Commit log

de7def3 ci: fix the propagation of TEST_USER_GITHUB

Click to expand commit body 
A typo in the reference to the repository-level `TEST_USER_GITHUB`
variable was causing export tests under //bridge/github to be skipped.
This change resolves this issue.

Change-Id: Ia1ad61e54e305bb073efc6853738d3eed81d576c

sudoforge created

6ee47b9 feat(webui): remark upgrade + gfm + syntax highlighting (#1444)

Click to expand commit body 
* upgrades remark/rehype/unified npm packages, and reconfigures
everything for 2025
* `Label` can now be made inline, which fixes a react hydration error on
the bug page
* new remark plugins for GFM, hard line breaks & syntax highlighting

Jonathan Raphaelson created

948dd34 build(web): upgrade graphql-codegen and tools (#1443)

Jonathan Raphaelson created

89b880b feat(dev-infra)!: remove gokart (#1441)

Click to expand commit body 
This change removes `gokart` because it is unmaintained, and the
`replace` directive breaks `go install`.

Change-Id: I17ec23cc90abecbae20c4adaf6be46cf507645ec

sudoforge created

6811472 fix(dev-infra): re-enable markdown formatting (#1439)

Click to expand commit body 
This was disabled while debugging prettier vs. mdformat interactions
through treefmt, and accidentally committed in
08ffc2b82919b9254cc59c97756c546a508b4f73.

Change-Id: I14ebc1d0edf6ed755ad15b6ba58b6d9c6f5519f5

sudoforge created

08ffc2b feat(dev-infra): enable formatting of //webui (#1429)

Click to expand commit body 
This change enables prettier, and enables formatting of //webui.

Change-Id: I2516459649bf6c19a8dc495d3a4d915a6a881b39

sudoforge created

62bc7eb build(web): generate the web bundle for the go binary (#1428)

Click to expand commit body 
Recent changes were made to //webui, but the bundle was not updated.
This was missed because it was not validated in CI. This change runs
`make pack-webui` in order to generate this bundle.

Change-Id: I63ccad91c7edb381813db684ac65f83aa7c048fc

sudoforge created

b3a3f57 feat(dev-infra): add initial //:.mailmap (#1426)

Click to expand commit body 
This change adds //.mailmap initialized with mappings for duplicate
names and email addresses found in the repository archive. When a
duplicate was found, the name and email were chosen preferring the
longest name for the author, and the most practical email address (e.g.
if an obvious personal and professional email address existed, the
personal address was chosen).

Duplicate names were found with the following command:

    git shortlog -se |\
awk 'match($0, /[0-9]+[ \t]+(.*)[ \t]+<.*>/, m) { print m[1] }' |\
        sort |\
        uniq -d

Duplicate email addresses were found with the following command:

    git shortlog -se |\
awk 'match($0, /<[^>]+>/) { print substr($0, RSTART+1, RLENGTH-2) }' |\
        sort |\
        uniq -d

Change-Id: Ie0280ee336098c080cf5af8062dae20cb7a41e8e

sudoforge created

7e95b16 feat(web): simplify header navigation (#1427)

Click to expand commit body 
* removes the tabbed navigation completely
* makes it possible to see the custom name of the repository


tabs (and really all not "main" nav) were not in use and the features
may not work the same way in the future, so rather than redesigning, the
whole tab bare was removed.

for the custom name, if it's `__default`, the the default `git-bug` text
is displayed; otherwise, the name of the repo.

Jonathan Raphaelson created

13b7aec build(web): upgrade react dependencies (#1425)

Click to expand commit body 
* upgrades react from v18->v19, the latest
* upgrades react router from v6->v7, the latest
* removes `react-moment`, which is not updated for react 19
* replace the trivial usages of the `<Moment>` component with a new one

Jonathan Raphaelson created

407e513 feat(changelog): add initial changelog (#1415)

Click to expand commit body 
This change adds //:CHANGELOG.md initialized with all current and prior
releases. The changelog is generated with the following command:

    git cliff -o CHANGELOG.md 0.1.0..v0.9.0

Change-Id: Iad09675d882c8fa7c135acb7224d3a07a35b1169

sudoforge created

9942337 docs(bridge): correct command used to create a new bridge (#1422)

Mischa created

0cff651 build(web): upgrade minor NPM dependencies, and React to v18 (#1421)

Click to expand commit body 
upgrades outdate npm dependencies to latest minor versions compatible
with each other, in prep for larger upgrades to bring up to date.

of note, React 17->18 drops the react-dom library and required some
mechanical changes due to apollo client errors no longer being
renderable.

---

screenshot to show application still running after upgrades

![Screenshot 2025-05-14 at 10 00
27 PM](https://github.com/user-attachments/assets/82257a5f-aefb-4fdb-8bc8-a5da12eceaaa)

Jonathan Raphaelson created

bd93665 docs(dev-infra): improve commit message guidelines (#1417)

Click to expand commit body 
This change provides more clarity as to the type and scope requirements,
and adds in additional information with regard to hyperlinks,
appropriate trailers to
use in the footer, and clarifies the difference between our requirements
and the conventional commit spec v1.0.0.

Change-Id: I7e3d4646c09728acf27c4efce24655896b8513a7

sudoforge created

e2756ab ci: remove unused internal action: auto-label (#1414)

Click to expand commit body 
Change-Id: I70b522ef519e709e643ed90efbe712112d348141

sudoforge created

23be684 feat(tui): improve readability of the help bar (#1412)

Click to expand commit body 
This change changes the help bar's background color to the "black" value
for the terminal, and increases spacing between the different commands
to improve readability.

Closes: git-bug/git-bug#1411
Change-Id: I380d1fee4ae51869876f00c76c0f952d47dd8912

sudoforge created

f680ef7 docs(dev-infra): define stricter commit message guidelines (#1410)

Click to expand commit body 
This change provides guidelines for writing conventional commit
messages, which will be enforced in the future. This change is being
made in order to improve ergonomics for browsing the repository and its
changes, and to support better changelog generation.

Change-Id: I533ca3c66e697aaafcc1409711600017006e264a

sudoforge created

b4ad532 feat(dev-infra): improve //:.editorconfig alignment with formatters (#1409)

Click to expand commit body 
This change updates //:.editorconfig to improve the alignment between
its configuration settings and the output from formatters, in an effort
to reduce format cycles during iteration.

Change-Id: I8e1af63a961bc8ca29d8b4a41f80ae7251a96f26

sudoforge created

89ff47a docs: correct mispelled words

Click to expand commit body 
Co-authored-by: KOTP <keeperotphones@gmail.com>

Matěj Cepl and KOTP created

65f8ec9 test: use pkgs.runCommand for the pinact check drv (#1407)

Click to expand commit body 
This change refactors the derivation defined in //nix/checks:pinact.nix,
rewriting it with pkgs.runCommand so that `nix flake check` actually
executes it.

Change-Id: Ic941133bcbedd8505580db71abbaaaf8326fb874

sudoforge created

f3bb756 ci: remove workflow: lifecycle (#1406)

Click to expand commit body 
This change removes //.github/workflows:lifecycle.yml, which was
historically used to automatically label and unlabel issues and pull
requests based on inactivity. After consideration, it has been decided
that this sort of automatic label management introduces unecessary
noise.

The removal of this workflow means that issues and pull requests will no
longer be marked as idle or dormant. These labels can be removed:

- lifecycle/idle
- lifecycle/dormant

Change-Id: I03d8cc6cf11d8fde88029bd64315855d81e3d353

sudoforge created

2257472 ci: automatically mirror HEAD to trunk (#1405)

Click to expand commit body 
This change introduces a pipeline job called `mirror` that will push to
`refs/heads/trunk` automatically, in order to keep it in sync with the
default tree.

This job is restricted to the SoT for git-bug, and will only execute for
the first run of the workflow.

Refs: #1404
Change-Id: If65f83ce9058dd01aa74f6841dc58ac040284b18

sudoforge created

aa102c9 fix: remove errata from string literal (#1403)

Click to expand commit body 
This change replaces tabs inside of a raw string literal used as a patch
for the shell completion files with spaces, and removes a trailing
space. This fixes an issue where regeneration of the file would lead to
a diff.

Change-Id: I3469a859ed63fe4ef9b8b6f156ff0ce5cb7af91c

sudoforge created

3e5f4ee test: mark TestCache as flaky (#1401)

Click to expand commit body 
This test regularly fails on Windows. It should be rewritten so as to
avoid flakiness, however, marking it as flaky as a stop-gap enables a
better pipeline experience without requiring the upfront cost of
rewriting it.

Change-Id: Ia0dc13864e0fdf463b01a2a31b8d59b692c0c924

sudoforge created

1ec304e test: add support for Helper() (#1400)

Click to expand commit body 
This change adds support to //internal/test%recorder for Helper(), and
improves the ergonomics around error reporting.

Change-Id: Ia1762587b16dee9ba6ca3c428c1f935eb333a63b

sudoforge created

1766f85 test: implement support for Failed() and FailedNow() (#1399)

Click to expand commit body 
This change adds support to //internal/test for Failed() and
FailedNow(), and expands the support for setting and detecting the
failed status on //internal/test%recorder.

Change-Id: I04e7a978cbf0ead8d28722c0a3a0fc34136e72e1

sudoforge created

f6e7fb5 test: add an internal lib for running flaky tests (#1398)

Click to expand commit body 
This change adds an internal utility library for running flaky tests
with built-in support for incremental backoff retries. This can be used
by packages within this repository by importing `internal/test` and
invoking it as such:

    func SomeTest(t *testing.T) {
        f := test.NewFlaky(t, &test.FlakyOptions{
            // define options here
            ...
        })

        f.Run(func(t testing.TB) {
            // original test logic here
            ...
        }
    }

Change-Id: I8c6138c39c381bcee408ea6b7fe9d9b6eeb48fed

sudoforge created

29b59f2 feat(dev-infra): add gopls to the development shell (#1397)

Click to expand commit body 
Change-Id: Ibafa6e2a23922b2ec80bc1be2d77972765dc690b

sudoforge created

dac71e7 test: simplify github-related variables (#1396)

Click to expand commit body 
This change removes extraneous variables used for the github bridge
(e2e) tests, conslidating on GITHUB_USER and GITHUB_TOKEN, which match
the variables read by the github CLI and what users would have in their
environment if they are using the vars.

We leave GITHUB_TOKEN_PRIVATE and GITHUB_TOKEN_PUBLIC for now, as those
are used in a single test to validate a minimum set of permissions.
Moving away from these will require additional refactoring.

Change-Id: I8d83e4f0c9b2556133c5ec3daca492fe1a4bd968

sudoforge created

d753637 doc: clarify testing activation of the dev shell (#1395)

Click to expand commit body 
This change adds a missing step to the contributor onboarding
documentation (//:CONTRIBUTING.md): testing that the user has
successfully activated the development shell. This is a useful step for
users who are new to nix, and was referenced in 4.1.

Change-Id: Iea78c5a3a54e62bc8cca8803270db8d7b7f2c872

sudoforge created

96c7a11 docs: update install, contrib, and usage documentation (#1222)

Click to expand commit body 
This change refactors documentation, especially //:README.md,
//:CONTRIBUTING.md, and centralized most of the rest of the contributing
and usage documentation into `//doc`. There are some additional minor
changes to the development shell and pipeline configuration.

Documentation changes focus on cleaning up erroneous language,
reformatting, and restructuring docs in order to reduce visual noise -
the goals are to enable users and contributors to find what they're
looking
for much more quickly, reduce (sometimes erroneous) duplication, and
present a structured approach for where to put docs.

Additionally:

- Added CI pipeline badge for the `trunk` workflow in `//:README.md`
- Converted embedded emoji characters to GitHub's emoji syntax
- Simplified `//:README.md` by moving inline documentation out to files
  under `//doc`.
- Removed most inline CLI "documentation" (lists of commands) with a
  link to the generated CLI documentation.
- Moved most sections with image and installation instructions into
  `<details>` elements
- Replaced references to gitter with matrix
- Added `treefmt-nix` to the flake, and formatted all non-generated
  documentation was with `nix fmt` (running `mdformat` under the hood)
- Regenerated //doc/md and //doc/man and refactored inline docs from
various
  pages that were iterating out command line details so that they simply
  point to //doc/md instead
- Rewrote contributing docs to focus on using `nix`, to ensure that the
  development shell is used. This enforces consistency across different
  platforms with the revision and configuration of each tool we use, and
  simplifies the onboarding story for contributors -- they only need to
  install and configure nix (and optionally direnv). A dev container
  will be provided in the future [0] as an alternative for users on
  Windows (who can use WSL) or want to avoid installing `nix`.
- Added `pinact` to the flake to support pinning action libraries used
  in workflows.
- Added flake checks for codespell and pinact. Combined with treefmt,
  this entirely replaces //.github/workflows:lint.yml. With this change,
  codespell's execution was fixed to properly execute on all files, and
  the configuration file was refactored to properly ignore
  package-lock.json files.
- Added a workflow job to run flake checks.

[0]: https://github.com/git-bug/git-bug/issues/1364

Closes: #1212 #1276 #1330 #1357
Change-Id: I6f4b5f5ca73780cecf66a553cce80aa3f75df2ce

sudoforge created

a150cdb fix: resolve the remote URI using url.*.insteadOf (#1394)

Click to expand commit body 
This change introduces a new method for resolving the URI for a given
remote (by name), ensuring that the URI is rewritten following the rules
defined in `url.*.insteadOf` configuration.

When `go-git@69aefb67315d775bf73df836b1e3ba5a3b321198` lands in a
release (and we update go-git to that release), this should be
refactored to use `config.URL.InsteadOfs()`, which supports multiple
`url.*.insteadOf` configuration blocks instead of the current limitation
of always taking the last definition.

Closes: #944
Change-Id: Iffd111a1f4c42eff12613dcbd1b0d27df415f5e8

sudoforge created

e61a79d build(deps): bump the go_modules group across 1 directory with 3 updates (#1376)

Click to expand commit body 
Bumps the go_modules group with 2 updates in the / directory:
[github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and
[golang.org/x/crypto](https://github.com/golang/crypto).

Updates `github.com/go-git/go-git/v5` from
5.12.1-0.20241007152421-41f08fc53529 to 5.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in
/cli/go-git by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1065">go-git/go-git#1065</a></li>
<li>build: bump golang.org/x/net from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1068">go-git/go-git#1068</a></li>
<li>build: bump golang.org/x/net from 0.23.0 to 0.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1071">go-git/go-git#1071</a></li>
<li>Properly support skipping of non-mandatory extensions by <a
href="https://github.com/codablock"><code>@​codablock</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1066">go-git/go-git#1066</a></li>
<li>git: Refine some codes in test and non-test. by <a
href="https://github.com/onee-only"><code>@​onee-only</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1077">go-git/go-git#1077</a></li>
<li>plumbing: protocol/packp, client-side filter capability support by
<a href="https://github.com/edigaryev"><code>@​edigaryev</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1000">go-git/go-git#1000</a></li>
<li>build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1078">go-git/go-git#1078</a></li>
<li>plumbing: fix sideband demux on flush by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1084">go-git/go-git#1084</a></li>
<li>storage: dotgit, head reference usually comes first by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1085">go-git/go-git#1085</a></li>
<li>build: bump golang.org/x/text from 0.14.0 to 0.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1091">go-git/go-git#1091</a></li>
<li>build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1094">go-git/go-git#1094</a></li>
<li>build: bump golang.org/x/net from 0.24.0 to 0.25.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1093">go-git/go-git#1093</a></li>
<li>git: Added an example for Repository.Branches by <a
href="https://github.com/johnmatthiggins"><code>@​johnmatthiggins</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1088">go-git/go-git#1088</a></li>
<li>git: worktree_commit, Modify checking empty commit. Fixes <a
href="https://redirect.github.com/go-git/go-git/issues/723">#723</a> by
<a href="https://github.com/onee-only"><code>@​onee-only</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1050">go-git/go-git#1050</a></li>
<li>plumbing: transport/http, Wrap http errors to return reason. Fixes
<a
href="https://redirect.github.com/go-git/go-git/issues/1097">#1097</a>
by <a href="https://github.com/ggambetti"><code>@​ggambetti</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1100">go-git/go-git#1100</a></li>
<li>build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1106">go-git/go-git#1106</a></li>
<li>build: bump golang.org/x/text from 0.15.0 to 0.16.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1107">go-git/go-git#1107</a></li>
<li>Bumps Go versions and go-billy by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1056">go-git/go-git#1056</a></li>
<li>_examples: Fixed a dead link COMPATIBILITY.md by <a
href="https://github.com/gecko655"><code>@​gecko655</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1109">go-git/go-git#1109</a></li>
<li>build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in
/cli/go-git by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1115">go-git/go-git#1115</a></li>
<li>build: bump github.com/elazarl/goproxy from
v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb
by <a href="https://github.com/hbelmiro"><code>@​hbelmiro</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1124">go-git/go-git#1124</a></li>
<li>build: bump golang.org/x/net from 0.25.0 to 0.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1104">go-git/go-git#1104</a></li>
<li>Add option approximating <code>git clean -x</code> flag. by <a
href="https://github.com/msuozzo"><code>@​msuozzo</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/995">go-git/go-git#995</a></li>
<li>Revert &quot;Add option approximating <code>git clean -x</code>
flag.&quot; by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1129">go-git/go-git#1129</a></li>
<li>Fix reference updated concurrently error for the filesystem storer
by <a
href="https://github.com/Javier-varez"><code>@​Javier-varez</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1116">go-git/go-git#1116</a></li>
<li>build: bump golang.org/x/net from 0.26.0 to 0.27.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1134">go-git/go-git#1134</a></li>
<li>utils: merkletrie, Align error message with upstream by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1142">go-git/go-git#1142</a></li>
<li>plumbing: transport/file, Change paths to absolute by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1141">go-git/go-git#1141</a></li>
<li>plumbing: gitignore, Fix loading of ignored .gitignore files. by <a
href="https://github.com/Achilleshiel"><code>@​Achilleshiel</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1114">go-git/go-git#1114</a></li>
<li>build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1147">go-git/go-git#1147</a></li>
<li>plumbing: transport/ssh, Add support for SSH <a
href="https://github.com/cert-authority"><code>@​cert-authority</code></a>.
by <a
href="https://github.com/Javier-varez"><code>@​Javier-varez</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1157">go-git/go-git#1157</a></li>
<li>build: run example tests during CI workflow by <a
href="https://github.com/crazybolillo"><code>@​crazybolillo</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1030">go-git/go-git#1030</a></li>
<li>storage: filesystem, Fix object cache not working due to
uninitialised objects being put into cache by <a
href="https://github.com/SatelliteMind"><code>@​SatelliteMind</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1138">go-git/go-git#1138</a></li>
<li>git: Fix fetching missing commits by <a
href="https://github.com/AriehSchneier"><code>@​AriehSchneier</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1032">go-git/go-git#1032</a></li>
<li>plumbing: format/packfile, remove duplicate checks in findMatch() by
<a href="https://github.com/edigaryev"><code>@​edigaryev</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1152">go-git/go-git#1152</a></li>
<li>git: worktree, Fix file reported as <code>Untracked</code> while it
is committed by <a
href="https://github.com/rodrigocam"><code>@​rodrigocam</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1023">go-git/go-git#1023</a></li>
<li>build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1160">go-git/go-git#1160</a></li>
<li>plumbing: filemode, Remove check for setting size of .git/index file
by <a
href="https://github.com/nicholasSUSE"><code>@​nicholasSUSE</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1159">go-git/go-git#1159</a></li>
<li>build: bump golang.org/x/net from 0.27.0 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1163">go-git/go-git#1163</a></li>
<li>Fix some lint warning and increase stalebot to 180 days by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1128">go-git/go-git#1128</a></li>
<li>adjust path extracted from file: url on Windows by <a
href="https://github.com/tomqwpl"><code>@​tomqwpl</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/416">go-git/go-git#416</a></li>
<li>build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1164">go-git/go-git#1164</a></li>
<li>Add RestoreStaged to Worktree that mimics the behaviour of git
restore --staged <!-- raw HTML omitted -->... by <a
href="https://github.com/ben-tbotlabs"><code>@​ben-tbotlabs</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/493">go-git/go-git#493</a></li>
<li>plumbing: signature, support the same x509 signature formats as git
by <a href="https://github.com/yoavamit"><code>@​yoavamit</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1169">go-git/go-git#1169</a></li>
<li>fix: allow discovery of non bare repos in fsLoader by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1170">go-git/go-git#1170</a></li>
<li>build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1178">go-git/go-git#1178</a></li>
<li>build: bump golang.org/x/text from 0.17.0 to 0.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1179">go-git/go-git#1179</a></li>
<li>build: bump golang.org/x/net from 0.28.0 to 0.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1184">go-git/go-git#1184</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/go-git/go-git/commits/v5.13.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/crypto` from 0.31.0 to 0.35.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22"><code>7292932</code></a>
ssh: limit the size of the internal packet queue while waiting for
KEX</li>
<li><a
href="https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c"><code>f66f74b</code></a>
acme/autocert: check host policy before probing the cache</li>
<li><a
href="https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85"><code>b0784b7</code></a>
x509roots/fallback: drop obsolete build constraint</li>
<li><a
href="https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20"><code>911360c</code></a>
all: bump golang.org/x/crypto dependencies of asm generators</li>
<li><a
href="https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f"><code>89ff08d</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2"><code>e47973b</code></a>
all: update certs for go1.24</li>
<li><a
href="https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902"><code>9290511</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a"><code>fa5273e</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196"><code>a8ea4be</code></a>
ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner)
interface</li>
<li><a
href="https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6"><code>71d3a4c</code></a>
acme: support challenges that require the ACME client to send a
non-empty JSO...</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.31.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.30.0 to 0.33.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/dfc720dfe0cfc125116068c20efcdcb5e4eab464"><code>dfc720d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb"><code>8e66b04</code></a>
html: use strings.EqualFold instead of lowering ourselves</li>
<li><a
href="https://github.com/golang/net/commit/b935f7b5d723c82894e1a1fd936a94dd2d1eae46"><code>b935f7b</code></a>
html: avoid endless loop on error token</li>
<li><a
href="https://github.com/golang/net/commit/9af49ef148d7d8b3e4cbbd9cc0cd37f2a520a4a3"><code>9af49ef</code></a>
route: remove unused sizeof* consts</li>
<li><a
href="https://github.com/golang/net/commit/6705db9a4df8f2cf16aed83e773e7a0213788b7a"><code>6705db9</code></a>
quic: clean up crypto streams when dropping packet protection keys</li>
<li><a
href="https://github.com/golang/net/commit/4ef7588d2b3f83775099797baac43c34e2e23200"><code>4ef7588</code></a>
quic: handle ACK frame in packet which drops number space</li>
<li><a
href="https://github.com/golang/net/commit/552d8ac903a11a9fde71a88732f5b58b6b394178"><code>552d8ac</code></a>
Revert &quot;route: change from syscall to x/sys/unix&quot;</li>
<li><a
href="https://github.com/golang/net/commit/13a7c0108bd38aad013797cdb95e6bfca0bbcec6"><code>13a7c01</code></a>
Revert &quot;route: remove unused sizeof* consts on freebsd&quot;</li>
<li><a
href="https://github.com/golang/net/commit/285e1cf6650f407805ea8af9255624961b768479"><code>285e1cf</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/d0a1049b7e05d3d6f62570a8381a22301a97ae73"><code>d0a1049</code></a>
route: remove unused sizeof* consts on freebsd</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.30.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

5355942 chore: gofmt simplify gitlab/export_test.go (#1392)

Matěj Cepl created

5e8efba fix: checkout repo before setting up go environment (#1390)

Click to expand commit body 
This change ensures that the `go.sum` file used by the
`actions/setup-go` action as the cache identifier exists in the working
tree.

Closes: #1382
Change-Id: I0318bfa6e7d7859baf6600ff71715eaef92b401b

sudoforge created

73122de feat: bump to go v1.24.2 (#1389)

Click to expand commit body 
Change-Id: Iaa7018583fae53ede7b744ec6dee59db01459286

sudoforge created

15d22a2 chore: update golang.org/x/net (#1379)

Click to expand commit body 
This resolves a security advisory [0].

[0]: https://github.com/git-bug/git-bug/security/dependabot/165

Change-Id: Ic5bdbe62066e3872cbd765ecdac1edd77d59efb9

sudoforge created

edbd105 fix: use -0700 when formatting time (#1388)

Click to expand commit body 
+0200 is not a valid reference identifier for the time format string,
which requires a valid layout [0] using the reference time `01/02
03:04:05PM '06 -0700`.

As the documentation notes:
> It is a regrettable historic error that the date uses the American
> convention of putting the numerical month before the day.

This, combined with `-0700` being hardcoded into the layout requirements
is what likely led to the confusion that caused this issue. This change
is a fix for all `Time.Format()` calls, adjusting the time format in
place to use the correct tzdata. As a future potential improvement, we
should consider refactoring the format to use one of the constants in
the time package that are exported for the different predefined
formatting strings. This is not being done as part of this change
because the current formatting string used in these calls does not match
exactly with any of the predefined format strings.

... it isn't clear to me why this passes on CI. Using `+0200` to
reference the timezone in the format string is invalid according to the
`time` package documentation.

[0]: https://pkg.go.dev/time#Layout

Closes: #1387
Change-Id: Ifa198266c407524f7ef33ee33cf94ce9d0158f45

sudoforge created

7b6eb5d fix: use correct url for gitlab PATs (#1384)

Click to expand commit body 
Closes: #1268
Change-Id: Ifc029c7058b080b3d9859eaffaa4b9febd2d80b1

sudoforge created

8276356 refactor: remove depdendency on pnpm for auto-label action (#1383)

Click to expand commit body 
This change removes pnpm from the required toolchains. While it does
provide some benefits over npm, it can lead to additional contributor
complexity. Given that we do not use this elsewhere in the project, it
makes sense to remove it until such a time that it is introduced for all
js workflows in this repo.

Change-Id: I9d0771f558713d48a69a9d49a7115440039270c2

sudoforge created

c3ab18d feat: add action: auto-label (#1380)

Click to expand commit body 
This change adds a custom github action, `auto-label`, and refactors the
lifecyle workflow to use it for improving the automation around
management of the lifecycle label.

The stale bot's message is updated to make it clear that its goal is
only to ping maintainers, with additional information added detailing
each action that can be performed to remove the lifecycle status from an
issue or pull request.

Historically, users have expressed disastisfaction with the stale bot,
usually due to the presumption that it closes issues. This is not the
case, and this change hopes to improve both the automation around
managing the labels, and the messaging presented when items are marked
with an idle or dormant life due to inactivity.

Change-Id: Iacefe1e4878562e34c21e4e5875eb4b45b9997d1

sudoforge created

4f97349 feat: remove lifecycle/frozen (#1377)

Click to expand commit body 
This change removes lifecycle/frozen from the lifecycl workflow, as it
is no longer used.

Closes: #1333
Change-Id: Ie4a6512c7143096a6edd051591f0b1c10bbdef48

sudoforge created

c812d89 build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378)

Click to expand commit body 
Bumps the npm_and_yarn group with 9 updates in the /webui directory:

| Package | From | To |
| --- | --- | --- |
|
[@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime)
| `7.19.0` | `7.27.0` |
|
[@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers)
| `7.19.0` | `7.27.0` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` |
`1.20.3` |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2`
|
| [dset](https://github.com/lukeed/dset) | `3.1.3` | `3.1.4` |
|
[http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware)
| `2.0.6` | `2.0.9` |
| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` |
| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` |
| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.99.7` |


Updates `@babel/runtime` from 7.19.0 to 7.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/runtime</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<p>Thanks <a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a> and
<a href="https://github.com/vovkasm"><code>@​vovkasm</code></a> for your
first PRs!</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Ish Chhabra (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
<li>Vladimir Timofeev (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/runtime</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/5c350eab83dd12268add44cce0eeda6c898211e3"><code>5c350ea</code></a>
v7.27.0</li>
<li><a
href="https://github.com/babel/babel/commit/ca4865a7f43a6a56aec242e23e4a3e318cf0ca92"><code>ca4865a</code></a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17118">#17118</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li><a
href="https://github.com/babel/babel/commit/b07957ebb316a1e2fc67454fc7423508bb942e63"><code>b07957e</code></a>
v7.25.9</li>
<li><a
href="https://github.com/babel/babel/commit/af917594e4df3decdde2ce0b1614d607b27367a5"><code>af91759</code></a>
fix: Accidentally publishing useless files (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/16917">#16917</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2533cfb0c1d90140f320f1e03d41e20407ca30bf"><code>2533cfb</code></a>
v7.25.7</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.27.0/packages/babel-runtime">compare
view</a></li>
</ul>
</details>
<br />

Updates `@babel/helpers` from 7.19.0 to 7.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/helpers</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<p>Thanks <a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a> and
<a href="https://github.com/vovkasm"><code>@​vovkasm</code></a> for your
first PRs!</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Ish Chhabra (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
<li>Vladimir Timofeev (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/helpers</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/5c350eab83dd12268add44cce0eeda6c898211e3"><code>5c350ea</code></a>
v7.27.0</li>
<li><a
href="https://github.com/babel/babel/commit/ca4865a7f43a6a56aec242e23e4a3e318cf0ca92"><code>ca4865a</code></a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17118">#17118</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/4cf5c9e0fbe8899bb9eb0dac7c615406a4fe926d"><code>4cf5c9e</code></a>
[babel 8] Use <code>@babel/types</code> for parser's return type (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17117">#17117</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/0e6199b2aac12f41053416977379066e80ef14a7"><code>0e6199b</code></a>
Make &quot;object without properties&quot; helpers ES6-compatible (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17086">#17086</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f"><code>cd24cc0</code></a>
chore: Update TS 5.7 (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17053">#17053</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.27.0/packages/babel-helpers">compare
view</a></li>
</ul>
</details>
<br />

Updates `body-parser` from 1.20.2 to 1.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>1.20.3</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li><strong>IMPORTANT:</strong> The default <code>depth</code> level for
parsing URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>). <a
href="https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth">Documentation</a></li>
</ul>
<h3>Other changes</h3>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/523">expressjs/body-parser#523</a></li>
<li>fix: pin to node@22.4.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/527">expressjs/body-parser#527</a></li>
<li>deps: qs@6.12.3 by <a
href="https://github.com/melikhov-dev"><code>@​melikhov-dev</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li>
<li>Linter by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li>
<li>Release: 1.20.3 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/535">expressjs/body-parser#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li>
<li><a
href="https://github.com/melikhov-dev"><code>@​melikhov-dev</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li>
<li><a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>1.20.3 / 2024-09-10</h1>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/body-parser/commit/17529513673e39ba79886a7ce3363320cf1c0c50"><code>1752951</code></a>
1.20.3</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/39744cfe2ac4fb37a19ed7c43e3a74332f428e17"><code>39744cf</code></a>
chore: linter (<a
href="https://redirect.github.com/expressjs/body-parser/issues/534">#534</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"><code>b2695c4</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/ade0f3f82f91086d6cd2ed2cb4b0aff448fbc2e5"><code>ade0f3f</code></a>
add scorecard to readme (<a
href="https://redirect.github.com/expressjs/body-parser/issues/531">#531</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/99a1bd62456f932004b84767d6393bc261f75d36"><code>99a1bd6</code></a>
deps: qs@6.12.3 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/521">#521</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/947859160527c7aaaa20da79e2c3ba542baaaf66"><code>9478591</code></a>
fix: pin to node@22.4.1</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/83db46a1e5512135ce01ed90b9132ee16a2657a8"><code>83db46a</code></a>
ci: fix errors in ci github action for node 8 and 9 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/523">#523</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/9d4e2125b580b055b2a3aa140df9b8fce363af46"><code>9d4e212</code></a>
chore: add support for OSSF scorecard reporting (<a
href="https://redirect.github.com/expressjs/body-parser/issues/522">#522</a>)</li>
<li>See full diff in <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for body-parser since your current version.</p>
</details>
<br />

Updates `express` from 4.19.2 to 4.21.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by
<a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and
<code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a>
4.21.2</li>
<li><a
href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a>
deps: bump path-to-regexp@0.1.12 (<a
href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a>
deps: path-to-regexp@0.1.11 (<a
href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a>
docs: add funding (<a
href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/8e229f92752ad51462c868b99f6e6c2e559801b0"><code>8e229f9</code></a>
4.21.1</li>
<li><a
href="https://github.com/expressjs/express/commit/a024c8a7b658a178cbdb9bde33030b7500172815"><code>a024c8a</code></a>
fix(deps): cookie@0.7.1</li>
<li><a
href="https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff"><code>7e562c6</code></a>
4.21.0</li>
<li><a
href="https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb"><code>1bcde96</code></a>
fix(deps): qs@6.13.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5946">#5946</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997"><code>7d36477</code></a>
fix(deps): serve-static@1.16.2 (<a
href="https://redirect.github.com/expressjs/express/issues/5951">#5951</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b"><code>40d2d8f</code></a>
fix(deps): finalhandler@1.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.21.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser
for express since your current version.</p>
</details>
<br />

Updates `cookie` from 0.6.0 to 0.7.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/cookie/releases">cookie's
releases</a>.</em></p>
<blockquote>
<h2>0.7.1</h2>
<p><strong>Fixed</strong></p>
<ul>
<li>Allow leading dot for domain (<a
href="https://redirect.github.com/jshttp/cookie/issues/174">#174</a>)
<ul>
<li>Although not permitted in the spec, some users expect this to work
and user agents ignore the leading dot according to spec</li>
</ul>
</li>
<li>Add fast path for <code>serialize</code> without options, use
<code>obj.hasOwnProperty</code> when parsing (<a
href="https://redirect.github.com/jshttp/cookie/issues/172">#172</a>)</li>
</ul>
<p><a
href="https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1">https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1</a></p>
<h2>0.7.0</h2>
<ul>
<li>perf: parse cookies ~10% faster (<a
href="https://redirect.github.com/jshttp/cookie/issues/144">#144</a> by
<a href="https://github.com/kurtextrem"><code>@​kurtextrem</code></a>
and <a
href="https://redirect.github.com/jshttp/cookie/issues/170">#170</a>)</li>
<li>fix: narrow the validation of cookies to match RFC6265 (<a
href="https://redirect.github.com/jshttp/cookie/issues/167">#167</a> by
<a href="https://github.com/bewinsnw"><code>@​bewinsnw</code></a>)</li>
<li>fix: add <code>main</code> to <code>package.json</code> for rspack
(<a href="https://redirect.github.com/jshttp/cookie/issues/166">#166</a>
by <a
href="https://github.com/proudparrot2"><code>@​proudparrot2</code></a>)</li>
</ul>
<p><a
href="https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0">https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014"><code>cf4658f</code></a>
0.7.1</li>
<li><a
href="https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e"><code>6a8b8f5</code></a>
Allow leading dot for domain (<a
href="https://redirect.github.com/jshttp/cookie/issues/174">#174</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0"><code>58015c0</code></a>
Remove more code and perf wins (<a
href="https://redirect.github.com/jshttp/cookie/issues/172">#172</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627"><code>ab057d6</code></a>
0.7.0</li>
<li><a
href="https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542"><code>5f02ca8</code></a>
Migrate history to GitHub releases</li>
<li><a
href="https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579"><code>a5d591c</code></a>
Migrate history to GitHub releases</li>
<li><a
href="https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105"><code>51968f9</code></a>
Skip isNaN</li>
<li><a
href="https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc"><code>9e7ca51</code></a>
perf(parse): cache length, return early (<a
href="https://redirect.github.com/jshttp/cookie/issues/144">#144</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/d6f39b0aab5521a8b118b466a515fd6eb0b9f65e"><code>d6f39b0</code></a>
Fix tests for old node</li>
<li><a
href="https://github.com/jshttp/cookie/commit/6bb701f14e59c5e768933bfae9b578db4ed26c6e"><code>6bb701f</code></a>
Remove failing scorecard</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~blakeembrey">blakeembrey</a>, a new
releaser for cookie since your current version.</p>
</details>
<br />

Updates `dset` from 3.1.3 to 3.1.4
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lukeed/dset/commit/05b1ec0f8cebe3b5d5667285bc7da90f38a7215e"><code>05b1ec0</code></a>
3.1.4</li>
<li><a
href="https://github.com/lukeed/dset/commit/16d6154e085bef01e99f01330e5a421a7f098afa"><code>16d6154</code></a>
fix: prevent <strong>proto</strong> assignment via implicit string</li>
<li>See full diff in <a
href="https://github.com/lukeed/dset/compare/v3.1.3...v3.1.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `express` from 4.19.2 to 4.21.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by
<a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and
<code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a>
4.21.2</li>
<li><a
href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a>
deps: bump path-to-regexp@0.1.12 (<a
href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a>
deps: path-to-regexp@0.1.11 (<a
href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a>
docs: add funding (<a
href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/8e229f92752ad51462c868b99f6e6c2e559801b0"><code>8e229f9</code></a>
4.21.1</li>
<li><a
href="https://github.com/expressjs/express/commit/a024c8a7b658a178cbdb9bde33030b7500172815"><code>a024c8a</code></a>
fix(deps): cookie@0.7.1</li>
<li><a
href="https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff"><code>7e562c6</code></a>
4.21.0</li>
<li><a
href="https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb"><code>1bcde96</code></a>
fix(deps): qs@6.13.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5946">#5946</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997"><code>7d36477</code></a>
fix(deps): serve-static@1.16.2 (<a
href="https://redirect.github.com/expressjs/express/issues/5951">#5951</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b"><code>40d2d8f</code></a>
fix(deps): finalhandler@1.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.21.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser
for express since your current version.</p>
</details>
<br />

Updates `http-proxy-middleware` from 2.0.6 to 2.0.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chimurai/http-proxy-middleware/releases">http-proxy-middleware's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.9</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(fixRequestBody): check readableLength by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097">chimurai/http-proxy-middleware#1097</a></li>
<li>chore(package): v2.0.9 by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099">chimurai/http-proxy-middleware#1099</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9</a></p>
<h2>v2.0.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(fixRequestBody): prevent multiple .write() calls by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090">chimurai/http-proxy-middleware#1090</a></li>
<li>fix(fixRequestBody): handle invalid request by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091">chimurai/http-proxy-middleware#1091</a></li>
<li>chore(package): v2.0.8 by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094">chimurai/http-proxy-middleware#1094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8</a></p>
<h2>v2.0.7</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7</a></p>
<h2>v2.0.7-beta.1</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1</a></p>
<h2>v2.0.7-beta.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md">http-proxy-middleware's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9">v2.0.9</a></h2>
<ul>
<li>fix(fixRequestBody): check readableLength</li>
</ul>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8">v2.0.8</a></h2>
<ul>
<li>fix(fixRequestBody): prevent multiple .write() calls</li>
<li>fix(fixRequestBody): handle invalid request</li>
</ul>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7">v2.0.7</a></h2>
<ul>
<li>ci(github actions): add publish.yml</li>
<li>fix(filter): handle errors</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1"><code>617a7c9</code></a>
chore(package): v2.0.9 (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099">#1099</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425"><code>d22d587</code></a>
fix(fixRequestBody): check readableLength (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097">#1097</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849"><code>d03d51b</code></a>
chore(package): v2.0.8 (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094">#1094</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e"><code>c50dd06</code></a>
fix(fixRequestBody): handle invalid request (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091">#1091</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b"><code>76a9d8d</code></a>
fix(fixRequestBody): prevent multiple .write() calls (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090">#1090</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d"><code>1e92339</code></a>
ci(github-actions): fix npm tag</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe08950bd0926d3bb512c1"><code>90afb7c</code></a>
chore(package): v2.0.7</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"><code>0b4274e</code></a>
fix(filter): handle errors</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/1bd6dd578b1326ed7979c301e3f8eb0f228f5b6f"><code>1bd6dd5</code></a>
ci(github actions): add publish.yml</li>
<li>See full diff in <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.9">compare
view</a></li>
</ul>
</details>
<br />

Updates `rollup` from 2.79.1 to 2.79.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rollup/rollup/releases">rollup's
releases</a>.</em></p>
<blockquote>
<h2>v.2.79.2</h2>
<h2>2.79.2</h2>
<p><em>2024-09-26</em></p>
<h3>Bug Fixes</h3>
<ul>
<li>Fix a vulnerability in generated code that affects IIFE, UMD and CJS
bundles when run in a browser context (<a
href="https://redirect.github.com/rollup/rollup/issues/5671">#5671</a>)</li>
</ul>
<h3>Pull Requests</h3>
<ul>
<li><a
href="https://redirect.github.com/rollup/rollup/pull/5671">#5671</a>:
Fix DOM Clobbering CVE (<a
href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li>
</ul>
</blockquote>
</details>
...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot[bot] and dependabot[bot] created

f81a71a feat: support new exclusion label: lifecycle/pinned (#1375)

Click to expand commit body 
This label is planned to replace lifecycle/frozen, as the language is a
bit more clear.

Refs: #1333
Change-Id: Ided8be62e9faaecbe901f235d18d218e05a33ece

sudoforge created

197eb59 fix: refactor how gitlab title changes are detected (#1370)

Click to expand commit body 
This change refactors how issue title changes from gitlab events are
detected, fixing an issue (due to upstream changing the format of the
event body from markdown-esque to html), and improving on error
handling.

The error boiled down to a change in the issue title format. Gitlab
changed this on April 17 2025 with the release of version 17.11 [0],
although the only place a reference to this change exists is in the
changelog [1], which is not linked to from the releases page.

To account for the potential future in which other fields need to be
parsed in this way, an internal parser library was introduced at
`//bridge/gitlab/parser:parser.go` with initial support for parsing
title change messages.

An issue was opened with the Gitlab team discussing the fact that this
was a breaking change [2]. This may lead to moving title changes (or
maybe all changes) to `resource_*_events`, which would likely provide a
smoother experience for our use case.

Debugging this issue surfaced a few pain points with this bridge:

- Errors are few and far between, and when they do exist and are
  managed, they are often not propagated, often existing as simple
  `fmt.Printf` calls
- Inconsistent and uninformative logging structure when there _are_
  errors, leading to challenges in debugging unexpected behavior
- Fragility: we are parsing random text from event fields (for title
  changes and more). This will likely lead to future breakage should
  Gitlab change the format of other fields. Ideally, the gitlab SDK
  would start classifying notes and have fields like `type`, `old`,
  `new`... but this is unlikely to happen in the short term

[0]: https://about.gitlab.com/releases/2025/04/17/gitlab-17-11-released/
[1]:
https://gitlab.com/gitlab-org/gitlab/-/commit/b3e1fdcf45f8b18110a2f5217b9964a11616d316#ab09011fa121d0a2bb9fa4ca76094f2482b902b7_5_232
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/536827

Closes: #1367
Change-Id: I3bd7fa1c39a9e4dd2176d6e482e30ab68965f6e7

sudoforge created

3f84d94 revert: "Create Dependabot config file" (#1374)

Click to expand commit body 
This reverts commit cc3b7c328dd4e4ad51de15919962d62f1146ca51,
effectively disabling Dependabot. This is being done primarily due to
git-bug/git-bug#1367, but also because the implementation of this bot is
noisy and often broken (failing to run `go mod tidy`, resulting in a CI
error that requires manual intervention to fix).

Automatically updating dependencies is helpful, but not a priority right
now. In the future, it is possible to revert this commit, however, I
would suggest looking at renovate [0] as an alternative approach, as I
personally find it to be far less invasive/noisy (see #1247).

[0]: https://docs.renovatebot.com/

Change-Id: I32f06381e1abf66a2655b5b6ba5c96cca6124720

sudoforge created

552cf77 refactor: rename //:git-bug.go to //:main.go (#1373)

Click to expand commit body 
`main.go` is and always has been the conventional entrypoint for
binaries (this is actually true for libraries as well, e.g. some
internal
`//foo` package would typically have an entrypoint of `//foo:foo.go`)

Change-Id: Ic75db640b06dc5c39a8c88db0d9d73d78f39d772

sudoforge created

52f42da build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361)

dependabot[bot] created

25f755c fix: set GitLastTag to an empty string when git-describe errors (#1355)

Click to expand commit body 
This change refactors the call to `git-describe` made in `//:Makefile`,
such that if the call made to populate the `GitLastTag` build argument
fails for any reason, the value is an empty string.

This resolves a fairly common situation in CI, and reproducible
elsewhere, if the local repository does not have any tags.

Change-Id: Ie8e06360d5a4016596b96c6371ce4e32ad6a8afb

sudoforge created

a987d09 chore: update go-git to v5@masterupdate_mods (#1284)

Click to expand commit body 
Just running `go get -u github.com/go-git/go-git/v5@master`

Fixes: https://github.com/git-bug/git-bug/issues/1156

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Matěj Cepl and dependabot[bot] created