chore(deps): bump the npm-non-major group across 2 directories with 28 updates by dependabot[bot] · Pull Request #1601 · finos/git-proxy

dependabot · 2026-06-17T09:30:41Z

Bumps the npm-non-major group with 24 updates in the / directory:

Package	From	To
@aws-sdk/credential-providers	`3.992.0`	`3.1068.0`
@fontsource/roboto	`5.2.9`	`5.2.10`
@primer/octicons-react	`19.21.2`	`19.28.1`
axios	`1.16.1`	`1.17.0`
express-rate-limit	`8.5.1`	`8.5.2`
isomorphic-git	`1.36.3`	`1.38.4`
openid-client	`6.8.1`	`6.8.4`
parse-diff	`0.11.1`	`0.12.0`
validator	`13.15.26`	`13.15.35`
@babel/core	`7.29.0`	`7.29.7`
@babel/preset-react	`7.28.5`	`7.29.7`
@eslint/compat	`2.0.2`	`2.1.0`
@types/express-session	`1.18.2`	`1.19.0`
@types/lodash	`4.17.23`	`4.17.24`
cypress	`15.9.0`	`15.17.0`
fast-check	`4.5.3`	`4.8.0`
lint-staged	`17.0.5`	`17.0.7`
prettier	`3.8.1`	`3.8.4`
tsx	`4.21.0`	`4.22.4`
typescript-eslint	`8.56.0`	`8.61.0`
@esbuild/darwin-arm64	`0.27.2`	`0.28.1`
@esbuild/darwin-x64	`0.27.2`	`0.28.1`
@esbuild/linux-x64	`0.27.2`	`0.28.1`
@esbuild/win32-x64	`0.27.2`	`0.28.1`

Bumps the npm-non-major group with 5 updates in the /website directory:

Package	From	To
axios	`1.15.2`	`1.17.0`
react	`19.2.5`	`19.2.7`
react-dom	`19.2.5`	`19.2.7`
eslint	`10.3.0`	`10.5.0`
@mermaid-js/layout-elk	`0.1.9`	`0.2.1`

Updates @aws-sdk/credential-providers from 3.992.0 to 3.1068.0

Release notes

Sourced from @aws-sdk/credential-providers's releases.

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes

client-iam: Updating documentation for select service-specific credential APIs (f572228a)

New Features

clients: update client endpoints as of 2026-06-12 (3f89d039)

client-acm: Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. (ca60b0f9)

client-eks: Patches missing enum values for EKS updates (c2df34dc)

client-sagemaker-runtime: Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. (c4e229dd)

client-glue: Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. (f45445f9)

client-firehose: Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. (80837cd3)

client-bedrock-agentcore: Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (1c06496f)

client-devops-agent: Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. (7139cf1e)

client-bedrock-agentcore-control: Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (571ac1e7)

For list of updated packages, view updated-packages.md in assets-3.1068.0.zip

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes

suggest UndiciHttpHandler as an alternative request handler (#8092) (bd18a9f0)

New Features

client-eks: Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. (383363d5)

client-omics: Adds support for workflowName in the ListRuns API response. (fa2f4604)

client-neptune: Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations (ae089f94)

client-bedrock-agentcore: Adds support to perform cross account data plane actions on an AgentCore Memory resource (8d92e480)

client-healthlake: Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. (c74ab005)

client-bedrock-agentcore-control: Supports deterministic metadata for AgentCore Memory (af7a995a)

client-support: Adding new BDD representation of endpoint ruleset (cd9dac21)

For list of updated packages, view updated-packages.md in assets-3.1067.0.zip

v3.1066.0

3.1066.0(2026-06-10)

New Features

... (truncated)

Changelog

Sourced from @aws-sdk/credential-providers's changelog.

3.1068.0 (2026-06-12)

Note: Version bump only for package @aws-sdk/credential-providers

3.1067.0 (2026-06-11)

Note: Version bump only for package @aws-sdk/credential-providers

3.1066.0 (2026-06-10)

Note: Version bump only for package @aws-sdk/credential-providers

3.1065.0 (2026-06-09)

Note: Version bump only for package @aws-sdk/credential-providers

3.1064.0 (2026-06-08)

Note: Version bump only for package @aws-sdk/credential-providers

3.1063.0 (2026-06-05)

Note: Version bump only for package @aws-sdk/credential-providers

3.1062.0 (2026-06-04)

... (truncated)

Commits

0632f6d Publish v3.1068.0
0a3246f Publish v3.1067.0
4b11912 Publish v3.1066.0
62daf07 Publish v3.1065.0
bac7175 Publish v3.1064.0
86792c5 chore(scripts): update pkg json linting (#8082)
85dabf4 Publish v3.1063.0
9bd1a86 chore: update author URL in package.json (#8080)
f5235bb Publish v3.1062.0
71df2cc Publish v3.1061.0
Additional commits viewable in compare view

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

See full diff in compare view

Updates @primer/octicons-react from 19.21.2 to 19.28.1

Release notes

Sourced from @primer/octicons-react's releases.

v19.28.1

Patch Changes

#1215 378d7af0 Thanks @ktravers! - Remove fill from StackRemove and StackCheck icons

#1221 9d7b366a Thanks @CameronFoxly! - Add stack-add-16.svg

v19.28.0

Minor Changes

#1208 eddab3ff Thanks @dylanatsmith! - Fix vscode icon: update 16px, add 24px, remove 32px and 48px

v19.27.0

Minor Changes

#1203 a69618e4 Thanks @ericwbailey! - Add flag icon

Patch Changes

#1212 02bd1ef8 Thanks @ericwbailey! - remove hardcoded fill from flag icon

v19.26.0

Minor Changes

#1197 b45f1d35 Thanks @lukasoppermann! - Add repo-forked-locked icon

Patch Changes

#1209 9a7e2146 Thanks @siddharthkp! - fix: remove hardcoded fill from sandbox icon

v19.25.0

Minor Changes

#1193 b6efea4a Thanks @kylewaynebenson! - Added StackRemove & StackCheck icons

#1194 7d7ca421 Thanks @kylewaynebenson! - Added Sandbox icon

v19.24.1

Patch Changes

#1190 38dfb0d4 Thanks @francinelucca! - Allow data-component attribute to be overridden by consumers

v19.24.0

Minor Changes

#1185 25e257ff Thanks @francinelucca! - Add data-component="Octicon" attribute to all SVG elements for easier identification and styling

v19.23.1

... (truncated)

Changelog

Sourced from @primer/octicons-react's changelog.

19.28.1

Patch Changes

#1215 378d7af0 Thanks @ktravers! - Remove fill from StackRemove and StackCheck icons

#1221 9d7b366a Thanks @CameronFoxly! - Add stack-add-16.svg

19.28.0

Minor Changes

#1208 eddab3ff Thanks @dylanatsmith! - Fix vscode icon: update 16px, add 24px, remove 32px and 48px

19.27.0

Minor Changes

#1203 a69618e4 Thanks @ericwbailey! - Add flag icon

Patch Changes

#1212 02bd1ef8 Thanks @ericwbailey! - remove hardcoded fill from flag icon

19.26.0

Minor Changes

#1197 b45f1d35 Thanks @lukasoppermann! - Add repo-forked-locked icon

Patch Changes

#1209 9a7e2146 Thanks @siddharthkp! - fix: remove hardcoded fill from sandbox icon

19.25.0

Minor Changes

#1193 b6efea4a Thanks @kylewaynebenson! - Added StackRemove & StackCheck icons

#1194 7d7ca421 Thanks @kylewaynebenson! - Added Sandbox icon

19.24.1

Patch Changes

#1190 38dfb0d4 Thanks @francinelucca! - Allow data-component attribute to be overridden by consumers

19.24.0

... (truncated)

Commits

6d9dcd9 Version Packages (#1216)
9d7b366 Save stack-add-16.svg (#1221)
4e8731c Fix optimize pathspec to match icons in root directory (#1220)
c6a8229 Scope SVG optimize workflow to only changed icons (#1218)
378d7af Remove hard-coded fill from StackRemove and StackCheck icons (#1215)
f17b0be Bump @tootallnate/once from 2.0.0 to 2.0.1 in /lib/octicons_react (#1213)
fef9ded Version Packages (#1214)
eddab3f Fix VSCode icon and remove unnecessary size variants (#1208)
067ee62 Bump lodash from 4.17.23 to 4.18.1 in /lib/octicons_react (#1201)
7ee4aaf Version Packages (#1210)
Additional commits viewable in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

Commits

4306df2 chore: add fun 88 sponsorship
931cc8f chore(release): prepare release 1.17.0 (#10983)
38ba1b3 fix(fetch): support basic auth from URL (#10896)
32e2515 fix: replace ternary side effect in script (#10931)
030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
ec63164 chore: remove openspec (#10958)
3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
2d2314a fix: AxiosHeaders toJSON() return types (#10956)
Additional commits viewable in compare view

Updates express-rate-limit from 8.5.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

Commits

9774693 8.5.2
0e94cc0 v8.5.2 changelog
9a583c5 feat: simplify IPv6 key generation (#633)
4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
See full diff in compare view

Updates isomorphic-git from 1.36.3 to 1.38.4

Release notes

Sourced from isomorphic-git's releases.

v1.38.4

1.38.4 (2026-06-02)

Bug Fixes

pass credential config username to auth callbacks (#2346) (d9920c5)

v1.38.3

1.38.3 (2026-05-26)

Bug Fixes

Improve internal error reporting guidance (#2345) (955acf3)

v1.38.2

1.38.2 (2026-05-25)

Bug Fixes

add bot authoring to release commit (#2329) (328b1ba)

add Clever Cloud logo to Acknowledgments in README (#2334) (89f441d)

v1.38.1

1.38.1 (2026-05-18)

Bug Fixes

add cloudflare logo (#2316) (a71a835)

v1.38.0

1.38.0 (2026-05-15)

Bug Fixes

Fix images in README (#2315) (007951f)

Features

add refresh option to status and statusMatrix (#2313) (a7420b7)

v1.37.9

1.37.9 (2026-05-15)

... (truncated)

Commits

d9920c5 fix: pass credential config username to auth callbacks (#2346)
955acf3 fix: Improve internal error reporting guidance (#2345)
89f441d fix: add Clever Cloud logo to Acknowledgments in README (#2334)
328b1ba fix: add bot authoring to release commit (#2329)
a71a835 fix: add cloudflare logo (#2316)
a7420b7 feat: add refresh option to status and statusMatrix (#2313)
007951f fix: Fix images in README (#2315)
6e99054 fix: point "jsdelivr" field to minified browser build (#2312)
6972b1e fix: remove duplicated contriobutors (#2311)
199714a fix: browser entrypoint not being used in some non-node build contexts (#2309)
Additional commits viewable in compare view

Updates openid-client from 6.8.1 to 6.8.4

Release notes

Sourced from openid-client's releases.

v6.8.4

Fixes

apply optional non-repudiation on generic grant ID Tokens (6202888)

filter jwe decryption keys by algorithm (34e2ffd)

preserve poll abort signals on requests (96a2d17)

retry dpop nonce errors for generic grants (498c4d9)

v6.8.3

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

v6.8.2

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Changelog

Sourced from openid-client's changelog.

6.8.4 (2026-04-27)

Fixes

apply optional non-repudiation on generic grant ID Tokens (6202888)

filter jwe decryption keys by algorithm (34e2ffd)

preserve poll abort signals on requests (96a2d17)

retry dpop nonce errors for generic grants (498c4d9)

6.8.3 (2026-04-13)

Documentation

note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

passport: delete one-time state on callback (1e7dd2e)

6.8.2 (2026-02-07)

Fixes

use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

Commits

c645695 chore(release): 6.8.4
ee60464 chore: update CHANGELOG.md header
96a2d17 fix: preserve poll abort signals on requests
34e2ffd fix: filter jwe decryption keys by algorithm
6202888 fix: apply optional non-repudiation on generic grant ID Tokens
498c4d9 fix: retry dpop nonce errors for generic grants
35042cf chore: cleanup after release
66e4082 chore(release): 6.8.3
fa292f2 test: fix typings build issues
0600c91 test: deflake pollBackchannelAuthenticationGrant
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openid-client since your current version.

Updates parse-diff from 0.11.1 to 0.12.0

Commits

f0828af Release 0.12.0
5a66fd9 chore: build with esbuild
a3b0c75 feat: use esbuild
07dbcd6 chore: biome auto fixes
4e60b97 feat(devx): try biome
8231f95 chore: up eslint v10
c032d55 chore: up deps
e563b14 chore: use node v24
251d359 Merge pull request #51 from andyfeller/af/handle-empty-lines
a3180a5 fix: handle empty context lines in unified diffs
Additional commits viewable in compare view

Updates validator from 13.15.26 to 13.15.35

Release notes

Sourced from validator's releases.

13.15.35

Fixes, New Locales and Enhancements

#2663 isISO31661Alpha2/isISO31661Alpha3: add support for Kosovo (XK / XXK) @johanpoirier-d4

#2661 isHexColor: ignore non-object options @yuna0831

isTaxID

#2644 improve pt-BR locale by adding support for alphanumeric CNPJ format @easedu

#2675 improve pt-BR locale by adding support for formatted CPF values @easedu

#2643 isPassportNumber: improve MX locale @jesroffrouk

…8 updates Bumps the npm-non-major group with 24 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@aws-sdk/credential-providers](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/credential-providers) | `3.992.0` | `3.1068.0` | | [@fontsource/roboto](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/roboto) | `5.2.9` | `5.2.10` | | [@primer/octicons-react](https://github.com/primer/octicons) | `19.21.2` | `19.28.1` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.17.0` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.5.1` | `8.5.2` | | [isomorphic-git](https://github.com/isomorphic-git/isomorphic-git) | `1.36.3` | `1.38.4` | | [openid-client](https://github.com/panva/openid-client) | `6.8.1` | `6.8.4` | | [parse-diff](https://github.com/sergeyt/parse-diff) | `0.11.1` | `0.12.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` | | [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` | | [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) | `7.28.5` | `7.29.7` | | [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) | `2.0.2` | `2.1.0` | | [@types/express-session](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express-session) | `1.18.2` | `1.19.0` | | [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) | `4.17.23` | `4.17.24` | | [cypress](https://github.com/cypress-io/cypress) | `15.9.0` | `15.17.0` | | [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) | `4.5.3` | `4.8.0` | | [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.5` | `17.0.7` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.4` | | [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.56.0` | `8.61.0` | | [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.1` | | [@esbuild/darwin-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.1` | | [@esbuild/linux-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.1` | | [@esbuild/win32-x64](https://github.com/evanw/esbuild) | `0.27.2` | `0.28.1` | Bumps the npm-non-major group with 5 updates in the /website directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.15.2` | `1.17.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.5` | `19.2.7` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.5` | `19.2.7` | | [eslint](https://github.com/eslint/eslint) | `10.3.0` | `10.5.0` | | [@mermaid-js/layout-elk](https://github.com/mermaid-js/mermaid) | `0.1.9` | `0.2.1` | Updates `@aws-sdk/credential-providers` from 3.992.0 to 3.1068.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/credential-providers/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1068.0/packages/credential-providers) Updates `@fontsource/roboto` from 5.2.9 to 5.2.10 - [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md) - [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/google/roboto) Updates `@primer/octicons-react` from 19.21.2 to 19.28.1 - [Release notes](https://github.com/primer/octicons/releases) - [Changelog](https://github.com/primer/octicons/blob/main/CHANGELOG.md) - [Commits](primer/octicons@v19.21.2...v19.28.1) Updates `axios` from 1.16.1 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `express-rate-limit` from 8.5.1 to 8.5.2 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.5.1...v8.5.2) Updates `isomorphic-git` from 1.36.3 to 1.38.4 - [Release notes](https://github.com/isomorphic-git/isomorphic-git/releases) - [Commits](isomorphic-git/isomorphic-git@v1.36.3...v1.38.4) Updates `openid-client` from 6.8.1 to 6.8.4 - [Release notes](https://github.com/panva/openid-client/releases) - [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md) - [Commits](panva/openid-client@v6.8.1...v6.8.4) Updates `parse-diff` from 0.11.1 to 0.12.0 - [Commits](sergeyt/parse-diff@0.11.1...0.12.0) Updates `validator` from 13.15.26 to 13.15.35 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.15.26...13.15.35) Updates `@babel/core` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `@babel/preset-react` from 7.28.5 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-react) Updates `@eslint/compat` from 2.0.2 to 2.1.0 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v2.1.0/packages/compat) Updates `@types/express-session` from 1.18.2 to 1.19.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express-session) Updates `@types/lodash` from 4.17.23 to 4.17.24 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) Updates `cypress` from 15.9.0 to 15.17.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v15.9.0...v15.17.0) Updates `fast-check` from 4.5.3 to 4.8.0 - [Release notes](https://github.com/dubzzz/fast-check/releases) - [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md) - [Commits](https://github.com/dubzzz/fast-check/commits/v4.8.0/packages/fast-check) Updates `lint-staged` from 17.0.5 to 17.0.7 - [Release notes](https://github.com/lint-staged/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v17.0.5...v17.0.7) Updates `prettier` from 3.8.1 to 3.8.4 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.1...3.8.4) Updates `tsx` from 4.21.0 to 4.22.4 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.21.0...v4.22.4) Updates `typescript-eslint` from 8.56.0 to 8.61.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.0/packages/typescript-eslint) Updates `@esbuild/darwin-arm64` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.1) Updates `@esbuild/darwin-x64` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.1) Updates `@esbuild/linux-x64` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.1) Updates `@esbuild/win32-x64` from 0.27.2 to 0.28.1 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md) - [Commits](evanw/esbuild@v0.27.2...v0.28.1) Updates `axios` from 1.16.1 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `axios` from 1.15.2 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `react` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `react-dom` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) Updates `eslint` from 10.3.0 to 10.5.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.3.0...v10.5.0) Updates `@mermaid-js/layout-elk` from 0.1.9 to 0.2.1 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](https://github.com/mermaid-js/mermaid/compare/@mermaid-js/layout-elk@0.1.9...@mermaid-js/layout-elk@0.2.1) Updates `axios` from 1.15.2 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.17.0) Updates `eslint` from 10.3.0 to 10.5.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.3.0...v10.5.0) Updates `react` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react) Updates `react-dom` from 19.2.5 to 19.2.7 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom) --- updated-dependencies: - dependency-name: "@aws-sdk/credential-providers" dependency-version: 3.1068.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@fontsource/roboto" dependency-version: 5.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@primer/octicons-react" dependency-version: 19.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: express-rate-limit dependency-version: 8.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: isomorphic-git dependency-version: 1.38.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: openid-client dependency-version: 6.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: parse-diff dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: validator dependency-version: 13.15.35 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: "@babel/preset-react" dependency-version: 7.29.7 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@eslint/compat" dependency-version: 2.1.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@types/express-session" dependency-version: 1.19.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@types/lodash" dependency-version: 4.17.24 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: cypress dependency-version: 15.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: fast-check dependency-version: 4.8.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: lint-staged dependency-version: 17.0.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: prettier dependency-version: 3.8.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: tsx dependency-version: 4.22.4 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: typescript-eslint dependency-version: 8.61.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/darwin-arm64" dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/darwin-x64" dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/linux-x64" dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@esbuild/win32-x64" dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@mermaid-js/layout-elk" dependency-version: 0.2.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: react dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: react-dom dependency-version: 19.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major ... Signed-off-by: dependabot[bot] <support@github.com>

netlify · 2026-06-17T09:30:46Z

✅ Deploy Preview for endearing-brigadeiros-63f9d0 ready!

Name	Link
🔨 Latest commit	`d76eddc`
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/6a32694498503f0008a79118
😎 Deploy Preview	https://deploy-preview-1601.git-proxy.preview.finos.org
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

github-actions · 2026-06-17T09:31:19Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 1 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.
⚠️ 1 packages with OpenSSF Scorecard issues.

View full job summary

dependabot Bot added automated dependencies Pull requests that update a dependency file labels Jun 17, 2026

dependabot Bot requested a review from a team as a code owner June 17, 2026 09:30

dependabot Bot mentioned this pull request Jun 17, 2026

chore(deps): bump the npm-non-major group across 2 directories with 28 updates #1592

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm-non-major group across 2 directories with 28 updates#1601

chore(deps): bump the npm-non-major group across 2 directories with 28 updates#1601
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-non-major-b302918320

dependabot Bot commented on behalf of github Jun 17, 2026

Uh oh!

netlify Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 17, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 17, 2026

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes

New Features

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes

New Features

v3.1066.0

3.1066.0(2026-06-10)

New Features

3.1068.0 (2026-06-12)

3.1067.0 (2026-06-11)

3.1066.0 (2026-06-10)

3.1065.0 (2026-06-09)

3.1064.0 (2026-06-08)

3.1063.0 (2026-06-05)

3.1062.0 (2026-06-04)

v19.28.1

Patch Changes

v19.28.0

Minor Changes

v19.27.0

Minor Changes

Patch Changes

v19.26.0

Minor Changes

Patch Changes

v19.25.0

Minor Changes

v19.24.1

Patch Changes

v19.24.0

Minor Changes

v19.23.1

19.28.1

Patch Changes

19.28.0

Minor Changes

19.27.0

Minor Changes

Patch Changes

19.26.0

Minor Changes

Patch Changes

19.25.0

Minor Changes

19.24.1

Patch Changes

19.24.0

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v8.5.2

v1.38.4

1.38.4 (2026-06-02)

Bug Fixes

v1.38.3

1.38.3 (2026-05-26)

Bug Fixes

v1.38.2

1.38.2 (2026-05-25)

Bug Fixes

v1.38.1

1.38.1 (2026-05-18)

Bug Fixes

v1.38.0

1.38.0 (2026-05-15)

Bug Fixes

netlify Bot commented Jun 17, 2026 •

edited

Loading