Bump the npm_and_yarn group across 1 directory with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 11 updates in the /backend/functions directory:

Package	From	To
lodash	4.17.13	4.17.21
request	2.88.0	2.88.2
@firebase/util	0.2.14	1.9.6
firebase-admin	7.0.0	12.1.1
semver	5.7.0	5.7.2
ajv	6.10.0	6.12.6
debug	4.1.1	4.3.5
express	4.17.1	4.19.2
minimatch	3.0.4	3.1.2
minimist	0.0.8	1.2.8
mkdirp	0.5.1	0.5.6

Updates lodash from 4.17.13 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates request from 2.88.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

Commits

• See full diff in compare view

Updates @firebase/util from 0.2.14 to 1.9.6

Changelog

Sourced from @​firebase/util's changelog.

1.9.6

Patch Changes

• ab883d016 #8237 - Bump all packages so staging works.

1.9.5

Patch Changes

• 0c5150106 #8079 - Update repository.url field in all package.json files to NPM's preferred format.

1.9.4

Patch Changes

• 434f8418c #7963 (fixes #7962) - Fix isSafari() throwing on React Native

1.9.3

Patch Changes

• c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

• d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

• 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

• 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

• d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

... (truncated)

Commits

• 8fb372a Version Packages (#8236)
• 13762a4 Version Packages (#8101)
• 0c51501 Run npm pkg fix on all packages (#8079)
• 9fa0e9f Version Packages (#7995)
• 434f841 Fix isSafari() throwing on React Native (fixes #7962) (#7963)
• ebc694a Comment changes for OSS (#7778)
• 2be12d7 [CI] update chrome install steps for Auth builds. (#7602)
• 2e7e548 Version Packages (#7069)
• c59f537 Improve decodeBase64() to throw on invalid input rather than silently accept ...
• 3d605f8 Version Packages (#7008)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​firebase/util since your current version.

Updates firebase-admin from 7.0.0 to 12.1.1

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.1.1

Bug Fixes

• fix: Export error classes (#2151)

Miscellaneous

• [chore] Release 12.1.1 (#2561)
• build(deps): updgrade jwks-rsa (#2570)
• --- (#2568)
• --- (#2566)
• --- (#2567)
• --- (#2569)
• build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• chore: upgrade firestore to 7.7.0 (#2560)
• build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• build(deps): bump @​google-cloud/firestore from 7.6.0 to 7.7.0 (#2558)
• Fix api extractor issues to expose error types (#2549)
• build(deps-dev): bump @​types/lodash from 4.17.0 to 4.17.1 (#2546)
• build(deps): bump @​google-cloud/storage from 7.10.2 to 7.11.0 (#2547)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.1 to 7.43.2 (#2545)
• build(deps): bump @​types/node from 20.12.7 to 20.12.10 (#2544)
• build(deps-dev): bump @​firebase/app-compat from 0.2.31 to 0.2.32 (#2540)
• build(deps): bump @​google-cloud/storage from 7.10.1 to 7.10.2 (#2541)
• build(deps): bump @​google-cloud/storage from 7.10.0 to 7.10.1 (#2536)
• Update package.json to use farmhash 3.3.1 (#2534)

Firebase Admin Node.js SDK v12.1.0

New Features

• feat(rc): Add server side Remote Config support (#2529)

Miscellaneous

• [chore] Release 12.1.0 (#2532)
• Fix minor typo (#2533)
• chore: Excluding certain event_types from processing uid (#2370)
• build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
• build(deps-dev): bump @​firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
• build(deps): bump @​google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
• build(deps): bump undici in /.github/actions/send-email (#2521)
• build(deps-dev): bump @​firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
• build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
• build(deps): bump @​types/node from 20.11.30 to 20.12.2 (#2516)
• build(deps): bump @​google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
• build(deps-dev): bump @​firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
• build(deps): bump @​google-cloud/storage from 7.7.0 to 7.9.0 (#2509)

... (truncated)

Commits

• e2515f2 [chore] Release 12.1.1 (#2561)
• 4d4fd39 build(deps): updgrade jwks-rsa (#2570)
• 1754b7e --- (#2568)
• 72f0169 --- (#2566)
• 8f622cf --- (#2567)
• f8f8eb9 --- (#2569)
• ee78c87 build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• f837c23 build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• 41aea3a chore: upgrade firestore to 7.7.0 (#2560)
• 26cd8b0 build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for firebase-admin since your current version.

Updates @google-cloud/firestore from 1.3.0 to 7.8.0

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.8.0

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

v7.7.0

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

v7.6.0

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

v7.5.0

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

v7.4.0

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)
• A new message DailyRecurrence is added (6bced86)
• A new message DeleteBackupRequest is added (6bced86)
• A new message DeleteBackupScheduleRequest is added (6bced86)
• A new message GetBackupRequest is added (6bced86)
• A new message GetBackupScheduleRequest is added (6bced86)

... (truncated)

Commits

• df748ac chore(main): release 7.8.0 (#2048)
• 6dbe4b0 feat: update Nodejs generator to send API versions in headers for GAPICs (#2041)
• d406f14 feat: Query profiling for VectorQuery (#2045)
• 1e949b8 chore: refactor reference.ts to one class per file (#2037)
• 591fff1 chore(deps): update dependency sinon to v18 (#2044)
• 392ecf3 chore(main): release 7.7.0 (#2038)
• 0b9efa6 fix: Upgrade the google-gax dependency version. (#2040)
• 52099c8 fix: Nonblocking rollback (#2039)
• 2c726a1 feat: Lazy-started transactions (#2017)
• 5811492 docs: Allow 14 week backup retention for Firestore daily backups (#2031)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 0.3.6 to 1.10.9

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

• Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
• Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
• Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

• Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
• Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

• Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

• Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
• Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
• Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

• Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

• Implement gRFC A52: gRPC xDS Custom Load Balancer Configuration (#2555)
• Implement gRFC A42: xDS Ring Hash LB Policy (#2568)
  • Note: This feature is not compatible with Node 14 or below. To disable it in those versions, set the environment variable GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH=false.
• Implement the xDS part of gRFC A62: pick_first: sticky TRANSIENT_FAILURE and address order randomization (Currently experimental, enabled by environment variable GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG) (#2572)

@​grpc/grpc-js 1.10.0

Changelog

• Add server interceptors support (#2650) (details in gRFC L112)
• Deprecate Server#start (#2597) (details in gRFC L107)
• Add Server#unbind (#2612) (details in gRFC L109)
• Add Server#drain (#2616) (details in gRFC L111)
• Export type VerifyOptions (#2637 contributed by @​chakhsu)

... (truncated)

Commits

• 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
• 7ecaa2d grpc-js: Bump to 1.10.9
• e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
• 87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
• 3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
• fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• 76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
• d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• 23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
• Additional commits viewable in compare view

Updates semver from 5.7.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates ajv from 6.10.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates ansi-regex from 2.1.1 to 3.0.0

Commits

• 0a8cc19 3.0.0
• d9d806e Minor tweaks
• 69bebf6 Support urxvt escapes (#13)
• 3dff5e7 Use Map instead of Object for the fixtures
• baacbab Require Node.js 4 and meta tweaks
• See full diff in compare view

Updates debug from 4.1.1 to 4.3.5

Release notes

Sourced from debug's releases.

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

... (truncated)

Commits

• 5464bdd 4.3.5
• f244ada update authorship contact info
• cac39b1 Fix/debug depth (#926)
• f66cb2d remove .github folder (and the outdated issue templates)
• d161662 Update ISSUE_TEMPLATE.md
• 12c1ad0 Update ISSUE_TEMPLATE.md
• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was p...

Description has been truncated