chore: bump the npm-deps group across 1 directory with 36 updates

[dependabot]

Bumps the npm-deps group with 36 updates in the / directory:

Package	From	To
@ai-sdk/google	2.0.56	2.0.70
@ai-sdk/groq	2.0.35	2.0.38
@ai-sdk/react	2.0.144	2.0.181
@auth/mongodb-adapter	3.11.1	3.11.2
@t3-oss/env-nextjs	0.13.10	0.13.11
@tanstack/react-query	5.90.21	5.99.2
@tanstack/react-query-devtools	5.91.3	5.99.2
@tanstack/react-virtual	3.13.19	3.13.24
@upstash/redis	1.36.3	1.37.0
ai	5.0.142	5.0.179
axios	1.13.6	1.15.1
lucide-react	0.576.0	0.577.0
motion	12.34.4	12.38.0
next	16.1.6	16.2.4
posthog-js	1.357.1	1.369.3
pusher	5.3.2	5.3.3
pusher-js	8.4.0	8.5.0
react	19.2.4	19.2.5
react-dom	19.2.4	19.2.5
react-easy-crop	5.5.6	5.5.7
react-hook-form	7.71.2	7.72.1
react-number-format	5.4.4	5.4.5
resend	6.9.3	6.12.2
zustand	5.0.11	5.0.12
@next/eslint-plugin-next	15.5.12	15.5.15
@tailwindcss/postcss	4.2.1	4.2.3
@types/node	20.19.35	20.19.39
@vitejs/plugin-react	5.1.4	5.2.0
eslint	9.39.3	9.39.4
knip	5.85.0	5.88.1
msw	2.12.10	2.13.4
playwright	1.58.2	1.59.1
postcss	8.5.6	8.5.10
prettier	3.8.1	3.8.3
tailwindcss	4.2.1	4.2.3
vite	7.3.1	7.3.2

Updates @ai-sdk/google from 2.0.56 to 2.0.70

Release notes

Sourced from @​ai-sdk/google's releases.

@​ai-sdk/google@​2.0.70

Patch Changes

• 5543cd1: Add AI Gateway hint to provider READMEs
• 6eeeb6f: fix(google): use VALIDATED function calling mode when any tool has strict:true

Commits

• e947626 Version Packages (#14584)
• fac4ac4 fix: remove non-existent @​ai-sdk/klingai from changeset (#14583)
• d783228 fix release in v5 (#14581)
• c1c582a chore: update GitHub Actions to latest major versions (#14579)
• 6eeeb6f Backport: Backport: fix(google): use VALIDATED function calling mode when any...
• e1ed246 Backport: fix(anthropic): use default thinking budget when unspecified (#10996)
• 4145d2e Backport: docs: add tanstack start quickstart guide (#11365)
• 1c251eb Backport: feat(registry): add Airweave tool to registry with search capabilit...
• 67b6fca Backport: Backport: fix(security): prevent verify-changesets from leaking run...
• 5543cd1 Backport: Backport: Add AI Gateway hint to provider READMEs (#14211)
• Additional commits viewable in compare view

Updates @ai-sdk/groq from 2.0.35 to 2.0.38

Release notes

Sourced from @​ai-sdk/groq's releases.

@​ai-sdk/groq@​2.0.38

Patch Changes

• 5543cd1: Add AI Gateway hint to provider READMEs

Commits

• e947626 Version Packages (#14584)
• fac4ac4 fix: remove non-existent @​ai-sdk/klingai from changeset (#14583)
• d783228 fix release in v5 (#14581)
• c1c582a chore: update GitHub Actions to latest major versions (#14579)
• 6eeeb6f Backport: Backport: fix(google): use VALIDATED function calling mode when any...
• e1ed246 Backport: fix(anthropic): use default thinking budget when unspecified (#10996)
• 4145d2e Backport: docs: add tanstack start quickstart guide (#11365)
• 1c251eb Backport: feat(registry): add Airweave tool to registry with search capabilit...
• 67b6fca Backport: Backport: fix(security): prevent verify-changesets from leaking run...
• 5543cd1 Backport: Backport: Add AI Gateway hint to provider READMEs (#14211)
• Additional commits viewable in compare view

Updates @ai-sdk/react from 2.0.144 to 2.0.181

Release notes

Sourced from @​ai-sdk/react's releases.

@​ai-sdk/react@​2.0.181

Patch Changes

• Updated dependencies [5543cd1]
  • ai@5.0.179

Commits

• e947626 Version Packages (#14584)
• fac4ac4 fix: remove non-existent @​ai-sdk/klingai from changeset (#14583)
• d783228 fix release in v5 (#14581)
• c1c582a chore: update GitHub Actions to latest major versions (#14579)
• 6eeeb6f Backport: Backport: fix(google): use VALIDATED function calling mode when any...
• e1ed246 Backport: fix(anthropic): use default thinking budget when unspecified (#10996)
• 4145d2e Backport: docs: add tanstack start quickstart guide (#11365)
• 1c251eb Backport: feat(registry): add Airweave tool to registry with search capabilit...
• 67b6fca Backport: Backport: fix(security): prevent verify-changesets from leaking run...
• 5543cd1 Backport: Backport: Add AI Gateway hint to provider READMEs (#14211)
• Additional commits viewable in compare view

Updates @auth/mongodb-adapter from 3.11.1 to 3.11.2

Release notes

Sourced from @​auth/mongodb-adapter's releases.

@​auth/mongodb-adapter@​3.11.2

Other

• @​auth/core: dependency update (67f2b168)

Commits

• af9daa8 chore(release): bump package version(s) [skip ci]
• d4dab3d chore: sync package versions with npm registry (#13414)
• 8a23c5b chore: fix lockfile (#13411)
• 2018202 docs: fix TypeScript type mismatch in refresh token rotation example (#13396)
• 0eba7e4 adapter-kysely: Update kysely for CVE-2026-33468 (#13407)
• 67f2b16 fix(providers): add issuer to GitHub provider for RFC 9207 compliance (#13410)
• f457068 docs: update middleware.ts references to proxy.ts for Next.js 16 (#13373)
• c7c2cfa docs: update Better Auth migration guide (#13334)
• b4ef14a chore(release): bump version [skip ci]
• See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for @​auth/mongodb-adapter since your current version.

Updates @t3-oss/env-nextjs from 0.13.10 to 0.13.11

Changelog

Sourced from @​t3-oss/env-nextjs's changelog.

0.13.11

Patch Changes

• Updated dependencies [6937086]:
  • @​t3-oss/env-core@​0.13.11

Commits

• 23ddb79 chore(release): 📦 version packages (#404)
• 6937086 Update zod imports to support tree-shaking for Webpack (Next.js) and esbuild ...
• See full diff in compare view

Updates @tanstack/react-query from 5.90.21 to 5.99.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.2
  • @​tanstack/react-query@​5.99.2

@​tanstack/react-query-next-experimental@​5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.99.2

@​tanstack/react-query-persist-client@​5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.99.2
  • @​tanstack/react-query@​5.99.2

@​tanstack/react-query@​5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.2

@​tanstack/react-query-devtools@​5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.1
  • @​tanstack/react-query@​5.99.1

@​tanstack/react-query-next-experimental@​5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.99.1

@​tanstack/react-query-persist-client@​5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.99.1
  • @​tanstack/react-query@​5.99.1

@​tanstack/react-query@​5.99.1

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.2

5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.1

5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.99.0

5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.98.0

5.97.0

Patch Changes

• Updated dependencies [2bfb12c]:
  • @​tanstack/query-core@​5.97.0

5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.2

5.96.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.96.1

5.96.0

... (truncated)

Commits

• a3ec7b3 ci: Version Packages (#10520)
• 69d2757 ci: Version Packages (#10514)
• 7ffa1ed test({react,preact,solid}-query/useQueries): fix test description from 'useQu...
• bc83d37 test({react,preact}-query/useMutation): unify destructuring pattern in comple...
• aad1bd5 test({react,preact}-query/useMutation): add parallel 'mutateAsync' tests with...
• d7643b5 test({react,preact}-query/useMutation): add optimistic update tests with succ...
• cd89d6f test({react,preact}-query/useMutation): add conditional handling and retry te...
• 6e15fe6 test({react,preact}-query/useMutation): add chained 'mutateAsync' tests for s...
• 792d3a5 test({react,preact}-query/useMutation): add callback tests when 'useMutation'...
• 1b661b3 test({react,preact}-query/useMutation): add single callback tests for 'mutate...
• Additional commits viewable in compare view

Updates @tanstack/react-query-devtools from 5.91.3 to 5.99.2

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.2
  • @​tanstack/react-query@​5.99.2

@​tanstack/react-query-devtools@​5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.1
  • @​tanstack/react-query@​5.99.1

@​tanstack/react-query-devtools@​5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.0
  • @​tanstack/react-query@​5.99.0

@​tanstack/react-query-devtools@​5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.98.0
  • @​tanstack/react-query@​5.98.0

Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.99.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.2
  • @​tanstack/react-query@​5.99.2

5.99.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.1
  • @​tanstack/react-query@​5.99.1

5.99.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.99.0
  • @​tanstack/react-query@​5.99.0

5.98.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.98.0
  • @​tanstack/react-query@​5.98.0

5.97.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.97.0
  • @​tanstack/react-query@​5.97.0

5.96.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.96.2
  • @​tanstack/react-query@​5.96.2

5.96.1

... (truncated)

Commits

• a3ec7b3 ci: Version Packages (#10520)
• 69d2757 ci: Version Packages (#10514)
• adc2543 ci: Version Packages (#10454)
• 6040278 ci: Version Packages (#10451)
• 125067c ci: Version Packages (#10436)
• 5ca721f ci: Version Packages (#10379)
• 75052a7 ci: Version Packages (#10370)
• 4a3275c fix(build): exclude config files from production DTS rollup (#10358)
• 73e783b ci: Version Packages (#10364)
• 1047cdc ci: Version Packages (#10326)
• Additional commits viewable in compare view

Updates @tanstack/react-virtual from 3.13.19 to 3.13.24

Release notes

Sourced from @​tanstack/react-virtual's releases.

@​tanstack/react-virtual@​3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

@​tanstack/react-virtual@​3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

@​tanstack/react-virtual@​3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

@​tanstack/react-virtual@​3.13.21

Patch Changes

• Updated dependencies [be89e29]:
  • @​tanstack/virtual-core@​3.13.21

@​tanstack/react-virtual@​3.13.20

Patch Changes

• Updated dependencies [ff83e94]:
  • @​tanstack/virtual-core@​3.13.20

Changelog

Sourced from @​tanstack/react-virtual's changelog.

3.13.24

Patch Changes

• Updated dependencies [97a204d]:
  • @​tanstack/virtual-core@​3.14.0

3.13.23

Patch Changes

• Updated dependencies [7ece2d5]:
  • @​tanstack/virtual-core@​3.13.23

3.13.22

Patch Changes

• Updated dependencies [54d771a, d3416c3]:
  • @​tanstack/virtual-core@​3.13.22

3.13.21

Patch Changes

• Updated dependencies [be89e29]:
  • @​tanstack/virtual-core@​3.13.21

3.13.20

Patch Changes

• Updated dependencies [ff83e94]:
  • @​tanstack/virtual-core@​3.13.20

Commits

• c3d4cd4 ci: Version Packages (#1157)
• 9394e13 ci: Version Packages (#1149)
• 7ece2d5 fix(virtual-core): remove incorrect elementsCache cleanup using getItemKey (#...
• c2f1c39 ci: Version Packages (#1139)
• fc3c733 perf(virtual-core): skip sync DOM reads during normal scrolling (#1144)
• c4da5cb ci: Version Packages (#1137)
• be89e29 fix(virtual-core): smooth scrolling for dynamic item sizes (#1108)
• d2a9995 ci: Version Packages (#1136)
• ff83e94 fix(virtual-core): early return in _measureElement for disconnected nodes (#1...
• See full diff in compare view

Updates @upstash/redis from 1.36.3 to 1.37.0

Release notes

Sourced from @​upstash/redis's releases.

@​upstash/redis@​1.37.0

Minor Changes

• 6f2a831: Release redis search

Patch Changes

• 3980b45: Add monorepo structure

@upstash/redis@1.37.0-canary-20260312092231-7405c30f6a505815bbeb69b713a22978f104ec1f

What's Changed

• DX-2445: redis package version and changeset for search release by @​CahidArda in upstash/redis-js#1423
• DX-2445: fix redis version, add repository.url to search packages by @​CahidArda in upstash/redis-js#1424
• DX-2445: use pnpm publish for search packages to resolve workspace:* deps by @​CahidArda in upstash/redis-js#1425

Full Changelog: https://github.com/upstash/redis-js/compare/@​upstash/redis@​1.30.3-canary-20260312082754-96a99a4e83fc560b77c36808627213e528c2f110...@​upstash/redis@​1.37.0-canary-20260312092231-7405c30f6a505815bbeb69b713a22978f104ec1f

@​upstash/redis@​1.37.0-canary-20260312084440-fba95e89e54d8ba63f020400247a1ef0dbdd2c84

What's Changed

• DX-2445: redis package version and changeset for search release by @​CahidArda in upstash/redis-js#1423
• DX-2445: fix redis version, add repository.url to search packages by @​CahidArda in upstash/redis-js#1424

Full Changelog: https://github.com/upstash/redis-js/compare/@​upstash/redis@​1.30.3-canary-20260312082754-96a99a4e83fc560b77c36808627213e528c2f110...@​upstash/redis@​1.37.0-canary-20260312084440-fba95e89e54d8ba63f020400247a1ef0dbdd2c84

Commits

• 7e8fbed chore: version packages (#1420)
• 703f6d4 fix: handle FROM field option in SEARCH.DESCRIBE deserialization (#1426)
• 15b4fc9 fix: use pnpm publish for search packages to resolve workspace:* deps (#1425)
• fba95e8 DX-2445: fix redis version, add repository.url to search packages (#1424)
• 6f2a831 fix: redis package version and changeset for search release (#1423)
• 96a99a4 DX-2445: Add new search client packages (#1422)
• efd3bc6 DX-2445: use workflow_run instead of release event for npm publish (#1421)
• 2dc4212 fix: add commit message (#1419)
• 3980b45 DX-2445: Add monorepo structure (#1418)
• 89cc220 DX-2381: Redis Search (#1409)
• Additional commits viewable in compare view

Updates ai from 5.0.142 to 5.0.179

Release notes

Sourced from ai's releases.

ai@5.0.179

Patch Changes

• 5543cd1: Add AI Gateway hint to provider READMEs

Commits

• e947626 Version Packages (#14584)
• fac4ac4 fix: remove non-existent @​ai-sdk/klingai from changeset (#14583)
• d783228 fix release in v5 (#14581)
• c1c582a chore: update GitHub Actions to latest major versions (#14579)
• 6eeeb6f Backport: Backport: fix(google): use VALIDATED function calling mode when any...
• e1ed246 Backport: fix(anthropic): use default thinking budget when unspecified (#10996)
• 4145d2e Backport: docs: add tanstack start quickstart guide (#11365)
• 1c251eb Backport: feat(registry): add Airweave tool to registry with search capabilit...
• 67b6fca Backport: Backport: fix(security): prevent verify-changesets from leaking run...
• 5543cd1 Backport: Backport: Add AI Gateway hint to provider READMEs (#14211)
• Additional commits viewable in compare view

Updates axios from 1.13.6 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)
• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)
• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)
• Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)
• Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)
• Changelog Backfill: Added missing version entries to the changelog. (#10704)
• Dependencies: Bumped follow-redirects (1.15.11 → 1.16.0) in root and docs, axios (1.14.0 → 1.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​curiouscoder-cmd (#7252)
• @​tryonelove (#7520)
• @​darwin808 (#7314)
• @​zoontek (#10702)
• @​AKIB473 (#10725)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.15.1 — April 19, 2026

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)

• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)

• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)

• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)

• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)

• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)

• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)

• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)

• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)

• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)

• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)

• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)

• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)

• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)

• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)

• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)

... (truncated)

Commits

• ac42446 chore(release): prepare release 1.15.1 (#10767)
• 908f220 docs: update threatmodel (#10765)
• f93f815 docs: added docs around potential decompressions bomb (#10763)
• 1728aa1 fix: short-circuits on any truthy non-boolean in withXSRFToken (#10762)
• 42eb721 fix: replace in with has own prop util (#10761)
• 7587327 fix: strip crlf correctly (#10758)
• f0b9867 chore: added additional testing for this issue (#10760)
• e033f24 fix: incomplete fix for cve (#10755)
• e8904af fix: stream response bypassed max content length (#10754)
• 1c7f6d7 fix: enforce m...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
blueledger	Ready	Preview, Comment	Apr 20, 2026 9:26pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.