TEKK/khoa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,299 Commits 1 Branch 0 Tags
master
Commit Graph

1299 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Khoajs Sync Bot
e3ba5578fe chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 21:44:11 +00:00
Khoajs Sync Bot
4ec52ed9c8 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 21:07:17 +00:00
Khoajs Sync Bot
f1f0137022 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 21:06:52 +00:00
Khoajs Sync Bot
efdda86d48 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 21:05:32 +00:00
Khoajs Sync Bot
2f16d196c0 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 20:57:37 +00:00
Khoajs Sync Bot
71774c68e1 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 20:44:37 +00:00
Khoajs Sync Bot
f6ef692642 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 20:40:24 +00:00
Khoajs Sync Bot
7b59e2d8ec chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 20:35:09 +00:00
Khoajs Sync Bot
e876a21378 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 19:59:17 +00:00
Khoajs Sync Bot
1f4bbea3d9 chore: apply Khoajs naming transformations (upstream sync)
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-04-17 19:46:56 +00:00
MK
e0ba8ef39d 3.2.0
Some checks failed
Node.js CI / build (18.x) (push) Has been cancelled
Details
Node.js CI / build (20.x) (push) Has been cancelled
Details
Node.js CI / build (22.x) (push) Has been cancelled
Details
2026-03-28 13:39:25 +08:00
killa
2503a1fb14 feat: defer AsyncLocalStorage creation for v8 startup snapshots (#1946) 
## Summary

- Defer `AsyncLocalStorage` creation when
`v8.startupSnapshot.isBuildingSnapshot()` is true, making Koa compatible
with Node.js startup snapshots
- Register a `v8.startupSnapshot.addDeserializeCallback` to properly
initialize `ctxStorage` after snapshot restoration
- Extract `getAsyncLocalStorage()` helper to consolidate creation logic

## Test plan

- [x] All 429 existing tests pass with 0 failures
- [x] `currentContext` tests verify both `asyncLocalStorage: true` and
custom `AsyncLocalStorage` instance paths work correctly
- [x] Normal (non-snapshot) code path is unchanged —
`v8.startupSnapshot?.isBuildingSnapshot?.()` returns `undefined` in
regular execution

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-28 13:37:53 +08:00
Copilot
d3ea8bf964 chore: Add workflow_dispatch trigger to npm-publish workflow (#1930) 
Enables manual triggering of the npm publish workflow with a specific
tag input, so tags created from non-default branches (e.g. `v2.x`) can
be published.

- Added `workflow_dispatch` trigger with a required `tag` string input
- Updated checkout step to use `inputs.tag || github.ref` — manual runs
check out the specified tag, tag-push runs retain existing behavior

Note: GitHub Actions `workflow_dispatch` does not support dynamic
dropdowns, so the tag is a free-text input field.

<!-- START COPILOT CODING AGENT TIPS -->
---

🔒 GitHub Advanced Security automatically protects Copilot coding agent
pull requests. You can protect all pull requests by enabling Advanced
Security for your repositories. [Learn more about Advanced
Security.](https://gh.io/cca-advanced-security)

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com>
 2026-02-25 21:53:24 +08:00
dependabot[bot]
3b0508e8d0 build(deps-dev): bump qs from 6.14.1 to 6.14.2 (#1927) 
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.2</strong></h2>
<ul>
<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code> (<a
href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li>
<li>[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>
<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded
with indexed notation when <code>throwOnLimitExceeded</code> is true (<a
href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li>
<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as
max index; remove extraneous comments (<a
href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bdcf0c7f82"><code>bdcf0c7</code></a>
v6.14.2</li>
<li><a
href="294db90c81"><code>294db90</code></a>
[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output</li>
<li><a
href="5c308e5516"><code>5c308e5</code></a>
[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code>
documentation</li>
<li><a
href="6addf8cf73"><code>6addf8c</code></a>
[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code></li>
<li><a
href="cfc108f662"><code>cfc108f</code></a>
[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/`pars...</li>
<li><a
href="febb64442a"><code>febb644</code></a>
[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with
indexed notation when `thr...</li>
<li><a
href="f6a7abff1f"><code>f6a7abf</code></a>
[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li><a
href="fbc5206c25"><code>fbc5206</code></a>
[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max
index; remove e...</li>
<li><a
href="1b9a8b4e78"><code>1b9a8b4</code></a>
[actions] fix rebase workflow permissions</li>
<li><a
href="2a35775614"><code>2a35775</code></a>
[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.14.1&new-version=6.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/koajs/koa/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-25 21:40:47 +08:00
LiShuai (阿木)
fd111407e9 docs: remove dead Job Board links (#1926) 
## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.

## Summary
- Remove the "Job Board" section from README as all links are dead (404)

## Details
The `astro.netlify.com` service was added by TJ Holowaychuk in April
2017 as a
private job board sponsorship service for open source projects. This
service is
no longer operational - all URLs return 404 errors.

The affected links pointed to:
- Automattic
- Segment  
- Auth0

The Backers and Sponsors sections using OpenCollective remain functional
and are preserved.

## Test plan
- [x] Verified all `astro.netlify.com` URLs return 404
- [x] Confirmed OpenCollective links still work


Issues: [[docs] Job Board three link and image not show in readme
#1911](https://github.com/koajs/koa/issues/1911)
 2026-02-25 21:40:27 +08:00
MK
c5a52e056d 3.1.2 2026-02-25 21:30:15 +08:00
killa
55ab9bab04 Merge commit from fork 
When a malformed Host header containing @ symbol (e.g., "evil.com:fake@legitimate.com")
is received, use URL parser to correctly extract the actual host portion instead of
naively splitting by colon which would return attacker-controlled value.

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-25 21:24:26 +08:00
dependabot[bot]
fecd464ae7 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922) 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (&lt;&lt;)
operator.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc482e7759"><code>cc482e7</code></a>
4.1.1 released</li>
<li><a
href="50968b862e"><code>50968b8</code></a>
dist rebuild</li>
<li><a
href="d092d86603"><code>d092d86</code></a>
lint fix</li>
<li><a
href="383665ff42"><code>383665f</code></a>
fix prototype pollution in merge (&lt;&lt;)</li>
<li><a
href="0d3ca7a27b"><code>0d3ca7a</code></a>
README.md: HTTP =&gt; HTTPS (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/678">#678</a>)</li>
<li><a
href="49baadd52a"><code>49baadd</code></a>
doc: 'empty' style option for !!null</li>
<li><a
href="ba3460eb9d"><code>ba3460e</code></a>
Fix demo link (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/618">#618</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=js-yaml&package-manager=npm_and_yarn&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/koajs/koa/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-04 00:14:56 +01:00
dependabot[bot]
d2066cf2a5 build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#1917) 
Bumps
[content-disposition](https://github.com/jshttp/content-disposition)
from 0.5.4 to 1.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/content-disposition/releases">content-disposition's
releases</a>.</em></p>
<blockquote>
<h2>1.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove dependency <code>safe-buffer</code> by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/53">jshttp/content-disposition#53</a></li>
<li>fix: update package.json engines field to reflect minimum supported
node version by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/56">jshttp/content-disposition#56</a></li>
<li>tests: Spelling by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/59">jshttp/content-disposition#59</a></li>
<li>chore: upgrade scorecard workflow pinned action versions by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/65">jshttp/content-disposition#65</a></li>
<li>Fix badges by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/55">jshttp/content-disposition#55</a></li>
<li>ci: updated github actions ci workflow by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/69">jshttp/content-disposition#69</a></li>
<li>Replace var with const in example code by <a
href="https://github.com/Binilkks"><code>@​Binilkks</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/67">jshttp/content-disposition#67</a></li>
<li>replace <code>mocha</code> and <code>nyc</code> with native node
test runner and <code>c8</code> by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/54">jshttp/content-disposition#54</a></li>
<li>ci: add dependabot by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/73">jshttp/content-disposition#73</a></li>
<li>ci: add CodeQl (SAST) by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/71">jshttp/content-disposition#71</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/75">jshttp/content-disposition#75</a></li>
<li>build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/80">jshttp/content-disposition#80</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/81">jshttp/content-disposition#81</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/content-disposition/pull/84">jshttp/content-disposition#84</a></li>
<li>build(deps): bump actions/upload-artifact from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/94">jshttp/content-disposition#94</a></li>
<li>build(deps): bump actions/download-artifact from 4 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/93">jshttp/content-disposition#93</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 4.31.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/92">jshttp/content-disposition#92</a></li>
<li>Release: 1.0.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/58">jshttp/content-disposition#58</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/53">jshttp/content-disposition#53</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/59">jshttp/content-disposition#59</a></li>
<li><a href="https://github.com/Binilkks"><code>@​Binilkks</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/67">jshttp/content-disposition#67</a></li>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/75">jshttp/content-disposition#75</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/58">jshttp/content-disposition#58</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/content-disposition/compare/v1.0.0...v1.0.1">https://github.com/jshttp/content-disposition/compare/v1.0.0...v1.0.1</a></p>
<h2>1.0.0</h2>
<h2>Breaking Changes</h2>
<ul>
<li>drop support to node &lt;18 versions <a
href="https://redirect.github.com/jshttp/content-disposition/pull/50">jshttp/content-disposition#50</a></li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Fix CI GH action by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/48">jshttp/content-disposition#48</a></li>
<li>Add OSSF scorecard pipeline by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/49">jshttp/content-disposition#49</a></li>
<li>Replace deprecated String.prototype.substr() by <a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>
in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/42">jshttp/content-disposition#42</a></li>
<li>fix(ci)!:drop node &lt;18 and update ci by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/50">jshttp/content-disposition#50</a></li>
<li>Support decode 'utf8' (no dash) by <a
href="https://github.com/alexstrat"><code>@​alexstrat</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/13">jshttp/content-disposition#13</a></li>
<li>1.x Staging PR by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/51">jshttp/content-disposition#51</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/42">jshttp/content-disposition#42</a></li>
<li><a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> made
their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/50">jshttp/content-disposition#50</a></li>
<li><a href="https://github.com/alexstrat"><code>@​alexstrat</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/content-disposition/pull/13">jshttp/content-disposition#13</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/content-disposition/compare/v0.5.4...v1.0.0">https://github.com/jshttp/content-disposition/compare/v0.5.4...v1.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/content-disposition/blob/master/HISTORY.md">content-disposition's
changelog</a>.</em></p>
<blockquote>
<h1>1.0.1 / 2025-11-18</h1>
<ul>
<li>Updated <code>engines</code> field to Node@18 or higher (fixed
reference, see 1.0.0)</li>
<li>Remove dependency <code>safe-buffer</code></li>
</ul>
<h1>1.0.0 / 2024-08-31</h1>
<ul>
<li>drop node &lt;18</li>
<li>allow utf8 as alias for utf-8</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b56faefa03"><code>b56faef</code></a>
1.0.1 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/58">#58</a>)</li>
<li><a
href="0839a62f09"><code>0839a62</code></a>
build(deps): bump github/codeql-action from 3.28.18 to 4.31.2 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/92">#92</a>)</li>
<li><a
href="5badd4b7da"><code>5badd4b</code></a>
build(deps): bump actions/download-artifact from 4 to 6 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/93">#93</a>)</li>
<li><a
href="4162dbd398"><code>4162dbd</code></a>
build(deps): bump actions/upload-artifact from 4 to 5 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/94">#94</a>)</li>
<li><a
href="b2ce0fbd8b"><code>b2ce0fb</code></a>
chore: add funding to package.json (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/84">#84</a>)</li>
<li><a
href="f0c058a81d"><code>f0c058a</code></a>
build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/81">#81</a>)</li>
<li><a
href="1f4451c299"><code>1f4451c</code></a>
build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/80">#80</a>)</li>
<li><a
href="765ef23860"><code>765ef23</code></a>
build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/75">#75</a>)</li>
<li><a
href="21c68cd454"><code>21c68cd</code></a>
ci: add CodeQl (SAST) (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/71">#71</a>)</li>
<li><a
href="8fec68dca4"><code>8fec68d</code></a>
ci: add dependabot (<a
href="https://redirect.github.com/jshttp/content-disposition/issues/73">#73</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/content-disposition/compare/v0.5.4...v1.0.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for content-disposition since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=content-disposition&package-manager=npm_and_yarn&previous-version=0.5.4&new-version=1.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-04 00:10:11 +01:00
Josh Hsieh
8694a06eb6 docs: use correct term "Server-Sent Events" in guide (#1920) 
This PR updates the terminology in `docs/guide.md` from **"Server-Side
Events"** to the correct term **"Server-Sent Events" (SSE)**.

