Skip to content

fix(deps): update non-major dependencies#747

Merged
leomp12 merged 1 commit intomainfrom
renovate/many-minor-patch
Apr 27, 2026
Merged

fix(deps): update non-major dependencies#747
leomp12 merged 1 commit intomainfrom
renovate/many-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 27, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@typescript-eslint/eslint-plugin (source) ^8.58.2^8.59.0 age confidence
@typescript-eslint/parser (source) ^8.58.2^8.59.0 age confidence
axios (source) ^1.15.0^1.15.2 age confidence
fast-xml-parser ^5.6.0^5.7.1 age confidence
firebase (source, changelog) ^12.12.0^12.12.1 age confidence
nodemailer (source) ^8.0.5^8.0.6 age confidence

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.59.0

Compare Source

🚀 Features
  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#​11789)
❤️ Thank You
  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.59.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

axios/axios (axios)

v1.15.2

Compare Source

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#​10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#​10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#​10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#​10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #​10780). (#​10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#​10781)

Full Changelog

v1.15.1

Compare Source

firebase/firebase-js-sdk (firebase)

v12.12.1: firebase@12.12.1

Compare Source

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.11.1

Patch Changes

  • 23ab5b9 #​9817 - Update code execution and URL context features to reflect that they are generally available and no longer public preview.

  • 6db5af4 #​9840 (fixes #​9832) - Fix TemplateChatSession type so it does not error on TypeScript build. See Github issue #​9832.

firebase@​12.12.1

Patch Changes
nodemailer/nodemailer (nodemailer)

v8.0.6

Compare Source

Bug Fixes

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/many-minor-patch branch from df0334e to 57732d1 Compare April 27, 2026 12:50
@leomp12 leomp12 merged commit 9c4e3fa into main Apr 27, 2026
3 checks passed
@leomp12 leomp12 deleted the renovate/many-minor-patch branch April 27, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leomp12 leomp12 leomp12 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leomp12