From f5baa892761329462c7c9b975058c6601390f5a3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Mar 2026 11:32:41 +0000
Subject: [PATCH] chore(deps-dev): Bump cors from 2.8.5 to 2.8.6 (#1655)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [cors](https://github.com/expressjs/cors) from 2.8.5 to 2.8.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/cors/releases">cors's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Build: Node.js@12.16 and Node.js.13.12 by <a
href="https://github.com/smondal"><code>@​smondal</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/189">expressjs/cors#189</a></li>
<li>Update README.md for origin function callback parameters by <a
href="https://github.com/dstudzinski"><code>@​dstudzinski</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/180">expressjs/cors#180</a></li>
<li>Suggest passing false for disallowed domains, not erroring by <a
href="https://github.com/shackpank"><code>@​shackpank</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/175">expressjs/cors#175</a></li>
<li>Changed the term whitelist to allowlist in Documentation by <a
href="https://github.com/jkasun"><code>@​jkasun</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/200">expressjs/cors#200</a></li>
<li>Fix typo in README by <a
href="https://github.com/alex-grover"><code>@​alex-grover</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/207">expressjs/cors#207</a></li>
<li>Added new link &amp; website in the README by <a
href="https://github.com/manjunath00"><code>@​manjunath00</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/269">expressjs/cors#269</a></li>
<li>Fix functions call with extra parameter by <a
href="https://github.com/LuisEGR"><code>@​LuisEGR</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/245">expressjs/cors#245</a></li>
<li>:bug: Fix readme status badge by <a
href="https://github.com/homersimpsons"><code>@​homersimpsons</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/306">expressjs/cors#306</a></li>
<li>chore: add support for OSSF scorecard reporting by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/321">expressjs/cors#321</a></li>
<li>ci: fix errors in ci github action for node 8 by <a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/322">expressjs/cors#322</a></li>
<li>test: improved test robustness by <a
href="https://github.com/Alex-GF"><code>@​Alex-GF</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/320">expressjs/cors#320</a></li>
<li>chore: upgrade scorecard workflow pinned action versions by <a
href="https://github.com/carpasse"><code>@​carpasse</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/341">expressjs/cors#341</a></li>
<li>ci: add CodeQL (SAST) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/340">expressjs/cors#340</a></li>
<li>docs: remove broken link to demo site by <a
href="https://github.com/dpopp07"><code>@​dpopp07</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/344">expressjs/cors#344</a></li>
<li>OSSF Scorecard recommendations by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/350">expressjs/cors#350</a></li>
<li>build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/351">expressjs/cors#351</a></li>
<li>build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/353">expressjs/cors#353</a></li>
<li>build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/354">expressjs/cors#354</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/355">expressjs/cors#355</a></li>
<li>build(deps-dev): bump express from 4.17.1 to 4.21.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/356">expressjs/cors#356</a></li>
<li>build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/352">expressjs/cors#352</a></li>
<li>build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/358">expressjs/cors#358</a></li>
<li>update the docs for per request config by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/338">expressjs/cors#338</a></li>
<li>(fix): readme updated for <a
href="https://redirect.github.com/expressjs/cors/issues/271">#271</a>
origin option for * by <a
href="https://github.com/dhananjaysa92"><code>@​dhananjaysa92</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/289">expressjs/cors#289</a></li>
<li>ci: upgrade Node versions by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/359">expressjs/cors#359</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/363">expressjs/cors#363</a></li>
<li>build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/371">expressjs/cors#371</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/cors/pull/370">expressjs/cors#370</a></li>
<li>docs: Cleanup README by <a
href="https://github.com/efekrskl"><code>@​efekrskl</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/374">expressjs/cors#374</a></li>
<li>chore: add node v25 by <a
href="https://github.com/imangas"><code>@​imangas</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/375">expressjs/cors#375</a></li>
<li>Extend CI test matrix by <a
href="https://github.com/imangas"><code>@​imangas</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/376">expressjs/cors#376</a></li>
<li>docs: simplify code examples with header comments by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/386">expressjs/cors#386</a></li>
<li>docs: tweak intro, add note w/ browser enforcement, FAQ by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/cors/pull/385">expressjs/cors#385</a></li>
<li>chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from
tarball by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/cors/pull/388">expressjs/cors#388</a></li>
<li>Release: 2.8.6 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/cors/pull/390">expressjs/cors#390</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/smondal"><code>@​smondal</code></a> made
their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/189">expressjs/cors#189</a></li>
<li><a
href="https://github.com/dstudzinski"><code>@​dstudzinski</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/180">expressjs/cors#180</a></li>
<li><a href="https://github.com/shackpank"><code>@​shackpank</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/175">expressjs/cors#175</a></li>
<li><a href="https://github.com/jkasun"><code>@​jkasun</code></a> made
their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/200">expressjs/cors#200</a></li>
<li><a
href="https://github.com/alex-grover"><code>@​alex-grover</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/207">expressjs/cors#207</a></li>
<li><a
href="https://github.com/manjunath00"><code>@​manjunath00</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/269">expressjs/cors#269</a></li>
<li><a href="https://github.com/LuisEGR"><code>@​LuisEGR</code></a> made
their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/245">expressjs/cors#245</a></li>
<li><a
href="https://github.com/homersimpsons"><code>@​homersimpsons</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/306">expressjs/cors#306</a></li>
<li><a
href="https://github.com/inigomarquinez"><code>@​inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/321">expressjs/cors#321</a></li>
<li><a href="https://github.com/Alex-GF"><code>@​Alex-GF</code></a> made
their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/320">expressjs/cors#320</a></li>
<li><a href="https://github.com/carpasse"><code>@​carpasse</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/cors/pull/341">expressjs/cors#341</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/cors/blob/master/HISTORY.md">cors's
changelog</a>.</em></p>
<blockquote>
<h1>2.8.6 / 2026-01-22</h1>
<ul>
<li>Improve documentation (API, context, examples...)</li>
<li>Remove additional markdown files from tarball</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/cors/commit/f00a8c1f0af727ffe5ed35f3b2d0b1a7eb4b65bb"><code>f00a8c1</code></a>
2.8.6 (<a
href="https://redirect.github.com/expressjs/cors/issues/390">#390</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/848e2bd062a5d845c99e3808ca598d60f6bc5e16"><code>848e2bd</code></a>
chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball
(<a
href="https://redirect.github.com/expressjs/cors/issues/388">#388</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/cf8947e828444603c68dfca4f9297700f52b9629"><code>cf8947e</code></a>
docs: tweak intro, add note w/ browser enforcement, FAQ (<a
href="https://redirect.github.com/expressjs/cors/issues/385">#385</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/bbf62a5438a406bf50cc6f3c2d763028f215523f"><code>bbf62a5</code></a>
docs: simplify code examples with header comments (<a
href="https://redirect.github.com/expressjs/cors/issues/386">#386</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/f442e770a40993f5093940c73c326b825203f947"><code>f442e77</code></a>
Extend CI test matrix (<a
href="https://redirect.github.com/expressjs/cors/issues/376">#376</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/d5cf6cd3ac1edad4507f5f265cad6dfb6ea048bc"><code>d5cf6cd</code></a>
ci: add support for node@25 (<a
href="https://redirect.github.com/expressjs/cors/issues/375">#375</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/7e6f7eeac0c16d9abed2cb84ac4b2891a51fa3dc"><code>7e6f7ee</code></a>
docs: revamp content (<a
href="https://redirect.github.com/expressjs/cors/issues/374">#374</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/b25644c76be11c09e3573007244a0696c4d183ec"><code>b25644c</code></a>
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/expressjs/cors/issues/370">#370</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/f881e919e825ae8e35b8526a39bb64d13d4688bb"><code>f881e91</code></a>
build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (<a
href="https://redirect.github.com/expressjs/cors/issues/371">#371</a>)</li>
<li><a
href="https://github.com/expressjs/cors/commit/9a9a760c888433d923847ee837e95567d9a94517"><code>9a9a760</code></a>
chore: add funding to package.json (<a
href="https://redirect.github.com/expressjs/cors/issues/363">#363</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/cors/compare/v2.8.5...v2.8.6">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for cors since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cors&package-manager=npm_and_yarn&previous-version=2.8.5&new-version=2.8.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 12 ++++++++----
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cd8fc56e..2a8483d6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -93,7 +93,7 @@
         "@types/wicg-file-system-access": "^2023.10.7",
         "@vitejs/plugin-react": "^5.1.4",
         "@vitest/coverage-v8": "^4.0.18",
-        "cors": "^2.8.5",
+        "cors": "^2.8.6",
         "cypress": "^15.9.0",
         "cypress-plugin-tab": "^1.0.5",
         "eslint": "^9.39.2",
@@ -5697,9 +5697,9 @@
       "license": "MIT"
     },
     "node_modules/cors": {
-      "version": "2.8.5",
-      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
-      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "version": "2.8.6",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz",
+      "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5708,6 +5708,10 @@
       },
       "engines": {
         "node": ">= 0.10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/cosmiconfig": {
diff --git a/package.json b/package.json
index 7b0a1d28..9b1342c0 100644
--- a/package.json
+++ b/package.json
@@ -127,7 +127,7 @@
     "@types/wicg-file-system-access": "^2023.10.7",
     "@vitejs/plugin-react": "^5.1.4",
     "@vitest/coverage-v8": "^4.0.18",
-    "cors": "^2.8.5",
+    "cors": "^2.8.6",
     "cypress": "^15.9.0",
     "cypress-plugin-tab": "^1.0.5",
     "eslint": "^9.39.2",