deps: bump the production-dependencies group with 32 updates

[dependabot]

Bumps the production-dependencies group with 32 updates:

Package	From	To
figlet	1.5.2	1.11.0
eslint-plugin-import	2.29.1	2.32.0
axios	1.8.4	1.14.0
jsonwebtoken	9.0.0	9.0.3
lodash	4.17.21	4.18.1
rimraf	6.0.1	6.1.3
winston	3.13.1	3.19.0
cors	2.8.5	2.8.6
aws-sdk	2.1677.0	2.1693.0
handlebars	4.7.7	4.7.9
sanitize-filename	1.6.3	1.6.4
formik	2.2.9	2.4.9
@radix-ui/react-checkbox	1.1.2	1.3.3
@radix-ui/react-collapsible	1.1.1	1.1.12
@radix-ui/react-progress	1.1.0	1.1.8
@radix-ui/react-switch	1.1.1	1.2.6
@radix-ui/react-tabs	1.1.1	1.1.13
@radix-ui/react-toggle	1.1.0	1.1.10
@radix-ui/react-toggle-group	1.1.0	1.1.11
@tanstack/react-query	5.29.0	5.95.2
currency-codes	2.1.0	2.2.0
jsesc	3.0.2	3.1.0
mobx	6.12.3	6.15.0
next-themes	0.3.0	0.4.6
pigeon-maps	0.21.3	0.22.1
react-icons	5.3.0	5.6.0
usehooks-ts	3.1.0	3.1.1
@formatjs/intl-localematcher	0.4.2	0.8.2
@radix-ui/react-hover-card	1.1.6	1.1.15
@radix-ui/react-toast	1.2.6	1.2.15
next-runtime-env	3.2.1	3.3.0
react-hook-form	7.54.2	7.72.0

Updates figlet from 1.5.2 to 1.11.0

Release notes

Sourced from figlet's releases.

v1.11.0

Added Future Thin and Future Smooth fonts.

v1.10.0

• Added the fonts: Classy, Coder Mini, and Font Font.
• Renamed "ANSI-Compact" to "ANSI Compact" (with backward compatibility).
• Fixed the "U" characters in the "Isometric 4" font.

v1.9.4

• Added the ANSI-Compact font
• Some adjustments for older versions of Node (patorjk/figlet.js#146)

v1.9.3

• Type fix for figlet module base call (when calling figlet as shorthand for figlet.text)

v1.9.2

• Fixed types for TypeScript when run with Node.js.

v1.9.1

Wrapped the structuredClone call in an if statement for older versions of node.

v1.9.0

• Refactored library to use TypeScript and to use modern tooling (instead of grunt, this project now uses vite).
• Ensured support for both ES modules and CommonJS modules.
• Added support for Toilet fonts:
  • ASCII 12
  • ASCII 9
  • Big ASCII 12
  • Big ASCII 9
  • Big Mono 12
  • Big Mono 9
  • Circle
  • Emboss
  • Emboss 2
  • Future
  • Letter
  • Mono 12
  • Mono 9
  • Pagga
  • Rebel
  • Small ASCII 12
  • Small ASCII 9
  • Small Block
  • Small Mono 12
  • Small Mono 9
  • Tmplr
  • WideTerm
• Added these other new fonts:
  • Babyface Lame
  • Babyface Leet

... (truncated)

Commits

• 58f240c Update README.md typo
• 3c703d4 1.11.0
• 72e5759 remove blank line
• c3af4a3 adjustments
• c75c510 Updated README
• bd5cefd Merge pull request #151 from patorjk/dependabot/npm_and_yarn/rollup-4.59.0
• 640fd85 Merge pull request #148 from patorjk/dependabot/npm_and_yarn/lodash-4.17.23
• 5edfa4e Bump rollup from 4.46.2 to 4.59.0
• e055a07 Merge pull request #150 from twocaretcat/feat/add-future-thin-font
• 3959e79 Merge branch 'main' into feat/add-future-thin-font
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates eslint-plugin-import from 2.29.1 to 2.32.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.32.0

Added

• add enforce-node-protocol-usage rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
• add TypeScript types (#3097, thanks [@​G-Rath])
• extensions: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
• [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
• [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
• [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

• [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
• configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
• [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
• [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
• enforce-node-protocol-usage: avoid a crash with some TS code (#3173, thanks [@​ljharb])
• [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

• [Docs] extensions, [order]: improve documentation (#3106, thanks [@​Xunnamius])
• [Docs] add flat config guide for using tseslint.config() (#3125, thanks [@​lnuvy])
• [Docs] add missing comma (#3122, thanks [@​RyanGst])
• [readme] Update flatConfig example to include typescript config (#3138, thanks [@​intellix])
• [Refactor] [order]: remove unnecessary negative check (#3167, thanks [@​JounQin])
• [Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@​albertpastrana])
• [Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@​greim])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.32.0] - 2025-06-20

