chore(deps): bump the npm_and_yarn group across 9 directories with 11 updates by dependabot[bot] · Pull Request #14 · thewlabs/orval

dependabot · 2026-03-21T11:35:47Z

Bumps the npm_and_yarn group with 3 updates in the / directory: ajv, basic-ftp and flatted.
Bumps the npm_and_yarn group with 3 updates in the /docs directory: ajv, axios and next.
Bumps the npm_and_yarn group with 9 updates in the /samples directory:

Package	From	To
ajv	`8.14.0`	`8.18.0`
flatted	`3.3.1`	`3.4.2`
rollup	`2.79.1`	`2.80.0`
axios	`1.8.3`	`1.13.5`
next	`14.2.26`	`15.5.14`
@angular/core	`12.2.17`	`19.2.20`
hono	`4.4.0`	`4.12.7`
svelte	`3.59.2`	`5.53.5`
undici	`5.28.4`	`5.29.0`

Bumps the npm_and_yarn group with 1 update in the /samples/angular-app directory: @angular/core.
Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: next.
Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: next.
Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: svelte.
Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/custom-fetch directory: svelte.
Bumps the npm_and_yarn group with 4 updates in the /tests directory: minimatch, axios, @angular/core and hono.

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates basic-ftp from 5.0.5 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Changelog

Sourced from basic-ftp's changelog.

5.2.0

Changed: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see GHSA-5rq4-664w-9x2c.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Commits

5d41e45 Bump version
49c2e73 Update dependencies
2a2a0e6 Skip invalid filenames
65c90d9 Fix permissions for workflows
593cb78 Set permissions for workflow jobs
36adf11 Remove deprecated CodeQL check
9da4af0 Update changelog
6993039 Improve naming
0b8f756 Improve naming
67a53f2 Bump version
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates flatted from 3.3.1 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates axios from 1.8.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 13.5.9 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

v15.5.11

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Tracing: Fix memory leak in span map (#85529)

fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth (#89134)

Turbopack: fix NFT tracing of sharp 0.34 (#82340)

Turbopack: support pattern into exports field (#82757)

NFT tracing fixes (#84155 and #85323)

Turbopack: validate CSS without computing all paths (#83810)

feat: implement LRU cache with invocation ID scoping for minimal mode response cache (#89129)

Credits

Huge thanks to @timneutkens, @mischnic, @ztanner, and @wyattjoh for helping!

Commits

d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
7a94645 Apply needs for publishRelease
bbfd4e3 v15.5.11
Additional commits viewable in compare view

Updates ajv from 8.14.0 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates flatted from 3.3.1 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Updates rollup from 2.79.1 to 2.80.0

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

2.79.2

2024-09-26

Bug Fixes

Resolve CVE-2024-43788 (#5677)

Pull Requests

#5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@fabianszabo)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
See full diff in compare view

Updates axios from 1.8.3 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 14.2.26 to 15.5.14

Release notes

Sourced from next's releases.

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)

Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @styfle and @lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @ztanner for helping!

v15.5.12

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

fix unlock in publish-native

This is a re-release of v15.5.11 applying the turbopack changes.

v15.5.11

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Tracing: Fix memory leak in span map (#85529)

fix: ensure LRU cache items have minimum size of 1 to prevent unbounded growth (#89134)

Turbopack: fix NFT tracing of sharp 0.34 (#82340)

Turbopack: support pattern into exports field (#82757)

NFT tracing fixes (#84155 and #85323)

Turbopack: validate CSS without computing all paths (#83810)

feat: implement LRU cache with invocation ID scoping for minimal mode response cache (#89129)

Credits

Huge thanks to @timneutkens, @mischnic, @ztanner, and @wyattjoh for helping!

Commits

d7b012d v15.5.14
2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
cfd5f53 v15.5.13
15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
d23f41c v15.5.12
8e75765 fix unlock in publish-native
6cef992 [backport] normalize CRLF line endings in jscodeshift tests on Windows (#8800...
7a94645 Apply needs for publishRelease
bbfd4e3 v15.5.11
Additional commits viewable in compare view

Updates @angular/core from 12.2.17 to 19.2.20

Release no...

Description has been truncated

… updates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [flatted](https://github.com/WebReflection/flatted). Bumps the npm_and_yarn group with 3 updates in the /docs directory: [ajv](https://github.com/ajv-validator/ajv), [axios](https://github.com/axios/axios) and [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 9 updates in the /samples directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.14.0` | `8.18.0` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` | | [axios](https://github.com/axios/axios) | `1.8.3` | `1.13.5` | | [next](https://github.com/vercel/next.js) | `14.2.26` | `15.5.14` | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `12.2.17` | `19.2.20` | | [hono](https://github.com/honojs/hono) | `4.4.0` | `4.12.7` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.59.2` | `5.53.5` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` | Bumps the npm_and_yarn group with 1 update in the /samples/angular-app directory: [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core). Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/custom-fetch directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 4 updates in the /tests directory: [minimatch](https://github.com/isaacs/minimatch), [axios](https://github.com/axios/axios), [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) and [hono](https://github.com/honojs/hono). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `basic-ftp` from 5.0.5 to 5.2.0 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) Updates `flatted` from 3.3.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.1...v3.4.2) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `axios` from 1.8.4 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `next` from 13.5.9 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.14) Updates `ajv` from 8.14.0 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `flatted` from 3.3.1 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.1...v3.4.2) Updates `rollup` from 2.79.1 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.80.0) Updates `axios` from 1.8.3 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `next` from 14.2.26 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.14) Updates `@angular/core` from 12.2.17 to 19.2.20 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.20/packages/core) Updates `hono` from 4.4.0 to 4.12.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.12.7) Updates `svelte` from 3.59.2 to 5.53.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.5/packages/svelte) Updates `undici` from 5.28.4 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.29.0) Updates `@angular/core` from 12.2.17 to 21.2.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.20/packages/core) Updates `next` from 14.2.26 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.14) Updates `next` from 14.2.26 to 15.5.14 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.14) Updates `svelte` from 3.59.2 to 5.54.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.5/packages/svelte) Updates `svelte` from 4.2.20 to 5.54.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.5/packages/svelte) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.5) Updates `axios` from 1.8.3 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `@angular/core` from 17.1.1 to 19.2.20 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.20/packages/core) Updates `hono` from 4.6.16 to 4.12.7 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.12.7) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 19.2.20 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.7 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 21.2.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.54.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/core" dependency-version: 19.2.20 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.12.7 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm_and_yarn group across 9 directories with 11 updates#14

chore(deps): bump the npm_and_yarn group across 9 directories with 11 updates#14
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-533702c1bb

dependabot Bot commented on behalf of github Mar 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 21, 2026

v8.18.0

What's Changed

New Contributors

5.2.0

5.1.0

5.2.0

5.1.0

v8.18.0

What's Changed

New Contributors

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v15.5.14

Core Changes

Credits

v15.5.13

Core Changes

Credits

v15.5.12

v15.5.11

Core Changes

Credits

v8.18.0

What's Changed

New Contributors

v.2.79.2

2.79.2

Bug Fixes

Pull Requests

2.80.0

Features

Pull Requests

2.79.2

Bug Fixes

Pull Requests

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v15.5.14

Core Changes

Credits

v15.5.13