chore(deps): bump the npm_and_yarn group across 5 directories with 1 update by dependabot[bot] · Pull Request #13444 · serverless/serverless

dependabot · 2026-03-28T18:17:56Z

Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-comprehensive directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-gateway directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-multi-gateway directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/mcp-server directory: path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/strands-browser directory: path-to-regexp.

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Updates path-to-regexp from 8.3.0 to 8.4.0

Release notes

Sourced from path-to-regexp's releases.

8.4.0

Important

Fix CVE-2026-4926 (GHSA-j3q9-mxjg-w52f)

Fix CVE-2026-4923 (GHSA-27v5-c462-wpq7)

Fixed

Restricts wildcard backtracking when using more than 1 in a path (pillarjs/path-to-regexp#421)

Changed

Dedupes regex prefixes (pillarjs/path-to-regexp#422)

This will result in shorter regular expressions for some cases using optional groups

Rejects large optional route combinations (pillarjs/path-to-regexp#424)

When using groups such as /users{/delete} it will restrict the number of generated combinations to < 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes

Commits

34cb451 8.4.0
22a9679 Reject large optional route combinations (#424)
8881a88 Byte optimization (#423)
43669ac Dedupe regex prefixes (#422)
4864654 Restrict repeated wildcard backtracking (#421)
05a5a97 Remove dependabot config (#404)
5b635cd Remove package-lock.json (#407)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…update Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-comprehensive directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-gateway directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-multi-gateway directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/mcp-server directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 1 update in the /packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/strands-browser directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Updates `path-to-regexp` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0) Updates `path-to-regexp` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0) Updates `path-to-regexp` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0) Updates `path-to-regexp` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0) Updates `path-to-regexp` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v8.3.0...v8.4.0) --- updated-dependencies: - dependency-name: path-to-regexp dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 8.4.0 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

Mmarzex · 2026-03-28T18:18:08Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 28, 2026

czubocha approved these changes Mar 30, 2026

View reviewed changes

czubocha merged commit 89b6e31 into main Mar 30, 2026
8 checks passed

czubocha deleted the dependabot/npm_and_yarn/packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-comprehensive/npm_and_yarn-0e2bc840aa branch March 30, 2026 13:48

github-actions bot locked and limited conversation to collaborators Mar 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 5 directories with 1 update#13444

chore(deps): bump the npm_and_yarn group across 5 directories with 1 update#13444
czubocha merged 1 commit intomainfrom
dependabot/npm_and_yarn/packages/serverless/lib/plugins/aws/bedrock-agentcore/examples/javascript/langgraph-comprehensive/npm_and_yarn-0e2bc840aa

dependabot bot commented on behalf of github Mar 28, 2026

Uh oh!

Mmarzex commented Mar 28, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Mar 28, 2026

8.4.0

8.4.0

8.4.0

8.4.0

8.4.0

Uh oh!

Mmarzex commented Mar 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Mmarzex commented Mar 28, 2026 •

edited

Loading