fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@grpc/proto-loader (source)	^0.6.0 → ^0.8.0
@types/chai (source)	4.2.21 → 4.3.20
@types/continuation-local-storage (source)	3.2.2 → 3.2.7
@types/continuation-local-storage (source)	3.2.1 → 3.2.7
@types/ejs (source)	3.0.7 → 3.1.5
@types/express (source)	4.17.13 → 4.17.25
@types/express-serve-static-core (source)	4.17.24 → 4.19.8
@types/extend (source)	3.0.1 → 3.0.4
@​types/ioredis	4.26.6 → 4.28.10
@types/lodash (source)	4.14.171 → 4.17.24
@​types/mongodb	3.0.19 → 3.6.20
@types/node (source)	12.20.16 → 12.20.55
@types/once (source)	1.4.0 → 1.4.5
@​types/redis	2.8.31 → 2.8.32
@types/semver (source)	7.3.7 → 7.7.1
@types/serve-static (source)	1.13.10 → 1.15.10
@types/shimmer (source)	1.0.2 → 1.2.0
@​types/uuid	7.0.5 → 7.0.8
axios (source)	0.21.2 → 0.30.3
chai (source)	4.3.4 → 4.5.0
google-proto-files	2.4.0 → 2.5.2
googleapis	67.0.0 → 67.1.1
ioredis	4.27.6 → 4.31.0
jaeger-client	~3.18.0 → ~3.19.0
mongodb	3.1.10 → 3.7.4
nodemon (source)	2.0.12 → 2.0.22
protobufjs (source)	6.11.3 → 6.11.4
sinon (source)	11.1.1 → 11.1.2
typedoc (source)	0.20.37 → 0.28.17

---

Release Notes

grpc/grpc-node (@​grpc/proto-loader)

v0.8.0: @​grpc/proto-loader 0.8.0

Compare Source

• Add serialize and deserialize functions to Message definition objects. See grpc/proposal#503 for more details. (#​2970)

v0.7.15: @​grpc/proto-loader 0.7.15

Compare Source

• Apply targetFileExtension option to root files (#​2946)

v0.7.14: @​grpc/proto-loader 0.7.14

Compare Source

• Add code generator options to specify file extensions (#​2912)
• Declare oneof specifier field as optional in generated code (#​2911)

v0.7.13: @​grpc/proto-loader 0.7.13

Compare Source

• Include method options in method definition objects (#​2711 contributed by @​n0v1)
• Avoid generating duplicate TypeScript method declarations in some cases (#​2717)
• Update Protobuf.js dependency to a newer version (#​2731)

v0.7.12: @​grpc/proto-loader 0.7.12

Compare Source

• Revert "Use a .ts extension in import statements in generated TypeScript files" (#​2699)

v0.7.11: @​grpc/proto-loader 0.7.11

Compare Source

• Use a .ts extension in import statements in generated TypeScript files (#​2693 contributed by @​atjn)

v0.7.10: @​grpc/proto-loader 0.7.10

Compare Source

• Allow the grpcLib option to be omitted in the type generator, to generate implementation-agnostic code (#​2573)

v0.7.9: @​grpc/proto-loader 0.7.9

Compare Source

• Update long dependency to match protobufjs (#​2504 contributed by @​haines)

v0.7.8

Compare Source

v0.7.7: @​grpc/proto-loader 0.7.7

Compare Source

• Update yargs dependency to 17.x (#​2437)

v0.7.6: @​grpc/proto-loader 0.7.6

Compare Source

• Avoid importing Long in files that don't use it (#​2370 contributed by @​install)

v0.7.5: @​grpc/proto-loader 0.7.5

Compare Source

• Include @deprecated annotations in generated comments if the includeComments option is set (#​2357 contributed by @​danielronnkvist)

v0.7.4: @​grpc/proto-loader 0.7.4

Compare Source

• Support nominal typing with type branding (#​2281 contributed by @​LunaTK)

v0.7.3: @​grpc/proto-loader 0.7.3

Compare Source

• Add message class name template options to TypeScript generator (#​2183 contributed by @​install)

v0.7.2: @​grpc/proto-loader 0.7.2

Compare Source

• Revert upgrade of long dependency (#​2197)

v0.7.1: @​grpc/proto-loader 0.7.1

• Update long dependency to version 5 (#​2192)

axios/axios (axios)

v0.30.3: Release notes - v0.30.3

Compare Source

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

• Backport: Fix DoS via proto key in merge config
  • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @​FeBe95 in PR #​7388

⚙️ Maintenance & CI

• CI Infrastructure Update
  • Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @​jasonsaayman in PR #​7407

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

Compare Source

What's Changed

• Backport maxContentLength vulnerability fix to v0.x by @​FeBe95 in #​7034

New Contributors

• @​FeBe95 made their first contribution in #​7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

v0.30.1

Compare Source

Release notes:

Bug Fixes

• chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @​wolandec in #​6978

Contributors to this release

• @​wolandec made their first contribution in #​6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

v0.30.0

Compare Source

Release notes:

Bug Fixes

• fix: modify log while request is aborted by @​mori5321 in #​4917
• fix: update CHANGELOG.md for v0.x by @​TehZarathustra in #​6271
• fix: modify upgrade guide for 0.28.1's breaking change by @​nafeger in #​6787
• fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @​thatguyinabeanie in #​6829
• fix: add allowAbsoluteUrls type by @​thatguyinabeanie in #​6849

Contributors to this release

• @​mori5321 made their first contribution in #​4917
• @​TehZarathustra made their first contribution in #​6271
• @​nafeger made their first contribution in #​6787
• @​thatguyinabeanie made their first contribution in #​6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Compare Source

Release notes:

Bug Fixes

• fix(backport): backport security fixes in commits #​6167 and #​6163 to v0.x by @​Sean-Powell in #​6402
• fix: omit nulls in params by @​Willshaw in #​6394
• fix(backport): fix paramsSerializer function validation by @​solonzhu in #​6361
• fix: Regular Expression Denial of Service (ReDoS) by @​qiongshusheng in #​6708

Contributors to this release

• @​Sean-Powell made their first contribution in #​6402
• @​Willshaw made their first contribution in #​6394
• @​solonzhu made their first contribution in #​6361
• @​qiongshusheng made their first contribution in #​6708

v0.28.1

Compare Source

Release notes:

Release notes:

Bug Fixes

• fix(backport): custom params serializer support (#​6263)
• fix(backport): uncaught ReferenceError req is not defined (#​6307)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #​4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

v0.27.2

Compare Source

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #​3785 (#​4640)
• Enhanced protocol parsing implementation (#​4639)
• Fixed bundle size

v0.27.1

Compare Source

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#​4594)
• Bumped follow-redirects to ^1.14.9 (#​4615)

v0.27.0

Compare Source

Breaking changes:

• New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#​3757)
• Removed functionality that removed the the Content-Type request header when passing FormData (#​3785)
• (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#​3645)
• Separated responsibility for FormData instantiation between transformRequest and toFormData (#​4470)
• (*) Improved and fixed multiple issues with FormData support (#​4448)

QOL and DevX improvements:

• Added a multipart/form-data testing playground allowing contributors to debug changes easily (#​4465)

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4515) & (#​4516)
• Bumped follow-redirects to ^1.14.9 (#​4562)

Internal and Tests:

• Updated dev dependencies to latest version

Documentation:

• Fixing incorrect link in changelog (#​4551)

Notes:

• (*) Please read these pull requests before updating, these changes are very impactful and far reaching.

v0.26.1

Compare Source

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4220)

v0.26.0

Compare Source

Fixes and Functionality:

• Fixed The timeoutErrorMessage property in config not work with Node.js (#​3581)
• Added errors to be displayed when the query parsing process itself fails (#​3961)
• Fix/remove url required (#​4426)
• Update follow-redirects dependency due to Vulnerability (#​4462)
• Bump karma from 6.3.11 to 6.3.14 (#​4461)
• Bump follow-redirects from 1.14.7 to 1.14.8 (#​4473)

v0.25.0

Compare Source

Breaking changes:

• Fixing maxBodyLength enforcement (#​3786)
• Don't rely on strict mode behaviour for arguments (#​3470)
• Adding error handling when missing url (#​3791)
• Update isAbsoluteURL.js removing escaping of non-special characters (#​3809)
• Use native Array.isArray() in utils.js (#​3836)
• Adding error handling inside stream end callback (#​3967)

Fixes and Functionality:

• Added aborted even handler (#​3916)
• Header types expanded allowing boolean and number types (#​4144)
• Fix cancel signature allowing cancel message to be undefined (#​3153)
• Updated type checks to be formulated better (#​3342)
• Avoid unnecessary buffer allocations (#​3321)
• Adding a socket handler to keep TCP connection live when processing long living requests (#​3422)
• Added toFormData helper function (#​3757)
• Adding responseEncoding prop type in AxiosRequestConfig (#​3918)

Internal and Tests:

• Adding axios-test-instance to ecosystem (#​3786)
• Optimize the logic of isAxiosError (#​3546)
• Add tests and documentation to display how multiple inceptors work (#​3564)
• Updating follow-redirects to version 1.14.7 (#​4379)

