Skip to content

chore(deps): bump the other-dependencies group across 1 directory with 4 updates#1664

Merged
TheOrangePuff merged 2 commits intomainfrom
dependabot/npm_and_yarn/main/other-dependencies-0dd4036d0a
Apr 24, 2026
Merged

chore(deps): bump the other-dependencies group across 1 directory with 4 updates#1664
TheOrangePuff merged 2 commits intomainfrom
dependabot/npm_and_yarn/main/other-dependencies-0dd4036d0a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Bumps the other-dependencies group with 4 updates in the / directory: @changesets/cli, @swc/core, cdk-nag and axios.

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

  • #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

  • #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

  • d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

  • #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

  • #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

  • #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

  • Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

    • @​changesets/assemble-release-plan@​6.0.10
    • @​changesets/get-dependents-graph@​2.1.4
    • @​changesets/apply-release-plan@​7.1.1
    • @​changesets/get-release-plan@​4.0.16
    • @​changesets/config@​3.1.4
Commits
  • 9cce6db Version Packages (#1897)
  • d2121dc Fix npm auth for path-based registries during publish by preserving configure...
  • 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
  • 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
  • 96ca062 Error on unsupported flags for individual CLI commands (#1889)
  • 42943b7 fix(cli): respond to --help on all subcommands (#1873)
  • f61e716 Improved detection for published state of prerelease-only packages without ...
  • See full diff in compare view

Updates @swc/core from 1.15.24 to 1.15.30

Changelog

Sourced from @​swc/core's changelog.

[1.15.30] - 2026-04-19

Bug Fixes

  • (deploy) Fix musl binding test workflow (#11804) (c30a522)

  • (deploy) Build package ts before Linux GNU binding tests (#11806) (a3d3ef3)

  • (es/jsx) Preserve quoted JSX attribute newlines (#11796) (9fe56c8)

  • (es/minifier) Support full ES version parsing in minify (#11800) (af1f08f)

  • (es/module) Add opt-in symlink-preserving resolver (#11801) (6028240)

  • (es/parser) Allow return type annotation on Flow constructors (#11790) (d66b29c)

  • (es/parser) Support Flow anonymous keyof indexers (#11792) (452c4e5)

  • (es/parser) Add Flow strip RN and RNW regression corpus (#11799) (23a9109)

Documentation

Features

[1.15.26] - 2026-04-14

Bug Fixes

  • (es/decorators) Preserve super in moved static members (#11781) (778328e)

... (truncated)

Commits
  • 502ad3e chore: Publish 1.15.30 with swc_core v64.0.0
  • 99a4503 chore: Publish 1.15.30-nightly-20260418.1 with swc_core v64.0.0
  • bf0146c chore: Publish 1.15.29-nightly-20260418.1 with swc_core v64.0.0
  • 993744e chore: Publish 1.15.28-nightly-20260418.1 with swc_core v64.0.0
  • d7e7d4a chore: Publish 1.15.27-nightly-20260418.1 with swc_core v64.0.0
  • 6f07c6c chore: Publish crates with swc_core v64.0.0
  • af1f08f fix(es/minifier): Support full ES version parsing in minify (#11800)
  • 5986411 feat(es/minify): support extracting comments (#11798)
  • fb92c49 chore: Publish 1.15.26 with swc_core v63.1.2
  • 8f06928 chore: Publish 1.15.26-nightly-20260414.1 with swc_core v63.1.2
  • Additional commits viewable in compare view

Updates cdk-nag from 2.37.55 to 2.38.1

Release notes

Sourced from cdk-nag's releases.

v2.38.1

2.38.1 (2026-04-21)

Bug Fixes

  • remove unnecessary test for serverSideEncryptionConfiguration to not be undefined (#2227) (9436814), closes #2226

v2.38.0

2.38.0 (2026-04-21)

Features

v2.37.56

2.37.56 (2026-04-20)

Bug Fixes

  • APIGWStructuredLogging: no stage description for CfnDeployment throws an error (#2268) (ac6dcd3), closes #2267
  • Cognito user pool advanced security mode (deprecated) updated to plus tier (#2155) (5a8b71d), closes #2139
  • prefix report filename with stage name to prevent collisions (#2302) (54e6425)
  • release: use 'release' GitHub environment for publish jobs (#2333) (9b66acd)
Commits
  • 9436814 fix: remove unnecessary test for serverSideEncryptionConfiguration to not b...
  • 03ad81a feat: add rule MWAAAllLoggingInfo (#2239)
  • 2f5fcef chore(deps): upgrade dev dependencies (#2336)
  • 017c10b chore: add tests for uncovered branches in sqs rules (#2231)
  • a285bb5 chore: add tests for uncovered branches in sns rules (#2229)
  • 585d5da chore: add tests for uncovered branches in stepfunctions rules (#2233)
  • 9aef297 chore: migrate to CdklabsConstructLibrary (#2335)
  • 9b66acd fix(release): use 'release' GitHub environment for publish jobs (#2333)
  • d46bb44 chore(deps): upgrade dependencies (#2332)
  • cd2e207 chore(deps): upgrade dependencies (#2331)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for cdk-nag since your current version.


Updates axios from 1.15.1 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the other-dependencies group across 1 directory wit…
4376bc6 
…h 4 updates

Bumps the other-dependencies group with 4 updates in the / directory: [@changesets/cli](https://github.com/changesets/changesets), [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core), [cdk-nag](https://github.com/cdklabs/cdk-nag) and [axios](https://github.com/axios/axios).


Updates `@changesets/cli` from 2.30.0 to 2.31.0
- [Release notes](https://github.com/changesets/changesets/releases)
- [Commits](https://github.com/changesets/changesets/compare/@changesets/cli@2.30.0...@changesets/cli@2.31.0)

Updates `@swc/core` from 1.15.24 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/commits/v1.15.30/packages/core)

Updates `cdk-nag` from 2.37.55 to 2.38.1
- [Release notes](https://github.com/cdklabs/cdk-nag/releases)
- [Commits](cdklabs/cdk-nag@v2.37.55...v2.38.1)

Updates `axios` from 1.15.1 to 1.15.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.1...v1.15.2)

---
updated-dependencies:
- dependency-name: "@changesets/cli"
  dependency-version: 2.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
- dependency-name: "@swc/core"
  dependency-version: 1.15.30
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
- dependency-name: cdk-nag
  dependency-version: 2.38.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: other-dependencies
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: other-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 24, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 24, 2026 06:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 24, 2026
@dependabot dependabot Bot requested review from TheOrangePuff and crispy101 April 24, 2026 06:08
@TheOrangePuff TheOrangePuff merged commit 12fb98f into main Apr 24, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/main/other-dependencies-0dd4036d0a branch April 24, 2026 06:16
@github-actions github-actions Bot mentioned this pull request Apr 24, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheOrangePuff TheOrangePuff TheOrangePuff approved these changes

@crispy101 crispy101 Awaiting requested review from crispy101 crispy101 is a code owner automatically assigned from aligent/devops

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheOrangePuff