Change-Id: I730373865da056571936357916b589a6cbc740b2

with this upgraded, we no longer depend on an vulnerable version of the
`ws` library through an old graphql version

This change adds additional information to //:CONTRIBUTING.md, meant to
provide guidance to potential contributors about how our review process
works, and how we suggest iterating and submitting changes.

Change-Id: I06073fa43d9fd37d35bc04aa5bfc0187d343b257

This change refactors all root pipelines (`trunk` and `presubmit`) to
limit the contents permission to read. By default, GitHub has taken the
overly-permissive approach of granting all permissions if the
`permissions` map is not explicitly defined. Usability wins out over
security, again.

Change-Id: Idaca851385fb82eefd6c7c9b8ee46b85a3f4901c

* upgrades remark/rehype/unified npm packages, and reconfigures
everything for 2025
* `Label` can now be made inline, which fixes a react hydration error on
the bug page
* new remark plugins for GFM, hard line breaks & syntax highlighting

This change removes `gokart` because it is unmaintained, and the
`replace` directive breaks `go install`.

Change-Id: I17ec23cc90abecbae20c4adaf6be46cf507645ec

This was disabled while debugging prettier vs. mdformat interactions
through treefmt, and accidentally committed in
08ffc2b82919b9254cc59c97756c546a508b4f73.

Change-Id: I14ebc1d0edf6ed755ad15b6ba58b6d9c6f5519f5

This change enables prettier, and enables formatting of //webui.

Change-Id: I2516459649bf6c19a8dc495d3a4d915a6a881b39

Recent changes were made to //webui, but the bundle was not updated.
This was missed because it was not validated in CI. This change runs
`make pack-webui` in order to generate this bundle.

Change-Id: I63ccad91c7edb381813db684ac65f83aa7c048fc

This change adds //.mailmap initialized with mappings for duplicate
names and email addresses found in the repository archive. When a
duplicate was found, the name and email were chosen preferring the
longest name for the author, and the most practical email address (e.g.
if an obvious personal and professional email address existed, the
personal address was chosen).

Duplicate names were found with the following command:

    git shortlog -se |\
awk 'match($0, /[0-9]+[ \t]+(.*)[ \t]+<.*>/, m) { print m[1] }' |\
        sort |\
        uniq -d

Duplicate email addresses were found with the following command:

    git shortlog -se |\
awk 'match($0, /<[^>]+>/) { print substr($0, RSTART+1, RLENGTH-2) }' |\
        sort |\
        uniq -d

Change-Id: Ie0280ee336098c080cf5af8062dae20cb7a41e8e

* removes the tabbed navigation completely
* makes it possible to see the custom name of the repository


tabs (and really all not "main" nav) were not in use and the features
may not work the same way in the future, so rather than redesigning, the
whole tab bare was removed.

for the custom name, if it's `__default`, the the default `git-bug` text
is displayed; otherwise, the name of the repo.

* upgrades react from v18->v19, the latest
* upgrades react router from v6->v7, the latest
* removes `react-moment`, which is not updated for react 19
* replace the trivial usages of the `<Moment>` component with a new one

This change adds //:CHANGELOG.md initialized with all current and prior
releases. The changelog is generated with the following command:

    git cliff -o CHANGELOG.md 0.1.0..v0.9.0

Change-Id: Iad09675d882c8fa7c135acb7224d3a07a35b1169

upgrades outdate npm dependencies to latest minor versions compatible
with each other, in prep for larger upgrades to bring up to date.

of note, React 17->18 drops the react-dom library and required some
mechanical changes due to apollo client errors no longer being
renderable.

---

screenshot to show application still running after upgrades

![Screenshot 2025-05-14 at 10 00
27 PM](https://github.com/user-attachments/assets/82257a5f-aefb-4fdb-8bc8-a5da12eceaaa)

This change provides more clarity as to the type and scope requirements,
and adds in additional information with regard to hyperlinks,
appropriate trailers to
use in the footer, and clarifies the difference between our requirements
and the conventional commit spec v1.0.0.

Change-Id: I7e3d4646c09728acf27c4efce24655896b8513a7

Change-Id: I70b522ef519e709e643ed90efbe712112d348141

This change changes the help bar's background color to the "black" value
for the terminal, and increases spacing between the different commands
to improve readability.

Closes: git-bug/git-bug#1411
Change-Id: I380d1fee4ae51869876f00c76c0f952d47dd8912

This change provides guidelines for writing conventional commit
messages, which will be enforced in the future. This change is being
made in order to improve ergonomics for browsing the repository and its
changes, and to support better changelog generation.

Change-Id: I533ca3c66e697aaafcc1409711600017006e264a

This change updates //:.editorconfig to improve the alignment between
its configuration settings and the output from formatters, in an effort
to reduce format cycles during iteration.

Change-Id: I8e1af63a961bc8ca29d8b4a41f80ae7251a96f26

Co-authored-by: KOTP <keeperotphones@gmail.com>

This change refactors the derivation defined in //nix/checks:pinact.nix,
rewriting it with pkgs.runCommand so that `nix flake check` actually
executes it.

Change-Id: Ic941133bcbedd8505580db71abbaaaf8326fb874

This change removes //.github/workflows:lifecycle.yml, which was
historically used to automatically label and unlabel issues and pull
requests based on inactivity. After consideration, it has been decided
that this sort of automatic label management introduces unecessary
noise.

The removal of this workflow means that issues and pull requests will no
longer be marked as idle or dormant. These labels can be removed:

- lifecycle/idle
- lifecycle/dormant

Change-Id: I03d8cc6cf11d8fde88029bd64315855d81e3d353

This change introduces a pipeline job called `mirror` that will push to
`refs/heads/trunk` automatically, in order to keep it in sync with the
default tree.

This job is restricted to the SoT for git-bug, and will only execute for
the first run of the workflow.

Refs: #1404
Change-Id: If65f83ce9058dd01aa74f6841dc58ac040284b18

This change replaces tabs inside of a raw string literal used as a patch
for the shell completion files with spaces, and removes a trailing
space. This fixes an issue where regeneration of the file would lead to
a diff.

Change-Id: I3469a859ed63fe4ef9b8b6f156ff0ce5cb7af91c

This test regularly fails on Windows. It should be rewritten so as to
avoid flakiness, however, marking it as flaky as a stop-gap enables a
better pipeline experience without requiring the upfront cost of
rewriting it.

Change-Id: Ia0dc13864e0fdf463b01a2a31b8d59b692c0c924

This change adds support to //internal/test%recorder for Helper(), and
improves the ergonomics around error reporting.

Change-Id: Ia1762587b16dee9ba6ca3c428c1f935eb333a63b

This change adds support to //internal/test for Failed() and
FailedNow(), and expands the support for setting and detecting the
failed status on //internal/test%recorder.

Change-Id: I04e7a978cbf0ead8d28722c0a3a0fc34136e72e1

This change adds an internal utility library for running flaky tests
with built-in support for incremental backoff retries. This can be used
by packages within this repository by importing `internal/test` and
invoking it as such:

    func SomeTest(t *testing.T) {
        f := test.NewFlaky(t, &test.FlakyOptions{
            // define options here
            ...
        })

        f.Run(func(t testing.TB) {
            // original test logic here
            ...
        }
    }

Change-Id: I8c6138c39c381bcee408ea6b7fe9d9b6eeb48fed

Change-Id: Ibafa6e2a23922b2ec80bc1be2d77972765dc690b

This change removes extraneous variables used for the github bridge
(e2e) tests, conslidating on GITHUB_USER and GITHUB_TOKEN, which match
the variables read by the github CLI and what users would have in their
environment if they are using the vars.

We leave GITHUB_TOKEN_PRIVATE and GITHUB_TOKEN_PUBLIC for now, as those
are used in a single test to validate a minimum set of permissions.
Moving away from these will require additional refactoring.

Change-Id: I8d83e4f0c9b2556133c5ec3daca492fe1a4bd968

This change adds a missing step to the contributor onboarding
documentation (//:CONTRIBUTING.md): testing that the user has
successfully activated the development shell. This is a useful step for
users who are new to nix, and was referenced in 4.1.

Change-Id: Iea78c5a3a54e62bc8cca8803270db8d7b7f2c872

This change refactors documentation, especially //:README.md,
//:CONTRIBUTING.md, and centralized most of the rest of the contributing
and usage documentation into `//doc`. There are some additional minor
changes to the development shell and pipeline configuration.

Documentation changes focus on cleaning up erroneous language,
reformatting, and restructuring docs in order to reduce visual noise -
the goals are to enable users and contributors to find what they're
looking
for much more quickly, reduce (sometimes erroneous) duplication, and
present a structured approach for where to put docs.

Additionally:

- Added CI pipeline badge for the `trunk` workflow in `//:README.md`
- Converted embedded emoji characters to GitHub's emoji syntax
- Simplified `//:README.md` by moving inline documentation out to files
  under `//doc`.
- Removed most inline CLI "documentation" (lists of commands) with a
  link to the generated CLI documentation.
- Moved most sections with image and installation instructions into
  `<details>` elements
- Replaced references to gitter with matrix
- Added `treefmt-nix` to the flake, and formatted all non-generated
  documentation was with `nix fmt` (running `mdformat` under the hood)
- Regenerated //doc/md and //doc/man and refactored inline docs from
various
  pages that were iterating out command line details so that they simply
  point to //doc/md instead
- Rewrote contributing docs to focus on using `nix`, to ensure that the
  development shell is used. This enforces consistency across different
  platforms with the revision and configuration of each tool we use, and
  simplifies the onboarding story for contributors -- they only need to
  install and configure nix (and optionally direnv). A dev container
  will be provided in the future [0] as an alternative for users on
  Windows (who can use WSL) or want to avoid installing `nix`.
- Added `pinact` to the flake to support pinning action libraries used
  in workflows.
- Added flake checks for codespell and pinact. Combined with treefmt,
  this entirely replaces //.github/workflows:lint.yml. With this change,
  codespell's execution was fixed to properly execute on all files, and
  the configuration file was refactored to properly ignore
  package-lock.json files.
- Added a workflow job to run flake checks.

[0]: https://github.com/git-bug/git-bug/issues/1364

Closes: #1212 #1276 #1330 #1357
Change-Id: I6f4b5f5ca73780cecf66a553cce80aa3f75df2ce

This change introduces a new method for resolving the URI for a given
remote (by name), ensuring that the URI is rewritten following the rules
defined in `url.*.insteadOf` configuration.

When `go-git@69aefb67315d775bf73df836b1e3ba5a3b321198` lands in a
release (and we update go-git to that release), this should be
refactored to use `config.URL.InsteadOfs()`, which supports multiple
`url.*.insteadOf` configuration blocks instead of the current limitation
of always taking the last definition.

Closes: #944
Change-Id: Iffd111a1f4c42eff12613dcbd1b0d27df415f5e8

Bumps the go_modules group with 2 updates in the / directory:
[github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and
[golang.org/x/crypto](https://github.com/golang/crypto).

Updates `github.com/go-git/go-git/v5` from
5.12.1-0.20241007152421-41f08fc53529 to 5.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in
/cli/go-git by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1065">go-git/go-git#1065</a></li>
<li>build: bump golang.org/x/net from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1068">go-git/go-git#1068</a></li>
<li>build: bump golang.org/x/net from 0.23.0 to 0.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1071">go-git/go-git#1071</a></li>
<li>Properly support skipping of non-mandatory extensions by <a
href="https://github.com/codablock"><code>@​codablock</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1066">go-git/go-git#1066</a></li>
<li>git: Refine some codes in test and non-test. by <a
href="https://github.com/onee-only"><code>@​onee-only</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1077">go-git/go-git#1077</a></li>
<li>plumbing: protocol/packp, client-side filter capability support by
<a href="https://github.com/edigaryev"><code>@​edigaryev</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1000">go-git/go-git#1000</a></li>
<li>build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1078">go-git/go-git#1078</a></li>
<li>plumbing: fix sideband demux on flush by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1084">go-git/go-git#1084</a></li>
<li>storage: dotgit, head reference usually comes first by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1085">go-git/go-git#1085</a></li>
<li>build: bump golang.org/x/text from 0.14.0 to 0.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1091">go-git/go-git#1091</a></li>
<li>build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1094">go-git/go-git#1094</a></li>
<li>build: bump golang.org/x/net from 0.24.0 to 0.25.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1093">go-git/go-git#1093</a></li>
<li>git: Added an example for Repository.Branches by <a
href="https://github.com/johnmatthiggins"><code>@​johnmatthiggins</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1088">go-git/go-git#1088</a></li>
<li>git: worktree_commit, Modify checking empty commit. Fixes <a
href="https://redirect.github.com/go-git/go-git/issues/723">#723</a> by
<a href="https://github.com/onee-only"><code>@​onee-only</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1050">go-git/go-git#1050</a></li>
<li>plumbing: transport/http, Wrap http errors to return reason. Fixes
<a
href="https://redirect.github.com/go-git/go-git/issues/1097">#1097</a>
by <a href="https://github.com/ggambetti"><code>@​ggambetti</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1100">go-git/go-git#1100</a></li>
<li>build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1106">go-git/go-git#1106</a></li>
<li>build: bump golang.org/x/text from 0.15.0 to 0.16.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1107">go-git/go-git#1107</a></li>
<li>Bumps Go versions and go-billy by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1056">go-git/go-git#1056</a></li>
<li>_examples: Fixed a dead link COMPATIBILITY.md by <a
href="https://github.com/gecko655"><code>@​gecko655</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1109">go-git/go-git#1109</a></li>
<li>build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in
/cli/go-git by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1115">go-git/go-git#1115</a></li>
<li>build: bump github.com/elazarl/goproxy from
v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb
by <a href="https://github.com/hbelmiro"><code>@​hbelmiro</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1124">go-git/go-git#1124</a></li>
<li>build: bump golang.org/x/net from 0.25.0 to 0.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1104">go-git/go-git#1104</a></li>
<li>Add option approximating <code>git clean -x</code> flag. by <a
href="https://github.com/msuozzo"><code>@​msuozzo</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/995">go-git/go-git#995</a></li>
<li>Revert &quot;Add option approximating <code>git clean -x</code>
flag.&quot; by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1129">go-git/go-git#1129</a></li>
<li>Fix reference updated concurrently error for the filesystem storer
by <a
href="https://github.com/Javier-varez"><code>@​Javier-varez</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1116">go-git/go-git#1116</a></li>
<li>build: bump golang.org/x/net from 0.26.0 to 0.27.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1134">go-git/go-git#1134</a></li>
<li>utils: merkletrie, Align error message with upstream by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1142">go-git/go-git#1142</a></li>
<li>plumbing: transport/file, Change paths to absolute by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1141">go-git/go-git#1141</a></li>
<li>plumbing: gitignore, Fix loading of ignored .gitignore files. by <a
href="https://github.com/Achilleshiel"><code>@​Achilleshiel</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1114">go-git/go-git#1114</a></li>
<li>build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1147">go-git/go-git#1147</a></li>
<li>plumbing: transport/ssh, Add support for SSH <a
href="https://github.com/cert-authority"><code>@​cert-authority</code></a>.
by <a
href="https://github.com/Javier-varez"><code>@​Javier-varez</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1157">go-git/go-git#1157</a></li>
<li>build: run example tests during CI workflow by <a
href="https://github.com/crazybolillo"><code>@​crazybolillo</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1030">go-git/go-git#1030</a></li>
<li>storage: filesystem, Fix object cache not working due to
uninitialised objects being put into cache by <a
href="https://github.com/SatelliteMind"><code>@​SatelliteMind</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1138">go-git/go-git#1138</a></li>
<li>git: Fix fetching missing commits by <a
href="https://github.com/AriehSchneier"><code>@​AriehSchneier</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1032">go-git/go-git#1032</a></li>
<li>plumbing: format/packfile, remove duplicate checks in findMatch() by
<a href="https://github.com/edigaryev"><code>@​edigaryev</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1152">go-git/go-git#1152</a></li>
<li>git: worktree, Fix file reported as <code>Untracked</code> while it
is committed by <a
href="https://github.com/rodrigocam"><code>@​rodrigocam</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1023">go-git/go-git#1023</a></li>
<li>build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1160">go-git/go-git#1160</a></li>
<li>plumbing: filemode, Remove check for setting size of .git/index file
by <a
href="https://github.com/nicholasSUSE"><code>@​nicholasSUSE</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1159">go-git/go-git#1159</a></li>
<li>build: bump golang.org/x/net from 0.27.0 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1163">go-git/go-git#1163</a></li>
<li>Fix some lint warning and increase stalebot to 180 days by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1128">go-git/go-git#1128</a></li>
<li>adjust path extracted from file: url on Windows by <a
href="https://github.com/tomqwpl"><code>@​tomqwpl</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/416">go-git/go-git#416</a></li>
<li>build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1164">go-git/go-git#1164</a></li>
<li>Add RestoreStaged to Worktree that mimics the behaviour of git
restore --staged <!-- raw HTML omitted -->... by <a
href="https://github.com/ben-tbotlabs"><code>@​ben-tbotlabs</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/493">go-git/go-git#493</a></li>
<li>plumbing: signature, support the same x509 signature formats as git
by <a href="https://github.com/yoavamit"><code>@​yoavamit</code></a> in
<a
href="https://redirect.github.com/go-git/go-git/pull/1169">go-git/go-git#1169</a></li>
<li>fix: allow discovery of non bare repos in fsLoader by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/go-git/go-git/pull/1170">go-git/go-git#1170</a></li>
<li>build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1178">go-git/go-git#1178</a></li>
<li>build: bump golang.org/x/text from 0.17.0 to 0.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1179">go-git/go-git#1179</a></li>
<li>build: bump golang.org/x/net from 0.28.0 to 0.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/1184">go-git/go-git#1184</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/go-git/go-git/commits/v5.13.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/crypto` from 0.31.0 to 0.35.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22"><code>7292932</code></a>
ssh: limit the size of the internal packet queue while waiting for
KEX</li>
<li><a
href="https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c"><code>f66f74b</code></a>
acme/autocert: check host policy before probing the cache</li>
<li><a
href="https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85"><code>b0784b7</code></a>
x509roots/fallback: drop obsolete build constraint</li>
<li><a
href="https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20"><code>911360c</code></a>
all: bump golang.org/x/crypto dependencies of asm generators</li>
<li><a
href="https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f"><code>89ff08d</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2"><code>e47973b</code></a>
all: update certs for go1.24</li>
<li><a
href="https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902"><code>9290511</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a"><code>fa5273e</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196"><code>a8ea4be</code></a>
ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner)
interface</li>
<li><a
href="https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6"><code>71d3a4c</code></a>
acme: support challenges that require the ACME client to send a
non-empty JSO...</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/crypto/compare/v0.31.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.30.0 to 0.33.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/dfc720dfe0cfc125116068c20efcdcb5e4eab464"><code>dfc720d</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb"><code>8e66b04</code></a>
html: use strings.EqualFold instead of lowering ourselves</li>
<li><a
href="https://github.com/golang/net/commit/b935f7b5d723c82894e1a1fd936a94dd2d1eae46"><code>b935f7b</code></a>
html: avoid endless loop on error token</li>
<li><a
href="https://github.com/golang/net/commit/9af49ef148d7d8b3e4cbbd9cc0cd37f2a520a4a3"><code>9af49ef</code></a>
route: remove unused sizeof* consts</li>
<li><a
href="https://github.com/golang/net/commit/6705db9a4df8f2cf16aed83e773e7a0213788b7a"><code>6705db9</code></a>
quic: clean up crypto streams when dropping packet protection keys</li>
<li><a
href="https://github.com/golang/net/commit/4ef7588d2b3f83775099797baac43c34e2e23200"><code>4ef7588</code></a>
quic: handle ACK frame in packet which drops number space</li>
<li><a
href="https://github.com/golang/net/commit/552d8ac903a11a9fde71a88732f5b58b6b394178"><code>552d8ac</code></a>
Revert &quot;route: change from syscall to x/sys/unix&quot;</li>
<li><a
href="https://github.com/golang/net/commit/13a7c0108bd38aad013797cdb95e6bfca0bbcec6"><code>13a7c01</code></a>
Revert &quot;route: remove unused sizeof* consts on freebsd&quot;</li>
<li><a
href="https://github.com/golang/net/commit/285e1cf6650f407805ea8af9255624961b768479"><code>285e1cf</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/d0a1049b7e05d3d6f62570a8381a22301a97ae73"><code>d0a1049</code></a>
route: remove unused sizeof* consts on freebsd</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.30.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This change ensures that the `go.sum` file used by the
`actions/setup-go` action as the cache identifier exists in the working
tree.

Closes: #1382
Change-Id: I0318bfa6e7d7859baf6600ff71715eaef92b401b

Change-Id: Iaa7018583fae53ede7b744ec6dee59db01459286

This resolves a security advisory [0].

[0]: https://github.com/git-bug/git-bug/security/dependabot/165

Change-Id: Ic5bdbe62066e3872cbd765ecdac1edd77d59efb9

+0200 is not a valid reference identifier for the time format string,
which requires a valid layout [0] using the reference time `01/02
03:04:05PM '06 -0700`.

As the documentation notes:
> It is a regrettable historic error that the date uses the American
> convention of putting the numerical month before the day.

This, combined with `-0700` being hardcoded into the layout requirements
is what likely led to the confusion that caused this issue. This change
is a fix for all `Time.Format()` calls, adjusting the time format in
place to use the correct tzdata. As a future potential improvement, we
should consider refactoring the format to use one of the constants in
the time package that are exported for the different predefined
formatting strings. This is not being done as part of this change
because the current formatting string used in these calls does not match
exactly with any of the predefined format strings.

... it isn't clear to me why this passes on CI. Using `+0200` to
reference the timezone in the format string is invalid according to the
`time` package documentation.

[0]: https://pkg.go.dev/time#Layout

Closes: #1387
Change-Id: Ifa198266c407524f7ef33ee33cf94ce9d0158f45

Closes: #1268
Change-Id: Ifc029c7058b080b3d9859eaffaa4b9febd2d80b1

This change removes pnpm from the required toolchains. While it does
provide some benefits over npm, it can lead to additional contributor
complexity. Given that we do not use this elsewhere in the project, it
makes sense to remove it until such a time that it is introduced for all
js workflows in this repo.

Change-Id: I9d0771f558713d48a69a9d49a7115440039270c2

This change adds a custom github action, `auto-label`, and refactors the
lifecyle workflow to use it for improving the automation around
management of the lifecycle label.

The stale bot's message is updated to make it clear that its goal is
only to ping maintainers, with additional information added detailing
each action that can be performed to remove the lifecycle status from an
issue or pull request.

Historically, users have expressed disastisfaction with the stale bot,
usually due to the presumption that it closes issues. This is not the
case, and this change hopes to improve both the automation around
managing the labels, and the messaging presented when items are marked
with an idle or dormant life due to inactivity.

Change-Id: Iacefe1e4878562e34c21e4e5875eb4b45b9997d1

This change removes lifecycle/frozen from the lifecycl workflow, as it
is no longer used.

Closes: #1333
Change-Id: Ie4a6512c7143096a6edd051591f0b1c10bbdef48

Bumps the npm_and_yarn group with 9 updates in the /webui directory:

| Package | From | To |
| --- | --- | --- |
|
[@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime)
| `7.19.0` | `7.27.0` |
|
[@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers)
| `7.19.0` | `7.27.0` |
| [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` |
`1.20.3` |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.2`
|
| [dset](https://github.com/lukeed/dset) | `3.1.3` | `3.1.4` |
|
[http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware)
| `2.0.6` | `2.0.9` |
| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.79.2` |
| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` |
| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.99.7` |


Updates `@babel/runtime` from 7.19.0 to 7.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/runtime</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<p>Thanks <a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a> and
<a href="https://github.com/vovkasm"><code>@​vovkasm</code></a> for your
first PRs!</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Ish Chhabra (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
<li>Vladimir Timofeev (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/runtime</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/5c350eab83dd12268add44cce0eeda6c898211e3"><code>5c350ea</code></a>
v7.27.0</li>
<li><a
href="https://github.com/babel/babel/commit/ca4865a7f43a6a56aec242e23e4a3e318cf0ca92"><code>ca4865a</code></a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17118">#17118</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li><a
href="https://github.com/babel/babel/commit/b07957ebb316a1e2fc67454fc7423508bb942e63"><code>b07957e</code></a>
v7.25.9</li>
<li><a
href="https://github.com/babel/babel/commit/af917594e4df3decdde2ce0b1614d607b27367a5"><code>af91759</code></a>
fix: Accidentally publishing useless files (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/16917">#16917</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2533cfb0c1d90140f320f1e03d41e20407ca30bf"><code>2533cfb</code></a>
v7.25.7</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.27.0/packages/babel-runtime">compare
view</a></li>
</ul>
</details>
<br />

Updates `@babel/helpers` from 7.19.0 to 7.27.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/releases"><code>@​babel/helpers</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<p>Thanks <a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a> and
<a href="https://github.com/vovkasm"><code>@​vovkasm</code></a> for your
first PRs!</p>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Babel Bot (<a
href="https://github.com/babel-bot"><code>@​babel-bot</code></a>)</li>
<li>Huáng Jùnliàng (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
<li>Ish Chhabra (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
<li>Vladimir Timofeev (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
<li><a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a></li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/babel/babel/blob/main/CHANGELOG.md"><code>@​babel/helpers</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>v7.27.0 (2025-03-24)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-generator</code>, <code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16977">#16977</a>
Default <code>importAttributesKeyword</code> to <code>with</code> (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:rocket: New Feature</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-traverse</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17169">#17169</a>
Allow <code>traverseFast</code> to exit early (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17110">#17110</a> Add
<code>ImportAttributes</code> to <code>Standardized</code> and move its
parser test fixtures (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-generator</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17100">#17100</a>
fix(babel-generator): add named export of generate function (<a
href="https://github.com/vovkasm"><code>@​vovkasm</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17149">#17149</a> Add
<code>allowYieldOutsideFunction</code> to parser (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-typescript</code>,
<code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17102">#17102</a>
feat: Add <code>upToScope</code> parameter to <code>hasBinding</code>
(<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17082">#17082</a>
Support ESTree AccessorProperty (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17162">#17162</a>
feat(babel-types): Add support for BigInt literal conversion in
valueToNode (<a
href="https://github.com/ishchhabra"><code>@​ishchhabra</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-helper-create-class-features-plugin</code>,
<code>babel-plugin-transform-class-properties</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16816">#16816</a>
fix: Class reference in type throws error (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-traverse</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17170">#17170</a>
fix: Reset child scopes when <code>scope.crawl()</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helpers</code>, <code>babel-preset-typescript</code>,
<code>babel-runtime-corejs2</code>, <code>babel-runtime-corejs3</code>,
<code>babel-runtime</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17118">#17118</a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-cli</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17182">#17182</a>
fix: <code>@babel/cli</code> generates duplicate inline source maps (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-plugin-transform-named-capturing-groups-regex</code>,
<code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17175">#17175</a>
Generate computed proto key (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:running_woman: Performance</h4>
<ul>
<li><code>babel-types</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/16870">#16870</a>
perf: Improve builders of <code>@babel/types</code> (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
<li><code>babel-helper-create-regexp-features-plugin</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17176">#17176</a>
fix: improve duplicate named groups check (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h2>v7.26.10 (2025-03-11)</h2>
<h4>:eyeglasses: Spec Compliance</h4>
<ul>
<li><code>babel-parser</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17159">#17159</a>
Disallow decorator in array pattern (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
</ul>
<h4>:bug: Bug Fix</h4>
<ul>
<li><code>babel-parser</code>, <code>babel-template</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17164">#17164</a>
Fix: always initialize ExportDeclaration attributes (<a
href="https://github.com/JLHwung"><code>@​JLHwung</code></a>)</li>
</ul>
</li>
<li><code>babel-core</code>
<ul>
<li><a
href="https://redirect.github.com/babel/babel/pull/17142">#17142</a>
fix: &quot;Map maximum size exceeded&quot; in deepClone (<a
href="https://github.com/liuxingbaoyu"><code>@​liuxingbaoyu</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/babel/babel/commit/5c350eab83dd12268add44cce0eeda6c898211e3"><code>5c350ea</code></a>
v7.27.0</li>
<li><a
href="https://github.com/babel/babel/commit/ca4865a7f43a6a56aec242e23e4a3e318cf0ca92"><code>ca4865a</code></a>
Fix: align behaviour to tsc <code>rewriteRelativeImportExtensions</code>
(<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17118">#17118</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/e1ce99df422971175249509e7bbc2b327b8f7957"><code>e1ce99d</code></a>
v7.26.10</li>
<li><a
href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4"><code>d5952e8</code></a>
Fix processing of replacement pattern with named capture groups (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17173">#17173</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/64bca7b5f308cd52c192a5c821a57f6d1b0475f4"><code>64bca7b</code></a>
v7.26.9</li>
<li><a
href="https://github.com/babel/babel/commit/4cf5c9e0fbe8899bb9eb0dac7c615406a4fe926d"><code>4cf5c9e</code></a>
[babel 8] Use <code>@babel/types</code> for parser's return type (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17117">#17117</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/2d9514066e3b135835ed93246ebbcdb7ca0263ca"><code>2d95140</code></a>
v7.26.7</li>
<li><a
href="https://github.com/babel/babel/commit/0e6199b2aac12f41053416977379066e80ef14a7"><code>0e6199b</code></a>
Make &quot;object without properties&quot; helpers ES6-compatible (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17086">#17086</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f"><code>cd24cc0</code></a>
chore: Update TS 5.7 (<a
href="https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17053">#17053</a>)</li>
<li><a
href="https://github.com/babel/babel/commit/63d30381c169780460e01bdb6669c5e01af1dfbe"><code>63d3038</code></a>
v7.26.0</li>
<li>Additional commits viewable in <a
href="https://github.com/babel/babel/commits/v7.27.0/packages/babel-helpers">compare
view</a></li>
</ul>
</details>
<br />

Updates `body-parser` from 1.20.2 to 1.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>1.20.3</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li><strong>IMPORTANT:</strong> The default <code>depth</code> level for
parsing URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>). <a
href="https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth">Documentation</a></li>
</ul>
<h3>Other changes</h3>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/523">expressjs/body-parser#523</a></li>
<li>fix: pin to node@22.4.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/527">expressjs/body-parser#527</a></li>
<li>deps: qs@6.12.3 by <a
href="https://github.com/melikhov-dev"><code>@​melikhov-dev</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li>
<li>Linter by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li>
<li>Release: 1.20.3 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/535">expressjs/body-parser#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li>
<li><a
href="https://github.com/melikhov-dev"><code>@​melikhov-dev</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li>
<li><a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>1.20.3 / 2024-09-10</h1>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/body-parser/commit/17529513673e39ba79886a7ce3363320cf1c0c50"><code>1752951</code></a>
1.20.3</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/39744cfe2ac4fb37a19ed7c43e3a74332f428e17"><code>39744cf</code></a>
chore: linter (<a
href="https://redirect.github.com/expressjs/body-parser/issues/534">#534</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"><code>b2695c4</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/ade0f3f82f91086d6cd2ed2cb4b0aff448fbc2e5"><code>ade0f3f</code></a>
add scorecard to readme (<a
href="https://redirect.github.com/expressjs/body-parser/issues/531">#531</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/99a1bd62456f932004b84767d6393bc261f75d36"><code>99a1bd6</code></a>
deps: qs@6.12.3 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/521">#521</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/947859160527c7aaaa20da79e2c3ba542baaaf66"><code>9478591</code></a>
fix: pin to node@22.4.1</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/83db46a1e5512135ce01ed90b9132ee16a2657a8"><code>83db46a</code></a>
ci: fix errors in ci github action for node 8 and 9 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/523">#523</a>)</li>
<li><a
href="https://github.com/expressjs/body-parser/commit/9d4e2125b580b055b2a3aa140df9b8fce363af46"><code>9d4e212</code></a>
chore: add support for OSSF scorecard reporting (<a
href="https://redirect.github.com/expressjs/body-parser/issues/522">#522</a>)</li>
<li>See full diff in <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for body-parser since your current version.</p>
</details>
<br />

Updates `express` from 4.19.2 to 4.21.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by
<a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and
<code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a>
4.21.2</li>
<li><a
href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a>
deps: bump path-to-regexp@0.1.12 (<a
href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a>
deps: path-to-regexp@0.1.11 (<a
href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a>
docs: add funding (<a
href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/8e229f92752ad51462c868b99f6e6c2e559801b0"><code>8e229f9</code></a>
4.21.1</li>
<li><a
href="https://github.com/expressjs/express/commit/a024c8a7b658a178cbdb9bde33030b7500172815"><code>a024c8a</code></a>
fix(deps): cookie@0.7.1</li>
<li><a
href="https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff"><code>7e562c6</code></a>
4.21.0</li>
<li><a
href="https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb"><code>1bcde96</code></a>
fix(deps): qs@6.13.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5946">#5946</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997"><code>7d36477</code></a>
fix(deps): serve-static@1.16.2 (<a
href="https://redirect.github.com/expressjs/express/issues/5951">#5951</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b"><code>40d2d8f</code></a>
fix(deps): finalhandler@1.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.21.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser
for express since your current version.</p>
</details>
<br />

Updates `cookie` from 0.6.0 to 0.7.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/cookie/releases">cookie's
releases</a>.</em></p>
<blockquote>
<h2>0.7.1</h2>
<p><strong>Fixed</strong></p>
<ul>
<li>Allow leading dot for domain (<a
href="https://redirect.github.com/jshttp/cookie/issues/174">#174</a>)
<ul>
<li>Although not permitted in the spec, some users expect this to work
and user agents ignore the leading dot according to spec</li>
</ul>
</li>
<li>Add fast path for <code>serialize</code> without options, use
<code>obj.hasOwnProperty</code> when parsing (<a
href="https://redirect.github.com/jshttp/cookie/issues/172">#172</a>)</li>
</ul>
<p><a
href="https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1">https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1</a></p>
<h2>0.7.0</h2>
<ul>
<li>perf: parse cookies ~10% faster (<a
href="https://redirect.github.com/jshttp/cookie/issues/144">#144</a> by
<a href="https://github.com/kurtextrem"><code>@​kurtextrem</code></a>
and <a
href="https://redirect.github.com/jshttp/cookie/issues/170">#170</a>)</li>
<li>fix: narrow the validation of cookies to match RFC6265 (<a
href="https://redirect.github.com/jshttp/cookie/issues/167">#167</a> by
<a href="https://github.com/bewinsnw"><code>@​bewinsnw</code></a>)</li>
<li>fix: add <code>main</code> to <code>package.json</code> for rspack
(<a href="https://redirect.github.com/jshttp/cookie/issues/166">#166</a>
by <a
href="https://github.com/proudparrot2"><code>@​proudparrot2</code></a>)</li>
</ul>
<p><a
href="https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0">https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jshttp/cookie/commit/cf4658f492c5bd96aeaf5693c3500f8495031014"><code>cf4658f</code></a>
0.7.1</li>
<li><a
href="https://github.com/jshttp/cookie/commit/6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e"><code>6a8b8f5</code></a>
Allow leading dot for domain (<a
href="https://redirect.github.com/jshttp/cookie/issues/174">#174</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/58015c0b93de0b63db245cfdc5a108e511a81ad0"><code>58015c0</code></a>
Remove more code and perf wins (<a
href="https://redirect.github.com/jshttp/cookie/issues/172">#172</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/ab057d6c06b94a7b1e3358e69a685ae49c97b627"><code>ab057d6</code></a>
0.7.0</li>
<li><a
href="https://github.com/jshttp/cookie/commit/5f02ca87688481dbcf155e49ca8b61732f30e542"><code>5f02ca8</code></a>
Migrate history to GitHub releases</li>
<li><a
href="https://github.com/jshttp/cookie/commit/a5d591ce8447dd63821779724f96ad3c774c8579"><code>a5d591c</code></a>
Migrate history to GitHub releases</li>
<li><a
href="https://github.com/jshttp/cookie/commit/51968f94b5e820adeceef505539fa193ffe2d105"><code>51968f9</code></a>
Skip isNaN</li>
<li><a
href="https://github.com/jshttp/cookie/commit/9e7ca51ade4b325307eedd6b4dec190983e9e2cc"><code>9e7ca51</code></a>
perf(parse): cache length, return early (<a
href="https://redirect.github.com/jshttp/cookie/issues/144">#144</a>)</li>
<li><a
href="https://github.com/jshttp/cookie/commit/d6f39b0aab5521a8b118b466a515fd6eb0b9f65e"><code>d6f39b0</code></a>
Fix tests for old node</li>
<li><a
href="https://github.com/jshttp/cookie/commit/6bb701f14e59c5e768933bfae9b578db4ed26c6e"><code>6bb701f</code></a>
Remove failing scorecard</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~blakeembrey">blakeembrey</a>, a new
releaser for cookie since your current version.</p>
</details>
<br />

Updates `dset` from 3.1.3 to 3.1.4
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lukeed/dset/commit/05b1ec0f8cebe3b5d5667285bc7da90f38a7215e"><code>05b1ec0</code></a>
3.1.4</li>
<li><a
href="https://github.com/lukeed/dset/commit/16d6154e085bef01e99f01330e5a421a7f098afa"><code>16d6154</code></a>
fix: prevent <strong>proto</strong> assignment via implicit string</li>
<li>See full diff in <a
href="https://github.com/lukeed/dset/compare/v3.1.3...v3.1.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `express` from 4.19.2 to 4.21.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by
<a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and
<code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/express/commit/1faf228935aa0a13111f92c28ee795be64ce3f0f"><code>1faf228</code></a>
4.21.2</li>
<li><a
href="https://github.com/expressjs/express/commit/2e0fb646d03184dd9a5285813460210c0e7ae654"><code>2e0fb64</code></a>
deps: bump path-to-regexp@0.1.12 (<a
href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/59fc27028ec5d212be653d35d7e3f73a2c3ac3c0"><code>59fc270</code></a>
deps: path-to-regexp@0.1.11 (<a
href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/51fc39ccf834eec44547b0f4fed8027e7c05a009"><code>51fc39c</code></a>
docs: add funding (<a
href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/8e229f92752ad51462c868b99f6e6c2e559801b0"><code>8e229f9</code></a>
4.21.1</li>
<li><a
href="https://github.com/expressjs/express/commit/a024c8a7b658a178cbdb9bde33030b7500172815"><code>a024c8a</code></a>
fix(deps): cookie@0.7.1</li>
<li><a
href="https://github.com/expressjs/express/commit/7e562c6d8daddff4604f8efaaf9db2cf98c6dcff"><code>7e562c6</code></a>
4.21.0</li>
<li><a
href="https://github.com/expressjs/express/commit/1bcde96bc87c4704df9a704271d1167064ab56bb"><code>1bcde96</code></a>
fix(deps): qs@6.13.0 (<a
href="https://redirect.github.com/expressjs/express/issues/5946">#5946</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/7d364775688be98aaa973302e066d0da9f438997"><code>7d36477</code></a>
fix(deps): serve-static@1.16.2 (<a
href="https://redirect.github.com/expressjs/express/issues/5951">#5951</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/40d2d8f2c882712a0f2e4603c38d166c79676b2b"><code>40d2d8f</code></a>
fix(deps): finalhandler@1.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.21.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser
for express since your current version.</p>
</details>
<br />

Updates `http-proxy-middleware` from 2.0.6 to 2.0.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/chimurai/http-proxy-middleware/releases">http-proxy-middleware's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.9</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(fixRequestBody): check readableLength by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097">chimurai/http-proxy-middleware#1097</a></li>
<li>chore(package): v2.0.9 by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099">chimurai/http-proxy-middleware#1099</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9</a></p>
<h2>v2.0.8</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(fixRequestBody): prevent multiple .write() calls by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090">chimurai/http-proxy-middleware#1090</a></li>
<li>fix(fixRequestBody): handle invalid request by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091">chimurai/http-proxy-middleware#1091</a></li>
<li>chore(package): v2.0.8 by <a
href="https://github.com/chimurai"><code>@​chimurai</code></a> in <a
href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094">chimurai/http-proxy-middleware#1094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8</a></p>
<h2>v2.0.7</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7</a></p>
<h2>v2.0.7-beta.1</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1</a></p>
<h2>v2.0.7-beta.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md">http-proxy-middleware's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9">v2.0.9</a></h2>
<ul>
<li>fix(fixRequestBody): check readableLength</li>
</ul>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8">v2.0.8</a></h2>
<ul>
<li>fix(fixRequestBody): prevent multiple .write() calls</li>
<li>fix(fixRequestBody): handle invalid request</li>
</ul>
<h2><a
href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7">v2.0.7</a></h2>
<ul>
<li>ci(github actions): add publish.yml</li>
<li>fix(filter): handle errors</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1"><code>617a7c9</code></a>
chore(package): v2.0.9 (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099">#1099</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425"><code>d22d587</code></a>
fix(fixRequestBody): check readableLength (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097">#1097</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849"><code>d03d51b</code></a>
chore(package): v2.0.8 (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094">#1094</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e"><code>c50dd06</code></a>
fix(fixRequestBody): handle invalid request (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091">#1091</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b"><code>76a9d8d</code></a>
fix(fixRequestBody): prevent multiple .write() calls (<a
href="https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090">#1090</a>)</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d"><code>1e92339</code></a>
ci(github-actions): fix npm tag</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe08950bd0926d3bb512c1"><code>90afb7c</code></a>
chore(package): v2.0.7</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"><code>0b4274e</code></a>
fix(filter): handle errors</li>
<li><a
href="https://github.com/chimurai/http-proxy-middleware/commit/1bd6dd578b1326ed7979c301e3f8eb0f228f5b6f"><code>1bd6dd5</code></a>
ci(github actions): add publish.yml</li>
<li>See full diff in <a
href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.9">compare
view</a></li>
</ul>
</details>
<br />

Updates `rollup` from 2.79.1 to 2.79.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rollup/rollup/releases">rollup's
releases</a>.</em></p>
<blockquote>
<h2>v.2.79.2</h2>
<h2>2.79.2</h2>
<p><em>2024-09-26</em></p>
<h3>Bug Fixes</h3>
<ul>
<li>Fix a vulnerability in generated code that affects IIFE, UMD and CJS
bundles when run in a browser context (<a
href="https://redirect.github.com/rollup/rollup/issues/5671">#5671</a>)</li>
</ul>
<h3>Pull Requests</h3>
<ul>
<li><a
href="https://redirect.github.com/rollup/rollup/pull/5671">#5671</a>:
Fix DOM Clobbering CVE (<a
href="https://github.com/lukastaegert"><code>@​lukastaegert</code></a>)</li>
</ul>
</blockquote>
</details>
...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This label is planned to replace lifecycle/frozen, as the language is a
bit more clear.

Refs: #1333
Change-Id: Ided8be62e9faaecbe901f235d18d218e05a33ece

This change refactors how issue title changes from gitlab events are
detected, fixing an issue (due to upstream changing the format of the
event body from markdown-esque to html), and improving on error
handling.

The error boiled down to a change in the issue title format. Gitlab
changed this on April 17 2025 with the release of version 17.11 [0],
although the only place a reference to this change exists is in the
changelog [1], which is not linked to from the releases page.

To account for the potential future in which other fields need to be
parsed in this way, an internal parser library was introduced at
`//bridge/gitlab/parser:parser.go` with initial support for parsing
title change messages.

An issue was opened with the Gitlab team discussing the fact that this
was a breaking change [2]. This may lead to moving title changes (or
maybe all changes) to `resource_*_events`, which would likely provide a
smoother experience for our use case.

Debugging this issue surfaced a few pain points with this bridge:

- Errors are few and far between, and when they do exist and are
  managed, they are often not propagated, often existing as simple
  `fmt.Printf` calls
- Inconsistent and uninformative logging structure when there _are_
  errors, leading to challenges in debugging unexpected behavior
- Fragility: we are parsing random text from event fields (for title
  changes and more). This will likely lead to future breakage should
  Gitlab change the format of other fields. Ideally, the gitlab SDK
  would start classifying notes and have fields like `type`, `old`,
  `new`... but this is unlikely to happen in the short term

[0]: https://about.gitlab.com/releases/2025/04/17/gitlab-17-11-released/
[1]:
https://gitlab.com/gitlab-org/gitlab/-/commit/b3e1fdcf45f8b18110a2f5217b9964a11616d316#ab09011fa121d0a2bb9fa4ca76094f2482b902b7_5_232
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/536827

Closes: #1367
Change-Id: I3bd7fa1c39a9e4dd2176d6e482e30ab68965f6e7

This reverts commit cc3b7c328dd4e4ad51de15919962d62f1146ca51,
effectively disabling Dependabot. This is being done primarily due to
git-bug/git-bug#1367, but also because the implementation of this bot is
noisy and often broken (failing to run `go mod tidy`, resulting in a CI
error that requires manual intervention to fix).

Automatically updating dependencies is helpful, but not a priority right
now. In the future, it is possible to revert this commit, however, I
would suggest looking at renovate [0] as an alternative approach, as I
personally find it to be far less invasive/noisy (see #1247).

[0]: https://docs.renovatebot.com/

Change-Id: I32f06381e1abf66a2655b5b6ba5c96cca6124720

`main.go` is and always has been the conventional entrypoint for
binaries (this is actually true for libraries as well, e.g. some
internal
`//foo` package would typically have an entrypoint of `//foo:foo.go`)

Change-Id: Ic75db640b06dc5c39a8c88db0d9d73d78f39d772