chore(deps): bump the npm-non-major group across 2 directories with 27 updates by dependabot[bot] · Pull Request #1568 · finos/git-proxy

dependabot · 2026-06-06T09:17:54Z

Bumps the npm-non-major group with 23 updates in the / directory:

Package	From	To
@aws-sdk/credential-providers	`3.992.0`	`3.1060.0`
@fontsource/roboto	`5.2.9`	`5.2.10`
@primer/octicons-react	`19.21.2`	`19.28.0`
axios	`1.16.1`	`1.17.0`
express-rate-limit	`8.5.1`	`8.5.2`
isomorphic-git	`1.36.3`	`1.38.4`
openid-client	`6.8.1`	`6.8.4`
parse-diff	`0.11.1`	`0.12.0`
validator	`13.15.26`	`13.15.35`
@babel/core	`7.29.0`	`7.29.7`
@babel/preset-react	`7.28.5`	`7.29.7`
@eslint/compat	`2.0.2`	`2.1.0`
@types/express-session	`1.18.2`	`1.19.0`
@types/lodash	`4.17.23`	`4.17.24`
cypress	`15.9.0`	`15.16.0`
fast-check	`4.5.3`	`4.8.0`
prettier	`3.8.1`	`3.8.3`
tsx	`4.21.0`	`4.22.4`
typescript-eslint	`8.56.0`	`8.60.1`
@esbuild/darwin-arm64	`0.27.2`	`0.28.0`
@esbuild/darwin-x64	`0.27.2`	`0.28.0`
@esbuild/linux-x64	`0.27.2`	`0.28.0`
@esbuild/win32-x64	`0.27.2`	`0.28.0`

Bumps the npm-non-major group with 5 updates in the /website directory:

Package	From	To
axios	`1.15.2`	`1.17.0`
react	`19.2.5`	`19.2.7`
react-dom	`19.2.5`	`19.2.7`
eslint	`10.3.0`	`10.4.1`
@mermaid-js/layout-elk	`0.1.9`	`0.2.1`

Updates @aws-sdk/credential-providers from 3.992.0 to 3.1060.0

Release notes

Sourced from @aws-sdk/credential-providers's releases.

v3.1060.0

3.1060.0(2026-06-03)

Chores

yarn dedupe (#8070) (7db9cd96)

New Features

clients: update client endpoints as of 2026-06-03 (8e6cc9f1)

client-geo-routes: Add "standardRegionalEndpoints" back to fix 'Could not connect to the endpoint URL' (324aa6ad)

Bug Fixes

client-dynamodb: dynamodb special retry config fixed to be merge-compatible with user-supplied retry config (#8068) (a569d9c4)

For list of updated packages, view updated-packages.md in assets-3.1060.0.zip

v3.1059.0

3.1059.0(2026-06-02)

Chores

codegen:

improve formatting of generated lib-dynamodb files (#8069) (0d0ddc0f)

sync for adaptive retry fix, EAI_AGAIN transient error (#8067) (6b082a65)

Documentation Changes

client-iot: Fleet indexing documentation update (6151ac25)

New Features

clients: update client endpoints as of 2026-06-02 (164aa659)

client-waf: Adding new BDD representation of endpoint ruleset (4d90e8eb)

client-personalize-runtime: Adding new BDD representation of endpoint ruleset (e578bf91)

client-sqs: Adding new BDD representation of endpoint ruleset (d2a45936)

client-service-catalog: Adding new BDD representation of endpoint ruleset (a14dfb22)

client-rekognition: Adding new BDD representation of endpoint ruleset (fdbac926)

client-resource-groups-tagging-api: Adding new BDD representation of endpoint ruleset (3f935495)

client-snowball: Adding new BDD representation of endpoint ruleset (2be7cb1c)

client-lex-runtime-service: Adding new BDD representation of endpoint ruleset (e47af6bd)

client-medialive: Adding new BDD representation of endpoint ruleset (fc6eaf60)

client-storage-gateway: Adding new BDD representation of endpoint ruleset (7953156c)

client-swf: Adding new BDD representation of endpoint ruleset (875e3740)

client-s3: Adding new BDD representation of endpoint ruleset (c2610606)

client-xray: Adding new BDD representation of endpoint ruleset (37c36561)

... (truncated)

Changelog

Sourced from @aws-sdk/credential-providers's changelog.

3.1060.0 (2026-06-03)

Note: Version bump only for package @aws-sdk/credential-providers

3.1059.0 (2026-06-02)

Note: Version bump only for package @aws-sdk/credential-providers

3.1058.0 (2026-06-01)

Note: Version bump only for package @aws-sdk/credential-providers

3.1057.0 (2026-05-29)

Note: Version bump only for package @aws-sdk/credential-providers

3.1056.0 (2026-05-28)

Note: Version bump only for package @aws-sdk/credential-providers

3.1055.0 (2026-05-27)

Note: Version bump only for package @aws-sdk/credential-providers

3.1054.0 (2026-05-26)

... (truncated)

Commits

8aeb92d Publish v3.1060.0
75bb4fc Publish v3.1059.0
6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
d7602d4 Publish v3.1058.0
e836d5c Publish v3.1057.0
050bee1 chore(codegen): smithy-aws-typescript-codegen 0.50.0 (#8056)
4b03542 Publish v3.1056.0
7ae617c chore(codegen): sync for cyclic file dependency fixes (#8051)
2981565 Publish v3.1055.0
d999d57 Publish v3.1054.0
Additional commits viewable in compare view

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

See full diff in compare view

Updates @primer/octicons-react from 19.21.2 to 19.28.0

Release notes

Sourced from @primer/octicons-react's releases.

v19.28.0

Minor Changes

#1208 eddab3ff Thanks @dylanatsmith! - Fix vscode icon: update 16px, add 24px, remove 32px and 48px

v19.27.0

Minor Changes

#1203 a69618e4 Thanks @ericwbailey! - Add flag icon

Patch Changes

#1212 02bd1ef8 Thanks @ericwbailey! - remove hardcoded fill from flag icon

v19.26.0

Minor Changes

#1197 b45f1d35 Thanks @lukasoppermann! - Add repo-forked-locked icon

Patch Changes

#1209 9a7e2146 Thanks @siddharthkp! - fix: remove hardcoded fill from sandbox icon

v19.25.0

Minor Changes

#1193 b6efea4a Thanks @kylewaynebenson! - Added StackRemove & StackCheck icons

#1194 7d7ca421 Thanks @kylewaynebenson! - Added Sandbox icon

v19.24.1

Patch Changes

#1190 38dfb0d4 Thanks @francinelucca! - Allow data-component attribute to be overridden by consumers

v19.24.0

Minor Changes

#1185 25e257ff Thanks @francinelucca! - Add data-component="Octicon" attribute to all SVG elements for easier identification and styling

v19.23.1

Patch Changes

#1175 ea8e6bb7 Thanks @kylewaynebenson! - - Remove set fill from svgs

v19.23.0

Minor Changes

#1165 63bc8d01 Thanks @kylewaynebenson! - - Addition of lockup icon

... (truncated)

Changelog

Sourced from @primer/octicons-react's changelog.

19.28.0

Minor Changes

#1208 eddab3ff Thanks @dylanatsmith! - Fix vscode icon: update 16px, add 24px, remove 32px and 48px

19.27.0

Minor Changes

#1203 a69618e4 Thanks @ericwbailey! - Add flag icon

Patch Changes

#1212 02bd1ef8 Thanks @ericwbailey! - remove hardcoded fill from flag icon

19.26.0

Minor Changes

#1197 b45f1d35 Thanks @lukasoppermann! - Add repo-forked-locked icon

Patch Changes

#1209 9a7e2146 Thanks @siddharthkp! - fix: remove hardcoded fill from sandbox icon

19.25.0

Minor Changes

#1193 b6efea4a Thanks @kylewaynebenson! - Added StackRemove & StackCheck icons

#1194 7d7ca421 Thanks @kylewaynebenson! - Added Sandbox icon

19.24.1

Patch Changes

#1190 38dfb0d4 Thanks @francinelucca! - Allow data-component attribute to be overridden by consumers

19.24.0

Minor Changes

#1185 25e257ff Thanks @francinelucca! - Add data-component="Octicon" attribute to all SVG elements for easier identification and styling

19.23.1

Patch Changes

... (truncated)

Commits

fef9ded Version Packages (#1214)
eddab3f Fix VSCode icon and remove unnecessary size variants (#1208)
067ee62 Bump lodash from 4.17.23 to 4.18.1 in /lib/octicons_react (#1201)
7ee4aaf Version Packages (#1210)
02bd1ef Fix: Remove hardcoded fill from flag icon (#1212)
3af9603 Re-enable @arethetypeswrong/cli in CI with pinned fflate@0.8.2 (#1211)
a69618e Add flag octicon (#1203)
33125a6 Version Packages (#1207)
9a7e214 fix: remove hardcoded fill from sandbox icon (#1209)
b45f1d3 Clean up repo-forked-locked icons formatting (#1197)
Additional commits viewable in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Commits

4306df2 chore: add fun 88 sponsorship
931cc8f chore(release): prepare release 1.17.0 (#10983)
38ba1b3 fix(fetch): support basic auth from URL (#10896)
32e2515 fix: replace ternary side effect in script (#10931)
030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
ec63164 chore: remove openspec (#10958)
3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
2d2314a fix: AxiosHeaders toJSON() return types (#10956)
Additional commits viewable in compare view

Updates express-rate-limit from 8.5.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

Commits

9774693 8.5.2
0e94cc0 v8.5.2 changelog
9a583c5 feat: simplify IPv6 key generation (#633)
4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
See full diff in compare view

Updates isomorphic-git from 1.36.3 to 1.38.4

Release notes

Sourced from isomorphic-git's releases.

v1.38.4

1.38.4 (2026-06-02)

Bug Fixes

pass credential config username to auth callbacks (#2346) (d9920c5)

v1.38.3

1.38.3 (2026-05-26)

Bug Fixes

Improve internal error reporting guidance (#2345) (955acf3)

v1.38.2

1.38.2 (2026-05-25)

Bug Fixes

add bot authoring to release commit (#2329) (328b1ba)

add Clever Cloud logo to Acknowledgments in README (#2334) (89f441d)

v1.38.1

1.38.1 (2026-05-18)

Bug Fixes

add cloudflare logo (#2316) (a71a835)

v1.38.0

1.38.0 (2026-05-15)

Bug Fixes

Fix images in README (#2315) (007951f)

Features

add refresh option to status and statusMatrix (#2313) (a7420b7)

v1.37.9

1.37.9 (2026-05-15)

... (truncated)

Commits

d9920c5 fix: pass credential config username to auth callbacks (#2346)
955acf3 fix: Improve internal error reporting guidance (#2345)
89f441d fix: add Clever Cloud logo to Acknowledgments in README (#2334)
328b1ba fix: add bot authoring to release commit (#2329)
a71a835 fix: add cloudflare logo (#2316)
a7420b7 feat: add refresh option to status and statusMatrix (#2313)
007951f fix: Fix images in README (#2315)
6e99054 fix: point "jsdelivr" field to minified browser build (#2312)
6972b1e fix: remove duplicated contriobutors (#2311)
199714a fix: browser entrypoint not being used in some non-node build contexts (#2309)
Additional commits viewable in compare view

Updates openid-client from 6.8.1 to 6.8.4

Release notes

Sourced from openid-client's releases.

v6.8.4

Fixes

apply optional non-repudiation on generic grant ID Tokens (6202888)

filter jwe decryption keys by algorithm (34e2ffd)

preserve poll abort signals on requests (96a2d17)

retry dpop nonce errors for generic grants (498c4d9)

v6.8.3

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

v6.8.2

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.4 (2026-04-27)

Fixes

apply optional non-repudiation on generic grant ID Tokens (6202888)

filter jwe decryption keys by algorithm (34e2ffd)

preserve poll abort signals on requests (96a2d17)

retry dpop nonce errors for generic grants (498c4d9)

6.8.3 (2026-04-13)

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

6.8.2 (2026-02-07)

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

c645695 chore(release): 6.8.4
ee60464 chore: update CHANGELOG.md header
96a2d17 fix: preserve poll abort signals on requests
34e2ffd fix: filter jwe decryption keys by algorithm
6202888 fix: apply optional non-repudiation on generic grant ID Tokens
498c4d9 fix: retry dpop nonce errors for generic grants
35042cf chore: cleanup after release
66e4082 chore(release): 6.8.3
fa292f2 test: fix typings build issues
0600c91 test: deflake pollBackchannelAuthenticationGrant
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openid-client since your current version.

Updates parse-diff from 0.11.1 to 0.12.0

Commits

f0828af Release 0.12.0
5a66fd9 chore: build with esbuild
a3b0c75 feat: use esbuild
07dbcd6 chore: biome auto fixes
4e60b97 feat(devx): try biome
8231f95 chore: up eslint v10
c032d55 chore: up deps
e563b14 chore: use node v24
251d359 Merge pull request #51 from andyfeller/af/handle-empty-lines
a3180a5 fix: handle empty context lines in unified diffs
Additional commits viewable in compare view

Updates validator from 13.15.26 to 13.15.35

Release notes

Sourced from validator's releases.

13.15.35

Fixes, New Locales and Enhancements

#2663 isISO31661Alpha2/isISO31661Alpha3: add support for Kosovo (XK / XXK) @johanpoirier-d4

#2661 isHexColor: ignore non-object options @yuna0831

isTaxID

#2644 improve pt-BR locale by adding support for alphanumeric CNPJ format @easedu

#2675 improve pt-BR locale by adding support for formatted CPF values @easedu

#2643 isPassportNumber: improve MX locale @jesroffrouk

#2676 isMobilePhone: add fr-DJ locale @Kartikeya-guthub

#2682 isPostalCode: add MC locale @moogblob

#2690 isJSON: allow any valid JSON value to pass @relu91

#2693 isSlug: restrict allowed characters to valid slug charset @Shrawak

Doc fixes and others:

#2658 @Manaskarthik28

#2592

…7 updates Bumps the npm-non-major group with 23 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@aws-sdk/credential-providers](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/credential-providers) | `3.992.0` | `3.1060.0` | | [@fontsource/roboto](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/roboto) | `5.2.9` | `5.2.10` | | [@primer/octicons-react](https://github.com/primer/octicons) | `19.21.2` | `19.28.0` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.5.1` | `8.5.2` | | [isomorphic-git](https://github.com/isomorphic-git/isomorphic-git) | `1.36.3` | `1.38.4` | | [openid-client](https://github.com/panva/openid-client) | `6.8.1` | `6.8.4` | | [parse-diff](https://github.com/sergeyt/parse-diff) | `0.11.1` | `0.12.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` | | [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` | | [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) | `7.28.5` | `7.29.7` | | [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `2.0.2` | `2.1.0` | | [@types/express-session](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express-session) | `1.18.2` | `1.19.0` | | [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) | `4.17.23` | `4.17.24` | | [cypress](https://github.com/cypress-io/cypress) | `15.9.0` | `15.16.0` | | [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) | `4.5.3` | `4.8.0` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.56.0` | `8.60.1` | | [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.0` | | [@esbuild/darwin-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.0` | | [@esbuild/linux-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.0` | | [@esbuild/win32-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.0` | Bumps the npm-non-major group with 5 updates in the /website directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.15.2` | `1.17.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` | | [eslint](https://github.com/eslint/eslint) | `10.3.0` | `10.4.1` | | [@mermaid-js/layout-elk](https://github.com/mermaid-js/mermaid) | `0.1.9` | `0.2.1` | Updates `@aws-sdk/credential-providers` from 3.992.0 to 3.1060.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-providers/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1060.0/packages/credential-providers) Updates `@fontsource/roboto` from 5.2.9 to 5.2.10 - [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md) - [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/google/roboto) Updates `@primer/octicons-react` from 19.21.2 to 19.28.0 - [Release notes](https://github.com/primer/octicons/releases) - [Changelog](https://github.com/primer/octicons/blob/main/CHANGELOG.md) - [Commits](primer/octicons@v19.21.2...v19.28.0) Updates `axios` from 1.16.1 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `express-rate-limit` from 8.5.1 to 8.5.2 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.5.1...v8.5.2) Updates `isomorphic-git` from 1.36.3 to 1.38.4 - [Release notes](https://github.com/isomorphic-git/isomorphic-git/releases) - [Commits](isomorphic-git/isomorphic-git@v1.36.3...v1.38.4) Updates `openid-client` from 6.8.1 to 6.8.4 - [Release notes](https://github.com/panva/openid-client/releases) - [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md) - [Commits](panva/openid-client@v6.8.1...v6.8.4) Updates `parse-diff` from 0.11.1 to 0.12.0 - [Commits](sergeyt/parse-diff@0.11.1...0.12.0) Updates `validator` from 13.15.26 to 13.15.35 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.26...13.15.35) Updates `@babel/core` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `@babel/preset-react` from 7.28.5 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-react) Updates `@eslint/compat` from 2.0.2 to 2.1.0 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v2.1.0/packages/compat) Updates `@types/express-session` from 1.18.2 to 1.19.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express-session) Updates `@types/lodash` from 4.17.23 to 4.17.24 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) Updates `cypress` from 15.9.0 to 15.16.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v15.9.0...v15.16.0) Updates `fast-check` from 4.5.3 to 4.8.0 - [Release notes](https://github.com/dubzzz/fast-check/releases) - [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md) - [Commits](https://github.com/dubzzz/fast-check/commits/v4.8.0/packages/fast-check) Updates `prettier` from 3.8.1 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.3) Updates `tsx` from 4.21.0 to 4.22.4 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.21.0...v4.22.4) Updates `typescript-eslint` from 8.56.0 to 8.60.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.1/packages/typescript-eslint) Updates `@esbuild/darwin-arm64` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.0) Updates `@esbuild/darwin-x64` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.0) Updates `@esbuild/linux-x64` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.0) Updates `@esbuild/win32-x64` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.0) Updates `axios` from 1.15.2 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `react` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `react-dom` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) Updates `eslint` from 10.3.0 to 10.4.1 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.3.0...v10.4.1) Updates `@mermaid-js/layout-elk` from 0.1.9 to 0.2.1 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](https://github.com/mermaid-js/mermaid/compare/@mermaid-js/layout-elk@0.1.9...@mermaid-js/layout-elk@0.2.1) --- updated-dependencies: - dependency-name: "@aws-sdk/credential-providers" dependency-version: 3.1060.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@fontsource/roboto" dependency-version: 5.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@primer/octicons-react" dependency-version: 19.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: express-rate-limit dependency-version: 8.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: isomorphic-git dependency-version: 1.38.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: openid-client dependency-version: 6.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: parse-diff dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: validator dependency-version: 13.15.35 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@babel/preset-react" dependency-version: 7.29.7 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@eslint/compat" dependency-version: 2.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@types/express-session" dependency-version: 1.19.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@types/lodash" dependency-version: 4.17.24 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: cypress dependency-version: 15.16.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: fast-check dependency-version: 4.8.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: tsx dependency-version: 4.22.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: typescript-eslint dependency-version: 8.60.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/darwin-arm64" dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/darwin-x64" dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/linux-x64" dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/win32-x64" dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: eslint dependency-version: 10.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@mermaid-js/layout-elk" dependency-version: 0.2.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-06T09:17:55Z

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

netlify · 2026-06-06T09:17:58Z

✅ Deploy Preview for endearing-brigadeiros-63f9d0 ready!

Name	Link
🔨 Latest commit	`42880cf`
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/6a23e5c4fbd148000878d89a
😎 Deploy Preview	https://deploy-preview-1568.git-proxy.preview.finos.org
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

github-actions · 2026-06-06T09:18:31Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 1 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.
⚠️ 1 packages with OpenSSF Scorecard issues.

View full job summary

dependabot · 2026-06-07T03:01:40Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 6, 2026

dependabot Bot requested a review from a team as a code owner June 6, 2026 09:17

dependabot Bot closed this Jun 7, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/npm-non-major-f11487edfa branch June 7, 2026 03:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm-non-major group across 2 directories with 27 updates#1568

chore(deps): bump the npm-non-major group across 2 directories with 27 updates#1568
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-non-major-f11487edfa

dependabot Bot commented on behalf of github Jun 6, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jun 6, 2026

Uh oh!

netlify Bot commented Jun 6, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 6, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.1060.0

3.1060.0(2026-06-03)

Chores

New Features

Bug Fixes

v3.1059.0

3.1059.0(2026-06-02)

Chores

Documentation Changes

New Features

3.1060.0 (2026-06-03)

3.1059.0 (2026-06-02)

3.1058.0 (2026-06-01)

3.1057.0 (2026-05-29)

3.1056.0 (2026-05-28)

3.1055.0 (2026-05-27)

3.1054.0 (2026-05-26)

v19.28.0

Minor Changes

v19.27.0

Minor Changes

Patch Changes

v19.26.0

Minor Changes

Patch Changes

v19.25.0

Minor Changes

v19.24.1

Patch Changes

v19.24.0

Minor Changes

v19.23.1

Patch Changes

v19.23.0

Minor Changes

19.28.0

Minor Changes

19.27.0

Minor Changes

Patch Changes

19.26.0

Minor Changes

Patch Changes

19.25.0

Minor Changes

19.24.1

Patch Changes

19.24.0

Minor Changes

19.23.1

Patch Changes

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v8.5.2

v1.38.4

1.38.4 (2026-06-02)

Bug Fixes

v1.38.3

1.38.3 (2026-05-26)

Bug Fixes

v1.38.2

1.38.2 (2026-05-25)

Bug Fixes

v1.38.1

1.38.1 (2026-05-18)

Bug Fixes

v1.38.0

dependabot Bot commented on behalf of github Jun 6, 2026 •

edited

Loading

netlify Bot commented Jun 6, 2026 •

edited

Loading