Skip to content

chore(deps): bump the other-dependencies group with 4 updates#281

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/other-dependencies-dd2b7d286b
Open

chore(deps): bump the other-dependencies group with 4 updates#281
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/other-dependencies-dd2b7d286b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Bumps the other-dependencies group with 4 updates: @carbon/icons-react, axios, @easyops-cn/docusaurus-search-local and lint-staged.

Updates @carbon/icons-react from 11.81.0 to 11.82.0

Release notes

Sourced from @​carbon/icons-react's releases.

v11.82.0

v11.82.0 (2025-5-7)

eslint-config-carbon@3.22.0

New features 🚀

Housekeeping 🏠

@carbon/cli@11.27.0

New features 🚀

Housekeeping 🏠

@carbon/colors@11.33.0

New features 🚀

Housekeeping 🏠

@carbon/elements@11.67.0

Housekeeping 🏠

@carbon/grid@11.36.0

Housekeeping 🏠

@carbon/icon-helpers@10.59.0

Housekeeping 🏠

@carbon/icons@11.60.0

Housekeeping 🏠

... (truncated)

Commits

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits

Updates @easyops-cn/docusaurus-search-local from 0.55.1 to 0.55.2

Release notes

Sourced from @​easyops-cn/docusaurus-search-local's releases.

v0.55.2

0.55.2 (2026-05-31)

Bug Fixes

  • some languages need lunr wordcut (1e60641)
  • some languages need lunr wordcut (d871555), closes #438
Commits

Updates lint-staged from 17.0.5 to 17.0.7

Release notes

Sourced from lint-staged's releases.

v17.0.7

Patch Changes

v17.0.6

Patch Changes

  • #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

  • #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

  • #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

  • #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Changelog

Sourced from lint-staged's changelog.

17.0.7

Patch Changes

17.0.6

Patch Changes

  • #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

  • #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

  • #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

  • #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Commits
  • cd11fec Merge pull request #1807 from lint-staged/changeset-release/main
  • 15a8ee0 chore(changeset): release
  • 797bbd9 Merge pull request #1808 from lint-staged/add-stashing-faq
  • 504e307 docs: add FAQ entry on how stashing works
  • eff5cd1 Merge pull request #1806 from lint-staged/update-tinyexec
  • e692e58 build(deps): update tinyexec@^1.2.4
  • a2dd4ea Merge pull request #1805 from lint-staged/update-github-templates
  • c928519 docs: update GitHub templates
  • 094ba56 Merge pull request #1798 from lint-staged/changeset-release/main
  • 88e19fe chore(changeset): release
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the other-dependencies group with 4 updates
854cdeb 
Bumps the other-dependencies group with 4 updates: [@carbon/icons-react](https://github.com/carbon-design-system/carbon/tree/HEAD/packages/icons-react), [axios](https://github.com/axios/axios), [@easyops-cn/docusaurus-search-local](https://github.com/easyops-cn/docusaurus-search-local/tree/HEAD/packages/docusaurus-search-local) and [lint-staged](https://github.com/lint-staged/lint-staged).


Updates `@carbon/icons-react` from 11.81.0 to 11.82.0
- [Release notes](https://github.com/carbon-design-system/carbon/releases)
- [Changelog](https://github.com/carbon-design-system/carbon/blob/main/docs/release.md)
- [Commits](https://github.com/carbon-design-system/carbon/commits/v11.82.0/packages/icons-react)

Updates `axios` from 1.16.1 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.17.0)

Updates `@easyops-cn/docusaurus-search-local` from 0.55.1 to 0.55.2
- [Release notes](https://github.com/easyops-cn/docusaurus-search-local/releases)
- [Commits](https://github.com/easyops-cn/docusaurus-search-local/commits/v0.55.2/packages/docusaurus-search-local)

Updates `lint-staged` from 17.0.5 to 17.0.7
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.5...v17.0.7)

---
updated-dependencies:
- dependency-name: "@carbon/icons-react"
  dependency-version: 11.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
- dependency-name: "@easyops-cn/docusaurus-search-local"
  dependency-version: 0.55.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: lint-staged
  dependency-version: 17.0.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Updates dependencies of a code repository. javascript Pull requests that update javascript code minor Breaking change or new feature, causes the release drafter to create a new minor version labels Jun 4, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 4, 2026 08:24
@metal-robot metal-robot Bot added this to Development Jun 4, 2026
@metal-robot metal-robot Bot added the area: documentation Affects the documentation area. label Jun 4, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 4, 2026
edited
Loading

Deploy Preview for metal-stack-io ready!

Name Link
🔨 Latest commit 854cdeb
🔍 Latest deploy log https://app.netlify.com/projects/metal-stack-io/deploys/6a2136433ae2a1000837ec16
😎 Deploy Preview https://deploy-preview-281--metal-stack-io.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area: documentation Affects the documentation area. dependencies Updates dependencies of a code repository. javascript Pull requests that update javascript code minor Breaking change or new feature, causes the release drafter to create a new minor version

Projects

Development
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants