Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: express, mongodb, mongoose and ws.

Updates express from 4.18.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates mongodb from 6.5.0 to 6.6.0

Release notes

Sourced from mongodb's releases.

v6.6.0

6.6.0 (2024-05-02)

The MongoDB Node.js team is pleased to announce version 6.6.0 of the mongodb package!

Release Notes

Aggregation pipelines can now add stages manually

When creating an aggregation pipeline cursor, a new generic method addStage() has been added in the fluid API for users to add aggregation pipeline stages in a general manner.

const documents = await users.aggregate().addStage({ $project: { name: true } }).toArray();

Thank you @​prenaissance for contributing this feature!

cause and package name included for MongoMissingDependencyErrors

MongoMissingDependencyErrors now include a cause and a dependencyName field, which can be used to programmatically determine which package is missing and why the driver failed to load it.

For example:

MongoMissingDependencyError: The iHateJavascript module does not exist
    at findOne (mongodb/main.js:7:11)
    at Object.<anonymous> (mongodb/main.js:14:1)
    ... 3 lines matching cause stack trace ...
    at Module._load (node:internal/modules/cjs/loader:1021:12) {
  dependencyName: 'iHateJavascript',
  [Symbol(errorLabels)]: Set(0) {},
  [cause]: Error: Cannot find module 'iHateJavascript'
  Require stack:
  - mongodb/main.js
      at require (node:internal/modules/helpers:179:18)
      at findOne (mongodb/main.js:5:5)
      at Object.<anonymous> (mongodb/main.js:14:1) {
    code: 'MODULE_NOT_FOUND',
    requireStack: [ 'mongodb/main.js' ]
  }
}

ServerDescription Round Trip Time (RTT) measurement changes

(1) ServerDescription.roundTripTime is now a moving average

... (truncated)

Changelog

Sourced from mongodb's changelog.

6.6.0 (2024-05-02)

Features

• NODE-3639: add a general stage to the aggregation pipeline builder (#4079) (8fca1aa)
• NODE-5678: add options parsing support for timeoutMS and defaultTimeoutMS (#4068) (ddd1e81)
• NODE-5762: include cause and package name for all MongoMissingDependencyErrors (#4067) (62ea94b)
• NODE-5825: add minRoundTripTime to ServerDescription and change roundTripTime to a moving average (#4059) (0e3d6ea)
• NODE-5919: support new type option in create search index helpers (#4060) (3598c23)
• NODE-6020: upgrade BSON to ^6.5.0 (#4035) (8ab2055)

Bug Fixes

• NODE-3681: Typescript error in Collection.findOneAndModify UpdateFilter $currentDate (#4047) (a8670a7)
• NODE-5530: make topology descriptions JSON stringifiable (#4070) (3a0e011)
• NODE-5745: ignore Read/Write Concern in Atlas Search Index Helpers (#4042) (67d7bab)
• NODE-5925: driver throws error when non-read operation in a transaction has a ReadPreferenceMode other than 'primary' (#4075) (39fc198)
• NODE-5971: attach v to createIndexes command when version is specified (#4043) (1879a04)
• NODE-5999: Change TopologyDescription.error type to MongoError (#4028) (30432e8)
• NODE-6019: indexExists always returns false when full is set to true (#4034) (0ebc1ac)
• NODE-6029: update types for collection listing indexes (#4072) (232bf3c)
• NODE-6051: only provide expected allowed keys to libmongocrypt after fetching aws kms credentials (#4057) (c604e74)
• NODE-6066: ClusterTime.signature can be undefined (#4069) (ce55ca9)

Performance Improvements

• NODE-6127: move error construction into setTimeout callback (#4094) (6abc074)

Commits

• ec4c85d chore(main): release 6.6.0 [skip-ci] (#4037)
• 7f191cf deps(NODE-6149): use bson 6.7.0 (#4099)
• cc4c874 refactor(NODE-6146): put cursor response back under a flag (#4098)
• 9d73f45 refactor(NODE-6057): implement CursorResponse for lazy document parsing (#4085)
• 6d8ad33 test(NODE-5610): unskip uri invalid port (zero) with hostname/IP literal test...
• ca2bfb0 test(NODE-6052): support assertions on topologyDescriptionChanged in expectEv...
• 6abc074 perf(NODE-6127): move error construction into setTimeout callback (#4094)
• 3598c23 feat(NODE-5919): support new type option in create search index helpers (#4...
• 4a62ec6 test(NODE-6084 ): add search indexes prose test 6 (#4091)
• eece8c1 chore(NODE-5794): add reporting for individual parallel benchmarks (#4092)
• Additional commits viewable in compare view

Updates mongoose from 6.10.0 to 6.11.3

Release notes

Sourced from mongoose's releases.

6.10.1 / 2023-03-03

• fix: avoid removing empty query filters in $and and $or #13086 #12898
• fix(schematype): fixed validation for required UUID field #13018 lpizzinidev
• fix(types): add missing Paths generic param to Model.populate() #13070
• docs(migrating_to_6): added info about removal of reconnectTries and reconnectInterval options #13083 lpizzinidev
• docs: fix code in headers for migrating_to_5 #13077 hasezoey
• docs: backport misc documentation changes into 6.x #13091 hasezoey

Changelog

Sourced from mongoose's changelog.

6.11.3 / 2023-07-11

• fix: avoid prototype pollution on init
• fix(schema): correctly handle uuids with populate() #13317 #13595

7.3.3 / 2023-07-10

• fix: avoid prototype pollution on init
• fix(document): clean up all array subdocument modified paths on save() #13589 #13582
• types: avoid unnecessary MergeType<> if TOverrides not set, clean up statics and insertMany() type issues #13577 #13529

7.3.2 / 2023-07-06

• fix(model): avoid TypeError if insertMany() fails with error that does not have writeErrors property #13579 #13531
• fix(query): convert findOneAndUpdate to findOneAndReplace when overwrite set for backwards compat with Mongoose 6 #13572 #13550
• fix(query): throw readable error when executing a Query instance without an associated model #13571 #13570
• types: support mongoose.Schema.ObjectId as alias for mongoose.Schema.Types.ObjectId #13543 #13534
• docs(connections): clarify that socketTimeoutMS now defaults to 0 #13576 #13537
• docs(migrating_to_7): add mapReduce() removal to migration guide #13568 #13548
• docs(schemas): fix typo in schemas.md #13540 Metehan-Altuntekin

7.3.1 / 2023-06-21

• fix(query): respect query-level strict option on findOneAndReplace() #13516 #13507
• docs(connections): expand docs on serverSelectionTimeoutMS #13533 #12967
• docs: add example of accessing save options in pre save #13498
• docs(connections+faq): add info on localhost vs 127.0.0.1
• docs(SchemaType): validate members are validator & message (not msg) #13521 lorand-horvath

7.3.0 / 2023-06-14

• feat: upgrade mongodb -> 5.6.0 #13455 lorand-horvath
• feat(aggregate): add Aggregate.prototype.finally() to be consistent with Promise API for TypeScript #13509
• feat(schema): support selecting subset of fields to apply optimistic concurrency to #13506 #10591
• feat(model): add ordered option to Model.create() #13472 #4038
• feat(schema): consistently add .get() function to all SchemaType classes
• feat(populate): pass virtual to match function to allow merging match options #13477 #12443
• types: allow overwriting Paths in select() to tell TypeScript which fields are projected #13478 #13224
• types(schema): add validateModifiedOnly as schema option #13503 #10153
• docs: add note about validateModifiedOnly as a schema option #13503 #10153
• docs(migrating_to_7): update migrating_to_7.md to include Model.countDocuments #13508 Climax777
• docs(further_reading): remove style for "img" hasezoey

7.2.4 / 2023-06-12

• fix(query): handle non-string discriminator key values in query #13496 #13492

7.2.3 / 2023-06-09

• fix(model): ignore falsy last argument to create() for backwards compatibility #13493 #13491 #13487 MohOraby

... (truncated)

Commits

• e9eb8ab chore: release 6.11.3
• 688da8f test: fix flakey tests, remove test for #9597 because it affects global state...
• 4f264a8 test: fix tests re: #13317
• 9616af7 fix(schema): correctly handle uuids with populate()
• 305ce4f fix: avoid prototype pollution on init
• 35e59eb docs: link to migrating to 6 in 6.x docs
• a28933e chore: release 6.11.2
• 3a6b0dd chore: use deno v1.34 in test for MMS HTTP issues
• f7c6d3e Merge pull request #13476 from Automattic/vkarpov15/gh-13453
• 5552107 fix(cursor): allow find middleware to modify query cursor options
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.