Bump the minors group across 1 directory with 3 updates #280

dependabot · 2025-07-18T19:07:41Z

Bumps the minors group with 3 updates in the /backup directory: age-encryption, morgan and @types/node.

Updates age-encryption from 0.2.3 to 0.2.4

Release notes

Sourced from age-encryption's releases.

v0.2.4 with streaming APIs

Typage can now encrypt and decrypt ReadableStreams. This can be useful for encrypting or decrypting large files, requests, or responses on the fly.

Decrypter.decryptHeader allows decrypting a file key from a detached header. This can be used to decrypt a header client-side without sharing the payload with the client.

Worked around oven-sh/bun#20148, unbreaking recent Bun versions.

Made header and CBOR parsing slightly stricter.

Commits

31e8d9a Fix broken link in README
005175c v0.2.4
4945303 Add size method to ReadableStream returned by encrypt and decrypt
4e6d0d7 Expose streaming APIs
6075a35 Make STREAM processing streaming
0db64f4 Make header parsing streaming
c566120 Fix header ASCII range check
ff6aa9d Enforce valid UTF-8 in CBOR decoding
9e216bc Add Decrypter.decryptHeader for detached header decryption
702e51b Catch NotSupportedError any time during WebCrypto operations
Additional commits viewable in compare view

Updates morgan from 1.10.0 to 1.10.1

Release notes

Sourced from morgan's releases.

1.10.1

What's Changed

renaming simple to sample in readme by @ryhinchey in expressjs/morgan#237

adding installation instructions to readme by @ryhinchey in expressjs/morgan#233

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/morgan#291

ci: replace travis with github actions by @inigomarquinez in expressjs/morgan#290

docs: add example output for log formats by @jonchurch in expressjs/morgan#299

ci: use ubuntu-latest by @bjohansebas in expressjs/morgan#301

ci: apply OSSF Scorecard security best practices by @UlisesGascon in expressjs/morgan#300

remove --bail by @jonchurch in expressjs/morgan#314

⬆️ bump on-headers by @ctcpip in expressjs/morgan#319

New Contributors

@inigomarquinez made their first contribution in expressjs/morgan#291

@jonchurch made their first contribution in expressjs/morgan#299

@bjohansebas made their first contribution in expressjs/morgan#301

@UlisesGascon made their first contribution in expressjs/morgan#300

@ctcpip made their first contribution in expressjs/morgan#319

Full Changelog: expressjs/morgan@1.10.0...1.10.1

Changelog

Sourced from morgan's changelog.

1.10.1 / 2025-07-17

deps: on-headers@~1.1.0

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

c1c7f10 🔖 1.10.1
eb896c2 ⬆️ bump on-headers
1c3eec6 remove --bail (#314)
b144728 ci: apply OSSF Scorecard security best practices (#300)
68c2d21 ci: use ubuntu-latest (#301)
8740a19 docs: add example output for log formats (#299)
efd6bff ci: migra to GitHub actions (#290)
3b89789 ci: add support for OSSF scorecard reporting (#291)
19a6aa5 docs: add installation section
b94f3ff docs: change simple to sample in example descriptions
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for morgan since your current version.

Updates @types/node from 22.15.32 to 22.16.4

Commits

See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
@types/node	[>= 24.0.a, < 24.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minors group with 3 updates in the /backup directory: [age-encryption](https://github.com/FiloSottile/typage), [morgan](https://github.com/expressjs/morgan) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Updates `age-encryption` from 0.2.3 to 0.2.4 - [Release notes](https://github.com/FiloSottile/typage/releases) - [Commits](FiloSottile/typage@v0.2.3...v0.2.4) Updates `morgan` from 1.10.0 to 1.10.1 - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.10.0...1.10.1) Updates `@types/node` from 22.15.32 to 22.16.4 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: age-encryption dependency-version: 0.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minors - dependency-name: morgan dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minors - dependency-name: "@types/node" dependency-version: 22.16.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minors ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the minors group across 1 directory with 3 updates #280

Bump the minors group across 1 directory with 3 updates #280

Uh oh!

dependabot bot commented on behalf of github Jul 18, 2025

Uh oh!

Uh oh!

Bump the minors group across 1 directory with 3 updates #280

Are you sure you want to change the base?

Bump the minors group across 1 directory with 3 updates #280

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 18, 2025

v0.2.4 with streaming APIs

1.10.1

What's Changed

New Contributors

1.10.1 / 2025-07-17

Uh oh!

Uh oh!