Skip to content

Bump the prod-minor-updates group across 1 directory with 2 updates#5642

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/test/prod-minor-updates-dc074f5fb2
Open

Bump the prod-minor-updates group across 1 directory with 2 updates#5642
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/test/prod-minor-updates-dc074f5fb2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-minor-updates group with 2 updates in the /test directory: @quobix/vacuum and axios.

Updates @quobix/vacuum from 0.26.8 to 0.29.2

Release notes

Sourced from @​quobix/vacuum's releases.

v0.29.2

Changelog

  • c14a4a9dae8992b789915383da3edf49cabdec16 fix(motor): avoid broad component alias reconciliation
  • 47c5aac78b3295edad0baff157c26dde1267fd17 fix(motor): honor GOMAXPROCS for rule execution concurrency

v0.29.1

Changelog

  • f4a45caf29759a20e8e007044a6dba00546b567e Bump github.com/alecthomas/chroma/v2 from 2.24.1 to 2.26.1
  • 93e9b2e2ca1b0379871d47fc5a1fda729e0b5b0b Bump github.com/pb33f/libopenapi-validator from 0.13.7 to 0.13.8
  • 7360c0686dfc7bef502af0613085f4be9dbc5f3e add permissions.
  • 3f9cc525a502dacec2bb045aa28225ee04aa6fad fix(motor): include sibling component uses in nested reference alias paths
  • 925c673f0eacf62417d47423873d6fafc507dbc3 removed dead file

v0.29.0

Changelog

  • 21d356476884a8e2548d81e28779197d1b94cfa5 add AsyncAPI 3.x linting support
  • cac3f39d9882a3336269bcfd5e96581110469f3f updated docs and help to add in new AsyncAPI support.
  • 343544ce057b0ec3fa90858e77d3faefec089f0d updated readme
  • 93e337add909dd9bccb9318816418a0bce4c0256 upgraded libopenapi and upgrade code.

v0.28.4

Changelog

  • 6732bb00f67ffa21a1a2390469bb994925301c0c bump deps
  • 4942ddd4331608630b894b8af2f812fcdeb80870 ensure bundling behavior between docs and bundle operates the same way.

v0.28.3

Changelog

  • 74af9252465d5acd1b6dc56d5df3fa8df30c0cd3 fix: ensure x-lint-ignore directives respect parent ignores
  • 2238fd5bd5795439476f8191832e6469704df2a0 reconcile reference-alias result paths inside allOf/anyOf/oneOf

v0.28.2

Changelog

  • 6acde734cd11ba51f2db65fb9631d4abd367178d distinguish Homebrew cask from formula installs in upgrade flow
  • 1b8db0db8d671066f0226ad3e1cdb8df7f822e84 sort filtered rule stats and generalize source drift matching to external origins

v0.28.1

Changelog

  • f2f9f9809424dc946a7df14609bc5d9f933a12f1 harden result path reconciliation and violation diffing against ref drift
  • 9b004a592a6bf43ee731f21120b0a19b6d77a741 modified readme to add / correct links.
  • 649843da40f983e1d80b6daf711054c13ecd5b05 restored docker entrypoint

v0.28.0

Changelog

  • a3d2a5ae6f5ed632e4c891a79a97c7914211a3b4 added new schema command for JSON Schema linting!
  • ca6deec9b4d9b557904bae01bb2f71fedc356432 added new schema command to agents.md
  • 4586e7153c6c29977269f18cc74320a7301ab54d clean up the repo root a little.
  • 4754bc187cf9de6423a6a26942906fa63013c48a cleanup sweep.
  • 0d95d7b1525b1b2d8f68eeb45588edb50834f8ca update readme

v0.27.3

... (truncated)

Commits
  • c14a4a9 fix(motor): avoid broad component alias reconciliation
  • 47c5aac fix(motor): honor GOMAXPROCS for rule execution concurrency
  • 7360c06 add permissions.
  • 3f9cc52 fix(motor): include sibling component uses in nested reference alias paths
  • f4a45ca Bump github.com/alecthomas/chroma/v2 from 2.24.1 to 2.26.1
  • 93e9b2e Bump github.com/pb33f/libopenapi-validator from 0.13.7 to 0.13.8
  • 925c673 removed dead file
  • 343544c updated readme
  • 93e337a upgraded libopenapi and upgrade code.
  • cac3f39 updated docs and help to add in new AsyncAPI support.
  • Additional commits viewable in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the prod-minor-updates group across 1 directory with 2 updates
0e40819 
Bumps the prod-minor-updates group with 2 updates in the /test directory: [@quobix/vacuum](https://github.com/daveshanley/vacuum) and [axios](https://github.com/axios/axios).


Updates `@quobix/vacuum` from 0.26.8 to 0.29.2
- [Release notes](https://github.com/daveshanley/vacuum/releases)
- [Commits](daveshanley/vacuum@v0.26.8...v0.29.2)

Updates `axios` from 1.16.1 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.17.0)

---
updated-dependencies:
- dependency-name: "@quobix/vacuum"
  dependency-version: 0.29.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants