Update Mend: high confidence minor and patch dependency updates

[mend-for-g.yxqyang.asia]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@cyclonedx/cyclonedx-npm	1.19.3 -> 1.20.0
@types/chai (source)	4.3.16 -> 4.3.20
@types/config (source)	3.3.4 -> 3.3.5
@types/cookie-parser (source)	1.4.7 -> 1.4.8
@types/express-serve-static-core (source)	4.19.5 -> 4.19.6
@types/i18n (source)	^0.12.0 -> ^0.13.0
@types/jasmine (source)	~3.9.1 -> ~3.10.0
@types/multer (source)	1.4.11 -> 1.4.12
@types/pdfkit (source)	^0.10.6 -> ^0.13.0
@types/semver (source)	7.5.8 -> 7.7.0
@types/swagger-ui-express (source)	4.1.6 -> 4.1.8
@types/unzipper (source)	0.10.9 -> 0.10.11
@typescript-eslint/eslint-plugin (source)	6.18.1 -> 6.21.0
@typescript-eslint/parser (source)	6.18.1 -> 6.21.0
body-parser	1.20.2 -> 1.20.3
chai (source)	4.4.1 -> 4.5.0
codemirror	5.65.17 -> 5.65.19
compression	1.7.4 -> 1.8.0
cookie-parser	1.4.6 -> 1.4.7
core-js (source)	3.37.1 -> 3.41.0
cross-spawn	7.0.3 -> 7.0.6
cypress (source)	13.13.1 -> 13.17.0
eslint (source)	8.57.0 -> 8.57.1
eslint-config-prettier	7.1.0 -> 7.2.0
eslint-plugin-import	2.29.1 -> 2.31.0
ethers (source)	6.13.1 -> 6.13.5
ethers (source)	5.7.2 -> 5.8.0
express (source)	4.19.2 -> 4.21.2
http-server	^0.12.3 -> ^0.13.0
i18n	^0.11.1 -> ^0.15.0
jasmine-core (source)	~3.9.0 -> ~3.99.0
karma (source)	6.4.3 -> 6.4.4
karma-chrome-launcher	~3.1.0 -> ~3.2.0
material-icons (source)	^0.3.1 -> ^0.7.0
multer	1.4.5-lts.1 -> 1.4.5-lts.2
node-pre-gyp	^0.15.0 -> ^0.17.0
pdfkit (source)	^0.11.0 -> ^0.16.0
rxjs (source)	6.6.3 -> 6.6.7
sanitize-html	1.4.2 -> 1.27.5
sass	1.77.8 -> 1.86.3
semver	7.6.3 -> 7.7.1
sequelize (source)	6.37.3 -> 6.37.7
typescript (source)	~4.6.0 -> ~4.9.0
typescript (source)	~4.8.4 -> ~4.9.0
unzipper	0.9.15 -> 0.12.3
zustand	4.4.1 -> 4.5.6

---

Release Notes

CycloneDX/cyclonedx-node-npm (@​cyclonedx/cyclonedx-npm)

v1.20.0

Compare Source

• Added
  • Official support for npm@11 (#​1245 via #​1249)
  • Capability to gather license text evidences (#​256 via #​1243)
    This feature can be controlled via CLI switch --gather-license-texts.
    This feature is experimental. This feature is disabled per default.
• Dependencies
  • No longer directly depend on packageurl-js (via #​1237)
• Build
  • Use TypeScript v5.7.3 now, was v5.5.3 (via #​1209, #​1218, #​1255)

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v6.21.0

Compare Source

🚀 Features

• export plugin metadata

• allow parserOptions.project: false

• eslint-plugin: add rule prefer-find

🩹 Fixes

• eslint-plugin: [no-unused-vars] don't report on types referenced in export assignment expression

• eslint-plugin: [switch-exhaustiveness-check] better support for intersections, infinite types, non-union values

• eslint-plugin: [consistent-type-imports] dont report on types used in export assignment expressions

• eslint-plugin: [no-unnecessary-condition] handle left-hand optional with exactOptionalPropertyTypes option

• eslint-plugin: [class-literal-property-style] allow getter when same key setter exists

• eslint-plugin: [no-unnecessary-type-assertion] provide valid fixes for assertions with extra tokens before as keyword

❤️ Thank You

• auvred
• Brad Zacher
• Kirk Waiblinger
• Pete Gonzalez
• YeonJuan

You can read about our versioning strategy and releases on our website.

v6.20.0

Compare Source

🚀 Features

• eslint-plugin: [member-ordering] allow easy reuse of the default ordering

🩹 Fixes

• eslint-plugin: [no-useless-template-literals] incorrect bigint autofix result

• eslint-plugin: [prefer-nullish-coalescing] treat any/unknown as non-nullable

• eslint-plugin: [no-useless-template-literals] report Infinity & NaN

• eslint-plugin: [prefer-readonly] disable checking accessors

❤️ Thank You

• Alex Parloti
• auvred
• James Browning
• StyleShit
• YeonJuan

You can read about our versioning strategy and releases on our website.

v6.19.1

Compare Source

🩹 Fixes

• type-utils: preventing isUnsafeAssignment infinite recursive calls

• eslint-plugin: [no-unnecessary-condition] fix false positive for type variable

❤️ Thank You

• YeonJuan

You can read about our versioning strategy and releases on our website.

v6.19.0

Compare Source

🚀 Features

• eslint-plugin: [prefer-promise-reject-errors] add rule

• eslint-plugin: [no-array-delete] add new rule

• eslint-plugin: [no-useless-template-literals] add fix suggestions

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] detect unnecessary non-null-assertion on a call expression

• eslint-plugin: [no-unnecesary-type-assertion] treat unknown/any as nullable

❤️ Thank You

• auvred
• Brad Zacher
• Josh Goldberg ✨
• Joshua Chen
• LJX
• Steven
• StyleShit

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v6.21.0

Compare Source

🚀 Features

• allow parserOptions.project: false

❤️ Thank You

• auvred
• Brad Zacher
• Kirk Waiblinger
• Pete Gonzalez
• YeonJuan

You can read about our versioning strategy and releases on our website.

v6.20.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v6.19.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v6.19.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

expressjs/body-parser (body-parser)

v1.20.3

Compare Source

===================

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

chaijs/chai (chai)

v4.5.0

Compare Source

• Update type detect (#​1631) 1a36d35

What's Changed

• Update type detect by @​koddsson in https://github.com/chaijs/chai/pull/1631

Full Changelog: chaijs/chai@v4.4.1...v4.5.0

codemirror/basic-setup (codemirror)

v5.65.19

Compare Source

v5.65.18

Compare Source

expressjs/compression (compression)

v1.8.0

Compare Source

==================

• Use res.headersSent when available
• Replace _implicitHeader with writeHead property
• add brotli support for versions of node that support it
• Add the enforceEncoding option for requests without Accept-Encoding header

v1.7.5

Compare Source

==================

• deps: Replace accepts with negotiator@~0.6.4
  • Add preference option
• deps: [email protected]
  • Add petabyte (pb) support
  • Fix "thousandsSeparator" incorrecting formatting fractional part
  • Fix return value for un-parsable strings
• deps: compressible@~2.0.18
  • Mark font/ttf as compressible
  • Remove compressible from multipart/mixed
  • deps: mime-db@'>= 1.43.0 < 2'
• deps: [email protected]

expressjs/cookie-parser (cookie-parser)

v1.4.7

Compare Source

==========

• deps: [email protected]
  • Fix object assignment of hasOwnProperty
• deps: [email protected]
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: [email protected]
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack
• deps: [email protected]
  • Add partitioned option
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
• deps: [email protected]
  • pref: read value only when assigning in parse
  • pref: remove unnecessary regexp in parse

zloirock/core-js (core-js)

v3.41.0

Compare Source

• Changes v3.40.0...v3.41.0 (85 commits)
• RegExp.escape proposal:
  • Built-ins:
    • RegExp.escape
  • Moved to stable ES, February 2025 TC39 meeting
  • Added es. namespace module, /es/ and /stable/ namespaces entries
• Float16 proposal:
  • Built-ins:
    • Math.f16round
    • DataView.prototype.getFloat16
    • DataView.prototype.setFloat16
  • Moved to stable ES, February 2025 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Math.clamp stage 1 proposal:
  • Built-ins:
    • Math.clamp
  • Extracted from old Math extensions proposal, February 2025 TC39 meeting
  • Added arguments validation
  • Added new entries
• Added a workaround of a V8 AsyncDisposableStack bug, tc39/proposal-explicit-resource-management/256
• Compat data improvements:
  • DisposableStack, SuppressedError and Iterator.prototype[@​@​dispose] marked as shipped from V8 ~ Chromium 134
  • Error.isError added and marked as shipped from V8 ~ Chromium 134
  • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from V8 ~ Chromium 135
  • Iterator helpers proposal features marked as shipped from Safari 18.4
  • JSON.parse source text access proposal features marked as shipped from Safari 18.4
  • Math.sumPrecise marked as shipped from FF137
  • Added Deno 2.2 compat data and compat data mapping
    • Explicit Resource Management features are available in V8 ~ Chromium 134, but not in Deno 2.2 based on it
  • Updated Electron 35 and added Electron 36 compat data mapping
  • Updated Opera Android 87 compat data mapping
  • Added Samsung Internet 28 compat data mapping
  • Added Oculus Quest Browser 36 compat data mapping

v3.40.0

Compare Source

• Changes v3.39.0...v3.40.0 (130 commits)
• Added Error.isError stage 3 proposal:
  • Added built-ins:
    • Error.isError
  • We have no bulletproof way to polyfill this method / check if the object is an error, so it's an enough naive implementation that is marked as .sham
• Explicit Resource Management stage 3 proposal:
  • Updated the way async disposing of only sync disposable resources, tc39/proposal-explicit-resource-management/218
• Iterator sequencing stage 2.7 proposal:
  • Reuse IteratorResult objects when possible, tc39/proposal-iterator-sequencing/17, tc39/proposal-iterator-sequencing/18, December 2024 TC39 meeting
• Added a fix of V8 < 12.8 / NodeJS < 22.10 bug with handling infinite length of set-like objects in Set methods
• Optimized DataView.prototype.{ getFloat16, setFloat16 } performance, #​1379, thanks @​LeviPesin
• Dropped unneeded feature detection of non-standard %TypedArray%.prototype.toSpliced
• Dropped possible re-usage of some non-standard / early stage features (like Math.scale) available on global
• Some other minor improvements
• Compat data improvements:
  • RegExp.escape marked as shipped from Safari 18.2
  • Promise.try marked as shipped from Safari 18.2
  • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } marked as shipped from Safari 18.2
  • Uint8Array to / from base64 and hex proposal methods marked as shipped from Safari 18.2
  • JSON.parse source text access proposal features marked as shipped from FF135
  • RegExp.escape marked as shipped from FF134
  • Promise.try marked as shipped from FF134
  • Symbol.dispose, Symbol.asyncDispose and Iterator.prototype[@​@​dispose] marked as shipped from FF135
  • JSON.parse source text access proposal features marked as shipped from Bun 1.1.43
  • Fixed NodeJS version where URL.parse was added - 22.1 instead of 22.0
  • Added Deno 2.1 compat data mapping
  • Added Rhino 1.8.0 compat data with significant number of modern features
  • Added Electron 35 compat data mapping
  • Updated Opera 115+ compat data mapping
  • Added Opera Android 86 and 87 compat data mapping

v3.39.0

Compare Source

• Changes v3.38.1...v3.39.0
• Iterator helpers proposal:
  • Built-ins:
    • Iterator
      • Iterator.from
      • Iterator.prototype.drop
      • Iterator.prototype.every
      • Iterator.prototype.filter
      • Iterator.prototype.find
      • Iterator.prototype.flatMap
      • Iterator.prototype.forEach
      • Iterator.prototype.map
      • Iterator.prototype.reduce
      • Iterator.prototype.some
      • Iterator.prototype.take
      • Iterator.prototype.toArray
      • Iterator.prototype[@​@​toStringTag]
  • Moved to stable ES, October 2024 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Promise.try:
  • Built-ins:
    • Promise.try
  • Moved to stable ES, October 2024 TC39 meeting
  • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Fixed `/actua

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

disabled