Documentation:

• Fixing changelog to show corrext pull request (#​4219)
• Update upgrade guide for https proxy setting (#​3604)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Rijk van Zanten
• Kohta Ito
• Brandon Faulkner
• Stefano Magni
• enofan
• Andrey Pechkurov
• Doowonee
• Emil Broman
• Remco Haszing
• Black-Hole
• Wolfram Kriesing
• Andrew Ovens
• Paulo Renato
• Ben Carp
• Hirotaka Tagawa
• 狼族小狈
• C. Lewis
• Felipe Carvalho
• Daniel
• Gustavo Sales

v0.24.0

Compare Source

Breaking changes:

• Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#​4141) pull request: (#​4186)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Rodry
• Remco Haszing
• Isaiah Thomason

v0.23.0

Compare Source

Breaking changes:

• Distinguish request and response data types (#​4116)
• Change never type to unknown (#​4142)
• Fixed TransitionalOptions typings (#​4147)

Fixes and Functionality:

• Adding globalObject: 'this' to webpack config (#​3176)
• Adding insecureHTTPParser type to AxiosRequestConfig (#​4066)
• Fix missing semicolon in typings (#​4115)
• Fix response headers types (#​4136)

Internal and Tests:

• Improve timeout error when timeout is browser default (#​3209)
• Fix node version on CI (#​4069)
• Added testing to TypeScript portion of project (#​4140)

Documentation:

• Rename Angular to AngularJS (#​4114)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Evan-Finkelstein
• Paweł Szymański
• Dobes Vandermeer
• Claas Augner
• Remco Haszing
• Evgeniy
• Dmitriy Mozgovoy

v0.22.0

Compare Source

Fixes and Functionality:

• Caseless header comparing in HTTP adapter (#​2880)
• Avoid package.json import fixing issues and warnings related to this (#​4041), (#​4065)
• Fixed cancelToken leakage and added AbortController support (#​3305)
• Updating CI to run on release branches
• Bump follow redirects version
• Fixed default transitional config for custom Axios instance; (#​4052)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Matt R. Wilson
• Xianming Zhong
• Dmitriy Mozgovoy

v0.21.4

Compare Source

Fixes and Functionality:

• Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#​4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Guillaume Fortaine
• Yusuke Kawasaki
• Dmitriy Mozgovoy

v0.21.3

Compare Source

Fixes and Functionality:

• Fixing response interceptor not being called when request interceptor is attached (#​4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Julian Hollmann

chaijs/chai (chai)

v4.5.0

Compare Source

• Update type detect (#​1631) 1a36d35

What's Changed

• Update type detect by @​koddsson in #​1631

Full Changelog: chaijs/chai@v4.4.1...v4.5.0

v4.4.1

Compare Source

What's Changed

• fix: removes ?? for node compat by @​43081j in #​1574

Full Changelog: chaijs/chai@v4.4.0...v4.4.1

v4.4.0

Compare Source

What's Changed

• Allow deepEqual fonction to be configured globally (4.x.x branch) by @​forty in #​1553

Full Changelog: chaijs/chai@v4.3.10...v4.4.0

v4.3.10

Compare Source

This release simply bumps all dependencies to their latest non-breaking versions.

What's Changed

• upgrade all dependencies by @​keithamus in #​1540

Full Changelog: chaijs/chai@v4.3.9...v4.3.10

v4.3.9

Compare Source

Upgrade dependencies.

This release upgrades dependencies to address CVE-2023-43646 where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.

Full Changelog: chaijs/chai@v4.3.8...v4.3.9

v4.3.8

Compare Source

What's Changed

• 4.x.x: Fix link to commit logs on GitHub by @​bugwelle in #​1487
• build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 by @​dependabot in #​1488
• Small typo in test.js by @​mavaddat in #​1459
• docs: specify return type of objDisplay by @​scarf005 in #​1490
• Update CONTRIBUTING.md by @​matheus-rodrigues00 in #​1521
• Fix: update exports.version to current version by @​peanutenthusiast in #​1534

New Contributors

• @​bugwelle made their first contribution in #​1487
• @​mavaddat made their first contribution in #​1459
• @​scarf005 made their first contribution in #​1490
• @​matheus-rodrigues00 made their first contribution in #​1521
• @​peanutenthusiast made their first contribution in #​1534

Full Changelog: chaijs/chai@v4.3.7...v4.3.8

v4.3.7

Compare Source

What's Changed

• fix: deep-eql bump package to support symbols comparison by @​snewcomer in #​1483

Full Changelog: chaijs/chai@v4.3.6...v4.3.7

v4.3.6

Compare Source

Update loupe to 2.3.1

v4.3.5

Compare Source

• build chaijs fca5bb1
• build(deps-dev): bump codecov from 3.1.0 to 3.7.1 (#​1446) 747eb4e
• fix package.json exports 022c2fa
• fix: package.json - deprecation warning on exports field (#​1400) 5276af6
• feat: use chaijs/loupe for inspection (#​1401) (#​1407) c8a4e00

googleapis/nodejs-proto-files (google-proto-files)

v2.5.2

Compare Source

v2.5.0

Compare Source

Features

• include gapic and grafeas, add routing.proto, update protos (#​372) (5c19425)

2.4.1 (2021-09-09)

Bug Fixes

• build: switch primary branch to main (#​365) (cf58304)

v2.4.1

Compare Source

googleapis/google-api-nodejs-client (googleapis)

v67.1.1

Compare Source

⚠ BREAKING CHANGES

• tasks: This release has breaking changes.
• speech: This release has breaking changes.
• servicecontrol: This release has breaking changes.
• sasportal: This release has breaking changes.
• safebrowsing: This release has breaking changes.
• run: This release has breaking changes.
• remotebuildexecution: This release has breaking changes.
• prod_tt_sasportal: This release has breaking changes.
• osconfig: This release has breaking changes.
• memcache: This release has breaking changes.
• managedidentities: This release has breaking changes.
• jobs: This release has breaking changes.
• iap: This release has breaking changes.
• healthcare: This release has breaking changes.
• games: This release has breaking changes.
• firebasehosting: This release has breaking changes.
• eventarc: This release has breaking changes.
• documentai: This release has breaking changes.
• dns: This release has breaking changes.
• deploymentmanager: This release has breaking changes.
• dataproc: This release has breaking changes.
• datamigration: This release has breaking changes.
• datafusion: This release has breaking changes.
• content: This release has breaking changes.
• compute: This release has breaking changes.
• cloudresourcemanager: This release has breaking changes.
• cloudkms: This release has breaking changes.
• bigqueryconnection: This release has breaking changes.
• bigquery: This release has breaking changes.
• artifactregistry: This release has breaking changes.
• apigateway: This release has breaking changes.
• analyticsdata: This release has breaking changes.
• analyticsadmin: This release has breaking changes.

Features

• accesscontextmanager: update the API (bb721b8)
• admin: update the API (a7c0476)
• alertcenter: update the API (5bf5f96)
• analyticsadmin: update the API (0b64fcb)
• analyticsdata: update the API (f140375)
• androidmanagement: update the API (374f455)
• apigateway: update the API (a24313f)
• appengine: update the API (08a1302)
• area120tables: update the API (0afd1f2)
• artifactregistry: update the API (8a1f2f2)
• bigqueryconnection: update the API (2fbe18f)
• bigqueryreservation: update the API (424003f)
• bigquery: update the API (91e811c)
• billingbudgets: update the API (5d64269)
• binaryauthorization: update the API (5ada8db)
• calendar: update the API (c25184f)
• chat: update the API (2cba111)
• cloudasset: update the API (71978df)
• cloudbuild: update the API (8a69c68)
• cloudfunctions: update the API (38dd3b3)
• cloudidentity: update the API (802ba43)
• cloudkms: update the API (e5b272f)
• cloudresourcemanager: update the API (0b73364)
• cloudscheduler: update the API (218597a)
• cloudtasks: update the API ([1f2429f](https://www

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @opencensus/opencensus-base@0.0.1
npm ERR! Found: typescript@3.9.10
npm ERR! node_modules/typescript
npm ERR!   dev typescript@"3.9.10" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer typescript@"4.6.x || 4.7.x || 4.8.x || 4.9.x || 5.0.x || 5.1.x || 5.2.x || 5.3.x || 5.4.x" from typedoc@0.25.13
npm ERR! node_modules/typedoc
npm ERR!   dev typedoc@"0.25.13" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-04T18_44_48_627Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @opencensus/opencensus-base@0.0.1
npm ERR! Found: typescript@3.9.10
npm ERR! node_modules/typescript
npm ERR!   dev typescript@"3.9.10" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer typescript@"5.0.x || 5.1.x || 5.2.x || 5.3.x || 5.4.x || 5.5.x || 5.6.x || 5.7.x || 5.8.x || 5.9.x" from typedoc@0.28.17
npm ERR! node_modules/typedoc
npm ERR!   dev typedoc@"0.28.17" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2026-03-05T19_03_02_067Z-debug-0.log