Skip to content

chore(deps): bump the dependencies group across 1 directory with 13 updates#53

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-3a8e6b686c
Open

chore(deps): bump the dependencies group across 1 directory with 13 updates#53
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-3a8e6b686c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 13 updates in the / directory:

Package From To
axios 1.12.2 1.18.1
qs 6.14.0 6.15.3
@types/qs 6.14.0 6.15.1
@types/node 24.9.0 26.0.1
@vitest/coverage-v8 3.2.4 4.1.9
prettier 3.6.2 3.9.3
typedoc 0.28.14 0.28.19
typedoc-plugin-markdown 4.9.0 4.12.0
typescript 5.9.3 6.0.3
vite 7.1.11 8.1.0
vite-plugin-dts 4.5.4 5.0.3
vite-tsconfig-paths 5.1.4 6.1.1
vitest 3.2.4 4.1.9

Updates axios from 1.12.2 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates qs from 6.14.0 to 6.15.3

Changelog

Sourced from qs's changelog.

6.15.3

  • [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via combine/merge
  • [Fix] utils: respect encoding of surrogate pairs across chunks (#559)
  • [Robustness] parse: throw the arrayLimit error before splitting oversized comma values
  • [Robustness] utils.merge / utils.assign: avoid invoking __proto__ setter when copying own properties
  • [Robustness] utils: enforce arrayLimit consistently across merge's array paths
  • [Perf] utils: make compact O(n) via a side-channel visited-set instead of Array.indexOf
  • [Deps] update side-channel
  • [Dev Deps] update eslint, mock-property, tape
  • [Tests] parse: characterize current lenient handling of unbalanced bracket keys (#558)

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions

... (truncated)

Commits
  • 18d085e v6.15.3
  • c38af42 [Deps] update side-channel
  • adce539 [Dev Deps] update eslint, mock-property, tape
  • 74a0f6a [Robustness] utils: enforce arrayLimit consistently across merge's arra...
  • f4938f5 [Tests] parse: characterize current lenient handling of unbalanced bracket ...
  • 5d5f723 [Perf] utils: make compact O(n) via a side-channel visited-set instead of...
  • 52afe00 [Robustness] parse: throw the arrayLimit error before splitting oversized...
  • 963e538 [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via...
  • 59da434 [Fix] utils: respect encoding of surrogate pairs across chunks
  • 9532969 [Robustness] utils.merge / utils.assign: avoid invoking __proto__ sette...
  • Additional commits viewable in compare view

Updates @types/qs from 6.14.0 to 6.15.1

Commits

Updates @types/node from 24.9.0 to 26.0.1

Commits

Updates @types/qs from 6.14.0 to 6.15.1

Commits

Updates @vitest/coverage-v8 from 3.2.4 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub

v4.1.7

   🐞 Bug Fixes

    View changes on GitHub

v4.1.6

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v4.1.5

   🚀 Experimental Features

   🐞 Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vitest/coverage-v8 since your current version.


Updates prettier from 3.6.2 to 3.9.3

Release notes

Sourced from prettier's releases.

3.9.3

🔗 Changelog

3.9.1

🔗 Changelog

3.9.0

diff

🔗 Prettier 3.9: Major parser upgrades and Formatting improvements

3.8.5

🔗 Changelog

3.8.4

🔗 Changelog

3.8.3

🔗 Changelog

3.8.2

  • Support Angular v21.2

🔗 Changelog

3.8.1

🔗 Changelog

3.8.0

  • Support Angular v21.1

diff

🔗 Release note "Prettier 3.8: Support for Angular v21.1"

... (truncated)

Changelog

Sourced from prettier's changelog.

3.9.3

diff

Markdown: Fix unexpected removal of characters in liquid syntax (#19489 by @​seiyab)

// Input
<!-- Input -->
{{ page.title
}} text
<!-- Prettier 3.9.1 -->
{{ page.title
text
<!-- Prettier 3.9.3 -->
{{ page.title
}} text

TypeScript: Allow decorators to be used with declare on class fields (#19492 by @​evoactivity)

Extensively used within the Ember ecosystem, decorators with declare on class fields will ignore the babel parser error and allow Prettier to format the code without breaking it.

// Input
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
  @service declare server: ServerService;
}
// Prettier 3.9.1
// SyntaxError: Decorators can't be used with a declare field. (2:3)
//  1 | export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
//> 2 |   @​service declare server: ServerService;
//    |   ^
//  3 | }
// Prettier 3.9.3
export default class ProjectStatusComponent extends Component<ProjectStatusSig> {
@​service declare server: ServerService;
}

3.9.1

diff

... (truncated)

Commits
  • 3732e1d Release 3.9.3
  • a74a7b0 Allow decorators to be used with declare on class fields (#19492)
  • bd9e11a Correct text identification in liquid syntax (#19489)
  • 269eee3 Bump Prettier dependency to 3.9.1
  • ec7ccd1 Clean changelog_unreleased
  • c47654c Release 3.9.1
  • 06159aa Fix bug in release script
  • 4bc5ab4 Update file-entry-cache to 11.1.5 (#19483)
  • b7fd58b Release @prettier/plugin-oxc@0.2.0 and @prettier/plugin-hermes@0.2.0
  • 3006400 Revert changes in release script
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prettier since your current version.


Updates typedoc from 0.28.14 to 0.28.19

Release notes

Sourced from typedoc's releases.

v0.28.19

Features

  • Added French translations for the TypeDoc interface and help descriptions.
  • Added support for triple-slash comment style, which requires exactly three slashes in the comment, #3089.

Bug Fixes

  • Corrected handling of icon caching for custom themes which use SVGs with a larger view box than TypeDoc's default theme.
  • Fixed short summary comment handling on module pages when the project source files use Windows line endings, #3093.

Thanks!

v0.28.18

Features

  • Support TypeScript 6.0, #3084.

v0.28.17

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

v0.28.16

Bug Fixes

  • Fixed an issue causing TypeDoc to fail to generate documentation when implementing interfaces, #3052.
  • Fixed an issue preventing automatic entry point discovery on Windows, #3057.
  • Improved vertical positioning of text icons, #3056.
  • TypeDoc no longer includes source location information for type literal reflections. This could sometimes cause TypeDoc to infer the wrong path when resolving base paths for display.
  • Adjusted markdown rendering to allow markdownItLoader to override more rendering #3055.

... (truncated)

Changelog

Sourced from typedoc's changelog.

v0.28.19 (2026-04-12)

Features

  • Added French translations for the TypeDoc interface and help descriptions.
  • Added support for triple-slash comment style, which requires exactly three slashes in the comment, #3089.

Bug Fixes

  • Corrected handling of icon caching for custom themes which use SVGs with a larger view box than TypeDoc's default theme.
  • Fixed short summary comment handling on module pages when the project source files use Windows line endings, #3093.

Thanks!

v0.28.18 (2026-03-23)

Features

  • Support TypeScript 6.0, #3084.

v0.28.17 (2026-02-13)

Bug Fixes

  • Improved handling of comments for type aliases which have been declaration merged with functions, #3064.
  • Fixed anchor link generation to members named $, #3065.
  • Corrected typing of the plugin option to permit functions, #3066.
  • Warnings about unused @param tags will now be properly suppressed when they come from declaration files and the suppressCommentWarningsInDeclarationFiles option is enabled, #3070.
  • Fixed conversion of types referencing type parameters on functions, #3071.

Thanks!

v0.28.16 (2026-01-12)

Bug Fixes

  • Fixed an issue causing TypeDoc to fail to generate documentation when implementing interfaces, #3052.
  • Fixed an issue preventing automatic entry point discovery on Windows, #3057.
  • Improved vertical positioning of text icons, #3056.
  • TypeDoc no longer includes source location information for type literal reflections. This could sometimes cause TypeDoc to infer the wrong path when resolving base paths for display.
  • Adjusted markdown rendering to allow markdownItLoader to override more rendering #3055.

... (truncated)

Commits
  • 0135da0 Update changelog for release
  • 68fa965 Bump version to 0.28.19
  • cb13565 Update changelog, documentation
  • acba2ae Fix Comment.getShortSummary with windows line endings
  • a108643 feat(router): move anchor creation to seperate function (#3092)
  • d743a1c Merge pull request #3091 from hyosua/feat/locales-fr
  • 70a9b41 Update CHANGELOG and format French locales
  • 4db90bc Add French translations for locales
  • c8fb88f Attempt updating actions versions
  • a58e6a9 Update deps
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for typedoc since your current version.


Updates typedoc-plugin-markdown from 4.9.0 to 4.12.0

Release notes

Sourced from typedoc-plugin-markdown's releases.

typedoc-plugin-markdown@4.12.0

Minor Changes

  • Support JSDoc-style <caption> labels for @example tags (#861).
  • Add Markdown theme translations for the fr locale.

Patch Changes

  • Fixed duplicate sidebar groups when navigation.includeCategories=true and navigation.includeGroups=false (#866).

typedoc-plugin-markdown@4.11.0

Minor Changes

  • Improved rendering of union types when documented type details are present (#857).
  • Improved rendering of union types used in parameter declarations.
  • When a function returns another function, full documentation for the returned function is now only shown when meaningful comments are present, aligning with the default theme.
  • Index signature declarations are now rendered as blockquotes for improved consistency.

Patch Changes

  • Added locale translations for grouped @example headings (#858).
  • Function-typed properties are now rendered without parentheses in headings. This avoids implying that the member is a method and more accurately reflects that it is a property whose type is a function.
  • Optional properties are now indicated with ? in the property name, making the optionality explicit.
  • All pipe characters (|) in union type output are now escaped.

typedoc-plugin-markdown@4.10.0

Minor Changes

  • A JSON schema to be consumed by typedoc.json is now published to the package root.
  • Mark parameters with default values as optional, matching the default TypeDoc theme.

Patch Changes

  • Fixed markdownlint errors related to empty table cells and invalid link fragments.
  • Anchors inside table cells (when property formats equal "table") are now namespaced by reflection kind (for example property-foo) to prevent collisions with Markdown heading slugs and ensure stable in-page links (#856).
  • Resolve "does not have an anchor but one was requested" warnings in verbose log mode (#850).
  • Guard against undefined types causing errors in complex types in tables (thanks @​ilyabo).
Changelog

Sourced from typedoc-plugin-markdown's changelog.

4.12.0 (2026-06-02)

Minor Changes

  • Support JSDoc-style <caption> labels for @example tags (#861).
  • Add Markdown theme translations for the fr locale.

Patch Changes

  • Fixed duplicate sidebar groups when navigation.includeCategories=true and navigation.includeGroups=false (#866).

4.11.0 (2026-03-18)

Minor Changes

  • Improved rendering of union types when documented type details are present (#857).
  • Improved rendering of union types used in parameter declarations.
  • When a function returns another function, full documentation for the returned function is now only shown when meaningful comments are present, aligning with the default theme.
  • Index signature declarations are now rendered as blockquotes for improved consistency.

Patch Changes

  • Added locale translations for grouped @example headings (#858).
  • Function-typed properties are now rendered without parentheses in headings. This avoids implying that the member is a method and more accurately reflects that it is a property whose type is a function.
  • Optional properties are now indicated with ? in the property name, making the optionality explicit.
  • All pipe characters (|) in union type output are now escaped.

4.10.0 (2026-02-06)

Minor Changes

  • A JSON schema to be consumed by typedoc.json is now published to the package root.
  • Mark parameters with default values as optional, matching the default TypeDoc theme.

Patch Changes

  • Fixed markdownlint errors related to empty table cells and invalid link fragments.
  • Anchors inside table cells (when property formats equal "table") are now namespaced by reflection kind (for example property-foo) to prevent collisions with Markdown heading slugs and ensure stable in-page links (#856).
  • Resolve "does not have an anchor but one was requested" warnings in verbose log mode (#850).
  • Guard against undefined types causing errors in complex types in tables (thanks @​ilyabo).
Commits
  • 7d601e1 Version Packages
  • 1ab02e8 fix(core): fixed duplicate sidebar groups (#866)
  • 7696589 fix(core): support JSDoc-style \<caption> labels for @example tags (#861)
  • 94e7353 chore(core): refactor tweaks
  • 345eace chore(docs): updated docs
  • e7dc9cb chore(all): fixed specs
  • 37fa5e9 chore(all): add mocha to types
  • e0fe371 feat(core): add Markdown theme translations for the fr locale
  • 88f7efd chore(all): updated packages
  • 9bdc290 chore(docs): updated readmes
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for typedoc-plugin-markdown since your current version.


Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0

For release notes, check out the release announcement blog post.

Downloads are available on:

TypeScript 6.0 Beta

For release notes, check out the release announcement.

Downloads are available on:

Commits
  • 050880c Bump version to 6.0.3 and LKG
  • eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
  • ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
  • 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
  • 607a22a Bump version to 6.0.2 and LKG
  • 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
  • 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
  • e175b69 Bump version to 6.0.1-rc and LKG

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 4, 2026
@socket-security

socket-security Bot commented May 4, 2026

Copy link
Copy Markdown

…pdates

Bumps the dependencies group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.12.2` | `1.18.1` |
| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.3` |
| [@types/qs](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/qs) | `6.14.0` | `6.15.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.9.0` | `26.0.1` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `3.2.4` | `4.1.9` |
| [prettier](https://github.com/prettier/prettier) | `3.6.2` | `3.9.3` |
| [typedoc](https://github.com/TypeStrong/TypeDoc) | `0.28.14` | `0.28.19` |
| [typedoc-plugin-markdown](https://github.com/typedoc2md/typedoc-plugin-markdown/tree/HEAD/packages/typedoc-plugin-markdown) | `4.9.0` | `4.12.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.11` | `8.1.0` |
| [vite-plugin-dts](https://github.com/qmhc/unplugin-dts/tree/HEAD/packages/vite-plugin-dts) | `4.5.4` | `5.0.3` |
| [vite-tsconfig-paths](https://github.com/aleclarson/vite-tsconfig-paths) | `5.1.4` | `6.1.1` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.2.4` | `4.1.9` |



Updates `axios` from 1.12.2 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.12.2...v1.18.1)

Updates `qs` from 6.14.0 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.0...v6.15.3)

Updates `@types/qs` from 6.14.0 to 6.15.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/qs)

Updates `@types/node` from 24.9.0 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/qs` from 6.14.0 to 6.15.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/qs)

Updates `@vitest/coverage-v8` from 3.2.4 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/coverage-v8)

Updates `prettier` from 3.6.2 to 3.9.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.6.2...3.9.3)

Updates `typedoc` from 0.28.14 to 0.28.19
- [Release notes](https://github.com/TypeStrong/TypeDoc/releases)
- [Changelog](https://github.com/TypeStrong/typedoc/blob/master/CHANGELOG.md)
- [Commits](TypeStrong/typedoc@v0.28.14...v0.28.19)

Updates `typedoc-plugin-markdown` from 4.9.0 to 4.12.0
- [Release notes](https://github.com/typedoc2md/typedoc-plugin-markdown/releases)
- [Changelog](https://github.com/typedoc2md/typedoc-plugin-markdown/blob/main/packages/typedoc-plugin-markdown/CHANGELOG.md)
- [Commits](https://github.com/typedoc2md/typedoc-plugin-markdown/commits/typedoc-plugin-markdown@4.12.0/packages/typedoc-plugin-markdown)

Updates `typescript` from 5.9.3 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v5.9.3...v6.0.3)

Updates `vite` from 7.1.11 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vite-plugin-dts` from 4.5.4 to 5.0.3
- [Release notes](https://github.com/qmhc/unplugin-dts/releases)
- [Changelog](https://github.com/qmhc/unplugin-dts/blob/main/packages/vite-plugin-dts/CHANGELOG.md)
- [Commits](https://github.com/qmhc/unplugin-dts/commits/vite-plugin-dts@5.0.3/packages/vite-plugin-dts)

Updates `vite-tsconfig-paths` from 5.1.4 to 6.1.1
- [Release notes](https://github.com/aleclarson/vite-tsconfig-paths/releases)
- [Commits](aleclarson/vite-tsconfig-paths@v5.1.4...v6.1.1)

Updates `vitest` from 3.2.4 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@types/qs"
  dependency-version: 6.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@types/qs"
  dependency-version: 6.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: prettier
  dependency-version: 3.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: qs
  dependency-version: 6.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: typedoc
  dependency-version: 0.28.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: typedoc-plugin-markdown
  dependency-version: 4.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vite
  dependency-version: 8.0.10
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vite-plugin-dts
  dependency-version: 5.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vite-tsconfig-paths
  dependency-version: 6.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: vitest
  dependency-version: 4.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dependencies-3a8e6b686c branch from 51598a5 to 118499c Compare June 29, 2026 18:25
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/vite@8.1.0npm/vite-plugin-dts@5.0.3npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant