[PR #3230] Bump the prod-minor-updates group across 1 directory with 9 updates #26870

Open
opened 2026-06-08 20:19:58 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/3230
Author: @dependabot[bot]
Created: 6/8/2026
Status: 🔄 Open

Base: mainHead: dependabot/npm_and_yarn/prod-minor-updates-a08bf916a0


📝 Commits (1)

  • 2b23663 Bump the prod-minor-updates group across 1 directory with 9 updates

📊 Changes

2 files changed (+1263 additions, -604 deletions)

View changed files

📝 package-lock.json (+1254 -595)
📝 package.json (+9 -9)

📄 Description

Bumps the prod-minor-updates group with 9 updates in the / directory:

Package From To
@aws-sdk/client-s3 3.1056.0 3.1063.0
@radix-ui/react-radio-group 1.3.8 1.4.0
@radix-ui/react-select 2.2.6 2.3.0
@radix-ui/react-switch 1.2.6 1.3.0
@tanstack/react-query 5.100.14 5.101.0
axios 1.16.1 1.17.0
js-yaml 4.1.1 4.2.0
posthog-node 5.35.6 5.36.4
react-hook-form 7.76.1 7.78.0

Updates @aws-sdk/client-s3 from 3.1056.0 to 3.1063.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1063.0

3.1063.0(2026-06-05)

Chores
New Features
  • clients: update client endpoints as of 2026-06-05 (fe9a398f)
  • client-sagemaker: This release adds support for MLflow experiment tracking in SageMaker inference optimization. CreateAIRecommendationJob and CreateAIBenchmarkJob now accept an optional OutputConfig.MlflowConfig (MLflow App ARN, experiment, run name) to stream benchmark metrics and artifacts to your own MLflow App. (39430442)
  • client-emr-serverless: Adds support for updating max capacity and custom fields while application is started (6c9cce08)
  • client-dynamodb: Adding new BDD representation of endpoint ruleset (416005d4)
  • client-mediaconvert: Adds support for configurable number of Clear Lead segments at the beginning of encrypted output. Adds support for multiple trickplay variants. (40eb4c6b)
  • client-payment-cryptography: Adds CloudFormation support for resource-based policies on AWS Payment Cryptography keys. (c32019a8)
  • client-quicksight: Adds support for Knowledge Base APIs and Index Capacity API (8205152f)
Bug Fixes
  • core/httpAuthSchemes: fix concurrent skew correction (#8078) (83e48928)
Tests
  • middleware-endpoint-discovery: remove integration tests (#8077) (02363831)
  • clients: add client error deserialization tests (#8075) (0dfa4ad1)

For list of updated packages, view updated-packages.md in assets-3.1063.0.zip

v3.1062.0

3.1062.0(2026-06-04)

Chores
  • scripts: include generated packages when validating declared imports 1-1 with used imports (#8072) (291ad366)
Documentation Changes
  • client-guardduty: Remove unsupported RDS field for filter (5815da7f)
New Features
  • client-interconnect: Adding new BDD representation of endpoint ruleset (34e23ef2)
  • client-ec2-instance-connect: Adding new BDD representation of endpoint ruleset (c2a4981e)
  • client-mq: BDD bulk update change rollout (e058b8fd)
  • client-workspaces: Adding new BDD representation of endpoint ruleset (6b1e3602)
  • client-connectparticipant: Adding new BDD representation of endpoint ruleset (22db2a6a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1059.0 (2026-06-02)

Note: Version bump only for package @​aws-sdk/client-s3

3.1058.0 (2026-06-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.1057.0 (2026-05-29)

... (truncated)

Commits
  • 85dabf4 Publish v3.1063.0
  • 9bd1a86 chore: update author URL in package.json (#8080)
  • f5235bb Publish v3.1062.0
  • 291ad36 chore(scripts): include generated packages when validating declared imports 1...
  • 71df2cc Publish v3.1061.0
  • 1216094 chore(middleware-sdk-s3): consolidate S3 internal packages (#8026)
  • 8aeb92d Publish v3.1060.0
  • 75bb4fc Publish v3.1059.0
  • 6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
  • d7602d4 Publish v3.1058.0
  • Additional commits viewable in compare view

Updates @radix-ui/react-radio-group from 1.3.8 to 1.4.0

Changelog

Sourced from @​radix-ui/react-radio-group's changelog.

1.4.0

  • Added unstable RadioGroupItemProvider, RadioGroupItemTrigger and RadioGroupItemBubbleInput parts. These expose the previously internal composition of a radio item (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The RadioGroupItem component continues to render them by default.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-roving-focus@1.1.12, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-radio-group since your current version.


Updates @radix-ui/react-select from 2.2.6 to 2.3.0

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.0

  • Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
  • Added support for presence-based exit animations in Select
  • Fixed Select hidden input so it submits empty string when no value is selected
  • Fixed placeholder rendering when a controlled Select is reset to an empty value
  • Added missing __selectScope prop to PopperContent component
  • Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
  • Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
  • Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
  • Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.


Updates @radix-ui/react-switch from 1.2.6 to 1.3.0

Changelog

Sourced from @​radix-ui/react-switch's changelog.

1.3.0

  • Added unstable Provider, Trigger and BubbleInput parts to Switch. These expose the previously internal composition (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The Switch component continues to render them by default.
  • Added repository.directory to all package.json files
  • Updated dependencies: @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-use-size@1.1.2
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-switch since your current version.


Updates @tanstack/react-query from 5.100.14 to 5.101.0

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.0

Patch Changes

@​tanstack/react-query-next-experimental@​5.101.0

Patch Changes

  • #10857 7cf5923 - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'

  • Updated dependencies []:

    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query-persist-client@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.101.0
    • @​tanstack/react-query@​5.101.0

@​tanstack/react-query@​5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.101.0
Commits

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits

Updates js-yaml from 4.1.1 to 4.2.0

Changelog

Sourced from js-yaml's changelog.

[4.2.0] - 2026-06-01

Added

  • Added docs/safety.md with notes about processing untrusted YAML.
  • Added maxDepth (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.
  • Added maxMergeSeqLength (20) loader option. Not a problem after merge fix, but an additional restriction for safety.
  • Added sourcemaps to dist/ builds.

Changed

  • Stop resolving numbers with underscores as numeric scalars, #627.
  • Switched dev toolchains to Vite / neostandard.
  • Updated demo.
  • Reorganized tests.
  • dist/ files are no longer kept in the repository.

Fixed

  • Fix parsing of properties on the first implicit block mapping key, #62.
  • Fix trailing whitespace handling when folding flow scalar lines, #307.
  • Reject top-level block scalars without content indentation, #280.
  • Ensure numbers survive round-trip, #737.
  • Fix test coverage for issue #221.
  • Fix flow scalar trailing whitespace folding, #307.
  • Fix digits in YAML named tag handles.

Security

  • Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files > 10K).

[3.14.2] - 2025-11-15

Security

  • Backported v4.1.1 fix to v3
Commits

Updates posthog-node from 5.35.6 to 5.36.4

Release notes

Sourced from posthog-node's releases.

posthog-node@5.36.4

5.36.4

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.10

posthog-node@5.36.3

5.36.3

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.9

posthog-node@5.36.2

5.36.2

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.8

posthog-node@5.36.1

5.36.1

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.7

posthog-node@5.36.0

5.36.0

Minor Changes

  • #3728 9287c87 Thanks @​turnipdabeets! - Add a configurable $is_server event property (default true) so PostHog can identify server-side events. Set isServer: false when using the SDK as a client/CLI so the device OS is attributed normally. (2026-06-04)

posthog-node@5.35.15

5.35.15

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.6

posthog-node@5.35.14

5.35.14

... (truncated)

Changelog

Sourced from posthog-node's changelog.

5.36.4

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.10

5.36.3

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.9

5.36.2

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.8

5.36.1

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.7

5.36.0

Minor Changes

  • #3728 9287c87 Thanks @​turnipdabeets! - Add a configurable $is_server event property (default true) so PostHog can identify server-side events. Set isServer: false when using the SDK as a client/CLI so the device OS is attributed normally. (2026-06-04)

5.35.15

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.6

5.35.14

Patch Changes

  • Updated dependencies []:
    • @​posthog/core@​1.30.5

5.35.13

... (truncated)

Commits
  • d46f0b9 chore: update versions and lockfile [version bump]
  • e0ebad5 chore: update versions and lockfile [version bump]
  • a8fd228 chore: update versions and lockfile [version bump]
  • 287ad9f chore: update versions and lockfile [version bump]
  • dc1e193 chore: update versions and lockfile [version bump]
  • 9287c87 feat: emit $is_server property on captured events (#3728)
  • b539fcb chore: update versions and lockfile [version bump]
  • 79de441 chore: update versions and lockfile [version bump]
  • 4a8cacc chore: add Sentry attribution comments (#3738)
  • d385e2a chore: clarify error tracking comments (#3735)
  • Additional commits viewable in compare view

Updates react-hook-form from 7.76.1 to 7.78.0

Release notes

Sourced from react-hook-form's releases.

Version 7.78.0

🦷 update type dirtyFields typing for field arrays with undefined entries (#13492) 🐞 fix: recover Controller fields after reset without rerender (RN issue #13455) (#13497) 🐞 fix useFormState().isDirty race with async resolver in onChange mode (#13495) 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is true (#13485) 🐞 fix deepEqual for empty non-plain objects (#13493)

thanks to @​cyphercodes

Version 7.77.0

🥡 feat: add resetDefaultValues API (#13427)

https://react-hook-form.com/docs/useform/resetdefaultvalues

const { resetDefaultValues } = useForm();

resetDefaultValues(currentValues);

🐚 harden get() against prototype-path traversal (proto / constructor / prototype) (#13479) 🐞 fix FieldArray errors overriding nested fields (#13476) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (#13473) 🐞 fix: preserve values with shouldUnregister (#13464) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (#13461) 👝 save bundle size (#13468)

thanks to @​puneetdixit200 & @​dfedoryshchev

Changelog

Sourced from react-hook-form's changelog.

Changelog

[7.77.0] - 2026-05-31

Added

  • resetDefaultValues API

Fixed

  • Stale isDirty in subscribe payload after reset(..., { keepValues: true })
  • Preserve values with shouldUnregister
  • Inconsistent reset({}) behavior requiring double-call to take effect
  • FieldArray errors overriding nested fields

Security

  • Harden get() against prototype-path traversal (__proto__ / constructor / prototype)

Performance

  • Bundle size reduction
Commits
  • 23ab3a7 7.78.0
  • 29fbd7d 🪭 close #13506 add regression test for useFormState
  • b000509 📝 test: fix "allow to" grammar in test descriptions (#13504)
  • 76187c3 🧪 add unit test for regression render submit with useWatch #13035
  • 16c35fb 🫡 add regression coverage for dynamic Controller names with keepDirtyValues/k...
  • 0bd39fa 🐞 fix: recover Controller fields after reset without rerender (RN issue #1345...
  • 6a501e0 🦷 update type dirtyFields typing for field arrays with undefined entries (#13...
  • d681dc5 🐞 fix useFormState().isDirty race with async resolver in onChange mode (#...
  • a9b8a6f 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is t...
  • 686da3f 🐞 fix deepEqual for empty non-plain objects (#13493)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/3230 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/8/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/prod-minor-updates-a08bf916a0` --- ### 📝 Commits (1) - [`2b23663`](https://github.com/fosrl/pangolin/commit/2b236631c7284ea055a2759537221bd03c3c5653) Bump the prod-minor-updates group across 1 directory with 9 updates ### 📊 Changes **2 files changed** (+1263 additions, -604 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+1254 -595) 📝 `package.json` (+9 -9) </details> ### 📄 Description Bumps the prod-minor-updates group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1056.0` | `3.1063.0` | | [@radix-ui/react-radio-group](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/radio-group) | `1.3.8` | `1.4.0` | | [@radix-ui/react-select](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/select) | `2.2.6` | `2.3.0` | | [@radix-ui/react-switch](https://github.com/radix-ui/primitives/tree/HEAD/packages/react/switch) | `1.2.6` | `1.3.0` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.100.14` | `5.101.0` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.35.6` | `5.36.4` | | [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.76.1` | `7.78.0` | Updates `@aws-sdk/client-s3` from 3.1056.0 to 3.1063.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-js-v3/releases">@​aws-sdk/client-s3's releases</a>.</em></p> <blockquote> <h2>v3.1063.0</h2> <h4>3.1063.0(2026-06-05)</h4> <h5>Chores</h5> <ul> <li>update author URL in package.json (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8080">#8080</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/9bd1a86b9bec0f69c58dcfdda481c9e1797dd73f">9bd1a86b</a>)</li> <li><strong>crt-loader:</strong> update to latest aws-crt (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8079">#8079</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/8c2bdabd5826c8914eb1904880eade3c81ca6be4">8c2bdabd</a>)</li> </ul> <h5>New Features</h5> <ul> <li><strong>clients:</strong> update client endpoints as of 2026-06-05 (<a href="https://github.com/aws/aws-sdk-js-v3/commit/fe9a398fbfb3d324e4b67c7677fc63f62933f283">fe9a398f</a>)</li> <li><strong>client-sagemaker:</strong> This release adds support for MLflow experiment tracking in SageMaker inference optimization. CreateAIRecommendationJob and CreateAIBenchmarkJob now accept an optional OutputConfig.MlflowConfig (MLflow App ARN, experiment, run name) to stream benchmark metrics and artifacts to your own MLflow App. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/394304420ef42ed5c8918990273788bfd69d5f5a">39430442</a>)</li> <li><strong>client-emr-serverless:</strong> Adds support for updating max capacity and custom fields while application is started (<a href="https://github.com/aws/aws-sdk-js-v3/commit/6c9cce08f51a2b91ca5c7fc9dca2bfd293980546">6c9cce08</a>)</li> <li><strong>client-dynamodb:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/416005d46847152ba1a24e4ce3297f47469f685c">416005d4</a>)</li> <li><strong>client-mediaconvert:</strong> Adds support for configurable number of Clear Lead segments at the beginning of encrypted output. Adds support for multiple trickplay variants. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/40eb4c6b527bb508bc7bdb2402528cff5ed49198">40eb4c6b</a>)</li> <li><strong>client-payment-cryptography:</strong> Adds CloudFormation support for resource-based policies on AWS Payment Cryptography keys. (<a href="https://github.com/aws/aws-sdk-js-v3/commit/c32019a8ffa7be444993d1ee8288d2c43c8a3f89">c32019a8</a>)</li> <li><strong>client-quicksight:</strong> Adds support for Knowledge Base APIs and Index Capacity API (<a href="https://github.com/aws/aws-sdk-js-v3/commit/8205152f535d2a38e0f0ea5e2d516ab8b484650d">8205152f</a>)</li> </ul> <h5>Bug Fixes</h5> <ul> <li><strong>core/httpAuthSchemes:</strong> fix concurrent skew correction (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8078">#8078</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/83e48928b9f31c78c6c10adc2127d663837ddd2a">83e48928</a>)</li> </ul> <h5>Tests</h5> <ul> <li><strong>middleware-endpoint-discovery:</strong> remove integration tests (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8077">#8077</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/02363831ab1c4cae1b254efe92ab49fa71f20700">02363831</a>)</li> <li><strong>clients:</strong> add client error deserialization tests (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8075">#8075</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/0dfa4ad150e0283cf787cd231600aeb7d75695f0">0dfa4ad1</a>)</li> </ul> <hr /> <p>For list of updated packages, view <strong>updated-packages.md</strong> in <strong>assets-3.1063.0.zip</strong></p> <h2>v3.1062.0</h2> <h4>3.1062.0(2026-06-04)</h4> <h5>Chores</h5> <ul> <li><strong>scripts:</strong> include generated packages when validating declared imports 1-1 with used imports (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/8072">#8072</a>) (<a href="https://github.com/aws/aws-sdk-js-v3/commit/291ad3664d63b413e6c9631ac0a833e5819ceeaa">291ad366</a>)</li> </ul> <h5>Documentation Changes</h5> <ul> <li><strong>client-guardduty:</strong> Remove unsupported RDS field for filter (<a href="https://github.com/aws/aws-sdk-js-v3/commit/5815da7f30f1bdfdcd45fa09c59d0a199a4e8e0a">5815da7f</a>)</li> </ul> <h5>New Features</h5> <ul> <li><strong>client-interconnect:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/34e23ef23951a492d90749601a3c2e395177b019">34e23ef2</a>)</li> <li><strong>client-ec2-instance-connect:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/c2a4981e83ab456c1335204c4c5693cf2b4ef510">c2a4981e</a>)</li> <li><strong>client-mq:</strong> BDD bulk update change rollout (<a href="https://github.com/aws/aws-sdk-js-v3/commit/e058b8fd7fb9bffbacde2468108973c5a82139e2">e058b8fd</a>)</li> <li><strong>client-workspaces:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/6b1e3602cde54d7840c6ab80610c46c9bd07262c">6b1e3602</a>)</li> <li><strong>client-connectparticipant:</strong> Adding new BDD representation of endpoint ruleset (<a href="https://github.com/aws/aws-sdk-js-v3/commit/22db2a6a6f37796f76290bcd3faf1a5bec0f4426">22db2a6a</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md">@​aws-sdk/client-s3's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1062.0...v3.1063.0">3.1063.0</a> (2026-06-05)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1061.0...v3.1062.0">3.1062.0</a> (2026-06-04)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1060.0...v3.1061.0">3.1061.0</a> (2026-06-03)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1059.0...v3.1060.0">3.1060.0</a> (2026-06-03)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1058.0...v3.1059.0">3.1059.0</a> (2026-06-02)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1057.0...v3.1058.0">3.1058.0</a> (2026-06-01)</h1> <p><strong>Note:</strong> Version bump only for package <code>@​aws-sdk/client-s3</code></p> <h1><a href="https://github.com/aws/aws-sdk-js-v3/compare/v3.1056.0...v3.1057.0">3.1057.0</a> (2026-05-29)</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/85dabf4ef0c81d9db5405c483b3bfbd2126075d4"><code>85dabf4</code></a> Publish v3.1063.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/9bd1a86b9bec0f69c58dcfdda481c9e1797dd73f"><code>9bd1a86</code></a> chore: update author URL in package.json (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8080">#8080</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/f5235bbaa2e234435fed935ae69df09b33149d0c"><code>f5235bb</code></a> Publish v3.1062.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/291ad3664d63b413e6c9631ac0a833e5819ceeaa"><code>291ad36</code></a> chore(scripts): include generated packages when validating declared imports 1...</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/71df2cc54f319fdbd1a6cd82b0317dbb65b386a7"><code>71df2cc</code></a> Publish v3.1061.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/121609400451d15166872f5dc2a2d8fe75c7d7f6"><code>1216094</code></a> chore(middleware-sdk-s3): consolidate S3 internal packages (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8026">#8026</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/8aeb92dd6ab42e4b59ebb3ad5a7c43b503af0183"><code>8aeb92d</code></a> Publish v3.1060.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/75bb4fc527454646b0992d69d8910e743d81654b"><code>75bb4fc</code></a> Publish v3.1059.0</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/6b082a6526a0bb0ba213bb16b4c97a0b1134bc45"><code>6b082a6</code></a> chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (<a href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/8067">#8067</a>)</li> <li><a href="https://github.com/aws/aws-sdk-js-v3/commit/d7602d4e4256f1c91b499dcfa8e444041fdf96b6"><code>d7602d4</code></a> Publish v3.1058.0</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-sdk-js-v3/commits/v3.1063.0/clients/client-s3">compare view</a></li> </ul> </details> <br /> Updates `@radix-ui/react-radio-group` from 1.3.8 to 1.4.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/radio-group/CHANGELOG.md">@​radix-ui/react-radio-group's changelog</a>.</em></p> <blockquote> <h2>1.4.0</h2> <ul> <li>Added unstable <code>RadioGroupItemProvider</code>, <code>RadioGroupItemTrigger</code> and <code>RadioGroupItemBubbleInput</code> parts. These expose the previously internal composition of a radio item (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The <code>RadioGroupItem</code> component continues to render them by default.</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/react-presence@1.1.6</code>, <code>@radix-ui/react-direction@1.1.2</code>, <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-roving-focus@1.1.12</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-use-size@1.1.2</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/radio-group">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-radio-group</code> since your current version.</p> </details> <br /> Updates `@radix-ui/react-select` from 2.2.6 to 2.3.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/select/CHANGELOG.md">@​radix-ui/react-select's changelog</a>.</em></p> <blockquote> <h2>2.3.0</h2> <ul> <li>Added unstable <code>Provider</code> and <code>BubbleInput</code> parts to Select. <code>Select.unstable_Provider</code> sets up Select's context and state without implicitly rendering the hidden native <code>select</code>, and <code>Select.unstable_BubbleInput</code> exposes that previously internal native <code>select</code> so consumers can recompose it explicitly. <code>Select</code> continues to render both by default.</li> <li>Added support for presence-based exit animations in Select</li> <li>Fixed Select hidden input so it submits empty string when no value is selected</li> <li>Fixed placeholder rendering when a controlled Select is reset to an empty value</li> <li>Added missing <code>__selectScope</code> prop to <code>PopperContent</code> component</li> <li>Fixed <code>Select</code> closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM</li> <li>Fixed a bug where iOS text selection and editing on HTML inputs within <code>react-dialog</code> were broken</li> <li>Fixed triggers referencing a non-existent element via <code>aria-controls</code> when their content is removed from the DOM (credit to <a href="https://github.com/dodomorandi"><code>@​dodomorandi</code></a> for the <a href="https://redirect.github.com/radix-ui/primitives/pull/3243">original PR</a>)</li> <li>Fixed <code>SelectValue</code> logging invalid prop errors when used with both <code>asChild</code> and a placeholder</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/react-presence@1.1.6</code>, <code>@radix-ui/react-popper@1.3.0</code>, <code>@radix-ui/react-slot@1.2.5</code>, <code>@radix-ui/react-focus-guards@1.1.4</code>, <code>@radix-ui/react-dismissable-layer@1.1.12</code>, <code>@radix-ui/react-collection@1.1.9</code>, <code>@radix-ui/react-direction@1.1.2</code>, <code>@radix-ui/number@1.1.2</code>, <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-focus-scope@1.1.9</code>, <code>@radix-ui/react-id@1.1.2</code>, <code>@radix-ui/react-portal@1.1.11</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-use-callback-ref@1.1.2</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-layout-effect@1.1.2</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-visually-hidden@1.2.5</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/select">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-select</code> since your current version.</p> </details> <br /> Updates `@radix-ui/react-switch` from 1.2.6 to 1.3.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/radix-ui/primitives/blob/main/packages/react/switch/CHANGELOG.md">@​radix-ui/react-switch's changelog</a>.</em></p> <blockquote> <h2>1.3.0</h2> <ul> <li>Added unstable <code>Provider</code>, <code>Trigger</code> and <code>BubbleInput</code> parts to Switch. These expose the previously internal composition (context provider, the interactive control, and the hidden form input) so consumers can directly access and recompose them. The <code>Switch</code> component continues to render them by default.</li> <li>Added repository.directory to all package.json files</li> <li>Updated dependencies: <code>@radix-ui/primitive@1.1.4</code>, <code>@radix-ui/react-compose-refs@1.1.3</code>, <code>@radix-ui/react-context@1.1.4</code>, <code>@radix-ui/react-primitive@2.1.5</code>, <code>@radix-ui/react-use-controllable-state@1.2.3</code>, <code>@radix-ui/react-use-previous@1.1.2</code>, <code>@radix-ui/react-use-size@1.1.2</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/radix-ui/primitives/commits/HEAD/packages/react/switch">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@​radix-ui/react-switch</code> since your current version.</p> </details> <br /> Updates `@tanstack/react-query` from 5.100.14 to 5.101.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/TanStack/query/releases">@​tanstack/react-query's releases</a>.</em></p> <blockquote> <h2><code>@​tanstack/react-query-devtools</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/TanStack/query/commit/3042860e3c8731c94ca4dec0e277e415d0484fce"><code>3042860</code></a>, <a href="https://github.com/TanStack/query/commit/e631dc3fa17bff71f413246b7a770a730016d346"><code>e631dc3</code></a>]: <ul> <li><code>@​tanstack/query-devtools</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query-next-experimental</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/TanStack/query/pull/10857">#10857</a> <a href="https://github.com/TanStack/query/commit/7cf5923308fb91f3eff0fe952d8c64676e2bdad7"><code>7cf5923</code></a> - fix(react-query-next-experimental): replace deprecated 'isServer' with 'environmentManager.isServer()'</p> </li> <li> <p>Updated dependencies []:</p> <ul> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query-persist-client</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-persist-client-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> <li><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> <h2><code>@​tanstack/react-query</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md">@​tanstack/react-query's changelog</a>.</em></p> <blockquote> <h2>5.101.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​tanstack/query-core</code><a href="https://github.com/5"><code>@​5</code></a>.101.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TanStack/query/commit/f3d8d2abbf15bf81ff7575d3be9845d7b402f25a"><code>f3d8d2a</code></a> ci: Version Packages (<a href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10774">#10774</a>)</li> <li><a href="https://github.com/TanStack/query/commit/532bb298fba15e945e69c6ee4edc0c759ff21324"><code>532bb29</code></a> fix(tests): disable local coverage instrumentation (<a href="https://github.com/TanStack/query/tree/HEAD/packages/react-query/issues/10776">#10776</a>)</li> <li>See full diff in <a href="https://github.com/TanStack/query/commits/@tanstack/react-query@5.101.0/packages/react-query">compare view</a></li> </ul> </details> <br /> Updates `axios` from 1.16.1 to 1.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.17.0 — June 1, 2026</h2> <p>This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Config Hardening:</strong> Guarded <code>socketPath</code>, <code>params</code>, and <code>paramsSerializer</code> reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong>Release Publishing:</strong> Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (<strong><a href="https://redirect.github.com/axios/axios/issues/10926">#10926</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>HTTP Compression:</strong> Added Node HTTP adapter support for zstd response decompression, with <code>transitional.advertiseZstdAcceptEncoding</code> controlling whether <code>zstd</code> is advertised in <code>Accept-Encoding</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10920">#10920</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Authentication Handling:</strong> Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> <li><strong>Proxy TLS:</strong> Preserved user <code>httpsAgent</code> TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a></strong>)</li> <li><strong>React Native FormData:</strong> Cleared default <code>Content-Type</code> for React Native <code>FormData</code> so multipart boundaries can be generated correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10898">#10898</a></strong>)</li> <li><strong>Headers:</strong> Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10875">#10875</a></strong>)</li> <li><strong>Request Data Merging:</strong> Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong>Bundler Compatibility:</strong> Converted <code>resolveConfig</code> from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong>Types:</strong> Corrected <code>AxiosHeaders.toJSON()</code> return types and updated CommonJS <code>isCancel</code> typings to narrow to <code>CanceledError&lt;T&gt;</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a></strong>)</li> <li><strong>Build Tooling:</strong> Avoided emitting a null <code>Authorization</code> header from the GitHub build helper when <code>GITHUB_TOKEN</code> is unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li><strong>HTTP/2 Internals:</strong> Extracted <code>Http2Sessions</code> into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong>Package Publishing:</strong> Reduced published package size by switching to a <code>files</code> allowlist and dropping unneeded unminified bundle source maps. (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong>CI and Release Automation:</strong> Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10907">#10907</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10911">#10911</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10916">#10916</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10927">#10927</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10935">#10935</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a></strong>)</li> <li><strong>Developer Workflow:</strong> Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10925">#10925</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10914">#10914</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a></strong>)</li> <li><strong>Documentation and Policy:</strong> Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (<strong><a href="https://redirect.github.com/axios/axios/issues/10890">#10890</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10889">#10889</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10921">#10921</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10945">#10945</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10933">#10933</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10915">#10915</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10887">#10887</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10955">#10955</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, <code>fs-extra</code>, <code>qs</code>, docs dependencies, and GitHub Actions dependencies including <code>actions/dependency-review-action</code> and <code>zizmorcore/zizmor-action</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10871">#10871</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10879">#10879</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10918">#10918</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10919">#10919</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10934">#10934</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10947">#10947</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/BasixKOR"><code>@​BasixKOR</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>)</li> <li><strong><a href="https://github.com/carladams1299-lab"><code>@​carladams1299-lab</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong><a href="https://github.com/LaplaceYoung"><code>@​LaplaceYoung</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong><a href="https://github.com/JamieMagee"><code>@​JamieMagee</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong><a href="https://github.com/RonGamzu"><code>@​RonGamzu</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>)</li> <li><strong><a href="https://github.com/sapirbaruch"><code>@​sapirbaruch</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong><a href="https://github.com/nezukoagent"><code>@​nezukoagent</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>)</li> <li><strong><a href="https://github.com/devareddy05"><code>@​devareddy05</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>)</li> <li><strong><a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong><a href="https://github.com/azandabot"><code>@​azandabot</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> <li><strong><a href="https://github.com/niksy"><code>@​niksy</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.17.0 — June 1, 2026</h2> <p>This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Config Hardening:</strong> Guarded <code>socketPath</code>, <code>params</code>, and <code>paramsSerializer</code> reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong>Release Publishing:</strong> Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (<strong><a href="https://redirect.github.com/axios/axios/issues/10926">#10926</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>HTTP Compression:</strong> Added Node HTTP adapter support for zstd response decompression, with <code>transitional.advertiseZstdAcceptEncoding</code> controlling whether <code>zstd</code> is advertised in <code>Accept-Encoding</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10920">#10920</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Authentication Handling:</strong> Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> <li><strong>Proxy TLS:</strong> Preserved user <code>httpsAgent</code> TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a></strong>)</li> <li><strong>React Native FormData:</strong> Cleared default <code>Content-Type</code> for React Native <code>FormData</code> so multipart boundaries can be generated correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10898">#10898</a></strong>)</li> <li><strong>Headers:</strong> Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10875">#10875</a></strong>)</li> <li><strong>Request Data Merging:</strong> Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong>Bundler Compatibility:</strong> Converted <code>resolveConfig</code> from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong>Types:</strong> Corrected <code>AxiosHeaders.toJSON()</code> return types and updated CommonJS <code>isCancel</code> typings to narrow to <code>CanceledError&lt;T&gt;</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a></strong>)</li> <li><strong>Build Tooling:</strong> Avoided emitting a null <code>Authorization</code> header from the GitHub build helper when <code>GITHUB_TOKEN</code> is unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li><strong>HTTP/2 Internals:</strong> Extracted <code>Http2Sessions</code> into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong>Package Publishing:</strong> Reduced published package size by switching to a <code>files</code> allowlist and dropping unneeded unminified bundle source maps. (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong>CI and Release Automation:</strong> Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10907">#10907</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10911">#10911</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10916">#10916</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10927">#10927</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10935">#10935</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a></strong>)</li> <li><strong>Developer Workflow:</strong> Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10925">#10925</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10914">#10914</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a></strong>)</li> <li><strong>Documentation and Policy:</strong> Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (<strong><a href="https://redirect.github.com/axios/axios/issues/10890">#10890</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10889">#10889</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10921">#10921</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10945">#10945</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10933">#10933</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10915">#10915</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10887">#10887</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10955">#10955</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, <code>fs-extra</code>, <code>qs</code>, docs dependencies, and GitHub Actions dependencies including <code>actions/dependency-review-action</code> and <code>zizmorcore/zizmor-action</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10871">#10871</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10879">#10879</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10918">#10918</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10919">#10919</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10934">#10934</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10947">#10947</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/BasixKOR"><code>@​BasixKOR</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/6792">#6792</a></strong>)</li> <li><strong><a href="https://github.com/carladams1299-lab"><code>@​carladams1299-lab</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10861">#10861</a></strong>)</li> <li><strong><a href="https://github.com/LaplaceYoung"><code>@​LaplaceYoung</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10812">#10812</a></strong>)</li> <li><strong><a href="https://github.com/JamieMagee"><code>@​JamieMagee</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10939">#10939</a></strong>)</li> <li><strong><a href="https://github.com/RonGamzu"><code>@​RonGamzu</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10905">#10905</a></strong>)</li> <li><strong><a href="https://github.com/sapirbaruch"><code>@​sapirbaruch</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10891">#10891</a></strong>)</li> <li><strong><a href="https://github.com/nezukoagent"><code>@​nezukoagent</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10901">#10901</a></strong>)</li> <li><strong><a href="https://github.com/devareddy05"><code>@​devareddy05</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10929">#10929</a></strong>)</li> <li><strong><a href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10922">#10922</a></strong>)</li> <li><strong><a href="https://github.com/azandabot"><code>@​azandabot</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a></strong>)</li> <li><strong><a href="https://github.com/niksy"><code>@​niksy</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/4306df21e84332fc576e98c2de549347c06bfb76"><code>4306df2</code></a> chore: add fun 88 sponsorship</li> <li><a href="https://github.com/axios/axios/commit/931cc8f0106db4c9885403f85364b9e09ae1f6dc"><code>931cc8f</code></a> chore(release): prepare release 1.17.0 (<a href="https://redirect.github.com/axios/axios/issues/10983">#10983</a>)</li> <li><a href="https://github.com/axios/axios/commit/38ba1b3d2b0aa5ada0463a37a548feb83a84dfa1"><code>38ba1b3</code></a> fix(fetch): support basic auth from URL (<a href="https://redirect.github.com/axios/axios/issues/10896">#10896</a>)</li> <li><a href="https://github.com/axios/axios/commit/32e2515f1e09b649723e4acd89d920df13eee77e"><code>32e2515</code></a> fix: replace ternary side effect in script (<a href="https://redirect.github.com/axios/axios/issues/10931">#10931</a>)</li> <li><a href="https://github.com/axios/axios/commit/030e7223831b0f562af3eb7501b24242c8a4c5ba"><code>030e722</code></a> chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (<a href="https://redirect.github.com/axios/axios/issues/10960">#10960</a>)</li> <li><a href="https://github.com/axios/axios/commit/ec63164ac6b7a1fcd6b742a8628d3fffe23ce001"><code>ec63164</code></a> chore: remove openspec (<a href="https://redirect.github.com/axios/axios/issues/10958">#10958</a>)</li> <li><a href="https://github.com/axios/axios/commit/3dec28f94ce29d396d5f2d9718805b47428dc7ab"><code>3dec28f</code></a> fix(http): preserve TLS options for proxy tunnels (<a href="https://redirect.github.com/axios/axios/issues/10957">#10957</a>)</li> <li><a href="https://github.com/axios/axios/commit/a2390a5c059342bcac2a5297728181dd9939f562"><code>a2390a5</code></a> fix: correct isCancel type to narrow to CanceledError&lt;T&gt; (<a href="https://redirect.github.com/axios/axios/issues/10952">#10952</a>)</li> <li><a href="https://github.com/axios/axios/commit/fa01b9255d71e72599826428bc6c60f34994c6ce"><code>fa01b92</code></a> chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (<a href="https://redirect.github.com/axios/axios/issues/10954">#10954</a>)</li> <li><a href="https://github.com/axios/axios/commit/2d2314a1ac29ce6723eb53e130b4a36617fd201c"><code>2d2314a</code></a> fix: AxiosHeaders <code>toJSON()</code> return types (<a href="https://redirect.github.com/axios/axios/issues/10956">#10956</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.16.1...v1.17.0">compare view</a></li> </ul> </details> <br /> Updates `js-yaml` from 4.1.1 to 4.2.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[4.2.0] - 2026-06-01</h2> <h3>Added</h3> <ul> <li>Added <code>docs/safety.md</code> with notes about processing untrusted YAML.</li> <li>Added <code>maxDepth</code> (100) loader option. Not a problem, but gives a better exception instead of RangeError on stack overflow.</li> <li>Added <code>maxMergeSeqLength</code> (20) loader option. Not a problem after <code>merge</code> fix, but an additional restriction for safety.</li> <li>Added sourcemaps to <code>dist/</code> builds.</li> </ul> <h3>Changed</h3> <ul> <li>Stop resolving numbers with underscores as numeric scalars, <a href="https://redirect.github.com/nodeca/js-yaml/issues/627">#627</a>.</li> <li>Switched dev toolchains to Vite / neostandard.</li> <li>Updated demo.</li> <li>Reorganized tests.</li> <li><code>dist/</code> files are no longer kept in the repository.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix parsing of properties on the first implicit block mapping key, <a href="https://redirect.github.com/nodeca/js-yaml/issues/62">#62</a>.</li> <li>Fix trailing whitespace handling when folding flow scalar lines, <a href="https://redirect.github.com/nodeca/js-yaml/issues/307">#307</a>.</li> <li>Reject top-level block scalars without content indentation, <a href="https://redirect.github.com/nodeca/js-yaml/issues/280">#280</a>.</li> <li>Ensure numbers survive round-trip, <a href="https://redirect.github.com/nodeca/js-yaml/issues/737">#737</a>.</li> <li>Fix test coverage for issue <a href="https://redirect.github.com/nodeca/js-yaml/issues/221">#221</a>.</li> <li>Fix flow scalar trailing whitespace folding, <a href="https://redirect.github.com/nodeca/js-yaml/issues/307">#307</a>.</li> <li>Fix digits in YAML named tag handles.</li> </ul> <h3>Security</h3> <ul> <li>Fix potential DoS via quadratic complexity in merge - deduplicate repeated elements (makes sense for malformed files &gt; 10K).</li> </ul> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/commits">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.35.6 to 5.36.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.36.4</h2> <h2>5.36.4</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.10</li> </ul> </li> </ul> <h2>posthog-node@5.36.3</h2> <h2>5.36.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.9</li> </ul> </li> </ul> <h2>posthog-node@5.36.2</h2> <h2>5.36.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.8</li> </ul> </li> </ul> <h2>posthog-node@5.36.1</h2> <h2>5.36.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.7</li> </ul> </li> </ul> <h2>posthog-node@5.36.0</h2> <h2>5.36.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3728">#3728</a> <a href="https://github.com/PostHog/posthog-js/commit/9287c87b7d4cf00160269d0cc648074f27c0847a"><code>9287c87</code></a> Thanks <a href="https://github.com/turnipdabeets"><code>@​turnipdabeets</code></a>! - Add a configurable <code>$is_server</code> event property (default <code>true</code>) so PostHog can identify server-side events. Set <code>isServer: false</code> when using the SDK as a client/CLI so the device OS is attributed normally. (2026-06-04)</li> </ul> <h2>posthog-node@5.35.15</h2> <h2>5.35.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.6</li> </ul> </li> </ul> <h2>posthog-node@5.35.14</h2> <h2>5.35.14</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.36.4</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.10</li> </ul> </li> </ul> <h2>5.36.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.9</li> </ul> </li> </ul> <h2>5.36.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.8</li> </ul> </li> </ul> <h2>5.36.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.7</li> </ul> </li> </ul> <h2>5.36.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3728">#3728</a> <a href="https://github.com/PostHog/posthog-js/commit/9287c87b7d4cf00160269d0cc648074f27c0847a"><code>9287c87</code></a> Thanks <a href="https://github.com/turnipdabeets"><code>@​turnipdabeets</code></a>! - Add a configurable <code>$is_server</code> event property (default <code>true</code>) so PostHog can identify server-side events. Set <code>isServer: false</code> when using the SDK as a client/CLI so the device OS is attributed normally. (2026-06-04)</li> </ul> <h2>5.35.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.6</li> </ul> </li> </ul> <h2>5.35.14</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@​posthog/core</code><a href="https://github.com/1"><code>@​1</code></a>.30.5</li> </ul> </li> </ul> <h2>5.35.13</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/d46f0b9b8015c336103dccab12dadd8e071e895f"><code>d46f0b9</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/e0ebad51a12ea6276f9fda7ecd6cb57a6ff8f3a1"><code>e0ebad5</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a8fd22825d9e9203ed88084d2c07b7b31e585f2f"><code>a8fd228</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/287ad9fcbb0990f770ab8e0a4311e8fcde6855be"><code>287ad9f</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/dc1e1935b1e9e6f26b184e6adb19d68f44a5682e"><code>dc1e193</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/9287c87b7d4cf00160269d0cc648074f27c0847a"><code>9287c87</code></a> feat: emit $is_server property on captured events (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3728">#3728</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/b539fcbe64515945a18190b6c973a1bd727b75f1"><code>b539fcb</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/79de44145333bd1c18b6c240fef35baf25dba37d"><code>79de441</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/4a8cacc72ea1f8a371b06e9e92f1d2671190e48a"><code>4a8cacc</code></a> chore: add Sentry attribution comments (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3738">#3738</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/d385e2a28b4f540620ba8afb0d5ae87839d745ce"><code>d385e2a</code></a> chore: clarify error tracking comments (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3735">#3735</a>)</li> <li>Additional commits viewable in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.36.4/packages/node">compare view</a></li> </ul> </details> <br /> Updates `react-hook-form` from 7.76.1 to 7.78.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/react-hook-form/react-hook-form/releases">react-hook-form's releases</a>.</em></p> <blockquote> <h2>Version 7.78.0</h2> <p>🦷 update type dirtyFields typing for field arrays with undefined entries (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13492">#13492</a>) 🐞 fix: recover Controller fields after reset without rerender (RN issue <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13455">#13455</a>) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13497">#13497</a>) 🐞 fix useFormState().isDirty race with async resolver in onChange mode (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13495">#13495</a>) 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is true (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13485">#13485</a>) 🐞 fix deepEqual for empty non-plain objects (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13493">#13493</a>)</p> <p>thanks to <a href="https://github.com/cyphercodes"><code>@​cyphercodes</code></a></p> <h2>Version 7.77.0</h2> <p>🥡 feat: add resetDefaultValues API (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13427">#13427</a>)</p> <p><a href="https://react-hook-form.com/docs/useform/resetdefaultvalues">https://react-hook-form.com/docs/useform/resetdefaultvalues</a></p> <pre lang="tsx"><code>const { resetDefaultValues } = useForm(); <p>resetDefaultValues(currentValues); </code></pre></p> <p>🐚 harden get() against prototype-path traversal (<strong>proto</strong> / constructor / prototype) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13479">#13479</a>) 🐞 fix FieldArray errors overriding nested fields (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13476">#13476</a>) 🐞 fix inconsistent reset({}) behavior requiring double-call to take effect (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13473">#13473</a>) 🐞 fix: preserve values with shouldUnregister (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13464">#13464</a>) 🐞 fix stale isDirty in subscribe payload after reset(..., { keepValues: true }) (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13461">#13461</a>) 👝 save bundle size (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13468">#13468</a>)</p> <p>thanks to <a href="https://github.com/puneetdixit200"><code>@​puneetdixit200</code></a> &amp; <a href="https://github.com/dfedoryshchev"><code>@​dfedoryshchev</code></a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md">react-hook-form's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>[7.77.0] - 2026-05-31</h2> <h3>Added</h3> <ul> <li><code>resetDefaultValues</code> API</li> </ul> <h3>Fixed</h3> <ul> <li>Stale <code>isDirty</code> in <code>subscribe</code> payload after <code>reset(..., { keepValues: true })</code></li> <li>Preserve values with <code>shouldUnregister</code></li> <li>Inconsistent <code>reset({})</code> behavior requiring double-call to take effect</li> <li><code>FieldArray</code> errors overriding nested fields</li> </ul> <h3>Security</h3> <ul> <li>Harden <code>get()</code> against prototype-path traversal (<code>__proto__</code> / <code>constructor</code> / <code>prototype</code>)</li> </ul> <h3>Performance</h3> <ul> <li>Bundle size reduction</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/23ab3a7b9f3c46af17d62bdedd0f9101684ebfa7"><code>23ab3a7</code></a> 7.78.0</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/29fbd7dd35f0ee443c24dd442d7c87a48fd34918"><code>29fbd7d</code></a> 🪭 close <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13506">#13506</a> add regression test for useFormState</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/b0005091e3c160af1cf505d8a8de5e0202f9794b"><code>b000509</code></a> 📝 test: fix &quot;allow to&quot; grammar in test descriptions (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13504">#13504</a>)</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/76187c308a3266cd58401bb895a514149abec586"><code>76187c3</code></a> 🧪 add unit test for regression render submit with useWatch <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13035">#13035</a></li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/16c35fbe83b4d24391fda375ac193c8aa0b47912"><code>16c35fb</code></a> 🫡 add regression coverage for dynamic Controller names with keepDirtyValues/k...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/0bd39fa25cc20f69fc8fdb10241102016aaf20c0"><code>0bd39fa</code></a> 🐞 fix: recover Controller fields after reset without rerender (RN issue <a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/1345">#1345</a>...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/6a501e04c533831d0e98a7315447fc995e509559"><code>6a501e0</code></a> 🦷 update type dirtyFields typing for field arrays with undefined entries (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13">#13</a>...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/d681dc57a84fa037a4bfda5b4094bebc8f71cfed"><code>d681dc5</code></a> 🐞 fix <code>useFormState().isDirty</code> race with async resolver in <code>onChange</code> mode (#...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/a9b8a6fb919c7ec9e0ea671b64712e1c39fc9f15"><code>a9b8a6f</code></a> 🐞 fix: use reactive values prop over defaultValues when shouldUnregister is t...</li> <li><a href="https://github.com/react-hook-form/react-hook-form/commit/686da3f73d59ed94c7e112f82023aed9786fe0df"><code>686da3f</code></a> 🐞 fix deepEqual for empty non-plain objects (<a href="https://redirect.github.com/react-hook-form/react-hook-form/issues/13493">#13493</a>)</li> <li>Additional commits viewable in <a href="https://github.com/react-hook-form/react-hook-form/compare/v7.76.1...v7.78.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-08 20:19:58 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#26870