Skip to content

chore(deps): bump the prod-minor-patch group with 12 updates#301

Merged
martinkrivda merged 3 commits intomainfrom
dependabot/npm_and_yarn/prod-minor-patch-3ed4385afc
Apr 28, 2026
Merged

chore(deps): bump the prod-minor-patch group with 12 updates#301
martinkrivda merged 3 commits intomainfrom
dependabot/npm_and_yarn/prod-minor-patch-3ed4385afc

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 25, 2026
edited
Loading

Bumps the prod-minor-patch group with 12 updates:

Package From To
@tanstack/vue-query 5.99.0 5.100.5
axios 1.15.0 1.15.2
vue 3.5.32 3.5.33
@tanstack/react-form 1.29.0 1.29.1
@tanstack/react-query 5.99.2 5.100.5
@tanstack/react-router 1.168.23 1.168.24
react-hook-form 7.72.1 7.73.1
@aws-sdk/client-s3 3.1032.0 3.1037.0
@prisma/adapter-mariadb 7.7.0 7.8.0
@prisma/client 7.7.0 7.8.0
@scalar/hono-api-reference 0.10.9 0.10.10
hono 4.12.14 4.12.15

Updates @tanstack/vue-query from 5.99.0 to 5.100.5

Release notes

Sourced from @​tanstack/vue-query's releases.

@​tanstack/vue-query@​5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

@​tanstack/vue-query@​5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.4

@​tanstack/vue-query@​5.100.3

Patch Changes

  • Updated dependencies [f85d825]:
    • @​tanstack/query-core@​5.100.3

@​tanstack/vue-query@​5.100.2

Patch Changes

@​tanstack/vue-query@​5.100.0

Patch Changes

  • Updated dependencies [6540a41]:
    • @​tanstack/query-core@​5.100.0
Changelog

Sourced from @​tanstack/vue-query's changelog.

5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

  • Updated dependencies [f85d825]:
    • @​tanstack/query-core@​5.100.3

5.100.2

Patch Changes

5.100.1

Patch Changes

  • Updated dependencies [1bb0d23]:
    • @​tanstack/query-core@​5.100.1

5.100.0

Patch Changes

  • Updated dependencies [6540a41]:
    • @​tanstack/query-core@​5.100.0

5.99.2

Patch Changes

  • fix(vue-query): allow computed ref and other reactive values as enabled property in queryOptions (#10465)

    This fixes a regression introduced in #10452 where queryOptions only accepted getter functions for the enabled property, but not computed refs or other reactive values.

... (truncated)

Commits

Updates axios from 1.15.0 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
  • Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

  • FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
  • HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
  • Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
  • Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
  • buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
  • AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
  • Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

v1.15.1 - April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

  • Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

  • CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

  • Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

  • withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

  • maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

  • Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

  • Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

  • AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

... (truncated)

Commits

Updates vue from 3.5.32 to 3.5.33

Release notes

Sourced from vue's releases.

v3.5.33

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.33 (2026-04-22)

Bug Fixes

Commits
  • 3310eea release: v3.5.33
  • bb9d265 fix(compiler-sfc): handle nested :deep in selector pseudos (#14725)
  • 60402cd Revert "chore(deps): update pnpm/action-setup action to v6" (#14749)
  • 11fb2fd fix(runtime-dom): preserve textarea resize dimensions (#14747)
  • 974e2d2 chore(deps): update test (#14713)
  • 45990ce fix(transition): preserve placeholder for conditional explicit default slots ...
  • 6a61f44 fix(teleport): don't move teleport children if not mounted (#14702)
  • e7659be fix(reactivity): unlink effect scopes on out-of-order off (#14734)
  • 268115d chore: update pnpm config (#14694)
  • 24f26f4 chore(deps): update pnpm/action-setup action to v6 (#14716)
  • Additional commits viewable in compare view

Updates @tanstack/react-form from 1.29.0 to 1.29.1

Release notes

Sourced from @​tanstack/react-form's releases.

@​tanstack/react-form-nextjs@​1.29.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-form@​1.29.1

@​tanstack/react-form-remix@​1.29.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-form@​1.29.1

@​tanstack/react-form-start@​1.29.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-form@​1.29.1

@​tanstack/react-form@​1.29.1

Patch Changes

  • Updated dependencies [6b8aa1e]:
    • @​tanstack/form-core@​1.29.1
Changelog

Sourced from @​tanstack/react-form's changelog.

1.29.1

Patch Changes

  • Updated dependencies [6b8aa1e]:
    • @​tanstack/form-core@​1.29.1
Commits

Updates @tanstack/react-query from 5.99.2 to 5.100.5

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.5
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query-next-experimental@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query-persist-client@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.100.5
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query@​5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

@​tanstack/react-query-devtools@​5.100.4

Patch Changes

  • fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

  • Updated dependencies [3d1a62e]:

    • @​tanstack/query-devtools@​5.100.4
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query-next-experimental@​5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query-persist-client@​5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.100.4
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query@​5.100.4

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

  • fix(suspense): skip calling combine when queries would suspend (#10576)

  • Updated dependencies [f85d825]:

    • @​tanstack/query-core@​5.100.3

5.100.2

Patch Changes

5.100.1

Patch Changes

  • Updated dependencies [1bb0d23]:
    • @​tanstack/query-core@​5.100.1

5.100.0

Patch Changes

  • Updated dependencies [6540a41]:
    • @​tanstack/query-core@​5.100.0
Commits

Updates @tanstack/react-router from 1.168.23 to 1.168.24

Changelog

Sourced from @​tanstack/react-router's changelog.

1.168.24

Patch Changes

  • Add TanStack Start inline CSS manifest support for SSR so route styles can be embedded in the HTML response and hydrated without duplicate stylesheet links. (#7253)

  • Updated dependencies [4d864ee]:

    • @​tanstack/router-core@​1.168.16
Commits

Updates react-hook-form from 7.72.1 to 7.73.1

Release notes

Sourced from react-hook-form's releases.

Version 7.73.1

⚡perf: memoize submit (#13378) 🚉 perf: improve deepEqual performance (#13362) 👀 perf: skip re-render in setValue when value is unchanged (#13352) ✂️ remove unneeded flag check for shouldDirty 🚨 fix: safely access field._f during register (#13365) 🧹 close #13298: improve fieldState errors when resolver uses dot-notation string keys (#13350) 🐞 fix #13178: update state correctly in watch callback with Controller, trigger, and reset (#13180) 🐞 fix #13331: skip field array validation when mode is onBlur (#13333) 🐞 fix #13334 sDirty remains false after deletion an item with shouldDirty: true (#13357) 🐞 fix: handle nested field when parent defaultValue is null (#13348)

thanks to @​Prasadzoman, @​cyphercodes, @​lorenzoceglia, @​rizwan-rizu, @​tomeelog & @​ap0nia

Commits

Updates @aws-sdk/client-s3 from 3.1032.0 to 3.1037.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1037.0

3.1037.0(2026-04-24)

New Features
  • clients: update client endpoints as of 2026-04-24 (ca3df2be)
  • client-evs: EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. (fd92ee48)
  • client-cloudwatch-logs: Adding nextToken and maxItems to the GetQueryResults API. (1a5ef619)
  • client-transfer: AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. (f2a72a85)
  • client-bedrock-agentcore-control: Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access (a0bf24cd)
  • client-connect: Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. (7e987e88)
  • client-connecthealth: Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. (c21882c4)
Bug Fixes
  • client-kinesis: tolerance for flaky H2 session ordering assertion in E2E test (#7959) (58734960)

For list of updated packages, view updated-packages.md in assets-3.1037.0.zip

v3.1036.0

3.1036.0(2026-04-23)

Chores
  • codegen: sync for http2 session closure, retry longpoll backoff, and fast-xml-parser version bump (#7958) (107aefc4)
  • xml-builder: up fast-xml-parser to 5.7.1 (#7957) (110b1c01)
Documentation Changes
  • client-pcs: This release adds support for Slurm 25.11 with expedited requeue enabled by default for jobs failing due to node issues, configurable requeue delay, health checks at node startup only, and unauthenticated HTTP endpoints disabled by default for improved security. (1110500a)
New Features
  • client-datazone: Releasing For LakehouseProperties attributes in the Connections API's (d0c03722)
  • client-iot-managed-integrations: Adds "Status" field to provisioning profile operation response types, giving users visibility into the readiness of a provisioning profile to be used for device provisioning. (72d6968c)
  • client-opensearch: Amazon OpenSearch UI applications now support cross-Region domain association, enabling you to connect OpenSearch Dashboards in one AWS Region to OpenSearch domains in other Regions within the same partition for centralized data visualization. (600311b9)
Tests
  • client-transcribe-streaming: add concurrency to startStreamTranscription test (#7948) (e2cf194b)

For list of updated packages, view updated-packages.md in assets-3.1036.0.zip

v3.1035.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-s3

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.1035.0 (2026-04-22)

Bug Fixes

  • client-s3: retry errors with 200 status code (#7945) (7d9d8d1)

Features

  • client-s3: This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). (41a6a59)

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-s3

3.1033.0 (2026-04-20)

Features

  • clients: use binary decision diagrams for endpoint resolution (#7931) (ff1b2ba)
Commits
  • 7babd8b Publish v3.1037.0
  • 46e4ac5 Publish v3.1036.0
  • 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
  • d8fbfbc Publish v3.1035.0
  • 41a6a59 feat(client-s3): This release adds five additional checksum algorithms for S3...
  • 7d9d8d1 fix(client-s3): retry errors with 200 status code (#7945)
  • d08b5a7 Publish v3.1034.0
  • 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942)
  • a62021b Publish v3.1033.0
  • ff1b2ba feat(clients): use binary decision diagrams for endpoint resolution (#7931)
  • See full diff in compare view

Updates @prisma/adapter-mariadb from 7.7.0 to 7.8.0

Release notes

Sourced from @​prisma/adapter-mariadb's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

Commits

Updates @prisma/client from 7.7.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422...

    Description has been truncated

@dependabot
chore(deps): bump the prod-minor-patch group with 12 updates
7f1cad3 
Bumps the prod-minor-patch group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@tanstack/vue-query](https://github.com/TanStack/query/tree/HEAD/packages/vue-query) | `5.99.0` | `5.100.5` |
| [axios](https://github.com/axios/axios) | `1.15.0` | `1.15.2` |
| [vue](https://github.com/vuejs/core) | `3.5.32` | `3.5.33` |
| [@tanstack/react-form](https://github.com/TanStack/form/tree/HEAD/packages/react-form) | `1.29.0` | `1.29.1` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.99.2` | `5.100.5` |
| [@tanstack/react-router](https://github.com/TanStack/router/tree/HEAD/packages/react-router) | `1.168.23` | `1.168.24` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.72.1` | `7.73.1` |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1032.0` | `3.1037.0` |
| [@prisma/adapter-mariadb](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-planetscale) | `7.7.0` | `7.8.0` |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `7.7.0` | `7.8.0` |
| [@scalar/hono-api-reference](https://github.com/scalar/scalar/tree/HEAD/integrations/hono) | `0.10.9` | `0.10.10` |
| [hono](https://github.com/honojs/hono) | `4.12.14` | `4.12.15` |


Updates `@tanstack/vue-query` from 5.99.0 to 5.100.5
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/vue-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/vue-query@5.100.5/packages/vue-query)

Updates `axios` from 1.15.0 to 1.15.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.15.2)

Updates `vue` from 3.5.32 to 3.5.33
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.32...v3.5.33)

Updates `@tanstack/react-form` from 1.29.0 to 1.29.1
- [Release notes](https://github.com/TanStack/form/releases)
- [Changelog](https://github.com/TanStack/form/blob/main/packages/react-form/CHANGELOG.md)
- [Commits](https://github.com/TanStack/form/commits/@tanstack/react-form@1.29.1/packages/react-form)

Updates `@tanstack/react-query` from 5.99.2 to 5.100.5
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.5/packages/react-query)

Updates `@tanstack/react-router` from 1.168.23 to 1.168.24
- [Release notes](https://github.com/TanStack/router/releases)
- [Changelog](https://github.com/TanStack/router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/TanStack/router/commits/@tanstack/react-router@1.168.24/packages/react-router)

Updates `react-hook-form` from 7.72.1 to 7.73.1
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.72.1...v7.73.1)

Updates `@aws-sdk/client-s3` from 3.1032.0 to 3.1037.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1037.0/clients/client-s3)

Updates `@prisma/adapter-mariadb` from 7.7.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/adapter-planetscale)

Updates `@prisma/client` from 7.7.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/client)

Updates `@scalar/hono-api-reference` from 0.10.9 to 0.10.10
- [Release notes](https://github.com/scalar/scalar/releases)
- [Changelog](https://github.com/scalar/scalar/blob/main/integrations/hono/CHANGELOG.md)
- [Commits](https://github.com/scalar/scalar/commits/HEAD/integrations/hono)

Updates `hono` from 4.12.14 to 4.12.15
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.14...v4.12.15)

---
updated-dependencies:
- dependency-name: "@tanstack/vue-query"
  dependency-version: 5.100.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: vue
  dependency-version: 3.5.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: "@tanstack/react-form"
  dependency-version: 1.29.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.100.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@tanstack/react-router"
  dependency-version: 1.168.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: react-hook-form
  dependency-version: 7.73.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1037.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@prisma/adapter-mariadb"
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@prisma/client"
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-patch
- dependency-name: "@scalar/hono-api-reference"
  dependency-version: 0.10.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
- dependency-name: hono
  dependency-version: 4.12.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 25, 2026
@martinkrivda martinkrivda merged commit bd82841 into main Apr 28, 2026
1 of 3 checks passed
@martinkrivda martinkrivda deleted the dependabot/npm_and_yarn/prod-minor-patch-3ed4385afc branch April 28, 2026 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@martinkrivda