Changes:

- Rename the section heading from `Server-Side Events` to `Server-Sent
Events`.
- Update the description text to use “server-sent events” consistently.

This aligns the docs with the standard naming used in the HTML
specification and MDN Web Docs, and should make it easier for readers to
search for related resources (e.g. “Server-Sent Events”, “SSE”,
`EventSource`).

## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.
 2026-01-04 00:06:24 +01:00
dependabot[bot]
096682b315 build(deps): bump mime-types from 3.0.1 to 3.0.2 (#1918) 
Bumps [mime-types](https://github.com/jshttp/mime-types) from 3.0.1 to
3.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/mime-types/releases">mime-types's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: use <code>ubuntu-latest</code> as ci runner by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/143">jshttp/mime-types#143</a></li>
<li>[StepSecurity] Apply security best practices by <a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/141">jshttp/mime-types#141</a></li>
<li>fix: mime-score logic for mp4 types by <a
href="https://github.com/broofa"><code>@​broofa</code></a> in <a
href="https://redirect.github.com/jshttp/mime-types/pull/140">jshttp/mime-types#140</a></li>
<li>🧪 add engines test by <a
href="https://github.com/ctcpip"><code>@​ctcpip</code></a> in <a
href="https://redirect.github.com/jshttp/mime-types/pull/136">jshttp/mime-types#136</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/mime-types/pull/158">jshttp/mime-types#158</a></li>
<li>build(deps): bump github/codeql-action from 3.27.9 to 3.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/163">jshttp/mime-types#163</a></li>
<li>build(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/164">jshttp/mime-types#164</a></li>
<li>build(deps): bump actions/setup-node from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/166">jshttp/mime-types#166</a></li>
<li>build(deps): bump github/codeql-action from 3.30.0 to 3.30.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/168">jshttp/mime-types#168</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/167">jshttp/mime-types#167</a></li>
<li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/150">jshttp/mime-types#150</a></li>
<li>build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/144">jshttp/mime-types#144</a></li>
<li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/148">jshttp/mime-types#148</a></li>
<li>build(deps-dev): bump mocha from 10.2.0 to 10.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/149">jshttp/mime-types#149</a></li>
<li>build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/147">jshttp/mime-types#147</a></li>
<li>fix: update JSDoc to convey only false return by <a
href="https://github.com/kellyselden"><code>@​kellyselden</code></a> in
<a
href="https://redirect.github.com/jshttp/mime-types/pull/152">jshttp/mime-types#152</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.32.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/155">jshttp/mime-types#155</a></li>
<li>Release: 3.0.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/mime-types/pull/169">jshttp/mime-types#169</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/mime-types/pull/141">jshttp/mime-types#141</a></li>
<li><a href="https://github.com/ctcpip"><code>@​ctcpip</code></a> made
their first contribution in <a
href="https://redirect.github.com/jshttp/mime-types/pull/136">jshttp/mime-types#136</a></li>
<li><a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/mime-types/pull/158">jshttp/mime-types#158</a></li>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/jshttp/mime-types/pull/163">jshttp/mime-types#163</a></li>
<li><a
href="https://github.com/kellyselden"><code>@​kellyselden</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/mime-types/pull/152">jshttp/mime-types#152</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/mime-types/compare/v3.0.1...v3.0.2">https://github.com/jshttp/mime-types/compare/v3.0.1...v3.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/mime-types/blob/master/HISTORY.md">mime-types's
changelog</a>.</em></p>
<blockquote>
<h1>3.0.2 / 2025-11-20</h1>
<ul>
<li>Fix: update JSDoc to reflect that functions return only
<code>false</code> or <code>string</code>, not
<code>boolean|string</code>.</li>
<li>Fix: refined mime-score logic so <code>.mp4</code> resolves
correctly</li>
<li>Fix:reflect the current Node.js version supported to ≥ 18 (See 3.0.0
for more details).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="29a0302d79"><code>29a0302</code></a>
3.0.2 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/169">#169</a>)</li>
<li><a
href="c3ebfb1a27"><code>c3ebfb1</code></a>
build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.32.0 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/155">#155</a>)</li>
<li><a
href="02e8eb213e"><code>02e8eb2</code></a>
fix: update JSDoc to convey only false return (<a
href="https://redirect.github.com/jshttp/mime-types/issues/152">#152</a>)</li>
<li><a
href="ef03e6a777"><code>ef03e6a</code></a>
build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/147">#147</a>)</li>
<li><a
href="636cd1b66a"><code>636cd1b</code></a>
build(deps-dev): bump mocha from 10.2.0 to 10.8.2 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/149">#149</a>)</li>
<li><a
href="c02166bab2"><code>c02166b</code></a>
build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/148">#148</a>)</li>
<li><a
href="44956c6303"><code>44956c6</code></a>
build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/144">#144</a>)</li>
<li><a
href="5e3bb15d29"><code>5e3bb15</code></a>
build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/150">#150</a>)</li>
<li><a
href="53f720cdf9"><code>53f720c</code></a>
build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/167">#167</a>)</li>
<li><a
href="eac806f33b"><code>eac806f</code></a>
build(deps): bump github/codeql-action from 3.30.0 to 3.30.5 (<a
href="https://redirect.github.com/jshttp/mime-types/issues/168">#168</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/mime-types/compare/v3.0.1...v3.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mime-types&package-manager=npm_and_yarn&previous-version=3.0.1&new-version=3.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-04 00:05:44 +01:00
dependabot[bot]
8215c2e389 build(deps): bump http-errors from 2.0.0 to 2.0.1 (#1919) 
Bumps [http-errors](https://github.com/jshttp/http-errors) from 2.0.0 to
2.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/http-errors/releases">http-errors's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for OSSF scorecard reporting by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/http-errors/pull/107">jshttp/http-errors#107</a></li>
<li>refactor: improve <code>toClassName</code> function readability and
JSDoc completeness by <a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/112">jshttp/http-errors#112</a></li>
<li>chore: upgrade scorecard workflow pinned action versions by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/http-errors/pull/113">jshttp/http-errors#113</a></li>
<li>Add test for extending native errors w/o altering prototype by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/jshttp/http-errors/pull/106">jshttp/http-errors#106</a></li>
<li>remove --bail from test script by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/jshttp/http-errors/pull/114">jshttp/http-errors#114</a></li>
<li>[StepSecurity] Apply security best practices by <a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/116">jshttp/http-errors#116</a></li>
<li>build(deps): bump actions/checkout from 2.7.0 to 4.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/117">jshttp/http-errors#117</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/118">jshttp/http-errors#118</a></li>
<li>build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/119">jshttp/http-errors#119</a></li>
<li>build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/121">jshttp/http-errors#121</a></li>
<li>build(deps): bump github/codeql-action from 3.27.9 to 3.28.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/123">jshttp/http-errors#123</a></li>
<li>fix: use <code>ubuntu-latest</code> as ci runner by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/124">jshttp/http-errors#124</a></li>
<li>remove --bail by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/jshttp/http-errors/pull/125">jshttp/http-errors#125</a></li>
<li>deps: update statuses and switch fixed versions to tilde (~) by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/http-errors/pull/126">jshttp/http-errors#126</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/http-errors/pull/130">jshttp/http-errors#130</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/131">jshttp/http-errors#131</a></li>
<li>ci: add nodejs v18 - v24 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/jshttp/http-errors/pull/127">jshttp/http-errors#127</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/129">jshttp/http-errors#129</a></li>
<li>build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/133">jshttp/http-errors#133</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/132">jshttp/http-errors#132</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/138">jshttp/http-errors#138</a></li>
<li>build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/137">jshttp/http-errors#137</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/134">jshttp/http-errors#134</a></li>
<li>Release: 2.0.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/http-errors/pull/140">jshttp/http-errors#140</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/112">jshttp/http-errors#112</a></li>
<li><a href="https://github.com/jonchurch"><code>@​jonchurch</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/106">jshttp/http-errors#106</a></li>
<li><a
href="https://github.com/step-security-bot"><code>@​step-security-bot</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/116">jshttp/http-errors#116</a></li>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/117">jshttp/http-errors#117</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/124">jshttp/http-errors#124</a></li>
<li><a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/http-errors/pull/126">jshttp/http-errors#126</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/http-errors/compare/v2.0.0...v2.0.1">https://github.com/jshttp/http-errors/compare/v2.0.0...v2.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/http-errors/blob/master/HISTORY.md">http-errors's
changelog</a>.</em></p>
<blockquote>
<h1>2.0.1 / 2025-11-20</h1>
<ul>
<li>deps: use tilde notation for dependencies</li>
<li>deps: update statuses to 2.0.2</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="61aee5769e"><code>61aee57</code></a>
2.0.1 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/140">#140</a>)</li>
<li><a
href="6acba1ff0c"><code>6acba1f</code></a>
build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/134">#134</a>)</li>
<li><a
href="d2dcbbffb3"><code>d2dcbbf</code></a>
build(deps): bump github/codeql-action from 3.29.11 to 4.31.2 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/137">#137</a>)</li>
<li><a
href="fa47a60e96"><code>fa47a60</code></a>
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/138">#138</a>)</li>
<li><a
href="09b3881c43"><code>09b3881</code></a>
build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/132">#132</a>)</li>
<li><a
href="f1ad32238a"><code>f1ad322</code></a>
build(deps): bump github/codeql-action from 3.29.7 to 3.29.11 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/133">#133</a>)</li>
<li><a
href="109fe03f60"><code>109fe03</code></a>
build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.32.0 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/129">#129</a>)</li>
<li><a
href="7a0544616f"><code>7a05446</code></a>
ci: add nodejs v18 - v24 to test matrix (<a
href="https://redirect.github.com/jshttp/http-errors/issues/127">#127</a>)</li>
<li><a
href="6dfaf4983d"><code>6dfaf49</code></a>
build(deps): bump github/codeql-action from 3.28.18 to 3.29.5 (<a
href="https://redirect.github.com/jshttp/http-errors/issues/131">#131</a>)</li>
<li><a
href="535aebf128"><code>535aebf</code></a>
chore: add funding to package.json (<a
href="https://redirect.github.com/jshttp/http-errors/issues/130">#130</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/http-errors/compare/v2.0.0...v2.0.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for http-errors since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=http-errors&package-manager=npm_and_yarn&previous-version=2.0.0&new-version=2.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-04 00:05:09 +01:00
dependabot[bot]
cfe5ec6aea build(deps-dev): bump qs from 6.14.0 to 6.14.1 (#1921) 
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure arrayLength applies to <code>[]</code> notation as
well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3fa11a5f64"><code>3fa11a5</code></a>
v6.14.1</li>
<li><a
href="a62670423c"><code>a626704</code></a>
[Dev Deps] update <code>npmignore</code></li>
<li><a
href="3086902ecf"><code>3086902</code></a>
[Fix] ensure arrayLength applies to <code>[]</code> notation as
well</li>
<li><a
href="fc7930e86c"><code>fc7930e</code></a>
[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code></li>
<li><a
href="0b06aac566"><code>0b06aac</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="64951f6200"><code>64951f6</code></a>
[Refactor] <code>parse</code>: extract key segment splitting helper</li>
<li><a
href="e1bd2599cd"><code>e1bd259</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="f4b3d39709"><code>f4b3d39</code></a>
[eslint] add eslint 9 optional peer dep</li>
<li><a
href="6e94d9596c"><code>6e94d95</code></a>
[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code></li>
<li><a
href="973dc3c51c"><code>973dc3c</code></a>
[actions] add workflow permissions</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.14.0...v6.14.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.14.0&new-version=6.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/koajs/koa/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-04 00:04:47 +01:00
WuMingDao
0a6afa5a61 fix: typo in troubleshooting.md (#1916) 
## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.

Signed-off-by: WuMingDao <146366930+WuMingDao@users.noreply.github.com>
 2025-11-04 09:06:14 -08:00
MK
2e52fb589c 3.1.1 2025-10-27 12:24:20 +08:00
Jeff Wainwright
863c2118f0 fix: only original value destroy if the new value is not a stream (#1914) 
close https://github.com/koajs/koa/issues/1913
 2025-10-27 12:23:33 +08:00
MK
1c642f4e4f 3.1.0 2025-10-26 21:16:22 +08:00
Jeff Wainwright
27df3b6e00 fix: adds steam clean up (#1910) 
**Adds stream clean-up** in addition to nullish value clean-up.

- update from @fengmk2's identified issue
[here](https://github.com/koajs/koa/pull/1893#discussion_r2455395874).
   - https://github.com/koajs/koa/pull/1893#discussion_r2455395874
- Stackblitz display issue + fix
[here](https://stackblitz.com/~/github.com/yowainwright/koa-patch-ISSUE-1834_discussion_r2455395874?file=patch/koa/lib/response.js).
-
https://stackblitz.com/~/github.com/yowainwright/koa-patch-ISSUE-1834_discussion_r2455395874?file=patch/koa/lib/response.js
 2025-10-24 13:51:42 +08:00
Jeff Wainwright
49a32077f6 feat: fixes mem leak relating to issue-1834 (#1893) 
## Description

- closes #1834 
- closes #1882 
- closes #1889

## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.

## Checklist for 1834 (before re-pinging team)

- [x] Update stackblitz - [stackblitz demostrating error and
fix](https://stackblitz.com/edit/koa-patch-starter-pwupm4kr?file=README.md,index.js,patch%2Fkoa%2Flib%2Fapplication.js,vendor%2Fkoa%2Flib%2Fapplication.js)
- [x] Address comments
- [x] Re-review after merging 2 issues together
 2025-10-22 11:50:13 -07:00
MK
ffd497a190 3.0.3 2025-10-18 22:20:40 +08:00
MK (fengmk2)
769fd75cc6 fix: normalize referer before redirect (#1908) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-18 22:20:14 +08:00
MK
433b20c9e5 3.0.2 2025-10-17 14:55:00 +08:00
Copilot
307013b5fa chore: use NPM trusted publishing with semver tag triggers (#1907) 
This PR adds an automated NPM publishing workflow that leverages
GitHub's trusted publishing feature to securely publish the Koa package
whenever a semantic versioning tag is pushed.

## Overview

The new `.github/workflows/npm-publish.yml` workflow automates the
release process with enhanced security through NPM provenance, ensuring
packages are verifiably linked to their source code.

## Key Features

### 🏷️ Semver Tag Triggers

The workflow triggers **only** when tags matching semantic versioning
format are pushed:

- **Standard versions**: `v1.0.0`, `v2.10.15`
- **Pre-releases**: `v3.0.0-alpha`, `v3.0.0-beta.1`
- **Release candidates**: `v4.0.0-rc.2`

Tags without the `v` prefix, incomplete versions (e.g., `v1.0`), or
non-semver formats are ignored.

### 🔐 NPM Trusted Publishing

Implements NPM's trusted publishing with provenance:

- **`--provenance` flag**: Generates cryptographic attestations linking
the published package to the GitHub repository and specific commit
- **OIDC authentication**: Uses GitHub's OpenID Connect provider instead
of long-lived tokens, reducing security risks
- **Supply chain transparency**: Allows users to verify package
authenticity and build provenance

###  Quality Gates

Before publishing, the workflow automatically:

1. Runs the linter (`npm run lint`)
2. Executes the full test suite (`npm test`)
3. Only publishes if all checks pass

This ensures only quality-validated releases reach NPM.

### 🛠️ Best Practices

- Uses `npm ci` for reproducible, consistent builds
- Runs on Node.js 20.x LTS
- Uses latest stable GitHub Actions (v4)
- Includes comprehensive inline documentation

## Setup Requirements

To use this workflow, repository maintainers need to:

1. **Add NPM token to GitHub Secrets**
   - Navigate to Settings → Secrets and variables → Actions
- Create a new secret named `NPM_TOKEN` with your NPM automation token

2. **Configure NPM account for trusted publishing**
   - Ensure the NPM account has access to publish the package
- Verify the package is configured for public access (or remove
`--access public` from the workflow)

## Usage

To publish a new version:

```bash
# Create a semver tag
git tag v3.0.2
git push origin v3.0.2
```

The workflow will automatically:
- Trigger on tag push
- Run quality checks
- Publish to NPM with provenance
- Generate attestations linking the package to this repository

## Technical Details

The workflow uses three tag patterns to cover common semver formats
while working within GitHub Actions' glob pattern limitations:

1. `v[0-9]+.[0-9]+.[0-9]+` - Standard semver (v1.0.0)
2. `v[0-9]+.[0-9]+.[0-9]+-[a-zA-Z0-9]+` - Pre-release (v1.0.0-alpha)
3. `v[0-9]+.[0-9]+.[0-9]+-[a-zA-Z0-9]+.[0-9]+` - Pre-release with number
(v1.0.0-beta.1)

Permissions are configured for trusted publishing:
- `contents: read` - Access repository code
- `id-token: write` - Generate OIDC tokens for NPM authentication

This implementation enhances the project's release automation while
improving security and supply chain transparency for all Koa users.

<!-- START COPILOT CODING AGENT SUFFIX -->



<details>

<summary>Original prompt</summary>

> Create a github action workflow that uses npm trusted publish and
triggers this workflow only when a tag is created and the tag name meets
the semver format.


</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💬 Share your feedback on Copilot coding agent for the chance to win a
$200 gift card! Click
[here](https://survey3.medallia.com/?EAHeSx-AP01bZqG0Ld9QLQ) to start
the survey.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com>
Co-authored-by: MK <fengmk2@gmail.com>
 2025-10-17 14:53:26 +08:00
Jeff Wainwright
83128eb6cc fix: fixes response.attachment behavior leads to Content-Type Sniffing (#1904) 
## Checklist

Added security-focused tests to verify:
  1. Content-Type is preserved when already set
2. Content-Type is still set when not previously defined (backwards
compatibility)
  3. The fix prevents XSS vulnerabilities with HTML and SVG files

credit "Luca Carettoni of Doyensec LLC" as [requested in the
advisory](https://github.com/koajs/koa/security/advisories/GHSA-c5vw-j4hf-j526).
 2025-09-17 08:52:31 +08:00
fengmk2
1ddb048adc 3.0.1 2025-07-27 15:35:05 +08:00
fengmk2
422c551c63 Merge commit from fork 
https://github.com/koajs/koa/security/advisories/GHSA-jgmv-j7ww-jx2x

close https://github.com/koajs/koa/issues/1892
 2025-07-27 15:25:47 +08:00
dependabot[bot]
6e51eb1516 build(deps-dev): bump form-data from 4.0.3 to 4.0.4 (#1894) 
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.3 to
4.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a>
- 2025-07-16</h2>
<h3>Commits</h3>
<ul>
<li>[meta] add <code>auto-changelog</code> <a
href="811f68282f"><code>811f682</code></a></li>
<li>[Tests] handle predict-v8-randomness failures in node &lt; 17 and
node &gt; 23 <a
href="1d11a76434"><code>1d11a76</code></a></li>
<li>[Fix] Switch to using <code>crypto</code> random for boundary values
<a
href="3d1723080e"><code>3d17230</code></a></li>
<li>[Tests] fix linting errors <a
href="5e340800b5"><code>5e34080</code></a></li>
<li>[meta] actually ensure the readme backup isn’t published <a
href="316c82ba93"><code>316c82b</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="58c25d7640"><code>58c25d7</code></a></li>
<li>[meta] fix readme capitalization <a
href="2300ca1959"><code>2300ca1</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="41996f5ac7"><code>41996f5</code></a>
v4.0.4</li>
<li><a
href="316c82ba93"><code>316c82b</code></a>
[meta] actually ensure the readme backup isn’t published</li>
<li><a
href="2300ca1959"><code>2300ca1</code></a>
[meta] fix readme capitalization</li>
<li><a
href="811f68282f"><code>811f682</code></a>
[meta] add <code>auto-changelog</code></li>
<li><a
href="5e340800b5"><code>5e34080</code></a>
[Tests] fix linting errors</li>
<li><a
href="1d11a76434"><code>1d11a76</code></a>
[Tests] handle predict-v8-randomness failures in node &lt; 17 and node
&gt; 23</li>
<li><a
href="58c25d7640"><code>58c25d7</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="3d1723080e"><code>3d17230</code></a>
[Fix] Switch to using <code>crypto</code> random for boundary
values</li>
<li>See full diff in <a
href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=form-data&package-manager=npm_and_yarn&previous-version=4.0.3&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/koajs/koa/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-26 23:20:39 -07:00
dependabot[bot]
d378e5c5f9 build(deps-dev): bump supertest from 7.1.1 to 7.1.4 (#1895) 
Bumps [supertest](https://github.com/ladjs/supertest) from 7.1.1 to
7.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ladjs/supertest/releases">supertest's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.4</h2>
<ul>
<li>chore: bump deps  6021ec8</li>
<li>Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/865">#865</a>
from forwardemail/dependabot/npm_and_yarn/form-data-4.0.4 ceca508</li>
<li>chore(deps): bump form-data from 4.0.3 to 4.0.4  b1fb983</li>
</ul>
<hr />
<p><a
href="https://github.com/ladjs/supertest/compare/v7.1.3...v7.1.4">https://github.com/ladjs/supertest/compare/v7.1.3...v7.1.4</a></p>
<h2>v7.1.3</h2>
<ul>
<li>fix: revert automatic server closing (per <a
href="https://redirect.github.com/ladjs/supertest/issues/651">#651</a>)
b6fd281</li>
<li>fix: rename ci file  75bcbc9</li>
</ul>
<hr />
<p><a
href="https://github.com/ladjs/supertest/compare/v7.1.2...v7.1.3">https://github.com/ladjs/supertest/compare/v7.1.2...v7.1.3</a></p>
<h2>v7.1.2</h2>
<ul>
<li>feat: fix server lifecycle, callback handling, and SuperAgent v10
compatibility 6d060e3</li>
<li>Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/862">#862</a>
from noritaka1166/fix-typo-test 0413057</li>
<li>Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/841">#841</a>
from viniciusamc/master e2be0e1</li>
<li>chore: fix typo in test  b7f985b</li>
<li>feat(bearer):bearer auth token method  411f7ce</li>
</ul>
<hr />
<p><a
href="https://github.com/ladjs/supertest/compare/v7.1.1...v7.1.2">https://github.com/ladjs/supertest/compare/v7.1.1...v7.1.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="076228a654"><code>076228a</code></a>
7.1.4</li>
<li><a
href="6021ec8174"><code>6021ec8</code></a>
chore: bump deps</li>
<li><a
href="ceca508bd4"><code>ceca508</code></a>
Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/865">#865</a>
from forwardemail/dependabot/npm_and_yarn/form-data-4...</li>
<li><a
href="b1fb983db7"><code>b1fb983</code></a>
chore(deps): bump form-data from 4.0.3 to 4.0.4</li>
<li><a
href="0cf2ec375f"><code>0cf2ec3</code></a>
7.1.3</li>
<li><a
href="b6fd281d29"><code>b6fd281</code></a>
fix: revert automatic server closing (per <a
href="https://redirect.github.com/ladjs/supertest/issues/651">#651</a>)</li>
<li><a
href="75bcbc941d"><code>75bcbc9</code></a>
fix: rename ci file</li>
<li><a
href="29c3267d31"><code>29c3267</code></a>
7.1.2</li>
<li><a
href="6d060e3c8d"><code>6d060e3</code></a>
feat: fix server lifecycle, callback handling, and SuperAgent v10
compatibility</li>
<li><a
href="04130571b0"><code>0413057</code></a>
Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/862">#862</a>
from noritaka1166/fix-typo-test</li>
<li>Additional commits viewable in <a
href="https://github.com/ladjs/supertest/compare/v7.1.1...v7.1.4">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~titanism">titanism</a>, a new releaser for
supertest since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supertest&package-manager=npm_and_yarn&previous-version=7.1.1&new-version=7.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-26 23:20:26 -07:00
dependabot[bot]
cb22d8dcde build(deps): bump statuses from 2.0.1 to 2.0.2 (#1888) 
Bumps [statuses](https://github.com/jshttp/statuses) from 2.0.1 to
2.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/statuses/releases">statuses's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Ci/add missing node versions by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/jshttp/statuses/pull/32">jshttp/statuses#32</a></li>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/24">jshttp/statuses#24</a></li>
<li>chore: pin dependencies and specify permissions in the pipeline by
<a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/25">jshttp/statuses#25</a></li>
<li>docs: add openssf badge in readme file by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/29">jshttp/statuses#29</a></li>
<li>chore: add codeql pipeline by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/26">jshttp/statuses#26</a></li>
<li>chore: add dependency review tool by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/27">jshttp/statuses#27</a></li>
<li>chore: add dependabot by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/28">jshttp/statuses#28</a></li>
<li>fix: use <code>ubuntu-latest</code> as ci runner by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/33">jshttp/statuses#33</a></li>
<li>Replace deprecated String.prototype.substr() by <a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/23">jshttp/statuses#23</a></li>
<li>ci: modernize pipelines by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/34">jshttp/statuses#34</a></li>
<li>fix: typo in pipeline by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/39">jshttp/statuses#39</a></li>
<li>build(deps-dev): bump raw-body from 2.4.1 to 2.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/jshttp/statuses/pull/35">jshttp/statuses#35</a></li>
<li>build(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/jshttp/statuses/pull/36">jshttp/statuses#36</a></li>
<li>build(deps-dev): bump csv-parse from 4.15.1 to 4.16.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/jshttp/statuses/pull/37">jshttp/statuses#37</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.23.2 to 2.31.0 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/jshttp/statuses/pull/38">jshttp/statuses#38</a></li>
<li>Release: 2.0.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/jshttp/statuses/pull/40">jshttp/statuses#40</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/carpasse"><code>@​carpasse</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/statuses/pull/32">jshttp/statuses#32</a></li>
<li><a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/statuses/pull/24">jshttp/statuses#24</a></li>
<li><a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/statuses/pull/33">jshttp/statuses#33</a></li>
<li><a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>
made their first contribution in <a
href="https://redirect.github.com/jshttp/statuses/pull/23">jshttp/statuses#23</a></li>
<li><a
href="https://github.com/dependabot"><code>@​dependabot</code></a> made
their first contribution in <a
href="https://redirect.github.com/jshttp/statuses/pull/35">jshttp/statuses#35</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jshttp/statuses/compare/v2.0.1...v2.0.2">https://github.com/jshttp/statuses/compare/v2.0.1...v2.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jshttp/statuses/blob/master/HISTORY.md">statuses's
changelog</a>.</em></p>
<blockquote>
<h1>2.0.2 / 2025-06-06</h1>
<ul>
<li>Migrate to <code>String.prototype.slice()</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="33ec007ae0"><code>33ec007</code></a>
2.0.2 (<a
href="https://redirect.github.com/jshttp/statuses/issues/40">#40</a>)</li>
<li><a
href="cc539ee32c"><code>cc539ee</code></a>
build(deps-dev): bump eslint-plugin-import from 2.23.2 to 2.31.0 (<a
href="https://redirect.github.com/jshttp/statuses/issues/38">#38</a>)</li>
<li><a
href="c3a417aa27"><code>c3a417a</code></a>
build(deps-dev): bump csv-parse from 4.15.1 to 4.16.3 (<a
href="https://redirect.github.com/jshttp/statuses/issues/37">#37</a>)</li>
<li><a
href="99d64aeffe"><code>99d64ae</code></a>
build(deps-dev): bump eslint-plugin-promise from 4.2.1 to 4.3.1 (<a
href="https://redirect.github.com/jshttp/statuses/issues/36">#36</a>)</li>
<li><a
href="6eb7e1199d"><code>6eb7e11</code></a>
build(deps-dev): bump raw-body from 2.4.1 to 2.5.2 (<a
href="https://redirect.github.com/jshttp/statuses/issues/35">#35</a>)</li>
<li><a
href="2e7a28e297"><code>2e7a28e</code></a>
fix: typo in pipeline (<a
href="https://redirect.github.com/jshttp/statuses/issues/39">#39</a>)</li>
<li><a
href="8f80743554"><code>8f80743</code></a>
ci: modernize pipelines (<a
href="https://redirect.github.com/jshttp/statuses/issues/34">#34</a>)</li>
<li><a
href="ed17ccd1d6"><code>ed17ccd</code></a>
chore: migrate to <code>String.prototype.slice()</code> (<a
href="https://redirect.github.com/jshttp/statuses/issues/23">#23</a>)</li>
<li><a
href="76d850208b"><code>76d8502</code></a>
fix: use <code>ubuntu-latest</code> as ci runner (<a
href="https://redirect.github.com/jshttp/statuses/issues/33">#33</a>)</li>
<li><a
href="4f369f5942"><code>4f369f5</code></a>
ci: add dependabot (<a
href="https://redirect.github.com/jshttp/statuses/issues/28">#28</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jshttp/statuses/compare/v2.0.1...v2.0.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for statuses since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=statuses&package-manager=npm_and_yarn&previous-version=2.0.1&new-version=2.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-27 23:29:06 -07:00
Imed Jaberi
0acad8ff37 feat: replace cache-content-type with mime-types directly (#1886) 
## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.
 2025-06-06 13:11:57 +01:00
Imed Jaberi
2f6e8147db feat: replace debug module with pure node:util::debuglog (#1885) 
## Checklist

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.
 2025-06-05 22:32:10 +01:00
dependabot[bot]
8620ced588 build(deps): bump debug from 4.4.0 to 4.4.1 (#1880) 
Bumps [debug](https://github.com/debug-js/debug) from 4.4.0 to 4.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/debug-js/debug/releases">debug's
releases</a>.</em></p>
<blockquote>
<h2>4.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix(Issue-996): replace whitespaces in namespaces string with commas
globally by <a
href="https://github.com/pdahal-cx"><code>@​pdahal-cx</code></a> in <a
href="https://redirect.github.com/debug-js/debug/pull/997">debug-js/debug#997</a></li>
<li>fixes <a
href="https://redirect.github.com/debug-js/debug/issues/987">#987</a>
fallback to localStorage.DEBUG if debug is not defined by <a
href="https://github.com/lzilioli"><code>@​lzilioli</code></a> in <a
href="https://redirect.github.com/debug-js/debug/pull/988">debug-js/debug#988</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/pdahal-cx"><code>@​pdahal-cx</code></a>
made their first contribution in <a
href="https://redirect.github.com/debug-js/debug/pull/997">debug-js/debug#997</a></li>
<li><a href="https://github.com/lzilioli"><code>@​lzilioli</code></a>
made their first contribution in <a
href="https://redirect.github.com/debug-js/debug/pull/988">debug-js/debug#988</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/debug-js/debug/compare/4.4.0...4.4.1">https://github.com/debug-js/debug/compare/4.4.0...4.4.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="33330fa861"><code>33330fa</code></a>
4.4.1</li>
<li><a
href="98df33ed9d"><code>98df33e</code></a>
remove istanbul</li>
<li><a
href="bf2f574c3e"><code>bf2f574</code></a>
fixes <a
href="https://redirect.github.com/debug-js/debug/issues/987">#987</a>
fallback to localStorage.DEBUG if debug is not defined (<a
href="https://redirect.github.com/debug-js/debug/issues/988">#988</a>)</li>
<li><a
href="a0497bd46d"><code>a0497bd</code></a>
Replace whitespaces in namespaces string with commas globally instead of
just...</li>
<li>See full diff in <a
href="https://github.com/debug-js/debug/compare/4.4.0...4.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=debug&package-manager=npm_and_yarn&previous-version=4.4.0&new-version=4.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@jonathanong.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-23 22:52:31 -07:00
dependabot[bot]
dec1ffcbda build(deps-dev): bump supertest from 7.1.0 to 7.1.1 (#1879) 
Bumps [supertest](https://github.com/ladjs/supertest) from 7.1.0 to
7.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ladjs/supertest/releases">supertest's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.1</h2>
<ul>
<li>Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/858">#858</a>
from ByteOPCode/master f553845</li>
<li>feat: update superagent version  d37d197</li>
</ul>
<p><a
href="https://github.com/ladjs/supertest/compare/v7.1.0...v7.1.1">https://github.com/ladjs/supertest/compare/v7.1.0...v7.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="200031e219"><code>200031e</code></a>
7.1.1</li>
<li><a
href="f55384519f"><code>f553845</code></a>
Merge pull request <a
href="https://redirect.github.com/ladjs/supertest/issues/858">#858</a>
from ByteOPCode/master</li>
<li><a
href="d37d197bd7"><code>d37d197</code></a>
feat: update superagent version</li>
<li>See full diff in <a
href="https://github.com/ladjs/supertest/compare/v7.1.0...v7.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supertest&package-manager=npm_and_yarn&previous-version=7.1.0&new-version=7.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-23 22:52:20 -07:00
Jeff Wainwright
9057541332 chore: removes done callbacks in tests [CHORE-1870] (#1875) 
## Checklist

Chore: removes done callback; prefer async

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.

---------

Co-authored-by: jongleberry <jonathanrichardong@gmail.com>
Co-authored-by: Jeff Wainwright <jeffry@tuta.com>
 2025-05-08 00:06:19 -07:00
dependabot[bot]
61bf494594 build(deps-dev): bump formidable from 3.5.2 to 3.5.4 (#1878) 
Bumps [formidable](https://github.com/node-formidable/formidable) from
3.5.2 to 3.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/node-formidable/formidable/releases">formidable's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.3</h2>
<h2>What's Changed</h2>
<ul>
<li>
<p>Fix existing test failure by <a
href="https://github.com/ryhmrt"><code>@​ryhmrt</code></a> in <a
href="https://redirect.github.com/node-formidable/formidable/pull/990">node-formidable/formidable#990</a></p>
</li>
<li>
<p>update Ryan Dahl x account link by <a
href="https://github.com/moetezch"><code>@​moetezch</code></a> in <a
href="https://redirect.github.com/node-formidable/formidable/pull/989">node-formidable/formidable#989</a></p>
</li>
<li>
<p>update failing tests</p>
</li>
<li>
<p>update CI/CD workflows and actions;</p>
</li>
<li>
<p>update CodeQL github action for security analysis</p>
</li>
<li>
<p>update readme, links and badges</p>
</li>
<li>
<p>update to use cuid2 (battle-tested <code>@paralleldrive/cuid2</code>
package) for better random names - should not be breaking anything since
it's still 25 characters long, but a lot safer and faster.</p>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ryhmrt"><code>@​ryhmrt</code></a> made
their first contribution in <a
href="https://redirect.github.com/node-formidable/formidable/pull/990">node-formidable/formidable#990</a></li>
<li><a href="https://github.com/moetezch"><code>@​moetezch</code></a>
made their first contribution in <a
href="https://redirect.github.com/node-formidable/formidable/pull/989">node-formidable/formidable#989</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/node-formidable/formidable/compare/v3.5.2...v3.5.3">https://github.com/node-formidable/formidable/compare/v3.5.2...v3.5.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md">formidable's
changelog</a>.</em></p>
<blockquote>
<h3>3.5.4</h3>
<ul>
<li>fix the <code>os.machine</code> breaking some dependents, fix <a
href="https://redirect.github.com/node-formidable/formidable/issues/994">#994</a></li>
<li>add Node 16, 18, 20, 22 to CI/CD</li>
</ul>
<h3>3.5.3</h3>
<ul>
<li>security report by ZAST.AI help for some vulnerabilities addressing
(primarily the random names generation)</li>
<li>update failing tests</li>
<li>update CI/CD workflows and actions;</li>
<li>update CodeQL github action for security analysis</li>
<li>update readme, links and badges</li>
<li>update to use cuid2 (battle-tested <code>@paralleldrive/cuid2</code>
package) for better random names - should not be breaking anything since
it's still 25 characters long, but a lot safer and faster.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/node-formidable/formidable/commits">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=formidable&package-manager=npm_and_yarn&previous-version=3.5.2&new-version=3.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/koajs/koa/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-29 10:13:31 -07:00
Jeff Wainwright
9746a8f7e0 chore: adds initial doc text refresh; migration guide [CHORE-1870] (#1877) 
## Checklist

Adds initial migration guide from v2 to v3. 

- [x] I have ensured my pull request is not behind the main or master
branch of the original repository.
- [x] I have rebased all commits where necessary so that reviewing this
pull request can be done without having to merge it first.
- [x] I have written a commit message that passes commitlint linting.
- [x] I have ensured that my code changes pass linting tests.
- [x] I have ensured that my code changes pass unit tests.
- [x] I have described my pull request and the reasons for code changes
along with context if necessary.

---

@jonathanong should I try to make a reasonable codemod for this?
 2025-04-28 12:01:14 -07:00
jongleberry
f7b9a1835f feat: add custom asyncLocalStorage support 2025-04-27 18:10:38 -07:00
jongleberry
44b568f90f docs++ 2025-04-27 17:59:14 -07:00
jongleberry
e63b22d50c package: remove experimental 2025-04-27 17:38:23 -07:00
jongleberry
ead934d8f2 3.0.0 2025-04-27 17:37:40 -07:00