Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 6 updates#14

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-107dff2647
Open

chore(deps): bump the minor-and-patch group across 1 directory with 6 updates#14
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/minor-and-patch-107dff2647

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group with 6 updates in the / directory:

Package From To
vitest 4.1.8 4.1.9
@google/genai 2.7.0 2.8.0
dotenv 17.3.1 17.4.2
helmet 8.1.0 8.2.0
mongoose 9.3.1 9.7.0
axios 1.17.0 1.18.0

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • See full diff in compare view

Updates @google/genai from 2.7.0 to 2.8.0

Release notes

Sourced from @​google/genai's releases.

v2.8.0

2.8.0 (2026-06-03)

Features

  • Add Agent Platform MCP support to async generate_content (baeaeaa)
  • Add transcription language code. (d2981d6)
  • Add TranslationConfig for live translation. (8c44240)
  • Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)
Changelog

Sourced from @​google/genai's changelog.

2.8.0 (2026-06-03)

Features

  • Add Agent Platform MCP support to async generate_content (baeaeaa)
  • Add transcription language code. (d2981d6)
  • Add TranslationConfig for live translation. (8c44240)
  • Support ReinforcementTuning in GenAI SDK including ValidateReward API method. (36f0bfb)
Commits
  • ea0dd60 chore(main): release 2.8.0 (#1646)
  • 36f0bfb feat: Support ReinforcementTuning in GenAI SDK including ValidateReward API m...
  • d2981d6 feat: Add transcription language code.
  • 98ac90d chore: deprecate Google Maps grounding widget API fields
  • 8c44240 feat: Add TranslationConfig for live translation.
  • baeaeaa feat: Add Agent Platform MCP support to async generate_content
  • c1d3cb7 chore: Internal cleanup
  • bd78ed3 chore: Fix relative import path in pagers.ts.
  • See full diff in compare view

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)
Commits

Updates helmet from 8.1.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options
Commits

Updates mongoose from 9.3.1 to 9.7.0

Release notes

Sourced from mongoose's releases.

9.7.0 / 2026-06-09

  • feat: add Node.js TracingChannel support for APM instrumentation #16275 #16105 logaretm
  • feat(model): add standard schema adapter for models #16308 #16280
  • fix(cursor): avoid waiting on buffering to run aggregation middleware #16289 #16284
  • fix(document): throw error if overwriting array selected with $slice #16313 #2432
  • fix(schema): remove validateSync() union fallback #16310 #16291 AbdelrahmanHafez
  • types: cast primitive types within unions when applying create casting #16320 #16316
  • docs: add llms.txt #16312 #15687
  • docs: rewrite documents docs #16298
  • docs(model): clarify some details on model.validate() casting #16308 #16280
  • docs(findOneAndUpdate): clarify update handling of undefined #16299
  • docs(model): fix link to be absolute #16321 hasezoey

9.6.3 / 2026-05-27

9.6.2 / 2026-05-08

  • fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
  • types: handle compiling with exactOptionalPropertyTypes #16277 #16273
  • chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

9.6.0 / 2026-04-28

  • feat: upgrade mongodb node driver to 7.2 #16245
  • feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
  • types(query): make QueryFilter respect string unions and enums #16242 #16240
  • types: export Projector and ArrayProjectionOperators #16243 #16235

9.5.0 / 2026-04-20

  • feat(debug): add timestamp option to debug output #16216 rejunp
  • feat(query): add cloneUpdate option to explicitly disable update cloning #16230 #16202
  • feat(query): extend defaults query option to find() #16226 sderrow
  • fix(query): avoid cloning update until absolutely necessary to better support updates with __proto__ #16230 #16202
  • fix(query): avoid treating documents with a $set() method as objects with a $set property when casting updates #16230
  • fix(queryHelpers): pass default options to discriminators #16227 #16226
  • fix(document): handle including and excluding nested paths with optimistic concurrency #16177 #16054

... (truncated)

Changelog

Sourced from mongoose's changelog.

9.7.0 / 2026-06-09

  • feat: add Node.js TracingChannel support for APM instrumentation #16275 #16105 logaretm
  • feat(model): add standard schema adapter for models #16308 #16280
  • fix(cursor): avoid waiting on buffering to run aggregation middleware #16289 #16284
  • fix(document): throw error if overwriting array selected with $slice #16313 #2432
  • fix(schema): remove validateSync() union fallback #16310 #16291 AbdelrahmanHafez
  • types: cast primitive types within unions when applying create casting #16320 #16316
  • docs: add llms.txt #16312 #15687
  • docs: rewrite documents docs #16298
  • docs(model): clarify some details on model.validate() casting #16308 #16280
  • docs(findOneAndUpdate): clarify update handling of undefined #16299
  • docs(model): fix link to be absolute #16321 hasezoey

9.6.3 / 2026-05-27

8.24.0 / 2026-05-14

  • feat(aggregate): add pipelineForUnionWith() helper to allow reusing pipelines with $unionWith in TypeScript #16247 #16041 #16033
  • fix(connection): handle calling watch() on disconnected connection #16246 #16034
  • types: handle compiling with exactOptionalPropertyTypes #16286 #16273

9.6.2 / 2026-05-08

  • fix(document): correctly handle modified subpaths when parent path is unset after modifying #16271 #16252
  • types: handle compiling with exactOptionalPropertyTypes #16277 #16273
  • chore: align Node version docs and types #16270 AbdelrahmanHafez

9.6.1 / 2026-04-29

9.6.0 / 2026-04-28

  • feat: upgrade mongodb node driver to 7.2 #16245
  • feat(schematype): support allowNull option to disallow null values even if not required #16237 #15905
  • types(query): make QueryFilter respect string unions and enums #16242 #16240
  • types: export Projector and ArrayProjectionOperators #16243 #16235

8.23.1 / 2026-04-23

  • fix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations #16091 #16079

... (truncated)

Commits
  • 257896a chore: release 9.7.0
  • 54e4109 Merge pull request #16312 from Automattic/vkarpov15/gh-15687
  • 792a3fa Potential fix for pull request finding
  • 7089cdd address code review comments
  • 03c39b7 Merge branch 'master' into vkarpov15/gh-15687
  • 678c475 Merge pull request #16325 from Automattic/chore/devprod-1072-pin-actions-shas
  • db15a71 chore: pin third-party GitHub Actions to commit SHAs
  • 7d273e5 fix lint
  • 59e9f27 docs: quick fix for versioned deploys
  • cce97b2 docs: fix code review comments and add some extra cleanup
  • Additional commits viewable in compare view

Updates axios from 1.17.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Commits
  • 2d06f96 chore(release): prepare release 1.18.0 (#11003)
  • 32fc489 fix: malformed http urls (#11000)
  • b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
  • fe964f9 docs: mark proxy config as Node.js only (#10995)
  • 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
  • fae9d4e docs: clarify package update PR policy (#10992)
  • 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
  • a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
  • 614f455 docs: publish v1.17.0 release notes (#10988)
  • 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the minor-and-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` |
| [@google/genai](https://github.com/googleapis/js-genai) | `2.7.0` | `2.8.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [mongoose](https://github.com/Automattic/mongoose) | `9.3.1` | `9.7.0` |
| [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.0` |



Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

Updates `@google/genai` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/googleapis/js-genai/releases)
- [Changelog](https://github.com/googleapis/js-genai/blob/main/CHANGELOG.md)
- [Commits](googleapis/js-genai@v2.7.0...v2.8.0)

Updates `dotenv` from 17.3.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.2)

Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `mongoose` from 9.3.1 to 9.7.0
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@9.3.1...9.7.0)

Updates `axios` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@google/genai"
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: mongoose
  dependency-version: 9.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: axios
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 17, 2026
@vercel

vercel Bot commented Jun 17, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
bhashajs-dashboard-v2 Ready Ready Preview, Comment Jun 17, 2026 12:25am
bhashajs-server Ready Ready Preview, Comment Jun 17, 2026 12:25am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants