Merge pull request #25 from BreizhHardware/dev

chore(deps): Update qs to fix security issue
2026-01-19 16:57:29 +01:00 · 2026-01-04 10:22:06 +01:00 · 2026-01-04 09:18:26 +00:00 · 2025-12-17 10:05:02 +01:00 · 2025-12-17 09:01:43 +00:00 · 2025-12-17 08:55:50 +00:00
10 changed files with 181 additions and 122 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,12 @@
+{
+    "name": "Node.js 24",
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+        "ghcr.io/devcontainers/features/node:1": {
+            "nodeGypDependencies": true,
+            "version": "lts",
+            "nvmVersion": "latest"
+        },
+        "ghcr.io/devcontainers/features/git-lfs:1": {}
+    }
+}
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,42 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches:
+      - '**'
+  schedule:
+    - cron: '0 8 * * *' 
+  workflow_dispatch: 
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run security audit
+        id: audit
+        run: npm audit --audit-level moderate
+        continue-on-error: true
+
+      - name: Create issue on failure
+        if: steps.audit.outcome == 'failure'
+        uses: actions/github-script@v8
+        with:
+          script: |
+            github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: 'Security Audit Failed',
+              body: 'The daily security audit has failed. Please check the workflow run for details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}',
+              labels: ['security', 'audit']
+            });
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ jobs:
      matrix:
        node-version: [18, 20, 22, 24, latest]
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v6
        with:
@@ -22,12 +22,19 @@ jobs:
      - run: npm run lint
      - run: npm test
      - run: npm run test-types
+      - name: Generate coverage
+        run: make coverage
+      - name: Upload coverage to Coveralls
+        uses: coverallsapp/github-action@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          file: coverage/lcov.info

  publish:
    needs: test
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - name: Use Node.js 18
        uses: actions/setup-node@v6
        with:
@@ -42,7 +49,7 @@ jobs:
    needs: publish
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
      - name: Get version
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
            matrix:
                node-version: [18, 20, 22, 24, latest]
        steps:
-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6
            - name: Use Node.js ${{ matrix.node-version }}
              uses: actions/setup-node@v6
              with:
@@ -32,7 +32,7 @@ jobs:
        name: CodeQL Analysis
        runs-on: ubuntu-latest
        steps:
-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6
            - name: Initialize CodeQL
              uses: github/codeql-action/init@v4
              with:
@@ -44,7 +44,7 @@ jobs:
        name: Audit Dependencies
        runs-on: ubuntu-latest
        steps:
-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6
            - name: Use Node.js 18
              uses: actions/setup-node@v6
              with:
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ node_modules
 coverage
 /.vscode
 .env
+.nyc_output
--- a/11
+++ b/11
@@ -6,14 +6,7 @@ lint:
 	npx eslint src
 	npm run dtslint-next
 coverage:
-	node_modules/istanbul/lib/cli.js cover \
-		-i 'src/*' \
-		--include-all-sources \
-		--dir coverage \
-		node_modules/jasme/run.js
+	npx nyc --include src --reporter=lcov --reporter=text node_modules/jasme/run.js

 coveralls: coverage
-ifndef COVERALLS_REPO_TOKEN
-	$(error COVERALLS_REPO_TOKEN is undefined)
-endif
-	node_modules/coveralls/bin/coveralls.js < coverage/lcov.info
+	npx nyc report --reporter=text-lcov | npx coveralls
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[![build status](https://travis-ci.org/jochen-schweizer/express-prom-bundle.png)](https://travis-ci.org/jochen-schweizer/express-prom-bundle) [![Coverage Status](https://coveralls.io/repos/github/jochen-schweizer/express-prom-bundle/badge.svg?branch=master)](https://coveralls.io/github/jochen-schweizer/express-prom-bundle?branch=master) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?maxAge=2592000)](https://www.tldrlegal.com/l/mit) [![NPM version](https://badge.fury.io/js/express-prom-bundle.png)](http://badge.fury.io/js/express-prom-bundle)
+[![CI](https://github.com/BreizhHardware/express-prom-bundle/actions/workflows/release.yml/badge.svg)](https://github.com/BreizhHardware/express-prom-bundle/actions/workflows/release.yml) [![Coverage Status](https://coveralls.io/repos/github/BreizhHardware/express-prom-bundle/badge.svg?branch=main)](https://coveralls.io/github/BreizhHardware/express-prom-bundle?branch=main) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?maxAge=2592000)](https://www.tldrlegal.com/l/mit) [![NPM version](https://badge.fury.io/js/%40breizhhardware%2Fexpress-prom-bundle.png)](http://badge.fury.io/js/%40breizhhardware%2Fexpress-prom-bundle)

 # express prometheus bundle

@@ -17,13 +17,13 @@ Included metrics:
 ## Install

 ```
-npm install prom-client express-prom-bundle
+npm install prom-client @breizhhardware/express-prom-bundle
 ```

 ## Sample Usage

 ```javascript
-const promBundle = require("express-prom-bundle");
+const promBundle = require("@breizhhardware/express-prom-bundle");
 const app = require("express")();
 const metricsMiddleware = promBundle({includeMethod: true});

@@ -182,7 +182,7 @@ setup std. metrics but exclude `up`-metric:
 ```javascript
 const express = require("express");
 const app = express();
-const promBundle = require("express-prom-bundle");
+const promBundle = require("@breizhhardware/express-prom-bundle");

 // calls to this route will not appear in metrics
 // because it's applied before promBundle
@@ -207,7 +207,7 @@ See an [advanced example on github](https://github.com/jochen-schweizer/express-
 ## koa v2 example

 ```javascript
-const promBundle = require("express-prom-bundle");
+const promBundle = require("@breizhhardware/express-prom-bundle");
 const Koa = require("koa");
 const c2k = require("koa-connect");
 const metricsMiddleware = promBundle({/* options */ });
@@ -228,7 +228,7 @@ which returns an aggregate of all metrics from all the workers.

 ``` javascript
 const cluster = require('cluster');
-const promBundle = require('express-prom-bundle');
+const promBundle = require('@breizhhardware/express-prom-bundle');
 const promClient = require('prom-client');
 const numCPUs = Math.max(2, require('os').cpus().length);
 const express = require('express');
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| >= 8.0.x| :white_check_mark: |
+| < 8.0.0 | :x:                |
+
+## Reporting a Vulnerability
+
+Please use [GitHub's private vulnerability reporting](https://github.com/breizhhardware/express-prom-bundle/security/advisories/new) to report a vulnerability.
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@breizhhardware/express-prom-bundle",
-  "version": "8.0.4",
+  "version": "8.0.7",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@breizhhardware/express-prom-bundle",
-      "version": "8.0.4",
+      "version": "8.0.7",
      "license": "MIT",
      "dependencies": {
        "@types/express": "^5.0.0",
@@ -65,6 +65,7 @@
      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.5.tgz",
      "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
      "dev": true,
+      "peer": true,
      "dependencies": {
        "@babel/code-frame": "^7.27.1",
        "@babel/generator": "^7.28.5",
@@ -365,10 +366,11 @@
      }
    },
    "node_modules/@eslint/eslintrc": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.1.tgz",
-      "integrity": "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
+      "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "ajv": "^6.12.4",
        "debug": "^4.3.2",
@@ -376,7 +378,7 @@
        "globals": "^14.0.0",
        "ignore": "^5.2.0",
        "import-fresh": "^3.2.1",
-        "js-yaml": "^4.1.0",
+        "js-yaml": "^4.1.1",
        "minimatch": "^3.1.2",
        "strip-json-comments": "^3.1.1"
      },
@@ -400,9 +402,9 @@
      }
    },
    "node_modules/@eslint/js": {
-      "version": "9.39.1",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.1.tgz",
-      "integrity": "sha512-S26Stp4zCy88tH94QbBv3XCuzRQiZ9yXofEILmglYTh/Ug/a9/umqvgFtYBAo3Lp0nsI/5/qH1CCrbdK3AP1Tw==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.2.tgz",
+      "integrity": "sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -522,10 +524,11 @@
      }
    },
    "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": {
-      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "argparse": "^1.0.7",
        "esprima": "^4.0.0"
@@ -765,13 +768,14 @@
      "dev": true
    },
    "node_modules/@types/express": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.5.tgz",
-      "integrity": "sha512-LuIQOcb6UmnF7C1PCFmEU1u2hmiHL43fgFQX67sN3H4Z+0Yk0Neo++mFsBjhOAuLzvlQeqAAkeDOZrJs9rzumQ==",
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.6.tgz",
+      "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
+      "license": "MIT",
      "dependencies": {
        "@types/body-parser": "*",
        "@types/express-serve-static-core": "^5.0.0",
-        "@types/serve-static": "^1"
+        "@types/serve-static": "^2"
      }
    },
    "node_modules/@types/express-serve-static-core": {
@@ -788,7 +792,8 @@
    "node_modules/@types/http-errors": {
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz",
-      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg=="
+      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==",
+      "license": "MIT"
    },
    "node_modules/@types/json-schema": {
      "version": "7.0.15",
@@ -796,11 +801,6 @@
      "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
      "dev": true
    },
-    "node_modules/@types/mime": {
-      "version": "1.3.5",
-      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz",
-      "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w=="
-    },
    "node_modules/@types/minimist": {
      "version": "1.2.5",
      "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.5.tgz",
@@ -840,21 +840,12 @@
      }
    },
    "node_modules/@types/serve-static": {
-      "version": "1.15.10",
-      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.10.tgz",
-      "integrity": "sha512-tRs1dB+g8Itk72rlSI2ZrW6vZg0YrLI81iQSTkMmOqnqCaNr/8Ek4VwWcN5vZgCYWbg/JJSGBlUaYGAOP73qBw==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-2.2.0.tgz",
+      "integrity": "sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==",
+      "license": "MIT",
      "dependencies": {
        "@types/http-errors": "*",
-        "@types/node": "*",
-        "@types/send": "<1"
-      }
-    },
-    "node_modules/@types/serve-static/node_modules/@types/send": {
-      "version": "0.17.6",
-      "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.6.tgz",
-      "integrity": "sha512-Uqt8rPBE8SY0RK8JB1EzVOIZ32uqy8HwdxCnoCOsYrvnswqmFZ/k+9Ikidlk/ImhsdvBsloHbAlewb2IEBV/Og==",
-      "dependencies": {
-        "@types/mime": "^1",
        "@types/node": "*"
      }
    },
@@ -885,6 +876,7 @@
      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
      "dev": true,
+      "peer": true,
      "bin": {
        "acorn": "bin/acorn"
      },
@@ -1059,23 +1051,28 @@
      "dev": true
    },
    "node_modules/body-parser": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz",
-      "integrity": "sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz",
+      "integrity": "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "bytes": "^3.1.2",
        "content-type": "^1.0.5",
-        "debug": "^4.4.0",
+        "debug": "^4.4.3",
        "http-errors": "^2.0.0",
-        "iconv-lite": "^0.6.3",
+        "iconv-lite": "^0.7.0",
        "on-finished": "^2.4.1",
        "qs": "^6.14.0",
-        "raw-body": "^3.0.0",
-        "type-is": "^2.0.0"
+        "raw-body": "^3.0.1",
+        "type-is": "^2.0.1"
      },
      "engines": {
        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/brace-expansion": {
@@ -1119,6 +1116,7 @@
          "url": "https://github.com/sponsors/ai"
        }
      ],
+      "peer": true,
      "dependencies": {
        "baseline-browser-mapping": "^2.8.19",
        "caniuse-lite": "^1.0.30001751",
@@ -1138,6 +1136,7 @@
      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
      "dev": true,
+      "license": "MIT",
      "engines": {
        "node": ">= 0.8"
      }
@@ -1705,11 +1704,12 @@
      }
    },
    "node_modules/eslint": {
-      "version": "9.39.1",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.1.tgz",
-      "integrity": "sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.2.tgz",
+      "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==",
      "dev": true,
      "license": "MIT",
+      "peer": true,
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.8.0",
        "@eslint-community/regexpp": "^4.12.1",
@@ -1717,7 +1717,7 @@
        "@eslint/config-helpers": "^0.4.2",
        "@eslint/core": "^0.17.0",
        "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.39.1",
+        "@eslint/js": "9.39.2",
        "@eslint/plugin-kit": "^0.4.1",
        "@humanfs/node": "^0.16.6",
        "@humanwhocodes/module-importer": "^1.0.1",
@@ -1902,18 +1902,20 @@
      }
    },
    "node_modules/express": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz",
-      "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==",
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
+      "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "accepts": "^2.0.0",
-        "body-parser": "^2.2.0",
+        "body-parser": "^2.2.1",
        "content-disposition": "^1.0.0",
        "content-type": "^1.0.5",
        "cookie": "^0.7.1",
        "cookie-signature": "^1.2.1",
        "debug": "^4.4.0",
+        "depd": "^2.0.0",
        "encodeurl": "^2.0.0",
        "escape-html": "^1.0.3",
        "etag": "^1.8.1",
@@ -2550,40 +2552,41 @@
      }
    },
    "node_modules/http-errors": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
-      "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
-        "depd": "2.0.0",
-        "inherits": "2.0.4",
-        "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
-        "toidentifier": "1.0.1"
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
      },
      "engines": {
        "node": ">= 0.8"
-      }
-    },
-    "node_modules/http-errors/node_modules/statuses": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
-      "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==",
-      "dev": true,
-      "engines": {
-        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/iconv-lite": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.0.tgz",
+      "integrity": "sha512-cf6L2Ds3h57VVmkZe+Pn+5APsT7FpqJtEhhieDCvrE2MK5Qk9MyffgQyuxQTm6BChfeZNtcOLHp9IcWRVcIcBQ==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "safer-buffer": ">= 2.1.2 < 3.0.0"
      },
      "engines": {
        "node": ">=0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
      }
    },
    "node_modules/ignore": {
@@ -2984,10 +2987,11 @@
      "dev": true
    },
    "node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "argparse": "^2.0.1"
      },
@@ -4016,10 +4020,11 @@
      }
    },
    "node_modules/qs": {
-      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz",
-      "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+      "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
      "dev": true,
+      "license": "BSD-3-Clause",
      "dependencies": {
        "side-channel": "^1.1.0"
      },
@@ -4069,36 +4074,21 @@
      }
    },
    "node_modules/raw-body": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.1.tgz",
-      "integrity": "sha512-9G8cA+tuMS75+6G/TzW8OtLzmBDMo8p1JRxN5AZ+LAp8uxGA8V8GZm4GQ4/N5QNQEnLmg6SS7wyuSmbKepiKqA==",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz",
+      "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
-        "bytes": "3.1.2",
-        "http-errors": "2.0.0",
-        "iconv-lite": "0.7.0",
-        "unpipe": "1.0.0"
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.7.0",
+        "unpipe": "~1.0.0"
      },
      "engines": {
        "node": ">= 0.10"
      }
    },
-    "node_modules/raw-body/node_modules/iconv-lite": {
-      "version": "0.7.0",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.0.tgz",
-      "integrity": "sha512-cf6L2Ds3h57VVmkZe+Pn+5APsT7FpqJtEhhieDCvrE2MK5Qk9MyffgQyuxQTm6BChfeZNtcOLHp9IcWRVcIcBQ==",
-      "dev": true,
-      "dependencies": {
-        "safer-buffer": ">= 2.1.2 < 3.0.0"
-      },
-      "engines": {
-        "node": ">=0.10.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/express"
-      }
-    },
    "node_modules/react-is": {
      "version": "18.3.1",
      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz",
@@ -4406,7 +4396,8 @@
      "version": "2.1.2",
      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
-      "dev": true
+      "dev": true,
+      "license": "MIT"
    },
    "node_modules/semver": {
      "version": "7.7.3",
@@ -5085,6 +5076,7 @@
      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
      "dev": true,
+      "license": "MIT",
      "engines": {
        "node": ">= 0.8"
      }
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@breizhhardware/express-prom-bundle",
-  "version": "8.0.4",
+  "version": "8.0.7",
  "description": "express middleware with popular prometheus metrics in one bundle",
  "main": "src/index.js",
  "keywords": [
Author	SHA1	Message	Date
Félix MARQUET	ef4fe2c5b5	Merge pull request #25 from BreizhHardware/dev chore(deps): Update qs to fix security issue	2026-01-04 10:22:06 +01:00
Félix MARQUET	dcc9e1f893	chore(deps): Update qs to fix security issue	2026-01-04 09:18:26 +00:00
Félix MARQUET	02a5cb67c3	Merge pull request #23 from BreizhHardware/dev Dev	2025-12-17 10:05:02 +01:00
Félix MARQUET	36d1484d33	feat(security): Add security policy documentation	2025-12-17 09:01:43 +00:00
Félix MARQUET	8fc61cd1d8	chore(version): bump version to 8.0.7	2025-12-17 08:55:50 +00:00
Félix MARQUET	4fd7a797c5	feat(action): Add regular github action for audit security vulnerability	2025-12-17 08:53:44 +00:00
Félix MARQUET	30d9c3d473	Merge pull request #21 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint/js-9.39.2 chore(deps-dev): bump @eslint/js from 9.39.1 to 9.39.2	2025-12-17 09:33:16 +01:00
Félix MARQUET	10fe1cac8f	Merge pull request #22 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint-9.39.2 chore(deps-dev): bump eslint from 9.39.1 to 9.39.2	2025-12-17 09:32:50 +01:00
dependabot[bot]	9b4e0eb163	chore(deps-dev): bump eslint from 9.39.1 to 9.39.2 Bumps [eslint](https://github.com/eslint/eslint) from 9.39.1 to 9.39.2. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v9.39.1...v9.39.2) --- updated-dependencies: - dependency-name: eslint dependency-version: 9.39.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-15 15:37:01 +00:00
dependabot[bot]	475b7a8f6d	chore(deps-dev): bump @eslint/js from 9.39.1 to 9.39.2 Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.39.1 to 9.39.2. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.39.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-15 15:36:51 +00:00
Félix MARQUET	c1482220c2	Merge pull request #20 from BreizhHardware/dependabot/npm_and_yarn/dev/multi-b251156d90 chore(deps): bump express and @types/express	2025-12-15 08:51:57 +01:00
dependabot[bot]	66643411b8	chore(deps): bump express and @types/express Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 5.2.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/v5.2.0...v5.2.1) Updates `@types/express` from 5.0.5 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-08 15:41:39 +00:00
Félix MARQUET	38abc2b1a5	Merge pull request #19 from BreizhHardware/dev Update deps	2025-12-03 14:11:39 +01:00
Félix MARQUET	97b2f425e6	chore: bump version to 8.0.6	2025-12-03 13:08:29 +00:00
Félix MARQUET	a8d4fa8116	Merge pull request #16 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint/eslintrc-3.3.3 chore(deps-dev): bump @eslint/eslintrc from 3.3.1 to 3.3.3	2025-12-03 14:04:57 +01:00
Félix MARQUET	0eb0178622	chore(deps-dev): update body-parser to 2.2.1	2025-12-03 13:02:08 +00:00
Félix MARQUET	5c1f68a482	Merge pull request #17 from BreizhHardware/dependabot/npm_and_yarn/dev/express-5.2.0 chore(deps-dev): bump express from 5.1.0 to 5.2.0	2025-12-03 13:58:46 +01:00
dependabot[bot]	12ff62478f	chore(deps-dev): bump express from 5.1.0 to 5.2.0 Bumps [express](https://github.com/expressjs/express) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](https://github.com/expressjs/express/compare/v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-01 17:05:50 +00:00
dependabot[bot]	2efc5189d0	chore(deps-dev): bump @eslint/eslintrc from 3.3.1 to 3.3.3 Bumps [@eslint/eslintrc](https://github.com/eslint/eslintrc) from 3.3.1 to 3.3.3. - [Release notes](https://github.com/eslint/eslintrc/releases) - [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslintrc/compare/v3.3.1...eslintrc-v3.3.3) --- updated-dependencies: - dependency-name: "@eslint/eslintrc" dependency-version: 3.3.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-01 17:05:40 +00:00
Félix MARQUET	c28b736c6e	Merge pull request #15 from BreizhHardware/dependabot/github_actions/dot-github/workflows/dev/actions/checkout-6 chore(deps): bump actions/checkout from 5 to 6 in /.github/workflows	2025-11-27 15:01:25 +01:00
dependabot[bot]	e84b96bf5e	chore(deps): bump actions/checkout from 5 to 6 in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-24 18:00:38 +00:00
Félix MARQUET	8a88d14dcd	Merge pull request #14 from BreizhHardware/hotfix/coverage fix: update coverage command in Makefile and add .nyc_output to .gitignore	2025-11-18 11:15:45 +01:00
Félix MARQUET	eb1a8f08ab	fix: update coverage command in Makefile and add .nyc_output to .gitignore	2025-11-18 10:12:13 +00:00
Félix MARQUET	648d88ab7c	Merge pull request #13 from BreizhHardware/dev Dev	2025-11-18 10:59:55 +01:00
Félix MARQUET	8982831816	Merge pull request #12 from BreizhHardware/dependabot/npm_and_yarn/npm_and_yarn-4265e88a4c Bump js-yaml from 3.14.1 to 3.14.2 in the npm_and_yarn group across 1 directory	2025-11-18 10:58:20 +01:00
Félix MARQUET	e49f95ab0e	chore: bump to version to 8.0.5	2025-11-18 09:57:23 +00:00
dependabot[bot]	b451ab0f97	Bump js-yaml in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [js-yaml](https://github.com/nodeca/js-yaml). Updates `js-yaml` from 3.14.1 to 3.14.2 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 3.14.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-18 09:44:01 +00:00
Félix MARQUET	cf862fca31	docs: update package name in readme	2025-11-18 08:52:45 +01:00
Félix MARQUET	0f6eab8d98	Merge pull request #11 from BreizhHardware/docs/update-readme-badge docs: update README badges and add coverage upload step in release workflow	2025-11-18 08:46:03 +01:00
Félix MARQUET	b586bd9515	fix: Fix security issue in js-yaml	2025-11-18 07:43:48 +00:00
Félix MARQUET	1a5f6df7f9	docs: update README badges and add coverage upload step in release workflow	2025-11-17 13:55:47 +00:00
Félix MARQUET	d1d980136f	Merge pull request #9 from BreizhHardware/dev Dev	2025-11-13 16:32:47 +01:00
Félix MARQUET	1c7935b377	Merge pull request #6 from BreizhHardware/dev Dev	2025-11-13 16:10:17 +01:00