Added

• add [enforce-node-protocol-usage] rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
• add TypeScript types (#3097, thanks [@​G-Rath])
• [extensions]: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
• [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
• [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
• [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

• [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
• configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
• [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
• [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
• [enforce-node-protocol-usage]: avoid a crash with some TS code (#3173, thanks [@​ljharb])
• [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

• [Docs] [extensions], [order]: improve documentation (#3106, thanks [@​Xunnamius])
• [Docs] add flat config guide for using tseslint.config() (#3125, thanks [@​lnuvy])
• [Docs] add missing comma (#3122, thanks [@​RyanGst])
• [readme] Update flatConfig example to include typescript config (#3138, thanks [@​intellix])
• [Refactor] [order]: remove unnecessary negative check (#3167, thanks [@​JounQin])
• [Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@​albertpastrana])
• [Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@​greim])

[2.31.0] - 2024-10-03

Added

• support eslint v9 (#2996, thanks [@​G-Rath] [@​michaelfaith])
• [order]: allow validating named imports (#3043, thanks [@​manuth])
• [extensions]: add the checkTypeImports option (#2817, thanks [@​phryneas])

Fixed

• ExportMap / flat config: include languageOptions in context (#3052, thanks [@​michaelfaith])
• [no-named-as-default]: Allow using an identifier if the export is both a named and a default export (#3032, thanks [@​akwodkiewicz])
• [export]: False positive for exported overloaded functions in TS (#3065, thanks [@​liuxingbaoyu])
• exportMap: export map cache is tainted by unreliable parse results (#3062, thanks [@​michaelfaith])
• exportMap: improve cacheKey when using flat config (#3072, thanks [@​michaelfaith])
• adjust "is source type module" checks for flat config (#2996, thanks [@​G-Rath])

Changed

• [Docs] [no-relative-packages]: fix typo (#3066, thanks [@​joshuaobrien])
• [Performance] [no-cycle]: dont scc for each linted file (#3068, thanks [@​soryy708])
• [Docs] [no-cycle]: add disableScc to docs (#3070, thanks [@​soryy708])
• [Tests] use re-exported RuleTester (#3071, thanks [@​G-Rath])
• [Docs] [no-restricted-paths]: fix grammar (#3073, thanks [@​unbeauvoyage])
• [Tests] [no-default-export], [no-named-export]: add test case (thanks [@​G-Rath])

... (truncated)

Commits

• 01c9eb0 v2.32.0
• ae57cc1 [Deps] update array-includes, array.prototype.findlastindex, `eslint-modu...
• 9e1ad6b [Fix] order: codify invariants from docs into config schema
• f017790 [Docs] no-restricted-paths: clarify wording and fix errors
• 7d83a57 [Docs] no-unused-modules: add missing double quote
• 519eb94 [utils] v2.12.1
• 71ad145 [actions] split out tests into new vs old eslint
• 9b096c4 [utils] [dev deps] update @arethetypeswrong/cli, @ljharb/tsconfig, `@type...
• da5f6ec [Fix] enforce-node-protocol-usage: avoid a crash with some TS code
• 6e49a58 [Refactor] order: remove unnecessary negative check
• Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

• Runtime Features: No new end-user features were introduced in this release.
• Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

• Headers: Trim trailing CRLF in normalised header values. (#7456)
• HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
• Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
• Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
• CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

• Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
• Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
• Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
• Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​aviu16 (#7456)
• @​NETIZEN-11 (#7460)
• @​fedotov (#7457)
• @​nthbotast (#7478)
• @​veeceey (#7398)
• @​penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

• Environment Compatibility:
  • Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 46bee3d chore(release): prepare release 1.14.0 (#10563)
• 518aff5 chore: add AI Moderator workflow for spam detection (#10551)
• b7dfda3 chore(sponsor): update sponsor block (#10557)
• 9aa34d5 fix: updated release flow to match the current flows (#10562)
• e9e5ebe Update packages to latest version (#10556)
• 4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
• 3a6f5c1 chore(deps-dev): bump @​babel/preset-env (#7531)
• bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
• d6dcbfd fix: dependabot uses the correct labels (#7530)
• 5dd7ba7 chore: upgrade to latest ts (#7522)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates jsonwebtoken from 9.0.0 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

• updates jws version to 4.0.1.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

Commits

• ed59e76 chore: bump jws to 4.0.1 (#1007)
• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.18.1

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Updates rimraf from 6.0.1 to 6.1.3

Changelog

Sourced from rimraf's changelog.

6.1

• Move to native fs/promises usage instead of promisifying manually.

6.0

• Drop support for nodes before v20
• Add --version to CLI

5.0

• No default export, only named exports

4.4

• Provide Dirent or Stats object as second argument to filter

4.3

• Return boolean indicating whether the path was fully removed
• Add filter option
• bin: add --verbose, -v to print files as they are deleted
• bin: add --no-verbose, -V to not print files as they are deleted
• bin: add -i --interactive to be prompted on each deletion
• bin: add -I --no-interactive to not be prompted on each deletion
• 4.3.1 Fixed inappropriately following symbolic links to directories

v4.2

• Brought back glob support, using the new and improved glob v9

v4.1

• Improved hybrid module with no need to look at the .default dangly bit. .default preserved as a reference to rimraf for compatibility with anyone who came to rely on it in v4.0.
• Accept and ignore -rf and -fr arguments to the bin.

v4.0

• Remove glob dependency entirely. This library now only accepts actual file and folder names to delete.
• Accept array of paths or single path.
• Windows performance and reliability improved.
• All strategies separated into explicitly exported methods.
• Drop support for Node.js below version 14
• rewrite in TypeScript

... (truncated)

Commits

• f738c78 6.1.3
• a164a85 update deps
• 4635ba7 update deps
• 509c53f limit ci workflow permissions
• 68ce04f formatting
• 37680c5 add warning to not pass untrusted input to this method ever
• 786563d remove contributing doc, already covered by .github repo
• dbeef73 contributing
• 84d27af update workflows and standard project junk
• cd45498 6.1.2
• Additional commits viewable in compare view

Updates winston from 3.13.1 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

• Run npm audit fix e7ccdc4
• Don&#39;t include jest.config.js in npm package 5a63c8c
• fix: append error cause when using logger.child() (#2467) e74a7ae
• Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
• fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
• Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
• Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
• Bump actions/checkout from 4 to 6 (#2593) dd7906e
• chore: migrate test runner from mocha to jest (#2567) 2e9eb18

---

winstonjs/winston@v3.18.3...v3.19.0

v3.18.3

• Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

---

winstonjs/winston@v3.18.2...v3.18.3

v3.18.2

• Bump diagnostics package to resolve #2583 (again) f4582c3

---

winstonjs/winston@v3.18.1...v3.18.2

v3.18.1

• Bump diagnostics package to resolve #2583 e668c2c

---

winstonjs/winston@v3.18.0...v3.18.1

v3.18.0

• Update diagnostics package to latest version to remove vulnerability 376e331
• add @​initd.sg/winston-cloudwatch (#2532) 71ee92a
• Update transports.md (#2549) 3547a95
• docs: update transport.md (#2550) dc88db0
• feat: adds helper function for highest log level (#2514) c69cdb0

---

winstonjs/winston@v3.17.0...v3.18.0

v3.17.0

• Try winston-transport 4.9.0 3e87128
• Revert "Try bumping winston-transport to 4.8.0" 69625fc

... (truncated)

Commits

• ed45345 3.19.0
• e7ccdc4 Run npm audit fix
• 5a63c8c Don't include jest.config.js in npm package
• e74a7ae fix: append error cause when using logger.child() (#2467)
• 8a956fd Bump rimraf from 5.0.1 to 5.0.10 (#2517)
• 86c890f fix: ensure File transport flushes all data before emitting finish (#2594)
• 3b8be02 Bump actions/setup-node from 4 to 6 (#2589)
• f4c3e2c Bump @​babel/core from 7.28.0 to 7.28.5 (#2591)
• dd7906e Bump actions/checkout from 4 to 6 (#2593)
• 2e9eb18 chore: migrate test runner from mocha to jest (#2567)
• Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

• Build: Node.js@12.16 and Node.js.13.12 by @​smondal in expressjs/cors#189
• Update README.md for origin function callback parameters by @​dstudzinski in expressjs/cors#180
• Suggest passing false for disallowed domains, not erroring by @​shackpank in expressjs/cors#175
• Changed the term whitelist to allowlist in Documentation by @​jkasun in expressjs/cors#200
• Fix typo in README by @​alex-grover in expressjs/cors#207
• Added new link & website in the README by @​manjunath00 in expressjs/cors#269
• Fix functions call with extra parameter by @​LuisEGR in expressjs/cors#245
• 🐛 Fix readme status badge by @​homersimpsons in expressjs/cors#306
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/cors#321
• ci: fix errors in ci github action for node 8 by @​inigomarquinez in expressjs/cors#322
• test: improved test robustness by @​Alex-GF in expressjs/cors#320
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/cors#341
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/cors#340
• docs: remove broken link to demo site by @​dpopp07 in expressjs/cors#344
• OSSF Scorecard recommendations by @​UlisesGascon in expressjs/cors#350
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @​dependabot[bot] in expressjs/cors#351
• build(deps): bump coverallsapp/...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.