Skip to content

chore(deps-dev): bump the npm-dependencies group across 1 directory with 11 updates#215

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-dependencies-53ef09e91e
Open

chore(deps-dev): bump the npm-dependencies group across 1 directory with 11 updates#215
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-dependencies-53ef09e91e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 11 updates in the / directory:

Package From To
@apidevtools/json-schema-ref-parser 15.3.5 15.5.0
@redocly/cli 2.31.6 2.38.0
@types/glob 7.2.0 9.0.0
@types/node 25.9.1 26.1.1
axios 1.17.0 1.18.1
js-yaml 4.2.0 5.2.1
openapi-to-postmanv2 6.0.1 6.3.0
prettier 3.8.3 3.9.5
query-string 9.4.0 9.4.1
tar 7.5.16 7.5.20
typescript 6.0.3 7.0.2

Updates @apidevtools/json-schema-ref-parser from 15.3.5 to 15.5.0

Release notes

Sourced from @​apidevtools/json-schema-ref-parser's releases.

v15.5.0

15.5.0 (2026-07-09)

Bug Fixes

  • stabilize cross-platform CI (8bfeec2)

Features

  • handle cyclic reference chains safely (09959ba)

v15.4.0

15.4.0 (2026-06-19)

Features

  • preserve compound schema refs when bundling (fa3cccb)

v15.3.6

15.3.6 (2026-06-11)

Bug Fixes

  • block unsafe pointer set tokens (a786bc6)
  • harden safe URL resolver (dea50b0)
Commits
  • a8e6b4d test: allow time for deep reference chain
  • 8bfeec2 fix: stabilize cross-platform CI
  • 09959ba feat: handle cyclic reference chains safely
  • fa3cccb feat: preserve compound schema refs when bundling
  • 53d0c1e Remove Claude config
  • 5b1aee5 chore: migrate to pnpm
  • dea50b0 fix: harden safe URL resolver
  • a786bc6 fix: block unsafe pointer set tokens
  • See full diff in compare view

Updates @redocly/cli from 2.31.6 to 2.38.0

Release notes

Sourced from @​redocly/cli's releases.

@​redocly/cli@​2.38.0

Minor Changes

  • Added an experimental drift command that compares recorded HTTP traffic (HAR, Kong, Nginx/Apache JSON, NDJSON) against an OpenAPI description and reports undocumented endpoints, schema mismatches, and security findings.
  • Added an experimental proxy command that captures live HTTP traffic through a reverse proxy into a HAR file and optionally validates it against an OpenAPI description in real time.

Patch Changes

  • Updated @​redocly/openapi-core to v2.38.0.

@​redocly/cli@​2.37.0

Minor Changes

  • Added experimental support for linting GraphQL SDL schema files (.graphql / .gql).

Patch Changes

  • Updated @​redocly/openapi-core to v2.37.0.

@​redocly/cli@​2.36.0

Minor Changes

  • Added a Subresource Integrity (SRI) hash to the Redoc standalone script tag in the HTML produced by build-docs, ensuring the script's integrity.

@​redocly/cli@​2.35.1

Patch Changes

  • Updated undici to the 6.27.0 version.

@​redocly/cli@​2.35.0

Minor Changes

  • Added support for validating Arazzo 1.1.0 descriptions syntax in the lint command.
  • Added the spec-step-mutually-exclusive-fields Arazzo rule to flag steps that use more than one mutually exclusive operation field (operationId, operationPath, workflowId, channelPath, or x-operation).

@​redocly/cli@​2.34.0

Minor Changes

  • Improved CLI install speed by bundling the CLI into a dependency-free package.

    Warning: The published package no longer ships runtime dependencies in node_modules. Plugins that relied on importing packages hoisted from the CLI (such as @redocly/openapi-core) must now declare those packages as their own dependencies.

@​redocly/cli@​2.33.2

Patch Changes

  • Fixed a path traversal in the split command that might have written files outside the chosen --outDir.
  • Updated @​redocly/openapi-core to v2.33.2.

@​redocly/cli@​2.33.1

... (truncated)

Commits
  • 1192323 chore: 🔖 release new versions (#2939)
  • 21475a7 chore: update redocly config version to 0.50.1 (#2941)
  • 7faca0c feat: experimental traffic analysis (#2848)
  • 51b1d15 docs: document --continue-on-deploy-failures option for push and push-status ...
  • 5f17f18 test: cover anonymous security alternatives (#2932)
  • a7b3b99 docs(cli): add Overlay linting guides (#2470)
  • cbff49b chore: 🔖 release new versions (#2933)
  • ff6b9c9 chore: update config package to v0.50.0 and apply audit fix (#2934)
  • 5fed1cb chore: fix release pipeline crashing (#2931)
  • 31d448f chore: fix release pipeline crashing when trying to store changesets status (...
  • Additional commits viewable in compare view

Updates @types/glob from 7.2.0 to 9.0.0

Commits

Updates @types/node from 25.9.1 to 26.1.1

Commits

Updates axios from 1.17.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates js-yaml from 4.2.0 to 5.2.1

Changelog

Sourced from js-yaml's changelog.

[5.2.1] - 2026-07-02

Fixed

  • Add Map support to !!omap (should work when realMapTag used)

Security

  • Remove quadratic complexity from !!omap addItem. Regression from v5 (usually not critical, because YAML11_SCHEMA is not default anymore).

4.3.0, 3.15.0 - 2026-06-27

Security

  • Backported maxTotalMergeKeys option.

[5.2.0] - 2026-06-26

Added

  • Added maxTotalMergeKeys (10000) loader option to limit the total number of keys processed by YAML merge (<<) across one load() / loadAll() call.
  • Added maxAliases (-1) loader option to limit the number of YAML aliases per document.

Removed

  • maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge processing.

Fixed

  • Round-trip of integers with exponential form (>= 1e21)

[5.1.0] - 2026-06-23

Added

  • Collection tags can finalize an incrementally populated carrier into a different result value.

Changed

  • [breaking] quoteStyle now selects the preferred quote style; use the restored forceQuotes option to force quoting non-key strings.

[5.0.0] - 2026-06-20

Added

  • Added named exports for schemas, tags, parser events and AST utilities.
  • Reworked JSON_SCHEMA and CORE_SCHEMA with spec-compliant scalar resolution rules, and added YAML11_SCHEMA.
  • Added realMapTag for lossless mappings with non-string and complex keys. Object-based mappings now reject complex keys instead of stringifying them.
  • Added dump() transform option for changing the generated AST before rendering.
  • Added dump() options seqInlineFirst, flowBracketPadding, flowSkipCommaSpace, flowSkipColonSpace, quoteFlowKeys, quoteStyle and

... (truncated)

Commits
  • ac16b42 5.2.1 released
  • 4a864e5 Deps bump
  • 39f3211 !!omap: add Map support and remove quadratic complexity
  • ff17f1e Changelog update
  • 8ed15f1 deps bump
  • 1a562dc Fix changelog link
  • c28ed5e 5.2.0 released
  • 125cd5a Add maxAliases option
  • 3105455 Replace maxMergeSeqLengthoption with maxTotalMergeKeys (more robust)
  • 39d00d6 numbers: Drop boxed numbers support, simplify .identify() checks, clarify rou...
  • Additional commits viewable in compare view

Updates openapi-to-postmanv2 from 6.0.1 to 6.3.0

Changelog

Sourced from openapi-to-postmanv2's changelog.

[v6.3.0] - 2026-07-07

[v6.2.0] - 2026-06-29

[v6.1.0] - 2026-06-09

Commits
  • a3e689c Merge pull request #956 from postmanlabs/release/v6.3.0
  • b848e6c Prepare release v6.3.0
  • 77124f7 Merge pull request #954 from postmanlabs/feature/deleted-orphaned-req
  • 5132cde Add deleteOrphanedRequests option for collection syncing
  • 50ed171 Merge pull request #952 from postmanlabs/release/v6.2.0
  • 8ae6e33 Merge pull request #953 from postmanlabs/release/v6.2.0
  • b67b7eb Prepare release v6.2.0
  • 593f55f Merge pull request #951 from postmanlabs/feature/custom-server-url-fix
  • 7fa75bf Merge pull request #950 from postmanlabs/feature/example-key-mapping
  • b86777f Potential fix for pull request finding
  • Additional commits viewable in compare view

Updates prettier from 3.8.3 to 3.9.5

Release notes

Sourced from prettier's releases.

3.9.5

🔗 Changelog

3.9.4

  • Angular: Format @content(name) -> @content (name) to align with other block syntax (#19499 by @​fisker)

🔗 Changelog

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

3.8.4

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.5

diff

Markdown: Cap ordered list mark at 999,999,999 (#19351 by @​tats-u)

CommonMark parsers only support ordered list item numbers up to 999,999,999.

With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:

<!-- Input -->
999999998. text
999999998. text
999999998. text
999999998. text
1234567890123456789012) text
<!-- Prettier 3.9.4 -->
999999998. text
999999999. text
1000000000. text
1000000001. text
1234567890123456789012) text
<!-- Prettier 3.9.5 -->
999999998. text
999999999. text
999999999. text
999999999. text
1234567890123456789012) text

Markdown: Avoid corrupting empty link with title (#19487 by @​andersk)

Do not remove <> from an inline link or image with an empty URL and a title, as this removal would change its interpretation.

<!-- Input -->
[link](https://github.com/prettier/prettier/blob/main/<> "title")
<!-- Prettier 3.9.4 -->
[link](https://github.com/prettier/prettier/blob/main/ "title")
<!-- Prettier 3.9.5 -->
</tr></table>

... (truncated)

Commits

Updates query-string from 9.4.0 to 9.4.1

Release notes

Sourced from query-string's releases.

v9.4.1

  • Fix relative URLs with fragments 872fb6f

sindresorhus/query-string@v9.4.0...v9.4.1

Commits

Updates tar from 7.5.16 to 7.5.20

Commits
  • ebbb720 7.5.20
  • 2f27196 fix: fully disable and dispose of unzip when aborting parser
  • be440da 7.5.19
  • 2812e93 add maxDecompressionRatio guard against explosive decompression
  • 9ecd4d2 7.5.18
  • 9e78bf0 refuse to let header size be less than 0
  • e02a4e9 pax: parse values according to known types
  • 9cbdb31 7.5.17
  • 7a635c2 terminate pax strings on nul bytes
  • See full diff in compare view

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 11 updates

Bumps the npm-dependencies group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@apidevtools/json-schema-ref-parser](https://github.com/APIDevTools/json-schema-ref-parser) | `15.3.5` | `15.5.0` |
| [@redocly/cli](https://github.com/Redocly/redocly-cli) | `2.31.6` | `2.38.0` |
| [@types/glob](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/glob) | `7.2.0` | `9.0.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `26.1.1` |
| [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.1` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `4.2.0` | `5.2.1` |
| [openapi-to-postmanv2](https://github.com/postmanlabs/openapi-to-postman) | `6.0.1` | `6.3.0` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.9.5` |
| [query-string](https://github.com/sindresorhus/query-string) | `9.4.0` | `9.4.1` |
| [tar](https://github.com/isaacs/node-tar) | `7.5.16` | `7.5.20` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |



Updates `@apidevtools/json-schema-ref-parser` from 15.3.5 to 15.5.0
- [Release notes](https://github.com/APIDevTools/json-schema-ref-parser/releases)
- [Commits](APIDevTools/json-schema-ref-parser@v15.3.5...v15.5.0)

Updates `@redocly/cli` from 2.31.6 to 2.38.0
- [Release notes](https://github.com/Redocly/redocly-cli/releases)
- [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@2.31.6...@redocly/cli@2.38.0)

Updates `@types/glob` from 7.2.0 to 9.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/glob)

Updates `@types/node` from 25.9.1 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `axios` from 1.17.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.17.0...v1.18.1)

Updates `js-yaml` from 4.2.0 to 5.2.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.2.0...5.2.1)

Updates `openapi-to-postmanv2` from 6.0.1 to 6.3.0
- [Release notes](https://github.com/postmanlabs/openapi-to-postman/releases)
- [Changelog](https://github.com/postmanlabs/openapi-to-postman/blob/develop/CHANGELOG.md)
- [Commits](postmanlabs/openapi-to-postman@v6.0.1...v6.3.0)

Updates `prettier` from 3.8.3 to 3.9.5
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.9.5)

Updates `query-string` from 9.4.0 to 9.4.1
- [Release notes](https://github.com/sindresorhus/query-string/releases)
- [Commits](sindresorhus/query-string@v9.4.0...v9.4.1)

Updates `tar` from 7.5.16 to 7.5.20
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.16...v7.5.20)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: "@apidevtools/json-schema-ref-parser"
  dependency-version: 15.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@redocly/cli"
  dependency-version: 2.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/glob"
  dependency-version: 9.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: openapi-to-postmanv2
  dependency-version: 6.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: prettier
  dependency-version: 3.9.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: query-string
  dependency-version: 9.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: tar
  dependency-version: 7.5.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants