Skip to content

chore(deps): bump the test-versions group across 3 directories with 7 updates#7371

Merged
dd-octo-sts[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-b67d6ce5e3
Jan 29, 2026
Merged

chore(deps): bump the test-versions group across 3 directories with 7 updates#7371
dd-octo-sts[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/integration-tests/appsec/iast-esbuild-cjs/test-versions-b67d6ce5e3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jan 29, 2026

Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-cjs directory: esbuild.
Bumps the test-versions group with 1 update in the /integration-tests/appsec/iast-esbuild-esm directory: esbuild.
Bumps the test-versions group with 6 updates in the /integration-tests/esbuild directory:

Package From To
express 4.21.2 4.22.1
@apollo/server 5.2.0 5.3.0
@koa/router 14.0.0 15.3.0
aws-sdk 2.1692.0 2.1693.0
axios 1.13.2 1.13.3
openai 6.9.1 6.16.0

Updates esbuild from 0.25.12 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2

  • Allow import path specifiers starting with #/ (#4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#4357, #4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#4176, #4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}
// New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.2

  • Allow import path specifiers starting with #/ (#4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#4357, #4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#4176, #4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

... (truncated)

Commits
  • cd83297 publish 0.27.2 to npm
  • 2759721 additional tests for switch with break
  • fd2b4b3 update release notes
  • c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
  • 92ff12c compat table: update @types/node
  • a35eceb compat table: fix a type error with the new types
  • f598984 fix make compat-table to install dependencies
  • f7f6df0 release notes for #4361
  • 6f8ec15 fix: allow subpath imports that start with #/ (#4361)
  • f7ae61f minify some switch statements to if-else statement
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.


Updates esbuild from 0.25.12 to 0.27.2

Release notes

Sourced from esbuild's releases.

v0.27.2

  • Allow import path specifiers starting with #/ (#4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#4357, #4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#4176, #4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}
// New output (with --minify)

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.2

  • Allow import path specifiers starting with #/ (#4361)

    Previously the specification for package.json disallowed import path specifiers starting with #/, but this restriction has recently been relaxed and support for it is being added across the JavaScript ecosystem. One use case is using it for a wildcard pattern such as mapping #/* to ./src/* (previously you had to use another character such as #_* instead, which was more confusing). There is some more context in nodejs/node#49182.

    This change was contributed by @​hybrist.

  • Automatically add the -webkit-mask prefix (#4357, #4358)

    This release automatically adds the -webkit- vendor prefix for the mask CSS shorthand property:

    /* Original code */
main {
  mask: url(x.png) center/5rem no-repeat
}
/* Old output (with --target=chrome110) */
main {
mask: url(x.png) center/5rem no-repeat;
}
/* New output (with --target=chrome110) */
main {
-webkit-mask: url(x.png) center/5rem no-repeat;
mask: url(x.png) center/5rem no-repeat;
}

    This change was contributed by @​BPJEnnova.

  • Additional minification of switch statements (#4176, #4359)

    This release contains additional minification patterns for reducing switch statements. Here is an example:

    // Original code
switch (x) {
  case 0:
    foo()
    break
  case 1:
  default:
    bar()
}
// Old output (with --minify)
switch(x){case 0:foo();break;case 1:default:bar()}

... (truncated)

Commits
  • cd83297 publish 0.27.2 to npm
  • 2759721 additional tests for switch with break
  • fd2b4b3 update release notes
  • c8d93a7 fix #4357: -webkit- prefix for mask shorthand (#4358)
  • 92ff12c compat table: update @types/node
  • a35eceb compat table: fix a type error with the new types
  • f598984 fix make compat-table to install dependencies
  • f7f6df0 release notes for #4361
  • 6f8ec15 fix: allow subpath imports that start with #/ (#4361)
  • f7ae61f minify some switch statements to if-else statement
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.


Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Commits

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Commits

Updates @apollo/server from 5.2.0 to 5.3.0

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.3.0

Patch Changes

@​apollo/server@​5.3.0

Minor Changes

  • #8062 8e54e58 Thanks @​cristunaranjo! - Allow configuration of graphql execution options (maxCoercionErrors)

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  executionOptions: {
    maxCoercionErrors: 50,
  },
});

  • #8014 26320bc Thanks @​mo4islona! - Expose graphql validation options.

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  validationOptions: {
    maxErrors: 10,
  },
});
Changelog

Sourced from @​apollo/server's changelog.

5.3.0

Minor Changes

  • #8062 8e54e58 Thanks @​cristunaranjo! - Allow configuration of graphql execution options (maxCoercionErrors)

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  executionOptions: {
    maxCoercionErrors: 50,
  },
});

  • #8014 26320bc Thanks @​mo4islona! - Expose graphql validation options.

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  validationOptions: {
    maxErrors: 10,
  },
});
Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​apollo/server since your current version.


Updates @koa/router from 14.0.0 to 15.3.0

Release notes

Sourced from @​koa/router's releases.

v15.3.0

  • chore: bump deps 68c4b7f
  • fix #219 + add types test which help to detect regression 6b58814

koajs/router@v15.2.0...v15.3.0

v15.2.0

  • feat: add new utility that help to valdiate route params and/or migrate from previous versions to v14+ ae0e55d

koajs/router@v15.1.2...v15.2.0

v15.1.2

  • chore: add build stage for all test runner script 201be7a
  • fix: fix #216 issue 0b14992

koajs/router@v15.1.1...v15.1.2

v15.1.1

  • chore: make the logic simpler a62d94d
  • bump deps 0bc25a1
  • fix: Make types compatible with Koa Middleware 6e9ce90

koajs/router@v15.1.0...v15.1.1

v15.1.0

  • fix all any types in the code + enhance the end user types (full type-safe) + fix some potential bugs + refine code structure 67b4183
  • fix: fix .use() middleware with no path params is a global match 0f27fa9
  • fix: router constructor exports on cjs 3107163
  • chore: bump deps f1af263
  • chore(deps): bump jws from 3.2.2 to 3.2.3 964f482

koajs/router@v15.0.0...v15.1.0

v15.0.0

  • chore: add full migration guide to v15 91a0ce2
  • feat: re-writing in TS + fix all reported bugs + add all effective enhancments + rock to v15 d53e17f
  • Revert "Fix: Ensure .use() middleware works when path or prefix contains para…" (#204) e64b164
  • Fix: Ensure .use() middleware works when path or prefix contains parameters (#203) 3ca5aa6

Check the full docs here, and the full migration here!

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by 3imed-jaberi, a new releaser for @​koa/router since your current version.


Updates aws-sdk from 2.1692.0 to 2.1693.0

Release notes

Sourced from aws-sdk's releases.

Release v2.1693.0

See changelog for more information.

Commits

Updates axios from 1.13.2 to 1.13.3

Release notes

Sourced from axios's releases.

Release v1.13.3

Release notes:

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • ab06109 chore(release): v1.13.3 (#7335)
  • 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
  • cb49a6f chore(sponsor): update sponsor block (#7330)
  • d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
  • 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
  • 7373fbf fix: main field in package.json should correspond to cjs artifacts (#5756)
  • 8d1271b fix(types): add handlers to AxiosInterceptorManager interface (#5551)
  • f869434 docs: refresh CDN URLs and example JSON headers (#7236)
  • 46db331 doc: update deprecated var usage in documentation examples (#7246)
  • d6bbb3d docs: add async/await timeout handling example (#7250)
  • Additional commits viewable in compare view

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-octo-sts dd-octo-sts[bot] dd-octo-sts[bot] approved these changes

Assignees

No one assigned

Labels

dependabot dependencies javascript Pull requests that update javascript code semver-patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants