Skip to content

chore(deps): bump axios and stellar-sdk in /react-web#24

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/react-web/multi-dae33ed7c1
Open

chore(deps): bump axios and stellar-sdk in /react-web#24
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/react-web/multi-dae33ed7c1

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 30, 2025

Bumps axios and stellar-sdk. These dependencies needed to be updated together.
Updates axios from 0.27.2 to 1.12.2

Release notes

Sourced from axios's releases.

Release v1.12.2

Release notes:

Bug Fixes

  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

Release v1.12.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.12.0

Release notes:

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.12.2 (2025-09-14)

Bug Fixes

  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#7030) (cf78825)

Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes

Contributors to this release

1.12.0 (2025-09-11)

Bug Fixes

Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

Contributors to this release

... (truncated)

Commits

Updates stellar-sdk from 10.3.0 to 13.3.0

Release notes

Sourced from stellar-sdk's releases.

v13.3.0

Added

  • Add includeFailed to PaymentCallBuilder for including failed transactions in calls (#1168).

Fixed

  • Ensure that rpc.Api.GetTransactionsResponse.transactions is always a valid array (#1162).

Contributors

@​fnando @​overcat

Full Changelog: stellar/js-stellar-sdk@v13.2.0...v13.3.1

v13.2.0

v13.2.0

Added

  • Support passing in an optional options.address to the contract.Client.deploy method (#1158).

Fixed

  • Extend support for parsing contract specifications in environments that don't have WebAssembly compilers (#1157).
  • Add missing to_muxed and to_muxed_id to Horizon’s PaymentOperationResponse (#1149).
  • Upgrade @stellar/stellar-base dependency to latest version (#1159).

Contributors

@​chadoh @​kknownymouss @​jeesunikim @​kalepail @​Shaptic

Full Changelog: stellar/js-stellar-sdk@v13.1.0...v13.2.0

v13.1.0

v13.1.0

Added

  • Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

  • When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).
  • rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

Contributors

Full Changelog: stellar/js-stellar-sdk@v13.0.0...v13.1.0

v13.0.0

v13.0.0: Protocol 22

This is a direct re-tag of rc.2 with the only change being an upgrade to the stellar-base library to incorporate a patch release. Nonetheless, the entire changelog from the prior major version here is replicated for a comprehensive view on what's broken, added, and fixed.

Breaking Changes

... (truncated)

Changelog

Sourced from stellar-sdk's changelog.

v13.3.0

Added

  • Add includeFailed to PaymentCallBuilder for including failed transactions in calls (#1168).

Fixed

  • Ensure that rpc.Api.GetTransactionsResponse.transactions is always a valid array (#1162).

v13.2.0

Added

  • Support passing in an optional options.address to the contract.Client.deploy method (#1158).

Fixed

  • Extend support for parsing contract specifications in environments that don't have WebAssembly compilers (#1157).
  • Upgraded @stellar/stellar-base dependency to latest version (#1159).

v13.1.0

Added

  • Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

  • When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).
  • rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

v13.0.0

This is a direct re-tag of rc.2 with the only change being an upgrade to the stellar-base library to incorporate a patch release. Nonetheless, the entire changelog from the prior major version here is replicated for a comprehensive view on what's broken, added, and fixed.

Breaking Changes

  • We stopped supporting Node 18 explicitly a while ago, but now the Babelification of the codebase will transform to Node 18 instead of 16.

TypeScript Bindings: the contract module.

  • contract.AssembledTransaction#signAuthEntries now takes an address instead of a publicKey. This brings the API more inline with its actual functionality: It can be used to sign all the auth entries for a particular address, whether that is the address of an account (public key) or a contract. (#1044).
  • The ClientOptions.signTransaction type has been updated to reflect the latest SEP-43 protocol, which matches the latest major version of Freighter and other wallets. It now accepts address, submit, and submitUrl options, and it returns a promise containing the signedTxXdr and the signerAddress. It now also returns an Error type if an error occurs during signing.
    • basicNodeSigner has been updated to reflect this new type.
  • ClientOptions.signAuthEntry type has been updated to reflect the SEP-43 protocol, which returns a promise containing the signerAddress in addition to the signAuthEntry that was returned previously. It also can return an Error type.
  • SentTransaction.init and new SentTransaction now take one (1) argument instead of two (2). The first argument had previously been deprecated and ignored. To update:
-SentTransaction(nonsense, realStuff)
+SentTransaction(realStuff)
-new SentTransaction(nonsense, realStuff)
+new SentTransaction(realStuff)

Server APIs: the rpc and Horizon modules.

  • Deprecated RPC APIs have been removed (#1084):

... (truncated)

Commits
  • b18004c Release v13.3.0 (#1169)
  • 448c27e Add PaymentCallBuilder.includeFailed(boolean) for including failed transact...
  • be5efd9 Coalesce transactions: null into an empty array for getTransactions. (#1162)
  • df4d572 Release v13.2.0 (#1159)
  • 83a3400 Parse Wasm contract spec manually when lacking WebAssembly support (#1157)
  • e211e3d support passing in an optional address to the deploy method (#1158)
  • bb6a32e Bump Node tests to v22, upgrade deps, fix minor Node version breakage (#1151)
  • 20ef5ea update ScSymbol description from spec (#1150)
  • c525195 Add muxed payments support for PaymentOperationResponse type (#1149)
  • 38115a1 chore: use requestAirdrop to fund e2e accounts (#1125)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump axios and stellar-sdk in /react-web
9eec75d 
Bumps [axios](https://github.com/axios/axios) and [stellar-sdk](https://github.com/stellar/js-stellar-sdk). These dependencies needed to be updated together.

Updates `axios` from 0.27.2 to 1.12.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.27.2...v1.12.2)

Updates `stellar-sdk` from 10.3.0 to 13.3.0
- [Release notes](https://github.com/stellar/js-stellar-sdk/releases)
- [Changelog](https://github.com/stellar/js-stellar-sdk/blob/master/CHANGELOG.md)
- [Commits](stellar/js-stellar-sdk@v10.3.0...v13.3.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.12.2
  dependency-type: direct:production
- dependency-name: stellar-sdk
  dependency-version: 13.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 30, 2025
@dependabot dependabot bot mentioned this pull request Sep 30, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants