Skip to content

Bump the all-dependencies group across 1 directory with 11 updates#50

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-7c97b8f42d
Open

Bump the all-dependencies group across 1 directory with 11 updates#50
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/all-dependencies-7c97b8f42d

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026

Bumps the all-dependencies group with 11 updates in the / directory:

Package From To
axios 1.13.2 1.13.5
react 19.2.3 19.2.4
react-dom 19.2.3 19.2.4
react-router-dom 7.11.0 7.13.1
recharts 2.15.4 3.7.0
@vitejs/plugin-react 4.7.0 5.1.4
vite 6.4.1 7.3.1
dotenv 17.2.3 17.3.1
pg 8.16.3 8.18.0
nodemon 3.1.11 3.1.14
sequelize-cli 6.6.3 6.6.5

Updates axios from 1.13.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

Commits

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

Commits

Updates react-router-dom from 7.11.0 to 7.13.1

Changelog

Sourced from react-router-dom's changelog.

7.13.1

Patch Changes

  • Updated dependencies:
    • react-router@7.13.1

7.13.0

Patch Changes

  • Updated dependencies:
    • react-router@7.13.0

7.12.0

Patch Changes

  • Updated dependencies:
    • react-router@7.12.0
Commits

Updates recharts from 2.15.4 to 3.7.0

Release notes

Sourced from recharts's releases.

v3.7.0

What's Changed

📢 Cell is now deprecated and will be removed in the next major version. Please migrate all Cell usage to use the shape prop of respective chart elements. ‼️

Feat

New Hooks

Other

Fix

Chore

Docs

We've started auto-generating our docs for the most part so you should see large improvements in accuracy of the docs between the code, the website, and the storybook. Huge shoutout to @​PavelVanecek 🚀

New Contributors

Full Changelog: recharts/recharts@v3.6.0...v3.7.0

... (truncated)

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @vitejs/plugin-react from 4.7.0 to 5.1.4

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.1.4

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

plugin-react@5.1.3

No release notes provided.

plugin-react@5.1.2

No release notes provided.

plugin-react@5.1.1

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

plugin-react@5.1.0

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

plugin-react@5.0.4

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

plugin-react@5.0.3

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.4 (2026-02-10)

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

5.1.3 (2026-02-02)

5.1.2 (2025-12-08)

5.1.1 (2025-11-12)

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

5.1.0 (2025-10-24)

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

5.0.4 (2025-09-27)

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

5.0.3 (2025-09-17)

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react since your current version.


Updates vite from 6.4.1 to 7.3.1

Release notes

Sourced from vite's releases.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

v7.2.4

Please refer to CHANGELOG.md for details.

v7.2.3

Please refer to CHANGELOG.md for details.

v7.2.2

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.1

Please refer to CHANGELOG.md for details.

v7.2.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0

Please refer to CHANGELOG.md for details.

v7.2.0-beta.1

Please refer to CHANGELOG.md for details.

v7.2.0-beta.0

Please refer to CHANGELOG.md for details.

v7.1.12

Please refer to CHANGELOG.md for details.

v7.1.11

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

Bug Fixes

Performance Improvements

Documentation

  • clarify manifest.json imports field is JS chunks only (#21136) (46d3077)

Miscellaneous Chores

7.2.4 (2025-11-20)

Bug Fixes

  • revert "perf(deps): replace debug with obug (#21107)" (2d66b7b)

7.2.3 (2025-11-20)

Bug Fixes

  • allow multiple bindCLIShortcuts calls with shortcut merging (#21103) (5909efd)
  • deps: update all non-major dependencies (#21096) (6a34ac3)
  • deps: update all non-major dependencies (#21128) (4f8171e)

Performance Improvements

... (truncated)

Commits

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.
Commits

Updates pg from 8.16.3 to 8.18.0

Changelog

Sourced from pg's changelog.

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

  • Emit release event when client is returned to the pool.

pg@8.9.0

pg@8.8.0

pg-pool@3.5.0

... (truncated)

Commits

Updates nodemon from 3.1.11 to 3.1.14

Release notes

Sourced from nodemon's releases.

v3.1.14

3.1.14 (2026-02-20)

Bug Fixes

v3.1.13

3.1.13 (2026-02-19)

Bug Fixes

  • TypeScript definition for 'restart' args (5c03715), closes #2265

v3.1.12

3.1.12 (2026-02-19)

Bug Fixes

Commits
  • cfebe2f fix: get watch working on windows
  • f34bfa9 chore: fix release to run after tests
  • 5c03715 fix: TypeScript definition for 'restart' args
  • 28de4b7 chore: semver-release wanted 22-24 🤦
  • 6217164 chore: move release workflow to node 20
  • 2c458de chore: bump semver-release + update workflow
  • 9376af3 fix: bump minimatch
  • e045423 chore: website
  • f7a4edd chore: website
  • f26223f chore: website
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemon since your current version.


Updates sequelize-cli from 6.6.3 to 6.6.5

Release notes

Sourced from sequelize-cli's releases.

v6.6.5

6.6.5 (2026-01-05)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sequelize-cli since your current version.


Dependabot will resolve any conflicts with thi...

Description has been truncated

Bumps the all-dependencies group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.13.2` | `1.13.5` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.3` | `19.2.4` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.3` | `19.2.4` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.11.0` | `7.13.1` |
| [recharts](https://github.com/recharts/recharts) | `2.15.4` | `3.7.0` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `4.7.0` | `5.1.4` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `7.3.1` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.16.3` | `8.18.0` |
| [nodemon](https://github.com/remy/nodemon) | `3.1.11` | `3.1.14` |
| [sequelize-cli](https://github.com/sequelize/cli) | `6.6.3` | `6.6.5` |



Updates `axios` from 1.13.2 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.5)

Updates `react` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

Updates `react-router-dom` from 7.11.0 to 7.13.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.1/packages/react-router-dom)

Updates `recharts` from 2.15.4 to 3.7.0
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v2.15.4...v3.7.0)

Updates `@vitejs/plugin-react` from 4.7.0 to 5.1.4
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.4/packages/plugin-react)

Updates `vite` from 6.4.1 to 7.3.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.1/packages/vite)

Updates `dotenv` from 17.2.3 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.3.1)

Updates `pg` from 8.16.3 to 8.18.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.18.0/packages/pg)

Updates `nodemon` from 3.1.11 to 3.1.14
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v3.1.11...v3.1.14)

Updates `sequelize-cli` from 6.6.3 to 6.6.5
- [Release notes](https://github.com/sequelize/cli/releases)
- [Changelog](https://github.com/sequelize/cli/blob/main/CHANGELOG.md)
- [Commits](sequelize/cli@v6.6.3...v6.6.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: react-router-dom
  dependency-version: 7.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: recharts
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: vite
  dependency-version: 7.3.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: pg
  dependency-version: 8.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: nodemon
  dependency-version: 3.1.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: sequelize-cli
  dependency-version: 6.6.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants