Bump the npm_and_yarn group across 1 directory with 16 updates#9
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump the npm_and_yarn group across 1 directory with 16 updates#9dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [esbuild](https://github.com/evanw/esbuild) | `0.12.20` | `0.28.1` | | [@cypress/request](https://github.com/cypress-io/request) | `2.88.5` | `4.0.1` | | [axios](https://github.com/axios/axios) | `0.21.1` | `1.18.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `removed` | Updates `esbuild` from 0.12.20 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2021.md) - [Commits](evanw/esbuild@v0.12.20...v0.28.1) Updates `@cypress/request` from 2.88.5 to 4.0.1 - [Release notes](https://github.com/cypress-io/request/releases) - [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md) - [Commits](cypress-io/request@v2.88.5...v4.0.1) Updates `axios` from 0.21.1 to 1.18.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.1...v1.18.1) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `flatted` from 3.1.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.1.1...v3.4.2) Updates `follow-redirects` from 1.14.1 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.1...v1.16.0) Updates `form-data` from 2.3.3 to 4.0.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/commits/v4.0.6) Removes `js-yaml` Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `lodash` from 4.17.21 to 4.18.1 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.18.1) Updates `minimatch` from 3.0.4 to 10.2.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v10.2.5) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `picomatch` from 2.3.0 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@2.3.0...4.0.4) Updates `qs` from 6.5.2 to 6.15.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.15.3) Updates `tmp` from 0.2.1 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.2.1...v0.2.7) Updates `tough-cookie` from 2.5.0 to 5.1.2 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.5.0...v5.1.2) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.1 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@cypress/request" dependency-version: 4.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-version: 0.4.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 10.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-version: 1.2.8 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 5.1.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
This was referenced Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 6 updates in the / directory:
0.12.200.28.12.88.54.0.10.21.11.18.13.0.23.0.33.1.13.4.23.14.1removedUpdates
esbuildfrom 0.12.20 to 0.28.1Release notes
Sourced from esbuild's releases.
... (truncated)
Changelog
Sourced from esbuild's changelog.
... (truncated)
Commits
bb9db84publish 0.28.1 to npm9ff053esecurity: add integrity checks to the Deno API0a9bf21enforce non-negative size in gzip parsere2a1a71security: forbid\\in local dev server requests83a2cbffix #4482: don't inlineusingdeclarations308ad74fix #4471: renaming of nestedvardeclarationsf013f5ffix some typosaafd6e4chore: fix some minor issues in comments (#4462)15300c3follow up: cjs evaluation fixes1bda0c3fix #4461, fix #4467: esm evaluation fixesMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for esbuild since your current version.
Updates
@cypress/requestfrom 2.88.5 to 4.0.1Release notes
Sourced from @cypress/request's releases.
... (truncated)
Commits
c1d4c52fix(deps): bump qs to ^6.15.2 (CVE-2026-8723) (#107)12b38c9Merge pull request #105 from cypress-io/deps/rm-uuide334dd8BREAKING: update minimum node version to 14.17.070413a9chore(deps): remove uuid, use built-in cryptoe783d90fix: release cypress-io/request#97 (#102)e3d6845chore: fix approval/release job (#100)cea7bc6chore: fix broken circle context (#99)a5253c3Merge pull request #97 from hmaesta/master6cc9ddecommig yarn.lockd0c69d2chore(deps): allow qs patch versionsUpdates
axiosfrom 0.21.1 to 1.18.1Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
a209bfbchore(release): prepare release 1.18.1 (#11027)fa6a55echore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)40e7be8docs: clarifies that request data is request-specific in axios (#11025)a446b39fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...cf1306adocs: add Deno to install instructions (#11023)b32880afix: incorrect use of error (#11021)1792edafix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)30499d6fix: various runtime crashes and type definition mismatches (#10959)20ce9c4fix(http): defer env proxy handling to Node (#10942)e64bcf9chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Updates
bracesfrom 3.0.2 to 3.0.3Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)Updates
flattedfrom 3.1.1 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
follow-redirectsfrom 1.14.1 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.21ef28aRelease version 1.15.11 of the npm package.7c88135Roll back tree shaking.6e389baRelease version 1.15.10 of the npm package.5bc496eShake me up before you go-go.694d6b4Bump minimist from 1.2.5 to 1.2.8Updates
form-datafrom 2.3.3 to 4.0.6Changelog
Sourced from form-data's changelog.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for form-data since your current version.
Install script changes
This version modifies
prepublishscript that runs during installation. Review the package contents before updating.Removes
js-yamlUpdates
json-schemafrom 0.2.3 to 0.4.0Commits
f6f6a3bUse a little more robust method of checking instancesef60987Update versionb62f1daProtect against constructor modification, #84fb427cdLink to json-schema-org repository in addition to site, fixes #5422f1461Don't allow proto property to be used for schema default/coerce, fixes #84c52a27cGet basic test to passb3f42b3Add security policy3b0cec3Update versionc28470fUpdate readme to acknowledge the state of the package7dff9cdMerge pull request #81 from hodovani/patch-1Updates
lodashfrom 4.17.21 to 4.18.1Release notes
Sourced from lodash's releases.
Commits
cb0b9b9release(patch): bump main to 4.18.1 (#6177)75535f5chore: prune stale advisory refs (#6170)62e91bcdocs: remove n_ Node.js < 6 REPL note from README (#6165)59be2derelease(minor): bump to 4.18.0 (#6161)af63457fix: broken tests for _.template 879aaa91073a76fix: linting issues879aaa9fix: validate imports keys in _.templatefe8d32efix: block prototype pollution in baseUnset via constructor/prototype traversal18ba0a3refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)b819080ci: add dist sync validation workflow (#6137)Updates
minimatchfrom 3.0.4 to 10.2.5Changelog
Sourced from minimatch's changelog.
... (truncated)
Commits
693c82310.2.57953af1do not allow .. to consume drive letter on Windows1caf918lint and format7783ed6ignore docs6d9b356update deps etcc36addb10.2.426b9002docs: add warning about ReDoS3a0d83bfix partial matching of globstar patternsea9484010.2.30873fbaupdate depsInstall script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Updates
minimistfrom 1.2.5 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2v1.2.8a026794Merge tag 'v0.2.3'