Skip to content

build(deps): bump the minor-and-patch group across 1 directory with 5 updates#235

Closed
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/minor-and-patch-12f62636e4
Closed

build(deps): bump the minor-and-patch group across 1 directory with 5 updates#235
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/minor-and-patch-12f62636e4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026
edited
Loading

Bumps the minor-and-patch group with 5 updates in the / directory:

Package From To
axios 1.13.6 1.14.0
hbs 4.2.0 4.2.1
@types/node 25.5.0 25.5.2
@types/sinon 21.0.0 21.0.1
ts-loader 9.5.4 9.5.7

Updates axios from 1.13.6 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

  • Runtime Features: No new end-user features were introduced in this release.
  • Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

  • Headers: Trim trailing CRLF in normalised header values. (#7456)
  • HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
  • Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
  • Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
  • CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

  • Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
  • Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
  • Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
  • Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Full Changelog: v1.13.6...v1.14.0

Changelog

Sourced from axios's changelog.

v1.14.0 — March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

  • Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

🐛 Bug Fixes

  • CommonJS Compatibility: Restored require('axios') in Node.js by correcting the main field in package.json to point to the built CJS bundle. (#7532)

  • Fetch Adapter: Cancel the ReadableStream body after the request stream capability probe to prevent resource leaks. (#7515)

  • Proxy: Upgraded proxy-from-env to v2 and switched to the named getProxyForUrl export, fixing proxy detection from environment variables and resolving CJS bundling errors. (#7499)

  • HTTP/2: Close detached HTTP/2 sessions on timeout to free resources when no new requests arrive. (#7457)

  • Headers: Trim trailing CRLF characters from normalised header values. (#7456)

🔧 Maintenance & Chores

  • Toolchain Modernisation: Migrated test suite to Vitest, updated ESLint to v10, upgraded Rollup and @rollup/plugin-babel, migrated to Husky 9, upgraded TypeScript to latest, and modernised the Express test harness. (#7484, #7489, #7498, #7505, #7506, #7507, #7508, #7509, #7510, #7516, #7522)

  • Dependencies: Bumped multer to v2, minimatch, tar, pacote, @babel/preset-env, and additional dev dependencies. (#7453, #7480, #7491, #7504, #7517, #7531)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates hbs from 4.2.0 to 4.2.1

Release notes

Sourced from hbs's releases.

4.2.1

What's Changed

New Contributors

Full Changelog: pillarjs/hbs@v4.2.0...v4.2.1

Changelog

Sourced from hbs's changelog.

4.2.1 / 2026-04-01

  • deps: handlebars@4.7.9
Commits
  • 59fb54b Release: 4.2.1 (#253)
  • faa3be0 build(deps): bump handlebars from 4.7.8 to 4.7.9 (#251)
  • 3dc3224 build(deps): bump actions/checkout from 6.0.0 to 6.0.2 (#245)
  • 8a20640 build(deps): bump actions/upload-artifact from 4.6.2 to 7.0.0 (#249)
  • b85bc56 build(deps): bump github/codeql-action from 4.31.6 to 4.32.4 (#248)
  • c83cb66 build(deps): bump github/codeql-action from 3.30.5 to 4.31.6 (#236)
  • 491ebbc build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#237)
  • b417c0e build(deps): bump github/codeql-action from 3.28.19 to 3.30.5 (#233)
  • 1d31895 build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#232)
  • 1dad155 build(deps): bump actions/checkout from 2.7.0 to 5.0.0 (#229)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for hbs since your current version.


Updates @types/node from 25.5.0 to 25.5.2

Commits

Updates @types/sinon from 21.0.0 to 21.0.1

Commits

Updates ts-loader from 9.5.4 to 9.5.7

Release notes

Sourced from ts-loader's releases.

v9.5.7

Skipping 9.5.5-9.5.6 due to publishing issues

Changelog

Sourced from ts-loader's changelog.

9.5.7

Skipping 9.5.5-9.5.6 due to publishing issues

Commits
  • 4a60de4 chore: trusted publishing attempt 3
  • b03b4aa chore: version bump
  • 2421dcf fix: trusted publishing by changing respository.url in package.json
  • f84480f fix: TS5011 errors with TypeScript 6.0: transpileModule called with rootDir: ...
  • 0cef777 feat: migrate to trusted publishing (#1680)
  • a0cfb39 docs: add AGENTS.md / CLAUDE.md
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-loader since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the minor-and-patch group across 1 directory with 5…
b75998c 
… updates

Bumps the minor-and-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.14.0` |
| [hbs](https://github.com/pillarjs/hbs) | `4.2.0` | `4.2.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.5.2` |
| [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) | `21.0.0` | `21.0.1` |
| [ts-loader](https://github.com/TypeStrong/ts-loader) | `9.5.4` | `9.5.7` |



Updates `axios` from 1.13.6 to 1.14.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.6...v1.14.0)

Updates `hbs` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/pillarjs/hbs/releases)
- [Changelog](https://github.com/pillarjs/hbs/blob/master/HISTORY.md)
- [Commits](pillarjs/hbs@v4.2.0...v4.2.1)

Updates `@types/node` from 25.5.0 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/sinon` from 21.0.0 to 21.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon)

Updates `ts-loader` from 9.5.4 to 9.5.7
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](TypeStrong/ts-loader@v9.5.4...v9.5.7)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: hbs
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/sinon"
  dependency-version: 21.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ts-loader
  dependency-version: 9.5.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 14, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 21, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 21, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/minor-and-patch-12f62636e4 branch April 21, 2026 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants