chore(deps): bump twilio from 5.13.1 to 6.0.2 by dependabot[bot] · Pull Request #14 · polyant-ai/polyant

dependabot · 2026-05-25T12:22:44Z

Bumps twilio from 5.13.1 to 6.0.2.

Release notes

6.0.2

Release Notes

Conversations

update actions api visibility

Memory

2026-05-07

Content updates:

include store api

Docs

6.0.1

Release Notes

Twiml

Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

Changelog

v1

Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

2026-04-21

Content updates:

Updated description for CreateDataSync

Updated description for DeleteCloudAppDataset

Updated description for DeleteWarehouseDataset

2026-04-20

Minor updates (formatting, metadata)

2026-04-17

updated operationId for dataplane APIs,Minor updates (formatting, metadata)

2026-04-15

libraryVisibility to private

2026-04-14

Added 1 new path(s):

/v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

2026-04-21

Content updates:

Remove Prefer/Async-Operation headers

2026-04-21

Content updates:

... (truncated)

Changelog

Sourced from twilio's changelog.

[2026-05-07] Version 6.0.2

Conversations

update actions api visibility

Memory

2026-05-07

Content updates:

include store api

[2026-05-06] Version 6.0.1

Twiml

Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

Changelog

v1

Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

2026-04-21

Content updates:

Updated description for CreateDataSync

Updated description for DeleteCloudAppDataset

Updated description for DeleteWarehouseDataset

2026-04-20

Minor updates (formatting, metadata)

2026-04-17

updated operationId for dataplane APIs,Minor updates (formatting, metadata)

2026-04-15

libraryVisibility to private

2026-04-14

Added 1 new path(s):

/v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

2026-04-21

Content updates:

Remove Prefer/Async-Operation headers

2026-04-21

Content updates:

Added 301 response for ListIdentifiers and GetIdentifier

Added 308 response for DeleteProfile, CreateIdentifier, PatchIdentifier, and DeleteIdentifier

2026-04-14

Modified 1 path(s):

... (truncated)

Upgrade guide

Sourced from twilio's upgrade guide.

Upgrade Guide

All MAJOR version bumps will have upgrade notes posted here.

[2026-04-20] 5.x.x to 6.x.x

Overview

Twilio Node Helper Library’s major version 6.0.0 is now available. We ensured that you can upgrade to Node Helper Library 6.0.0 version without any breaking changes to existing APIs.

Breaking Changes

Minimum Node.js version raised to 20

Dropped support for Node.js versions below 20

Upgrade to Node.js >= 20 before updating to twilio 6.x.x

[2024-03-07] 4.x.x to 5.x.x

Overview

Twilio Node Helper Library’s major version 5.0.0 is now available. We ensured that you can upgrade to Node helper Library 5.0.0 version without any breaking changes of existing apis

Behind the scenes Node Helper is now auto-generated via OpenAPI with this release. This enables us to rapidly add new features and enhance consistency across versions and languages. We're pleased to inform you that version 5.0.0 adds support for the application/json content type in the request body.

[2023-01-25] 3.x.x to 4.x.x

Supported Node.js versions updated

Upgrade to Node.js >= 14

Dropped support for Node.js < 14 (#791)

Added support for Node.js 18 (#794)

Lazy loading enabled by default (#752)

Required Twilio modules now lazy load by default

See the README for how to disable lazy loading

Type changes from object to Record (#873)

Certain response properties now use the Record type with string keys

Including the subresourceUris property for v2010 APIs and the links properties for non-v2010 APIs

Access Tokens

Creating an AccessToken requires an identity in the options (#875)

ConversationsGrant has been deprecated in favor of VoiceGrant (#783)

IpMessagingGrant has been removed (#784)

TwiML function deprecations (#788)

<Refer>

Refer.referSip() replaced by Refer.sip()

<Say>

Say.ssmlBreak() and Say.break_() replaced by Say.break()

Say.ssmlEmphasis() replaced by Say.emphasis()

... (truncated)

Commits

e9e5469 Release 6.0.2
fd93dfa [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 18d7938080...
c4d7168 Release 6.0.1
04a89ce [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 e2fda0239d...
d6b406f [Librarian] Regenerated @ 40ca64a22aef42a337cb49d1d4e4c4f48ae3b6e4 21ed5806ef...
3e96b64 chore: mvr 6.0.0 release prep (#1186)
447a23d Release 5.13.2
6267242 [Librarian] Regenerated @ 40ca64a22aef42a337cb49d1d4e4c4f48ae3b6e4 21ed5806ef...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [twilio](https://github.com/twilio/twilio-node) from 5.13.1 to 6.0.2. - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@5.13.1...6.0.2) --- updated-dependencies: - dependency-name: twilio dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-25T12:22:45Z

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Resolves CodeQL alerts #14 (clear-text-logging at users/seed.ts:55) and #15 (its sink in utils/file-logger.ts:82 where the same banner is tee'd to the daily engine-YYYY-MM-DD.log file). Previously, when INITIAL_ADMIN_PASSWORD was unset on first boot, seed.ts generated a random password and printed it inside a banner via console.warn. file-logger.ts intercepts console.* and writes everything to the daily log file with 14-day retention, so the secret was effectively persisted. New behaviour: INITIAL_ADMIN_PASSWORD is now REQUIRED to seed the admin. When absent the seeder logs a single warning explaining what to do, never calls insertUser, and never emits the password. The "password provided via env" path is unchanged — the env path was already log-safe (email-only). Tests updated to lock the new contract. .env.example reflects the new requirement. Breaking change for fresh deployments: operators must set INITIAL_ADMIN_PASSWORD before the first boot or seeding is skipped. Signed-off-by: Fabrizio Regini <fabrizio@exelab.com>

…#24) Resolves CodeQL alerts #14 (clear-text-logging at users/seed.ts:55) and #15 (its sink in utils/file-logger.ts:82 where the same banner is tee'd to the daily engine-YYYY-MM-DD.log file). Previously, when INITIAL_ADMIN_PASSWORD was unset on first boot, seed.ts generated a random password and printed it inside a banner via console.warn. file-logger.ts intercepts console.* and writes everything to the daily log file with 14-day retention, so the secret was effectively persisted. New behaviour: INITIAL_ADMIN_PASSWORD is now REQUIRED to seed the admin. When absent the seeder logs a single warning explaining what to do, never calls insertUser, and never emits the password. The "password provided via env" path is unchanged — the env path was already log-safe (email-only). Tests updated to lock the new contract. .env.example reflects the new requirement. Breaking change for fresh deployments: operators must set INITIAL_ADMIN_PASSWORD before the first boot or seeding is skipped. Signed-off-by: Fabrizio Regini <fabrizio@exelab.com>

paolovalletta-exelab mentioned this pull request May 25, 2026

chore(deps): batch safe Dependabot bumps (CI + langsmith + drizzle-kit) + drop @types/helmet #16

Merged

7 tasks

freegenie mentioned this pull request May 27, 2026

fix(security): never auto-generate and log the initial admin password (#14-#15) #24

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump twilio from 5.13.1 to 6.0.2#14

chore(deps): bump twilio from 5.13.1 to 6.0.2#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/twilio-6.0.2

dependabot Bot commented on behalf of github May 25, 2026

2026-05-07

Changelog

v1

2026-04-21

2026-04-20

2026-04-17

2026-04-15

2026-04-14

2026-04-21

2026-04-21

2026-05-07

Changelog

v1

2026-04-21

2026-04-20

2026-04-17

2026-04-15

2026-04-14

2026-04-21

2026-04-21

2026-04-14

Uh oh!

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants