Skip to content

chore(deps): bump the other-dependencies group across 1 directory with 2 updates#1705

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/main/other-dependencies-4f6c2d5a02
Open

chore(deps): bump the other-dependencies group across 1 directory with 2 updates#1705
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/main/other-dependencies-4f6c2d5a02

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Bumps the other-dependencies group with 2 updates in the / directory: @swc/core and axios.

Updates @swc/core from 1.15.33 to 1.15.40

Changelog

Sourced from @​swc/core's changelog.

[1.15.40] - 2026-05-23

Bug Fixes

  • (es/minifier) Preserve args for destructured callbacks (#11830) (21873b0)

  • (es/minifier) Avoid generating mangled property names that collide with existing properties (#11839) (9b4fab5)

  • (es/minifier) Respect ecma for iife temp vars (#11873) (e481934)

  • (es/minifier) Preserve default parameter object props (#11884) (71ff84f)

  • (es/parser) Reject object-rest assignment to array/object literal (#11875) (7b57d1f)

  • (es/parser) Reject object rest assignment to literals (#11881) (4ec2eaf)

  • (es/react) Exclude self-recursive hooks from refresh dependency array (#11838) (9101c71)

  • (ts/fast-dts) Strip definite assertions in dts (#11858) (2ab1b8a)

  • (ts/fast-strip) Reject unsafe assertion erasure in binary expressions (#11828) (aa5b539)

  • (typescript) Strip parameter binding defaults in dts (#11857) (800bc17)

Documentation

... (truncated)

Commits
  • 112729b chore: Publish 1.15.40 with swc_core v66.0.5
  • 13a5608 chore: Publish 1.15.40-nightly-20260523.1 with swc_core v66.0.5
  • bc6ee83 chore: Publish 1.15.39-nightly-20260523.1 with swc_core v66.0.5
  • 3a68ad5 chore: Publish 1.15.38-nightly-20260522.1 with swc_core v66.0.5
  • d0f0d5a chore: Publish 1.15.37-nightly-20260522.1 with swc_core v66.0.5
  • 969df79 chore: Publish 1.15.36-nightly-20260522.1 with swc_core v66.0.5
  • 38c2a44 chore: Publish 1.15.35-nightly-20260522.1 with swc_core v66.0.4
  • 18df110 chore: Publish 1.15.34-nightly-20260522.1 with swc_core v66.0.4
  • 20d92eb security: update rkyv and Rust dependencies (#11851)
  • 0d8e651 chore: Publish crates with swc_core v65.0.3
  • See full diff in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the other-dependencies group across 1 directory wit…
f8245bb 
…h 2 updates

Bumps the other-dependencies group with 2 updates in the / directory: [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core) and [axios](https://github.com/axios/axios).


Updates `@swc/core` from 1.15.33 to 1.15.40
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/commits/v1.15.40/packages/core)

Updates `axios` from 1.16.1 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.17.0)

---
updated-dependencies:
- dependency-name: "@swc/core"
  dependency-version: 1.15.40
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 8, 2026 02:24
@dependabot dependabot Bot requested review from AdamJHall and crispy101 June 8, 2026 02:24
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 8, 2026

⚠️ No Changeset Detected

This pull request modifies code that affects the following packages (detected by Nx):

Affected Packages:

  • @aligent/cdk-constructs

If this PR should trigger a release:

yarn changeset

Follow the prompts to select the affected packages and describe your changes.

If this PR should NOT trigger a release:

  • Documentation-only changes
  • Internal refactoring with no API changes
  • Test updates
  • Build/CI configuration changes
  • Changes only to root files (package.json, workflows, etc.)

In this case, no action is needed - this comment is just a reminder for reviewers.

This check uses Nx to accurately detect which packages are affected by your changes. If you're unsure whether a changeset is needed, please ask a maintainer!

🔧 Commands & Tips 
# Add a changeset for your changes
yarn changeset

# Check which packages Nx thinks are affected
npx nx show projects --affected

# Check current changeset status
yarn changeset:status

# Add an empty changeset if no release needed
yarn changeset --empty

Pro tip: When running yarn changeset, select only the packages listed above that you actually changed the public API of.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AdamJHall AdamJHall Awaiting requested review from AdamJHall AdamJHall is a code owner automatically assigned from aligent/devops

@crispy101 crispy101 Awaiting requested review from crispy101 crispy101 is a code owner automatically assigned from aligent/devops

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants