deps(example): Bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the /examples/remix-express directory:

Package	From	To
@remix-run/express	2.13.1	2.14.0
@remix-run/node	2.13.1	2.14.0
@remix-run/react	2.13.1	2.14.0
compression	1.7.4	1.7.5
@remix-run/dev	2.13.1	2.14.0
eslint-plugin-jsx-a11y	6.10.1	6.10.2
postcss	8.4.47	8.4.48

Updates @remix-run/express from 2.13.1 to 2.14.0

Release notes

Sourced from @​remix-run/express's releases.

v2.14.0

See the changelog for release notes: https://github.com/remix-run/remix/blob/main/CHANGELOG.md#v2140

Changelog

Sourced from @​remix-run/express's changelog.

2.14.0

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

Commits

• 1258057 chore: Update version for release (#10204)
• 91baacb chore: Update version for release (pre) (#10202)
• 351b189 Revert "chore: Update version for release (pre) (#10200)"
• c63c394 chore: Update version for release (pre) (#10200)
• 9cf2c5b chore: Update version for release (pre) (#10192)
• d7f4015 docs: update broken RR links (#10130)
• See full diff in compare view

Updates @remix-run/node from 2.13.1 to 2.14.0

Release notes

Sourced from @​remix-run/node's releases.

v2.14.0

See the changelog for release notes: https://github.com/remix-run/remix/blob/main/CHANGELOG.md#v2140

Changelog

Sourced from @​remix-run/node's changelog.

2.14.0

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

Commits

• 1258057 chore: Update version for release (#10204)
• 91baacb chore: Update version for release (pre) (#10202)
• 351b189 Revert "chore: Update version for release (pre) (#10200)"
• c63c394 chore: Update version for release (pre) (#10200)
• 9cf2c5b chore: Update version for release (pre) (#10192)
• d7f4015 docs: update broken RR links (#10130)
• See full diff in compare view

Updates @remix-run/react from 2.13.1 to 2.14.0

Release notes

Sourced from @​remix-run/react's releases.

v2.14.0

See the changelog for release notes: https://github.com/remix-run/remix/blob/main/CHANGELOG.md#v2140

Changelog

Sourced from @​remix-run/react's changelog.

2.14.0

Patch Changes

• Fix defaultShouldRevalidate value when using single fetch (#10139)
• Updated dependencies:
  • @remix-run/[email protected]

Commits

• 1258057 chore: Update version for release (#10204)
• 91baacb chore: Update version for release (pre) (#10202)
• 351b189 Revert "chore: Update version for release (pre) (#10200)"
• 55434ec Bump remix-run/router version
• a852fe2 Fix TS error
• c63c394 chore: Update version for release (pre) (#10200)
• 0615a2b Merge branch 'upgrade-rr' into release-next
• 18e9d69 Bump React Router to 6.28.0
• 9cf2c5b chore: Update version for release (pre) (#10192)
• 2e5d28e Merge branch 'main' into release-next
• Additional commits viewable in compare view

Updates compression from 1.7.4 to 1.7.5

Release notes

Sourced from compression's releases.

1.7.5

What's Changed

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/compression#186
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/compression#187
• docs: fix spelling by @​dijonkitchen in expressjs/compression#174
• deps: [email protected] by @​bjohansebas in expressjs/compression#192
• remove --bail option by @​bjohansebas in expressjs/compression#196
• build: Node.js 23.0 by @​bjohansebas in expressjs/compression#193
• Replace accepts with negotiator by @​blakeembrey in expressjs/compression#197
• docs: update history by @​bjohansebas in expressjs/compression#200

New Contributors

• @​inigomarquinez made their first contribution in expressjs/compression#186
• @​dijonkitchen made their first contribution in expressjs/compression#174
• @​bjohansebas made their first contribution in expressjs/compression#192
• @​blakeembrey made their first contribution in expressjs/compression#197
• @​UlisesGascon made their first contribution in expressjs/compression#195

Full Changelog: expressjs/compression@1.7.4...1.7.5

Changelog

Sourced from compression's changelog.

1.7.5 / 2024-10-31

• deps: Replace accepts with negotiator@~0.6.4
  • Add preference option
• deps: [email protected]
  • Add petabyte (pb) support
  • Fix "thousandsSeparator" incorrecting formatting fractional part
  • Fix return value for un-parsable strings
• deps: compressible@~2.0.18
  • Mark font/ttf as compressible
  • Remove compressible from multipart/mixed
  • deps: mime-db@'>= 1.43.0 < 2'
• deps: [email protected]

Commits

• 2854e7d 1.7.5
• 8626820 docs: update history (#200)
• d3560e0 replace accepts with negotiator (#197)
• 1e95836 Replace accepts with negotiator
• 5e6ee06 build: Node.js 23.0 (#193)
• 7f7e9cf test: remove --bail option (#196)
• dd8cbe5 deps: [email protected] (#192)
• 63b134f docs: fix spelling (#174)
• f3e6f38 ci: fix errors in ci github action for node 8 and 9 (#187)
• f0e089b chore: add support for OSSF scorecard reporting (#186)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for compression since your current version.

Updates @remix-run/dev from 2.13.1 to 2.14.0

Release notes

Sourced from @​remix-run/dev's releases.

v2.14.0

See the changelog for release notes: https://github.com/remix-run/remix/blob/main/CHANGELOG.md#v2140

Changelog

Sourced from @​remix-run/dev's changelog.

2.14.0

Minor Changes

• Add support for routes.ts behind future.unstable_routeConfig flag to assist with the migration to React Router v7. (#10107)

  Config-based routing is the new default in React Router v7, configured via the routes.ts file in the app directory. Support for routes.ts and its related APIs in Remix are designed as a migration path to help minimize the number of changes required when moving your Remix project over to React Router v7. While some new packages have been introduced within the @remix-run scope, these new packages only exist to keep the code in routes.ts as similar as possible to the equivalent code for React Router v7.

  When the unstable_routeConfig future flag is enabled, Remix's built-in file system routing will be disabled and your project will opted into React Router v7's config-based routing.

  To enable the flag, in your vite.config.ts file:

  remix({
    future: {
      unstable_routeConfig: true,
    },
  });

  A minimal routes.ts file to support Remix's built-in file system routing looks like this:

  // app/routes.ts
  import { flatRoutes } from "@remix-run/fs-routes";
  import type { RouteConfig } from "@remix-run/route-config";
  export const routes: RouteConfig = flatRoutes();

• Log deprecation warnings for v3 future flags (#10126)

  • Add @deprecated annotations to json/defer utilities

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]
  • @remix-run/[email protected]

Commits

• 1258057 chore: Update version for release (#10204)
• 91baacb chore: Update version for release (pre) (#10202)
• 351b189 Revert "chore: Update version for release (pre) (#10200)"
• 55434ec Bump remix-run/router version
• c63c394 chore: Update version for release (pre) (#10200)
• db72c7b fix(remix-dev): mark routes.ts support unstable (#10196)
• 9cf2c5b chore: Update version for release (pre) (#10192)
• 2e5d28e Merge branch 'main' into release-next
• ed76436 Bump router (#10175)
• 2dcd85f Add routes.ts support behind future flag (#10107)
• Additional commits viewable in compare view

Updates eslint-plugin-jsx-a11y from 6.10.1 to 6.10.2

Changelog

Sourced from eslint-plugin-jsx-a11y's changelog.

v6.10.2 - 2024-10-25

Fixed

• [patch] no-redundandant-roles: allow <img src="*.svg" role="img" /> [#936](https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/issues/936)

Commits

• [meta] fix changelog URLs 0d01a1a
• [Refactor] remove no-longer-needed es-iterator-helpers aa075bd
• [Refactor] avoid spreading things that are already arrays d15d3ab
• [Dev Deps] update @babel/cli, @babel/core, @babel/eslint-parser, @babel/plugin-transform-flow-strip-types, @babel/register 5dad7c4
• [Tests] aria-role: Add valid test for <svg role="img" /> daba189
• [Docs] label-has-associated-control: add line breaks for readability 0bc6378
• [Tests] label-has-associated-control: add additional test cases 30d2318
• [Tests] Add tests to reinforce required attributes for role="heading" d92446c

Commits

• 7f3d698 v6.10.2
• 0d01a1a [meta] fix changelog URLs
• 5dad7c4 [Dev Deps] update @babel/cli, @babel/core, @babel/eslint-parser, `@babe...
• d15d3ab [Refactor] avoid spreading things that are already arrays
• fa9845d [patch] no-redundandant-roles: allow \<img src="*.svg" role="img" />
• daba189 [Tests] aria-role: Add valid test for \<svg role="img" />
• 0bc6378 [Docs] label-has-associated-control: add line breaks for readability
• 30d2318 [Tests] label-has-associated-control: add additional test cases
• d92446c [Tests] Add tests to reinforce required attributes for role="heading"
• aa075bd [Refactor] remove no-longer-needed es-iterator-helpers
• See full diff in compare view

Updates postcss from 8.4.47 to 8.4.48

Release notes

Sourced from postcss's releases.

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Commits

• 77420d6 Release 8.4.48 version
• 341529f Update dependencies
• 66fa667 Add Node.js 23 to CI
• 1a8b261 fix inconsistent position calculations (#1980)
• 1cc6ac3 Clarify usage in docs
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@remix-run/[email protected]	environment, filesystem Transitive: network, shell, unsafe	+301	245 MB	mjackson
npm/@remix-run/[email protected]	environment	0	17.4 kB	mjackson
npm/@remix-run/[email protected]	Transitive: environment, filesystem, network	+20	22.2 MB	mjackson
npm/@remix-run/[email protected]	environment, network	+7	5.24 MB	mjackson
npm/[email protected]	None	+4	286 kB	dougwilson, ulisesgascon
npm/[email protected]	None	+1	3.54 MB	evcohen, jessebeach, lencioni, ...1 more
npm/[email protected]	None	0	200 kB	ai

🚮 Removed packages: npm/@remix-run/[email protected], npm/@remix-run/[email protected], npm/@remix-run/[email protected], npm/@remix-run/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
New author	npm/[email protected]	New Author: blakeembrey Previous Author: wesleytodd	examples/remix-express/package-lock.json examples/remix-express/package.json	🚫

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.