Skip to content

chore(deps): bump the regular-updates group with 4 updates#164

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/regular-updates-1c414f83f4
Open

chore(deps): bump the regular-updates group with 4 updates#164
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/regular-updates-1c414f83f4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the regular-updates group with 4 updates: axios, resend, @nuxt/icon and nuxt.

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits

Updates resend from 6.12.3 to 6.12.4

Release notes

Sourced from resend's releases.

v6.12.4

What's Changed

Full Changelog: resend/resend-node@v6.12.3...v6.12.4

Commits
  • 58db880 chore: bump version to 6.12.4 (#971)
  • 63f5ddb fix: replace svix with standardwebhooks to reduce install size (#969) (#970)
  • 45dc73d fix: to support @​react-email/render exports across versions in templates (#863)
  • 24950d7 refactor: align delete method with other HTTP methods in Resend class (#904)
  • 2759316 chore: bump public-shared-workflows hash (#966)
  • fa04efc chore: bump public-shared-workflows hash (#965)
  • 77bbf2d feat: add optional baseUrl and userAgent to Resend constructor (#839)
  • ebdb2d3 fix: avoid mutating payloads in emails, broadcasts, and templates (#862)
  • 674ab1b fix: rename misnamed get-contact.interface.ts to get-topic.interface.ts i...
  • ac0c09f chore: add sync-prs-to-linear action (#961)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by dielduarte, a new releaser for resend since your current version.


Updates @nuxt/icon from 2.2.2 to 2.2.3

Release notes

Sourced from @​nuxt/icon's releases.

v2.2.3

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • 4d8d1f6 chore: release v2.2.3
  • 0c6b696 chore(deps): update all non-major dependencies (#486)
  • d6288e5 chore(deps): update nuxt framework to ^4.4.6 (#459)
  • 17d9348 fix: scope per-instance customize to unique CSS selector (#483)
  • 4502522 fix(server): guard collection lookup against prototype keys (#488)
  • 931722e fix(server): use ufo for query parsing to fix h3 v2 compatibility (#493)
  • b13f778 chore(github): add pkg.pr.new preview publishing (#495)
  • 7cafddc chore(deps): update all non-major dependencies (#424)
  • 740ae78 ci: update workflow references to main branch (#484)
  • See full diff in compare view

Updates nuxt from 4.4.6 to 4.4.7

Release notes

Sourced from nuxt's releases.

v4.4.7

4.4.7 is the a security hotfix release.

👉 make sure to check https://github.com/nuxt/nuxt/security/advisories to view open advisories resolved by this release.

👉 Changelog

compare changes

🩹 Fixes

  • nitro: Assign noSSR before deciding payload extraction (#35108)
  • vite: Avoid filtering out dirs with shared prefix from allowDirs (#35112)
  • nuxt: Use resolve from pathe for buildCache path boundary check (#35111)
  • nuxt: Prevent sibling-directory traversal in test component wrapper (#35110)
  • nitro: Pass event data to isValid in dev clipboard-copy listener (#35109)
  • nuxt: Validate protocols in reloadNuxtApp path before reload (#35115)
  • vite: Prefix public asset virtuals with null byte (9e303b438)
  • nuxt: Re-run getCachedData after initial fetch (#35122)
  • nuxt: Propagate useFetch/useAsyncData factory types (#35133)
  • vite: Close vite dev server on nuxt close (a10a68abc)
  • kit,nuxt: Handle cancelling prompts to install packages (e84813229)
  • kit: Avoid excluding node-context files in legacy tsconfig (#35152)
  • nuxt: Handle missing payload in chunkError listener (#35155)
  • nuxt: Await in-lifght template generation when closing nuxt (#35181)
  • nuxt: Clarify page and layout usage warnings (#35184)
  • webpack: Surface compilation errors when stats.toString is empty (073b07851)
  • nuxt: Reject prototype-chain keys in the island registry (#35205)
  • nuxt: Apply isScriptProtocol guard to navigateTo open option (#35206)
  • nuxt: Prevent server-only page island from recursing via <NuxtPage> (#35198)
  • rspack,webpack: Require loopback host when missing same-origin signals (#35200)
  • nitro: Gate chrome devtools workspace endpoint to local requests (#35201)
  • nuxt: Escape props in <NuxtClientFallback> ssr output (#35199)
  • kit: Improve TS extension stripping/substitutions (#35233)
  • nuxt: Preserve .d.mts/.d.cts in resolveTypePaths (#35235)
  • nuxt: Escape <NoScript> slot content (4b054e9d9)
  • nuxt: Match route rules case-insensitively to mirror vue-router (07e39cd6f)
  • nuxt: Reject script-capable protocols in <NuxtLink> href (0103ce06f)
  • nuxt: Block path-normalization open redirect in navigateTo (2cce6fb02)
  • nuxt: Reject cross-origin paths in reloadNuxtApp (e447a793c)
  • vite: Bind vite-node IPC to a permissioned filesystem socket (1f9f4767a)

💅 Refactors

  • kit,nuxt,vite: Use es2023 array methods (#34980)
  • nuxt: Replace runInNewContext with AST walker (d72a89ef4)

📖 Documentation

  • Document vite client and server options (#35090)
  • Add dedicated module dependencies page (#35171)
  • Add nodeTsConfig and sharedTsConfig options (#35231)
  • Edit for clarity and grammar (#35214)

🏡 Chore

  • Use execFileSync for safety in release scripts (1d7baaf01)
  • Assert there is always a tag (e98c47c3c)

... (truncated)

Commits
  • b7d5790 v4.4.7
  • dbc5896 chore: lint
  • e447a79 fix(nuxt): reject cross-origin paths in reloadNuxtApp
  • d72a89e refactor(nuxt): replace runInNewContext with AST walker
  • 2cce6fb fix(nuxt): block path-normalization open redirect in navigateTo
  • 0103ce0 fix(nuxt): reject script-capable protocols in \<NuxtLink> href
  • 07e39cd fix(nuxt): match route rules case-insensitively to mirror vue-router
  • 4b054e9 fix(nuxt): escape \<NoScript> slot content
  • 03d83bf fix(nuxt): preserve .d.mts/.d.cts in resolveTypePaths (#35235)
  • 46960b2 fix(nuxt): escape props in \<NuxtClientFallback> ssr output (#35199)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the regular-updates group with 4 updates
a456b8a 
Bumps the regular-updates group with 4 updates: [axios](https://github.com/axios/axios), [resend](https://github.com/resend/resend-node), [@nuxt/icon](https://github.com/nuxt/icon) and [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt).


Updates `axios` from 1.16.1 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.17.0)

Updates `resend` from 6.12.3 to 6.12.4
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.3...v6.12.4)

Updates `@nuxt/icon` from 2.2.2 to 2.2.3
- [Release notes](https://github.com/nuxt/icon/releases)
- [Commits](nuxt/icon@v2.2.2...v2.2.3)

Updates `nuxt` from 4.4.6 to 4.4.7
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v4.4.7/packages/nuxt)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: regular-updates
- dependency-name: resend
  dependency-version: 6.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: regular-updates
- dependency-name: "@nuxt/icon"
  dependency-version: 2.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: regular-updates
- dependency-name: nuxt
  dependency-version: 4.4.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: regular-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@oneminch oneminch

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oneminch