Skip to content

Bump the prod-minor-updates group across 1 directory with 4 updates#5659

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/test/prod-minor-updates-04ebdda4c5
Open

Bump the prod-minor-updates group across 1 directory with 4 updates#5659
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/test/prod-minor-updates-04ebdda4c5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-minor-updates group with 4 updates in the /test directory: @quobix/vacuum, axios, cypress and eslint.

Updates @quobix/vacuum from 0.26.8 to 0.29.2

Release notes

Sourced from @​quobix/vacuum's releases.

v0.29.2

Changelog

  • c14a4a9dae8992b789915383da3edf49cabdec16 fix(motor): avoid broad component alias reconciliation
  • 47c5aac78b3295edad0baff157c26dde1267fd17 fix(motor): honor GOMAXPROCS for rule execution concurrency

v0.29.1

Changelog

  • f4a45caf29759a20e8e007044a6dba00546b567e Bump github.com/alecthomas/chroma/v2 from 2.24.1 to 2.26.1
  • 93e9b2e2ca1b0379871d47fc5a1fda729e0b5b0b Bump github.com/pb33f/libopenapi-validator from 0.13.7 to 0.13.8
  • 7360c0686dfc7bef502af0613085f4be9dbc5f3e add permissions.
  • 3f9cc525a502dacec2bb045aa28225ee04aa6fad fix(motor): include sibling component uses in nested reference alias paths
  • 925c673f0eacf62417d47423873d6fafc507dbc3 removed dead file

v0.29.0

Changelog

  • 21d356476884a8e2548d81e28779197d1b94cfa5 add AsyncAPI 3.x linting support
  • cac3f39d9882a3336269bcfd5e96581110469f3f updated docs and help to add in new AsyncAPI support.
  • 343544ce057b0ec3fa90858e77d3faefec089f0d updated readme
  • 93e337add909dd9bccb9318816418a0bce4c0256 upgraded libopenapi and upgrade code.

v0.28.4

Changelog

  • 6732bb00f67ffa21a1a2390469bb994925301c0c bump deps
  • 4942ddd4331608630b894b8af2f812fcdeb80870 ensure bundling behavior between docs and bundle operates the same way.

v0.28.3

Changelog

  • 74af9252465d5acd1b6dc56d5df3fa8df30c0cd3 fix: ensure x-lint-ignore directives respect parent ignores
  • 2238fd5bd5795439476f8191832e6469704df2a0 reconcile reference-alias result paths inside allOf/anyOf/oneOf

v0.28.2

Changelog

  • 6acde734cd11ba51f2db65fb9631d4abd367178d distinguish Homebrew cask from formula installs in upgrade flow
  • 1b8db0db8d671066f0226ad3e1cdb8df7f822e84 sort filtered rule stats and generalize source drift matching to external origins

v0.28.1

Changelog

  • f2f9f9809424dc946a7df14609bc5d9f933a12f1 harden result path reconciliation and violation diffing against ref drift
  • 9b004a592a6bf43ee731f21120b0a19b6d77a741 modified readme to add / correct links.
  • 649843da40f983e1d80b6daf711054c13ecd5b05 restored docker entrypoint

v0.28.0

Changelog

  • a3d2a5ae6f5ed632e4c891a79a97c7914211a3b4 added new schema command for JSON Schema linting!
  • ca6deec9b4d9b557904bae01bb2f71fedc356432 added new schema command to agents.md
  • 4586e7153c6c29977269f18cc74320a7301ab54d clean up the repo root a little.
  • 4754bc187cf9de6423a6a26942906fa63013c48a cleanup sweep.
  • 0d95d7b1525b1b2d8f68eeb45588edb50834f8ca update readme

v0.27.3

... (truncated)

Commits
  • c14a4a9 fix(motor): avoid broad component alias reconciliation
  • 47c5aac fix(motor): honor GOMAXPROCS for rule execution concurrency
  • 7360c06 add permissions.
  • 3f9cc52 fix(motor): include sibling component uses in nested reference alias paths
  • f4a45ca Bump github.com/alecthomas/chroma/v2 from 2.24.1 to 2.26.1
  • 93e9b2e Bump github.com/pb33f/libopenapi-validator from 0.13.7 to 0.13.8
  • 925c673 removed dead file
  • 343544c updated readme
  • 93e337a upgraded libopenapi and upgrade code.
  • cac3f39 updated docs and help to add in new AsyncAPI support.
  • Additional commits viewable in compare view

Updates axios from 1.16.1 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Commits
  • 2d06f96 chore(release): prepare release 1.18.0 (#11003)
  • 32fc489 fix: malformed http urls (#11000)
  • b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
  • fe964f9 docs: mark proxy config as Node.js only (#10995)
  • 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
  • fae9d4e docs: clarify package update PR policy (#10992)
  • 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
  • a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
  • 614f455 docs: publish v1.17.0 release notes (#10988)
  • 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
  • Additional commits viewable in compare view

Updates cypress from 15.16.0 to 15.17.0

Release notes

Sourced from cypress's releases.

v15.17.0

Changelog: https://docs.cypress.io/app/references/changelog#15-17-0

Commits
  • b22780a chore: Update Chrome (stable) to 149.0.7827.102 and Chrome for Testing (stabl...
  • ada42a7 chore: send standard identity headers on cy-prompt/studio session requests (#...
  • 6017154 perf(server): release pending automation requests after response (#34037)
  • 6be559a chore: don't redeclare inherited observable Session.name (#34034)
  • 437a08e chore: update need help link for auto provision project slug error modal (#34...
  • 04dd296 refactor(proxy): request/response interception adapters and wire middleware (...
  • 482cd41 chore: reporter support for test replay embedding (#34031)
  • f3de1b2 chore: reorder changelog entries for release by popularity of issue (#34032)
  • b60b68f misc: warn when a --spec pattern matches no spec files (#34023)
  • e0fe6e0 perf: Fix Command Log performance regression on hover (#34029)
  • Additional commits viewable in compare view

Updates eslint from 10.4.1 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

  • 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
  • b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
  • 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
  • 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
  • f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
  • bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
  • c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

  • 8ae1b5b docs: Update README (GitHub Actions Bot)
  • ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
  • f99b47a docs: Update README (GitHub Actions Bot)
  • acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

  • b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
  • c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
  • 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
  • 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
  • 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
  • 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
  • 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
  • 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
  • cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
  • fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the prod-minor-updates group across 1 directory with 4 updates
0ae87f2 
Bumps the prod-minor-updates group with 4 updates in the /test directory: [@quobix/vacuum](https://github.com/daveshanley/vacuum), [axios](https://github.com/axios/axios), [cypress](https://github.com/cypress-io/cypress) and [eslint](https://github.com/eslint/eslint).


Updates `@quobix/vacuum` from 0.26.8 to 0.29.2
- [Release notes](https://github.com/daveshanley/vacuum/releases)
- [Commits](daveshanley/vacuum@v0.26.8...v0.29.2)

Updates `axios` from 1.16.1 to 1.18.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.18.0)

Updates `cypress` from 15.16.0 to 15.17.0
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v15.16.0...v15.17.0)

Updates `eslint` from 10.4.1 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.1...v10.5.0)

---
updated-dependencies:
- dependency-name: "@quobix/vacuum"
  dependency-version: 0.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: axios
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: cypress
  dependency-version: 15.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants