build(deps): bump the npm_and_yarn group across 2 directories with 2 updates by dependabot[bot] · Pull Request #6 · NJX-njx/learning-agent

dependabot · 2025-12-01T11:02:20Z

Bumps the npm_and_yarn group with 1 update in the /backend directory: multer.
Bumps the npm_and_yarn group with 1 update in the /frontend directory: body-parser.

Updates multer from 1.4.5-lts.2 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

What's Changed

add Arabic translation for README .. by @3imed-jaberi in expressjs/multer#762

Update README.md to fix issue #1114 by @Mohamed-Abdelfattah in expressjs/multer#1169

Improved documentation translation to Spanish by @juliomontenegro in expressjs/multer#1174

Translated to french by @AlanLg in expressjs/multer#1182

Improve the Brazilian Portuguese translation by @vitorRibeiro7 in expressjs/multer#1204

doc: uzbek language by @eugene0928 in expressjs/multer#1232

Fix a mistake with README-pt-br.md by @Igor-CA in expressjs/multer#1251

Update in Readme-pt-br and fix in Readme-ko by @carlosstenzel in expressjs/multer#1252

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/multer#1260

ci: replace travis with github action by @inigomarquinez in expressjs/multer#1259

docs: improve readability by @Sreejit-Sengupto in expressjs/multer#1255

test: add test for out-of-band error event by @LinusU in expressjs/multer#1294

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/multer#1290

Documentation: remove unfortunate abbreviation from readme by @MaddyGuthridge in expressjs/multer#1299

ci: use ubuntu-latest as default runner by @UlisesGascon in expressjs/multer#1308

ci: add CodeQL (SAST) by @bjohansebas in expressjs/multer#1289

Update readme badges by @bjohansebas in expressjs/multer#1268

📝 fix changelog information by @ctcpip in expressjs/multer#1316

master -> v2 by @ctcpip in expressjs/multer#1317

chore: fix typo by @saucecodee in expressjs/multer#993

Remove --save from README by @username1001 in expressjs/multer#929

feat - update link badge in docs by @carlosstenzel in expressjs/multer#1273

ci: change branch reference by @UlisesGascon in expressjs/multer#1319

♻️ use version tag for CI, fix CI badge, fix references to master/main by @ctcpip in expressjs/multer#1324

deps: update dependencies to latest versions by @bjohansebas in expressjs/multer#1328

📝 list languages in table to prevent GH right-aligning list due to RTL language by @ctcpip in expressjs/multer#1325

[StepSecurity] Apply security best practices by @step-security-bot in expressjs/multer#1311

New Contributors

@3imed-jaberi made their first contribution in expressjs/multer#762

@Mohamed-Abdelfattah made their first contribution in expressjs/multer#1169

@juliomontenegro made their first contribution in expressjs/multer#1174

@AlanLg made their first contribution in expressjs/multer#1182

@vitorRibeiro7 made their first contribution in expressjs/multer#1204

@eugene0928 made their first contribution in expressjs/multer#1232

@Igor-CA made their first contribution in expressjs/multer#1251

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

Commits

e5db9ca 🔖 2.0.2
adfeaf6 🥅 improve error handling
e259a7e 🔖 2.0.1
35a3272 Fixes expressjs/multer#1233. Makes multer handle mi...
f897007 ci: apply security best practices (#1311)
061f4cb 📝 list languages in table to prevent GH right-aligning list due to RTL language
854d769 deps: update dependencies to latest versions (#1328)
256da2f ♻️ use version tag for CI, fix CI badge, fix references to master/main
dd9dde4 📝 fix badges in translation files (#1321)
dc2a880 ci: change branch reference
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

deps: debug@^4.4.3 by @Phillip9587 in expressjs/body-parser#642

docs: add iconv-lite 0.7.0 changes to history entry by @Phillip9587 in expressjs/body-parser#645

ci: add node.js 25 to test matrix by @Phillip9587 in expressjs/body-parser#650

perf: move read options outside parser middlewares by @Phillip9587 in expressjs/body-parser#648

test(json): add RFC 7159 whitespace edge cases by @Ayoub-Mabrouk in expressjs/body-parser#653

test: add test for urlencoded invalid defaultCharset by @Phillip9587 in expressjs/body-parser#643

build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#657

build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in expressjs/body-parser#656

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#655

build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#654

ci: also test on first supported node.js version by @Phillip9587 in expressjs/body-parser#646

chore: switch badges from badgen.net to shields.io by @Phillip9587 in expressjs/body-parser#661

Remove history.md from being packaged on publish by @bjohansebas in expressjs/body-parser#660

Release: 2.2.1 by @UlisesGascon in expressjs/body-parser#659

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
168afff ci: also test on first supported node.js version (#646)
e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
10a114d test: add test for urlencoded invalid defaultCharset (#643)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

…updates Bumps the npm_and_yarn group with 1 update in the /backend directory: [multer](https://github.com/expressjs/multer). Bumps the npm_and_yarn group with 1 update in the /frontend directory: [body-parser](https://github.com/expressjs/body-parser). Updates `multer` from 1.4.5-lts.2 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.2...v2.0.2) Updates `body-parser` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.1) --- updated-dependencies: - dependency-name: multer dependency-version: 2.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 1, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/backend/npm_and_yarn-271911850a branch from 55553e9 to beb8575 Compare December 7, 2025 07:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 2 directories with 2 updates#6

build(deps): bump the npm_and_yarn group across 2 directories with 2 updates#6
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/backend/npm_and_yarn-271911850a

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.0.2

Important

v2.0.1

Important

What's Changed

New Contributors

2.0.2

2.0.1

2.0.0

v2.2.1

Important: Security

What's Changed

2.2.1 / 2025-11-24

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading