Skip to content

Bump the npm-packages group with 6 updates#189

Merged
MTSOnGithub merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/npm-packages-775ccbc89b
Apr 27, 2026
Merged

Bump the npm-packages group with 6 updates#189
MTSOnGithub merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/npm-packages-775ccbc89b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps the npm-packages group with 6 updates:

Package From To
@tanstack/react-query 5.99.2 5.100.5
@tanstack/react-query-devtools 5.99.2 5.100.5
axios 1.15.1 1.15.2
@typescript-eslint/eslint-plugin 8.58.2 8.59.0
@typescript-eslint/parser 8.58.2 8.59.0
terser-webpack-plugin 5.4.0 5.5.0

Updates @tanstack/react-query from 5.99.2 to 5.100.5

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.5
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query-next-experimental@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query-persist-client@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.100.5
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query@​5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

@​tanstack/react-query-devtools@​5.100.4

Patch Changes

  • fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

  • Updated dependencies [3d1a62e]:

    • @​tanstack/query-devtools@​5.100.4
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query-next-experimental@​5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query-persist-client@​5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.100.4
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query@​5.100.4

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.5

Patch Changes

  • Updated dependencies [a53ef97]:
    • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-core@​5.100.4

5.100.3

Patch Changes

  • fix(suspense): skip calling combine when queries would suspend (#10576)

  • Updated dependencies [f85d825]:

    • @​tanstack/query-core@​5.100.3

5.100.2

Patch Changes

5.100.1

Patch Changes

  • Updated dependencies [1bb0d23]:
    • @​tanstack/query-core@​5.100.1

5.100.0

Patch Changes

  • Updated dependencies [6540a41]:
    • @​tanstack/query-core@​5.100.0
Commits

Updates @tanstack/react-query-devtools from 5.99.2 to 5.100.5

Release notes

Sourced from @​tanstack/react-query-devtools's releases.

@​tanstack/react-query-devtools@​5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.5
    • @​tanstack/react-query@​5.100.5

@​tanstack/react-query-devtools@​5.100.4

Patch Changes

  • fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

  • Updated dependencies [3d1a62e]:

    • @​tanstack/query-devtools@​5.100.4
    • @​tanstack/react-query@​5.100.4

@​tanstack/react-query-devtools@​5.100.3

Patch Changes

  • Updated dependencies [f85d825]:
    • @​tanstack/react-query@​5.100.3
    • @​tanstack/query-devtools@​5.100.3

@​tanstack/react-query-devtools@​5.100.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.2
    • @​tanstack/react-query@​5.100.2
Changelog

Sourced from @​tanstack/react-query-devtools's changelog.

5.100.5

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.5
    • @​tanstack/react-query@​5.100.5

5.100.4

Patch Changes

  • fix(devtools): change onClose callback type from () => unknown to () => void (#10118)

  • Updated dependencies [3d1a62e]:

    • @​tanstack/query-devtools@​5.100.4
    • @​tanstack/react-query@​5.100.4

5.100.3

Patch Changes

  • Updated dependencies [f85d825]:
    • @​tanstack/react-query@​5.100.3
    • @​tanstack/query-devtools@​5.100.3

5.100.2

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.2
    • @​tanstack/react-query@​5.100.2

5.100.1

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.1
    • @​tanstack/react-query@​5.100.1

5.100.0

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-devtools@​5.100.0
    • @​tanstack/react-query@​5.100.0
Commits

Updates axios from 1.15.1 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

  • Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
  • SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
  • Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

  • allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

  • Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

  • Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Commits

Updates @typescript-eslint/eslint-plugin from 8.58.2 to 8.59.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.59.0 (2026-04-20)

🚀 Features

  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits
  • ea9ae4f chore(release): publish 8.59.0
  • cfca550 feat(eslint-plugin): [no-unnecessary-type-assertion] report more cases based ...
  • 6d599b4 chore(eslint-plugin): switch auto-generated test cases to hand-written in ret...
  • 33c8169 chore: fix cspell violations in code blocks (#12167)
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.58.2 to 8.59.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.59.0 (2026-04-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates terser-webpack-plugin from 5.4.0 to 5.5.0

Release notes

Sourced from terser-webpack-plugin's releases.

v5.5.0

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.5.0 (2026-04-23)

Features

  • support extractComments in swcMinify (#665) (03143d3)
Changelog

Sourced from terser-webpack-plugin's changelog.

5.5.0 (2026-04-23)

Features

  • support extractComments in swcMinify (#665) (03143d3)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-packages group with 6 updates
8f73981 
Bumps the npm-packages group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.99.2` | `5.100.5` |
| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.99.2` | `5.100.5` |
| [axios](https://github.com/axios/axios) | `1.15.1` | `1.15.2` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.58.2` | `8.59.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.58.2` | `8.59.0` |
| [terser-webpack-plugin](https://github.com/webpack/terser-webpack-plugin) | `5.4.0` | `5.5.0` |


Updates `@tanstack/react-query` from 5.99.2 to 5.100.5
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.5/packages/react-query)

Updates `@tanstack/react-query-devtools` from 5.99.2 to 5.100.5
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.100.5/packages/react-query-devtools)

Updates `axios` from 1.15.1 to 1.15.2
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.1...v1.15.2)

Updates `@typescript-eslint/eslint-plugin` from 8.58.2 to 8.59.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.58.2 to 8.59.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.0/packages/parser)

Updates `terser-webpack-plugin` from 5.4.0 to 5.5.0
- [Release notes](https://github.com/webpack/terser-webpack-plugin/releases)
- [Changelog](https://github.com/webpack/terser-webpack-plugin/blob/main/CHANGELOG.md)
- [Commits](webpack/terser-webpack-plugin@v5.4.0...v5.5.0)

---
updated-dependencies:
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.100.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-packages
- dependency-name: "@tanstack/react-query-devtools"
  dependency-version: 5.100.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-packages
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-packages
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.59.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-packages
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.59.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-packages
- dependency-name: terser-webpack-plugin
  dependency-version: 5.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the type:dependency Dependency-related changes label Apr 27, 2026
@MTSOnGithub MTSOnGithub enabled auto-merge (rebase) April 27, 2026 06:57
@MTSOnGithub MTSOnGithub merged commit 5694d5f into develop Apr 27, 2026
4 checks passed
@MTSOnGithub MTSOnGithub deleted the dependabot/npm_and_yarn/npm-packages-775ccbc89b branch April 27, 2026 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MTSOnGithub MTSOnGithub MTSOnGithub approved these changes

Assignees

No one assigned

Labels

type:dependency Dependency-related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MTSOnGithub