chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates by dependabot[bot] · Pull Request #6 · HydraCode-GH/hydra_cad

dependabot · 2026-02-19T18:53:39Z

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
cookie	`0.6.0`	`0.7.0`
express	`4.19.2`	`4.22.0`
glob	`10.4.1`	`12.0.0`
multer	`1.4.5-lts.1`	`2.0.2`
nanoid	`3.3.6`	`3.3.8`
undici	`6.18.2`	`6.23.0`
vite	`5.0.0`	`5.4.21`
@sentry/browser	`7.81.1`	`7.119.1`
axios	`1.7.2`	`1.13.5`
next	`14.0.3`	`15.5.10`
tsup	`6.6.2`	`8.3.5`
storybook	`7.5.3`	`7.6.21`

Bumps the npm_and_yarn group with 4 updates in the /apps/client directory: vite, @sentry/browser, axios and next.
Bumps the npm_and_yarn group with 3 updates in the /packages/utils directory: undici, vite and tsup.

Updates cookie from 0.6.0 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

Commits

ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
ca70da4 test(serialize): additional tests for name, domain and path RFC validations (...
47917c9 Iterate whitespace for perf (#170)
927d48a Add main to package.json (#166)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates express from 4.19.2 to 4.22.0

Release notes

Sourced from express's releases.

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

4.21.2

What's Changed

Add funding field (v4) by @bjohansebas in expressjs/express#6065

deps: path-to-regexp@0.1.11 by @blakeembrey in expressjs/express#5956

deps: bump path-to-regexp@0.1.12 by @jonchurch in expressjs/express#6209

Release: 4.21.2 by @UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in expressjs/express#6029

Release: 4.21.1 by @UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in expressjs/express#5935

finalhandler@1.3.1 by @wesleytodd in expressjs/express#5954

fix(deps): serve-static@1.16.2 by @wesleytodd in expressjs/express#5951

Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in expressjs/express#5946

New Contributors

@agadzinski93 made their first contribution in expressjs/express#5946

... (truncated)

Changelog

Sourced from express's changelog.

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

4.21.2 / 2024-11-06

deps: path-to-regexp@0.1.12

Fix backtracking protection

deps: path-to-regexp@0.1.11

Throws an error on invalid path values

4.21.1 / 2024-10-08

Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

Deprecate res.location("back") and res.redirect("back") magic string

deps: serve-static@1.16.2

includes send@0.19.0

deps: finalhandler@1.3.1

deps: qs@6.13.0

4.20.0 / 2024-09-10

deps: serve-static@0.16.0

Remove link renderization in html while redirecting

deps: send@0.19.0

Remove link renderization in html while redirecting

deps: body-parser@0.6.0

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: path-to-regexp@0.1.10

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
3a5edfa fix(ci): updated github actions ci workflow (#6323)
52d9781 fix(test): add test for method routes without paths #5955
Additional commits viewable in compare view

Updates glob from 10.4.1 to 12.0.0

Changelog

Sourced from glob's changelog.

changeglob

13

Move the CLI program out to a separate package, glob-bin. Install that if you'd like to continue using glob from the command line.

12

Remove the unsafe --shell option. The --shell option is now ONLY supported on known shells where the behavior can be implemented safely.

11.1

GHSA-5j98-mcp5-4vw2

Add the --shell option for the command line, with a warning that this is unsafe. (It will be removed in v12.)

Add the --cmd-arg/-g as a way to safely add positional arguments to the command provided to the CLI tool.

Detect commands with space or quote characters on known shells, and pass positional arguments to them safely, avoiding shell:true execution.

11.0

Drop support for node before v20

10.4

Add includeChildMatches: false option

Export the Ignore class

10.3

Add --default -p flag to provide a default pattern

exclude symbolic links to directories when follow and nodir are both set

10.2

Add glob cli

10.1

Return '.' instead of the empty string '' when the current working directory is returned as a match.

Add posix: true option to return / delimited paths, even on

... (truncated)

Commits

2b03cca 12.0.0
d56203d prettier config
bb521e5 Remove --shell option where unsafe to use
2551fb5 11.1.0
47473c0 bin: Do not expose filenames to shell expansion
bc33fe1 skip tilde test on systems that lack tilde expansion
59bf9ca fix notes
dde4fa6 docs(README): add #anchor and improve notes
0559b0e docs: add better links to path-scurry docs
c9773c2 fix: correct typos in README.md
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for glob since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates multer from 1.4.5-lts.1 to 2.0.2

Release notes

Sourced from multer's releases.

v2.0.2

Important

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

Full Changelog: expressjs/multer@v2.0.1...v2.0.2

v2.0.1

Important

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

What's Changed

add Arabic translation for README .. by @3imed-jaberi in expressjs/multer#762

Update README.md to fix issue #1114 by @Mohamed-Abdelfattah in expressjs/multer#1169

Improved documentation translation to Spanish by @juliomontenegro in expressjs/multer#1174

Translated to french by @AlanLg in expressjs/multer#1182

Improve the Brazilian Portuguese translation by @vitorRibeiro7 in expressjs/multer#1204

doc: uzbek language by @eugene0928 in expressjs/multer#1232

Fix a mistake with README-pt-br.md by @Igor-CA in expressjs/multer#1251

Update in Readme-pt-br and fix in Readme-ko by @carlosstenzel in expressjs/multer#1252

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/multer#1260

ci: replace travis with github action by @inigomarquinez in expressjs/multer#1259

docs: improve readability by @Sreejit-Sengupto in expressjs/multer#1255

test: add test for out-of-band error event by @LinusU in expressjs/multer#1294

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/multer#1290

Documentation: remove unfortunate abbreviation from readme by @MaddyGuthridge in expressjs/multer#1299

ci: use ubuntu-latest as default runner by @UlisesGascon in expressjs/multer#1308

ci: add CodeQL (SAST) by @bjohansebas in expressjs/multer#1289

Update readme badges by @bjohansebas in expressjs/multer#1268

📝 fix changelog information by @ctcpip in expressjs/multer#1316

master -> v2 by @ctcpip in expressjs/multer#1317

chore: fix typo by @saucecodee in expressjs/multer#993

Remove --save from README by @username1001 in expressjs/multer#929

feat - update link badge in docs by @carlosstenzel in expressjs/multer#1273

ci: change branch reference by @UlisesGascon in expressjs/multer#1319

♻️ use version tag for CI, fix CI badge, fix references to master/main by @ctcpip in expressjs/multer#1324

deps: update dependencies to latest versions by @bjohansebas in expressjs/multer#1328

📝 list languages in table to prevent GH right-aligning list due to RTL language by @ctcpip in expressjs/multer#1325

[StepSecurity] Apply security best practices by @step-security-bot in expressjs/multer#1311

New Contributors

@3imed-jaberi made their first contribution in expressjs/multer#762

@Mohamed-Abdelfattah made their first contribution in expressjs/multer#1169

@juliomontenegro made their first contribution in expressjs/multer#1174

@AlanLg made their first contribution in expressjs/multer#1182

@vitorRibeiro7 made their first contribution in expressjs/multer#1204

@eugene0928 made their first contribution in expressjs/multer#1232

@Igor-CA made their first contribution in expressjs/multer#1251

... (truncated)

Changelog

Sourced from multer's changelog.

2.0.2

Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

Breaking change: The minimum supported Node version is now 10.16.0

Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)

Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

1.4.5-lts.2

Fix out-of-band error event from busboy (#1177)

Commits

e5db9ca 🔖 2.0.2
adfeaf6 🥅 improve error handling
e259a7e 🔖 2.0.1
35a3272 Fixes expressjs/multer#1233. Makes multer handle mi...
f897007 ci: apply security best practices (#1311)
061f4cb 📝 list languages in table to prevent GH right-aligning list due to RTL language
854d769 deps: update dependencies to latest versions (#1328)
256da2f ♻️ use version tag for CI, fix CI badge, fix references to master/main
dd9dde4 📝 fix badges in translation files (#1321)
dc2a880 ci: change branch reference
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates nanoid from 3.3.6 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

3.3.7

Fixed node16 TypeScript support (by Saadi Myftija).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
89d82d2 Release 3.3.7 version
5022c35 Update dual-publish
3e7a8e5 Remove benchmark from CI for v3
d356144 Fix CI for v3
37b25df Move to pnpm 8
See full diff in compare view

Updates undici from 6.18.2 to 6.23.0

Release notes

Sourced from undici's releases.

v6.23.0

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

Full Changelog: nodejs/undici@v6.22.0...v6.23.0

v6.22.0

What's Changed

fix: fix wrong stream canceled up after cloning (v6) by @snyamathi in nodejs/undici#4414

[Backport v6.x] fix: fix EnvHttpProxyAgent for the Node.js bundle by @github-actions[bot] in nodejs/undici#4432

feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180) by @metcoder95 in nodejs/undici#4433

feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#4180) (#4340) by @metcoder95 in nodejs/undici#4445

Backport 4472 to v6.x by @Uzlopak in nodejs/undici#4480

Full Changelog: nodejs/undici@v6.21.3...v6.22.0

v6.21.3

What's Changed

[Backport v6.x] append crlf to formdata body by @github-actions in nodejs/undici#4210

Full Changelog: nodejs/undici@v6.21.2...v6.21.3

v6.21.2

What's Changed

fix(types): add missing DNS interceptor by @slagiewka in nodejs/undici#4024

[v6.x] fix wpts on windows by @mcollina in nodejs/undici#4093

Removed clients with unrecoverable errors from the Pool nodejs/undici#4088

New Contributors

@slagiewka made their first contribution in nodejs/undici#4024

Full Changelog: nodejs/undici@v6.21.1...v6.21.2

v6.21.1

⚠️ Security Release ⚠️

Fixes CVE CVE-2025-22150 GHSA-c76h-2ccp-4975 (embargoed until 22-01-2025).

What's Changed

fix(#3736): back-port 183f8e9 to v6.x by @ggoodman in nodejs/undici#3855

fix(#3817): send servername for SNI on TLS (#3821) [backport] by @metcoder95 in nodejs/undici#3864

fix: sending formdata bodies with http2 (#3863) [backport] by @metcoder95 in nodejs/undici#3866

[Backport v6.x] fix: Fixed the issue that there is no running request when http2 goaway by @github-actions in nodejs/undici#3877

types: [backport] Update return type of RetryCallback (#3851) by @metcoder95 in nodejs/undici#3876

... (truncated)

Commits

fbc31e2 Bumped v6.23.0
3477c94 chore: release flow using provenance
d3aafea fix: limit Content-Encoding chain to 5 to prevent resource exhaustion
f9c9185 Bumped v6.22.0
f670f2a feat: make UndiciErrors reliable to instanceof (#4472) (#4480)
422e397 feat(ProxyAgent) improve Curl-y behavior in HTTP->HTTP Proxy connections (#41...
4a06ffe feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180)...
4cb3974 fix: fix EnvHttpProxyAgent for the Node.js bundle (#4064) (#4432)
44c23e5 fix: fix wrong stream canceled up after cloning (v6) (#4414)
da0e823 Bumped v6.21.4
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates vite from 5.0.0 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

v5.4.19

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970) (cad1d31), closes #20968 #20970

chore: update CHANGELOG (ca88ed7)

5.4.20 (2025-09-08)

fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

fix: port sirv@3.0.2 changes to sirv@2.0.4 (#20737) (4f1c35b), closes #20737

5.4.19 (2025-04-30)

fix: backport #19965, check static serve file inside sirv (#19966) (766947e), closes #19965 #19966

5.4.18 (2025-04-10)

fix: backport #19830, reject requests with # in request-target (#19831) (823675b), closes #19830 #19831

5.4.17 (2025-04-03)

fix: backport #19782, fs check with svg and relative paths (#19784) (84b2b46), closes #19782 #19784

5.4.16 (2025-03-31)

fix: backport #19761, fs check in transform middleware (#19762) (b627c50), closes #19761 #19762

5.4.15 (2025-03-24)

fix: backport #19702, fs raw query with query separators (#19703) (807d7f0), closes #19702 #19703

5.4.14 (2025-01-21)

fix: preview.allowedHosts with specific values was not respected (#19246) (9df6e6b), closes #19246

fix: allow CORS from loopback addresses by default (#19249) (7d1699c), closes #19249

... (truncated)

Commits

adce3c2 release: v5.4.21
cad1d31 fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20970)
ca88ed7 chore: update CHANGELOG
997700f release: v5.4.20
482000f fix: apply fs.strict check to HTML files (#20736)
80a333a release: v5.4.19
766947e fix: backport #19965, check static serve file inside sirv (#19966)
731b77d release: v5.4.18
823675b fix: backport #19830, reject requests with # in request-target (#19831)
0a2518a release: v5.4.17
Additional commits viewable in compare view

Updates @sentry/browser from 7.81.1 to 7.119.1

Changelog

Sourced from @sentry/browser's changelog.

7.119.1

fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @legobeat. Thank you for your contribution!

7.119.0

backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

7.117.0

feat(browser/v7): Publish browserprofling CDN bundle (#12224)

fix(v7/publish): Add v7 tag to @sentry/replay (#12304)

7.116.0

build(craft): Publish lambda layer under its own name for v7 (#12098) (#12099)

This release publishes a new AWS Lambda layer under the name SentryNodeServerlessSDKv7 that users still running v7 can use instead of pinning themselves to SentryNodeServerlessSDK:235.

7.115.0

feat(v7): Add support for global onUnhandled Error/Promise for Bun (#11959)

fix(replay/v7): Fix user activity not being updated in start() (#12003)

ref(api): Remove lastEventId deprecation warnings (#12042)

7.114.0

Important Changes

fix(browser/v7): Continuously record CLS (#11935)

This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the cases where it should have been reported. With this change, the CLS web vital should now always be reported for pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.

Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.

Other Changes

build(aws-lambda/v7): Turn off lambda layer publishing (#11875)

feat(v7): Add tunnel support to multiplexed transport (#11851)

fix(opentelemetry-node): support HTTP_REQUEST_METHOD attribute (#11929)

fix(react/v7): Fix react router v4/v5 span names (#11940)

... (truncated)

Commits

c8452e1 release: 7.119.1
5a88ff6 fix(browser/v7): Ensure wrap() only returns functions (#13838 backport) (#1...
5adcbf9 Merge branch 'release/7.119.0' into v7
f58bf69 release: 7.119.0
a6bc39f fix(ci): GH dropped macos-11 at the end of June 24 (#13360)
2060d84 meta(changelog): Update CHANGELOG.md for 7.119.0 (#13350)
f54c97a backport(tracing): Report dropped spans for transactions (#13343)
eeae3cf test(v7/loader): Update Loader Script to latest (#12765)
d3e2c7b meta(v7): Ignore pem for tests (#13051)
47f1710 Merge branch 'release/7.118.0' into v7
Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (

… updates Bumps the npm_and_yarn group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `0.7.0` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.22.0` | | [glob](https://github.com/isaacs/node-glob) | `10.4.1` | `12.0.0` | | [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `2.0.2` | | [nanoid](https://github.com/ai/nanoid) | `3.3.6` | `3.3.8` | | [undici](https://github.com/nodejs/undici) | `6.18.2` | `6.23.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.0.0` | `5.4.21` | | [@sentry/browser](https://github.com/getsentry/sentry-javascript) | `7.81.1` | `7.119.1` | | [axios](https://github.com/axios/axios) | `1.7.2` | `1.13.5` | | [next](https://github.com/vercel/next.js) | `14.0.3` | `15.5.10` | | [tsup](https://github.com/egoist/tsup) | `6.6.2` | `8.3.5` | | [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `7.5.3` | `7.6.21` | Bumps the npm_and_yarn group with 4 updates in the /apps/client directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@sentry/browser](https://github.com/getsentry/sentry-javascript), [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 3 updates in the /packages/utils directory: [undici](https://github.com/nodejs/undici), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [tsup](https://github.com/egoist/tsup). Updates `cookie` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.6.0...v0.7.0) Updates `express` from 4.19.2 to 4.22.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.22.0/History.md) - [Commits](expressjs/express@4.19.2...4.22.0) Updates `glob` from 10.4.1 to 12.0.0 - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](isaacs/node-glob@v10.4.1...v12.0.0) Updates `multer` from 1.4.5-lts.1 to 2.0.2 - [Release notes](https://github.com/expressjs/multer/releases) - [Changelog](https://github.com/expressjs/multer/blob/main/CHANGELOG.md) - [Commits](expressjs/multer@v1.4.5-lts.1...v2.0.2) Updates `nanoid` from 3.3.6 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.6...3.3.8) Updates `undici` from 6.18.2 to 6.23.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.18.2...v6.23.0) Updates `vite` from 5.0.0 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `@sentry/browser` from 7.81.1 to 7.119.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.81.1...7.119.1) Updates `axios` from 1.7.2 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.2...v1.13.5) Updates `next` from 14.0.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.3...v15.5.10) Updates `tsup` from 6.6.2 to 8.3.5 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v6.6.2...v8.3.5) Updates `storybook` from 7.5.3 to 7.6.21 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.v1-5.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.6.21/code/core) Updates `body-parser` from 1.20.2 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.4) Updates `esbuild` from 0.17.19 to 0.18.20 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md) - [Commits](evanw/esbuild@v0.17.19...v0.18.20) Updates `form-data` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v3.0.1...v3.0.4) Updates `path-to-regexp` from 0.1.7 to 0.1.12 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.12) Updates `qs` from 6.11.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.11.0...v6.14.2) Updates `send` from 0.18.0 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.2) Updates `serve-static` from 1.15.0 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.3) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `vite` from 5.0.0 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `@sentry/browser` from 7.81.1 to 7.119.1 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/7.119.1/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@7.81.1...7.119.1) Updates `axios` from 1.7.2 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.2...v1.13.5) Updates `next` from 14.0.3 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.3...v15.5.10) Updates `undici` from 6.18.2 to 6.23.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v6.18.2...v6.23.0) Updates `vite` from 5.0.0 to 5.4.21 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) Updates `tsup` from 6.6.2 to 8.3.5 - [Release notes](https://github.com/egoist/tsup/releases) - [Commits](egoist/tsup@v6.6.2...v8.3.5) --- updated-dependencies: - dependency-name: cookie dependency-version: 0.7.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: glob dependency-version: 12.0.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: multer dependency-version: 2.0.2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-version: 3.3.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.23.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@sentry/browser" dependency-version: 7.119.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: tsup dependency-version: 8.3.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: storybook dependency-version: 7.6.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: esbuild dependency-version: 0.18.20 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@sentry/browser" dependency-version: 7.119.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 6.23.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 5.4.21 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: tsup dependency-version: 8.3.5 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026

dependabot bot mentioned this pull request Feb 19, 2026

chore(deps): bump axios from 1.7.2 to 1.12.0 in the npm_and_yarn group across 1 directory #3

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates#6

chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates#6
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-72d5f0343d

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Comments

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

0.7.0

4.22.0

Important: Security

What's Changed

4.21.2

What's Changed

4.21.1

What's Changed

4.21.0

What's Changed

New Contributors

4.22.0 / 2025-12-01

4.21.2 / 2024-11-06

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

4.20.0 / 2024-09-10

changeglob

13

12

11.1

11.0

10.4

10.3

10.2

10.1

v2.0.2

Important

v2.0.1

Important

What's Changed

New Contributors

2.0.2

2.0.1

2.0.0

1.4.5-lts.2

3.3.8

3.3.7

v6.23.0

⚠️ Security Release

v6.22.0

What's Changed

v6.21.3

What's Changed

v6.21.2

What's Changed

New Contributors

v6.21.1

⚠️ Security Release ⚠️

What's Changed

v5.4.21

v5.4.20

v5.4.19

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

5.4.19 (2025-04-30)

5.4.18 (2025-04-10)

5.4.17 (2025-04-03)

5.4.16 (2025-03-31)

5.4.15 (2025-03-24)

5.4.14 (2025-01-21)

7.119.1

7.119.0

7.118.0

7.117.0

7.116.0

7.115.0

7.114.0

Important Changes

Other Changes

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements