 0.14.1 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

0.18.0 / 2022-03-23

• Fix emitted 416 error missing headers property
• Limit the headers removed for 304 response
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: destroy@1.2.0
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: statuses@2.0.1

0.17.2 / 2021-12-11

• pref: ignore empty http tokens
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: ms@2.1.3

0.17.1 / 2019-05-10

• Set stricter CSP header in redirect & error responses
• deps: range-parser@~1.2.1

0.17.0 / 2019-05-03

• deps: http-errors@~1.7.2
  • Set constructor name when possible
  • Use toidentifier module to make class names
  • deps: depd@~1.1.2
  • deps: setprototypeof@1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: mime@1.6.0
  • Add extensions for JPEG-2000 images
  • Add new font/* types from IANA
  • Add WASM mapping
  • Update .bdoc to application/bdoc

... (truncated)

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• b69cbb3 0.18.0
• f53edbb Limit the headers removed for 304 response
• 706d6dd docs: add security policy