build(deps): bump express, node-red and node-red-node-test-helper

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps express to 4.19.2 and updates ancestor dependencies express, node-red and node-red-node-test-helper. These dependencies need to be updated together.

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates node-red from 3.1.7 to 3.1.10

Release notes

Sourced from node-red's releases.

3.1.10

What's Changed

• docs: Add closing paragraph tag by @​ZJvandeWeg in node-red/node-red#4664
• Fix three error typos in monaco.js by @​JoshuaCWebDeveloper in node-red/node-red#4660
• Fix undo of subflow env property edits by @​knolleary in node-red/node-red#4667
• Avoid login loops when autoLogin enabled but login fails by @​knolleary in node-red/node-red#4684
• Replacing vm.createScript in favour of vm.Script by @​patlux in node-red/node-red#4534
• Pass full error object in Function node and copy over cause property by @​knolleary in node-red/node-red#4685
• Allow nodes to return additional history entries in onEditSave by @​knolleary in node-red/node-red#4710
• Add missing tooltips to Sidebar by @​GogoVega in node-red/node-red#4713
• Change the Config Node cursor to pointer by @​GogoVega in node-red/node-red#4711
• Deleting a grouped node should update the group by @​GogoVega in node-red/node-red#4714
• Fix a checkbox should return a Boolean value and not the string on by @​GogoVega in node-red/node-red#4715
• Translate the number of items selected in the options list by @​GogoVega in node-red/node-red#4730
• Add Japanese translation for sidebar tooltip by @​kazuhitoyokoi in node-red/node-red#4727
• Fix panning with middle mouse button on windows 10/11 by @​corentin-sodebo-voile in node-red/node-red#4716
• Fix checkboxes are not updated when calling typedInput("value", "") by @​GogoVega in node-red/node-red#4729
• Fix the Sidebar Config is not refreshed after a deploy by @​GogoVega in node-red/node-red#4734
• Ensure all CSS variables are in the output file by @​bonanitech in node-red/node-red#3743
• Fix losing links when importing a copy of links into a subflow by @​GogoVega in node-red/node-red#4750
• Fix clone of group env var properties by @​knolleary in node-red/node-red#4753
• Include rewired nodes when calculating Modified Flows stop list by @​knolleary in node-red/node-red#4754
• Bump for 3.1.10 release by @​knolleary in node-red/node-red#4755

New Contributors

• @​JoshuaCWebDeveloper made their first contribution in node-red/node-red#4660
• @​patlux made their first contribution in node-red/node-red#4534
• @​corentin-sodebo-voile made their first contribution in node-red/node-red#4716

Full Changelog: node-red/node-red@3.1.9...3.1.10

3.1.9

What's Changed

• Fix subflow module sending messages to debug sidebar by @​knolleary in node-red/node-red#4642
• Guard refresh of unknown subflow by @​knolleary in node-red/node-red#4640
• Fix use of spawn on windows with cmd files by @​knolleary in node-red/node-red#4652
• Prevent subflow being added to itself by @​knolleary in node-red/node-red#4654
• Bump for 3.1.9 release by @​knolleary in node-red/node-red#4655

Full Changelog: node-red/node-red@3.1.8...3.1.9

3.1.8: Maintenance Release

What's Changed

• Remove typo in global config by @​kazuhitoyokoi in node-red/node-red#4613
• Reset workspace index when clearing nodes by @​knolleary in node-red/node-red#4619
• Bump dependencies by @​knolleary in node-red/node-red#4630
• Show change indicator on subflow tabs by @​knolleary in node-red/node-red#4631
• Hide import/export context menu if disabled in theme by @​knolleary in node-red/node-red#4633
• Add validation and error handling on subflow instance properties by @​knolleary in node-red/node-red#4632

... (truncated)

Changelog

Sourced from node-red's changelog.

3.1.10: Maintenance Release

• Include rewired nodes when calculating Modified Flows stop list (#4754) @​knolleary
• Fix clone of group env var properties (#4753) @​knolleary
• Fix losing links when importing a copy of links into a subflow (#4750) @​GogoVega
• Ensure all CSS variables are in the output file (#3743) @​bonanitech
• Fix the Sidebar Config is not refreshed after a deploy (#4734) @​GogoVega
• Fix checkboxes are not updated when calling typedInput("value", "") (#4729) @​GogoVega
• Fix panning with middle mouse button on windows 10/11 (#4716) @​corentin-sodebo-voile
• Add Japanese translation for sidebar tooltip (#4727) @​kazuhitoyokoi
• Translate the number of items selected in the options list (#4730) @​GogoVega
• Fix a checkbox should return a Boolean value and not the string on (#4715) @​GogoVega
• Deleting a grouped node should update the group (#4714) @​GogoVega
• Change the Config Node cursor to pointer (#4711) @​GogoVega
• Add missing tooltips to Sidebar (#4713) @​GogoVega
• Allow nodes to return additional history entries in onEditSave (#4710) @​knolleary
• Pass full error object in Function node and copy over cause property (#4685) @​knolleary
• Replacing vm.createScript in favour of vm.Script (#4534) @​patlux
• Avoid login loops when autoLogin enabled but login fails (#4684) @​knolleary
• Fix undo of subflow env property edits (#4667) @​knolleary
• Fix three error typos in monaco.js (#4660) @​JoshuaCWebDeveloper
• docs: Add closing paragraph tag (#4664) @​ZJvandeWeg

3.1.9: Maintenance Release

• Prevent subflow being added to itself (#4654) @​knolleary
• Fix use of spawn on windows with cmd files (#4652) @​knolleary
• Guard refresh of unknown subflow (#4640) @​knolleary
• Fix subflow module sending messages to debug sidebar (#4642) @​knolleary

3.1.8: Maintenance Release

• Add validation and error handling on subflow instance properties (#4632) @​knolleary
• Hide import/export context menu if disabled in theme (#4633) @​knolleary
• Show change indicator on subflow tabs (#4631) @​knolleary
• Bump dependencies (#4630) @​knolleary
• Reset workspace index when clearing nodes (#4619) @​knolleary
• Remove typo in global config (#4613) @​kazuhitoyokoi

Commits

• 02893d3 Merge pull request #4755 from node-red/rel3110
• 5124bc6 Bump for 3.1.10 release
• 1048b16 Merge pull request #4754 from node-red/4752-add-rewired-to-stoplist
• bbbbb1b Merge pull request #4753 from node-red/4751-fix-group-json
• 14b452c Merge pull request #4750 from GogoVega/fix-4749
• bb91a08 Just move the block before the Id is updated
• 526b3fd Include rewired nodes when calculating Modified Flows stop list
• d70b7ea Fix clone of group env var properties
• 1d342a7 Fix new_nodes should be used instead of node_map
• 476016c Fix node_map does not contain as key the new id of a copied node
• Additional commits viewable in compare view

Updates node-red-node-test-helper from 0.3.0 to 0.3.4

Release notes

Sourced from node-red-node-test-helper's releases.

0.3.4

What's Changed

• Update supertest dependency by @​hardillb in node-red/node-red-node-test-helper#76
• Update dependencies for 0.3.4 by @​knolleary in node-red/node-red-node-test-helper#78

New Contributors

• @​hardillb made their first contribution in node-red/node-red-node-test-helper#76

Full Changelog: node-red/node-red-node-test-helper@0.3.3...0.3.4

0.3.3

What's Changed

• Use compatible versions rather than specific version of dependencies by @​Pezmc in node-red/node-red-node-test-helper#70
• Dependency Upgrades by @​Pezmc in node-red/node-red-node-test-helper#69
• Add plugin stub to runtime by @​joepavitt in node-red/node-red-node-test-helper#73

New Contributors

• @​Pezmc made their first contribution in node-red/node-red-node-test-helper#70
• @​joepavitt made their first contribution in node-red/node-red-node-test-helper#73

Full Changelog: node-red/node-red-node-test-helper@0.3.2...0.3.3

0.3.2

What's Changed

• Update README.md by @​andreasmarkussen in node-red/node-red-node-test-helper#61
• Fix async module loading by @​knolleary in node-red/node-red-node-test-helper#65

New Contributors

• @​andreasmarkussen made their first contribution in node-red/node-red-node-test-helper#61

Full Changelog: node-red/node-red-node-test-helper@0.3.1...0.3.2

0.3.1

What's Changed

• Add support for async node modules by @​knolleary in node-red/node-red-node-test-helper#63

Full Changelog: node-red/node-red-node-test-helper@0.3.0...0.3.1

Changelog

Sourced from node-red-node-test-helper's changelog.

0.3.4

• Update dependencies

0.3.3

• Add plugin stub to runtime (#73) @​joepavitt
• Use compatible versions rather than specific version of dependencies (#70) @​Pezmc

0.3.2

• Fix async module loading (#65) @​knolleary
• Update README.md (#61) @​andreasmarkussen

0.3.1

• Add support for async node modules (#63) @​knolleary

Commits

• fc1d059 Merge pull request #78 from node-red/update-deps
• 8d54e02 Update dependencies for 0.3.4
• 560a3f1 Merge pull request #76 from hardillb/patch-1
• 835530e Update supertest dependency
• 8d82fbf Update for new release
• 5e7b157 Merge pull request #73 from joepavitt/master
• e6e1efb Add plugin stub to runtime
• 6f53b9b Merge pull request #70 from Pezmc/chore-compatibility-flag
• 7c1af1f Use the compatible caret for all dependencies
• 09298c4 Minor upgrades to all dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.