Skip to content

Bump the major-updates group with 5 updates#299

Closed
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-major-updates-7e2388b2fa
Closed

Bump the major-updates group with 5 updates#299
dependabot[bot] wants to merge 1 commit intotestfrom
dependabot-npm_and_yarn-test-major-updates-7e2388b2fa

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the major-updates group with 5 updates:

Package From To
express 4.22.1 5.2.1
chai 4.5.0 6.2.2
chai-http 4.4.0 5.1.2
eslint 9.39.1 10.1.0
nyc 17.1.0 18.0.0

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates chai from 4.5.0 to 6.2.2

Release notes

Sourced from chai's releases.

v6.2.2

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.1...v6.2.2

v6.2.1

What's Changed

New Contributors

Full Changelog: chaijs/chai@v6.2.0...v6.2.1

... (truncated)

Commits
  • 814172d chore(deps): update dependency esbuild to v0.27.2 (#1759)
  • b38c22b chore: add legal-comments=none option (#1756)
  • 180d4cc chore(deps): update dependencies to v9.39.2 (#1757)
  • 678cd00 chore(deps): update dependencies (#1755)
  • c8fb100 chore(deps): update dependency prettier to v3.7.3 (#1754)
  • d63c74e chore(deps): update dependency eslint-plugin-jsdoc to v61.4.1 (#1751)
  • 243bf86 fix: avoid BigInt literal in closeTo for runtime compat (#1748)
  • d8b0395 chore(deps): update actions/checkout action to v6 (#1749)
  • 7e1e247 build(deps): bump glob from 10.4.5 to 10.5.0 (#1747)
  • b25e5d8 chore(deps): update dependency eslint-plugin-jsdoc to v61.2.1 (#1746)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for chai since your current version.


Updates chai-http from 4.4.0 to 5.1.2

Release notes

Sourced from chai-http's releases.

5.1.2

What's Changed

New Contributors

Full Changelog: chaijs/chai-http@5.1.1...5.1.2

5.1.1

What's Changed

Full Changelog: chaijs/chai-http@5.1.0...5.1.1

5.1.0

What's Changed

New Contributors

Full Changelog: chaijs/chai-http@5.0.0...5.1.0

5.0.0

What's Changed

... (truncated)

Commits

Updates eslint from 9.39.1 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

  • ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
  • 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

  • 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
  • e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

  • b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
  • 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
  • 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
  • 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
  • e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
  • 7f10d84 docs: Update README (GitHub Actions Bot)
  • aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
  • a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

  • a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
  • 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
  • c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
  • cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
  • 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
  • f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
  • dbb4c95 chore: remove trunk (#20478) (sethamus)
  • c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
  • c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
  • 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
  • 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
  • 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
  • f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

v10.0.3

Bug Fixes

  • e511b58 fix: update eslint (#20595) (renovate[bot])
  • f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
  • ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

  • 9fc31b0 docs: Update README (GitHub Actions Bot)
  • 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
  • 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
  • 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
  • 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
  • e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

  • ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)

... (truncated)

Commits

Updates nyc from 17.1.0 to 18.0.0

Release notes

Sourced from nyc's releases.

nyc: v18.0.0

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

  • deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

  • deps: update dependencies pulling in old glob (#1612) (0707729)
Changelog

Sourced from nyc's changelog.

18.0.0 (2026-02-22)

⚠ BREAKING CHANGES

  • deps: transitive dependencies now require node 20 || >=22.

Bug Fixes

  • deps: update dependencies pulling in old glob (#1612) (0707729)
Commits
  • 3ce6d97 chore(main): release nyc 18.0.0 (#1613)
  • b9f6781 build: publication is now manual again due to changes in tokens
  • 0707729 fix(deps)!: update dependencies pulling in old glob (#1612)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the major-updates group with 5 updates
328cc08 
Bumps the major-updates group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.22.1` | `5.2.1` |
| [chai](https://github.com/chaijs/chai) | `4.5.0` | `6.2.2` |
| [chai-http](https://github.com/chaijs/chai-http) | `4.4.0` | `5.1.2` |
| [eslint](https://github.com/eslint/eslint) | `9.39.1` | `10.1.0` |
| [nyc](https://github.com/istanbuljs/nyc) | `17.1.0` | `18.0.0` |


Updates `express` from 4.22.1 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.1...v5.2.1)

Updates `chai` from 4.5.0 to 6.2.2
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](chaijs/chai@v4.5.0...v6.2.2)

Updates `chai-http` from 4.4.0 to 5.1.2
- [Release notes](https://github.com/chaijs/chai-http/releases)
- [Changelog](https://github.com/chaijs/chai-http/blob/main/History.md)
- [Commits](chaijs/chai-http@4.4.0...5.1.2)

Updates `eslint` from 9.39.1 to 10.1.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v9.39.1...v10.1.0)

Updates `nyc` from 17.1.0 to 18.0.0
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/main/CHANGELOG.md)
- [Commits](istanbuljs/nyc@nyc-v17.1.0...nyc-v18.0.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: chai
  dependency-version: 6.2.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: chai-http
  dependency-version: 5.1.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: eslint
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: nyc
  dependency-version: 18.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 1, 2026 21:58
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Apr 1, 2026
@aatuny aatuny closed this Apr 7, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 7, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot-npm_and_yarn-test-major-updates-7e2388b2fa branch April 7, 2026 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aatuny