chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates by dependabot[bot] · Pull Request #42 · TiltCheck-ME/TiltCheck

dependabot · 2026-02-11T07:06:53Z

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
axios	`1.13.1`	`1.13.5`
nodemailer	`7.0.10`	`7.0.11`
jws	`3.2.2`	`3.2.3`
lodash	`4.17.21`	`4.17.23`
qs	`6.13.0`	`6.14.1`
validator	`13.15.20`	`13.15.26`

Bumps the npm_and_yarn group with 1 update in the /degens_bot directory: lodash.
Bumps the npm_and_yarn group with 1 update in the /mcp/frontend directory: next.
Bumps the npm_and_yarn group with 2 updates in the /tiltcheck-organized/integrations/shared directory: axios and qs.
Bumps the npm_and_yarn group with 7 updates in the /tiltcheck-organized/webapp directory:

Package	From	To
axios	`1.12.2`	`1.13.5`
lodash	`4.17.21`	`4.17.23`
qs	`6.13.0`	`6.14.1`
jsonpath	`1.1.1`	`1.2.1`
node-forge	`1.3.1`	`1.3.3`
react-router	`6.30.1`	`6.30.3`
webpack	`5.102.1`	`5.105.1`

Bumps the npm_and_yarn group with 1 update in the /webapp directory: next.

Updates axios from 1.13.1 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates nodemailer from 7.0.10 to 7.0.11

Release notes

Sourced from nodemailer's releases.

v7.0.11

7.0.11 (2025-11-26)

Bug Fixes

prevent stack overflow DoS in addressparser with deeply nested groups (b61b9c0)

Changelog

Sourced from nodemailer's changelog.

7.0.11 (2025-11-26)

Bug Fixes

prevent stack overflow DoS in addressparser with deeply nested groups (b61b9c0)

Commits

3d17dbe chore(master): release 7.0.11 (#1783)
15879f8 Bumped dev dependencies
b61b9c0 fix: prevent stack overflow DoS in addressparser with deeply nested groups
See full diff in compare view

Updates jws from 3.2.2 to 3.2.3

Release notes

Sourced from jws's releases.

v3.2.3

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.

Changelog

Sourced from jws's changelog.

[3.2.3]

Changed

Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.

Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.

[3.0.0]

Changed

BREAKING: jwt.verify now requires an algorithm parameter, and jws.createVerify requires an algorithm option. The "alg" field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by jwt.verify. See https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ for details.

2.0.0 - 2015-01-30

Changed

BREAKING: Default payload encoding changed from binary to utf8. utf8 is a is a more sensible default than binary because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (6b6de48)

Code reorganization, thanks @fearphage! (7880050)

Added

Option in all relevant methods for encoding. For those few users that might be depending on a binary encoding of the messages, this is for them. (6b6de48)

Commits

4f6e73f Merge commit from fork
bd0fea5 version 3.2.3
7c3b4b4 Enhance tests for HMAC streaming sign and verify
a9b8ed9 Improve secretOrKey initialization in VerifyStream
6707fde Improve secret handling in SignStream
See full diff in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates validator from 13.15.20 to 13.15.26

Release notes

Sourced from validator's releases.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

New Contributors

@ds1371dani made their first contribution in validatorjs/validator.js#2634

@Numbers0689 made their first contribution in validatorjs/validator.js#2535

Full Changelog: validatorjs/validator.js@13.15.23...13.15.26

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

Full Changelog: validatorjs/validator.js@13.15.22...13.15.23

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

New Contributors

@mbtools made their first contribution in validatorjs/validator.js#2622

@koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

Changelog

Sourced from validator's changelog.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

Commits

784e52a docs(matches): add ReDoS note to README (#2640)
6531047 fix(isHexColor): add require_hashtag option (#2535)
f605a9c fix(isURL): handle possible bypass with URL-encoded content (#2633)
a165ebe fix(isIBAN): improve IR locale (#2634)
9113304 fix(build): move to trusted publishing (#2631)
f2b5c17 maintenance: 2511 release (#2627)
d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
f2e3633 docs: add install instructions to contibution guide (#2621)
cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
4af6124 maintenance: 2510 release (#2585)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for validator since your current version.

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates next from 14.2.32 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates axios from 1.12.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates axios from 1.12.2 to 1.13.5
<d...

Description has been truncated

… updates Bumps the npm_and_yarn group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.13.1` | `1.13.5` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.10` | `7.0.11` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.20` | `13.15.26` | Bumps the npm_and_yarn group with 1 update in the /degens_bot directory: [lodash](https://github.com/lodash/lodash). Bumps the npm_and_yarn group with 1 update in the /mcp/frontend directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 2 updates in the /tiltcheck-organized/integrations/shared directory: [axios](https://github.com/axios/axios) and [qs](https://github.com/ljharb/qs). Bumps the npm_and_yarn group with 7 updates in the /tiltcheck-organized/webapp directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.12.2` | `1.13.5` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` | | [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.2.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.3` | | [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `6.30.1` | `6.30.3` | | [webpack](https://github.com/webpack/webpack) | `5.102.1` | `5.105.1` | Bumps the npm_and_yarn group with 1 update in the /webapp directory: [next](https://github.com/vercel/next.js). Updates `axios` from 1.13.1 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.1...v1.13.5) Updates `nodemailer` from 7.0.10 to 7.0.11 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v7.0.10...v7.0.11) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.1) Updates `validator` from 13.15.20 to 13.15.26 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.20...13.15.26) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `next` from 14.2.32 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.32...v15.5.10) Updates `axios` from 1.12.2 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.1...v1.13.5) Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.1) Updates `axios` from 1.12.2 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.1...v1.13.5) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.1) Updates `jsonpath` from 1.1.1 to 1.2.1 - [Commits](https://github.com/dchester/jsonpath/commits/1.2.1) Updates `node-forge` from 1.3.1 to 1.3.3 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.3) Updates `react-router` from 6.30.1 to 6.30.3 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@6.30.3/packages/react-router) Updates `webpack` from 5.102.1 to 5.105.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.102.1...v5.105.1) Updates `next` from 14.2.32 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.32...v15.5.10) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nodemailer dependency-version: 7.0.11 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.26 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonpath dependency-version: 1.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: react-router dependency-version: 6.30.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack dependency-version: 5.105.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates#42

chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates#42
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-6873e97a21

dependabot bot commented on behalf of github Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 11, 2026

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v7.0.11

7.0.11 (2025-11-26)

Bug Fixes

7.0.11 (2025-11-26)

Bug Fixes

v3.2.3

Changed

[3.2.3]

Changed

[3.0.0]

Changed

2.0.0 - 2015-01-30

Changed

Added

6.14.1

6.14.0

6.13.1

13.15.26

Fixes, New Locales and Enhancements

New Contributors

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

New Contributors

13.15.26

Fixes, New Locales and Enhancements

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

6.14.1