Skip to content

Bump the npm_and_yarn group across 1 directory with 23 updates#5039

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-f65e8aa9e6
Open

Bump the npm_and_yarn group across 1 directory with 23 updates#5039
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-f65e8aa9e6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package From To
axios 1.13.5 1.16.0
joi 17.13.3 17.13.4
swiper 11.2.6 12.1.2
@babel/core 7.27.1 7.29.6
postcss 8.5.6 8.5.19
@babel/plugin-transform-modules-systemjs 7.25.9 7.29.7
bn.js 4.12.0 4.12.5
basic-ftp 5.1.0 5.3.1
dompurify 3.2.5 3.4.12
form-data 4.0.5 4.0.6
js-yaml 3.14.1 3.15.0
ip-address 10.1.0 10.2.0
launch-editor 2.6.1 2.14.1
lodash 4.17.21 4.18.1
mermaid 11.6.0 11.16.0
node-forge 1.3.1 1.4.0
yaml 1.10.2 1.10.3
ws 7.5.10 7.5.12
qs 6.14.0 6.15.3
rollup 2.79.2 2.80.0
svgo 3.3.0 3.3.4

Updates axios from 1.13.5 to 1.16.0

Release notes

Sourced from axios's releases.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
  • transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
  • Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
  • transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
  • Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

... (truncated)

Commits
  • df53d7d chore(release): prepare release 1.16.0 (#10834)
  • 9d92bcd fix: gadgets and smaller issues (#10833)
  • 5107ee6 fix: prevent undefined error codes in settle (#7276)
  • e573499 fix(fetch): defer global access in fetch adapter (#7260)
  • ad68e1a fix(http): honor timeout during connect without redirects (#10819)
  • 2a51828 fix(http): decode URL basic auth credentials (#10825)
  • 0e8b6bb fix(http): preserve user-supplied Host header when forwarding through a proxy...
  • 79f39e1 docs: document paramsSerializer.encode for strict RFC 3986 query encoding (#1...
  • 0fe3a5f [Docs/Types] Update parseReviver TypeScript definitions for ES2023 and add ...
  • cd6737f chore: matches the sibling responseStream.on(aborted) handler and added tests...
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates joi from 17.13.3 to 17.13.4

Commits

Updates swiper from 11.2.6 to 12.1.2

Release notes

Sourced from swiper's releases.

v12.1.2

No release notes provided.

v12.1.1

Bug Fixes

  • a11y: fix focus in virtual mode enabled (3055008), closes #8147
  • core: avoid double-subtracting offsets in centerInsufficientSlides (#8158) (60b0052)
  • core: prevent duplicate module initialization in constructor (#8155) (#8156) (07738a2)
  • types: support boolean as a11y value (#8157) (6bf76d5)

v12.1.0

Bug Fixes

  • autoplay: broken custom delay percentages with pause/resume (#8133) (0afecde)
  • core: Don't use data-swiper-slide-index for realIndex when virtual module is enabled (#8142) (bd957f8)
  • core: Escape all CSS selector special characters (d35f41a), closes #8135
  • core: support slidesOffsetBefore and slidesOffsetAfert in cssMode (45b98d0), closes #7926
  • fix lazy preloader removal error in react in vue (332f5c7), closes #8149
  • thumbs: update slide classes on virtual swiper update (#8141) (9752771)
  • types: Add autoScroll to thumbs.update type signature (#8146) (5d91e6e)
  • zoom: initialize gesture state after programmatic zoom (#8112) (71e9511)

Features

  • keyboard: add support for custom speed parameter in keyboard navigation (#8148) (7a4a0e5)
  • new snapToSlideEdge parameter (de3131f), closes #8021 #4780

v12.0.3

Bug Fixes

  • element: fixed reference to nav arrows SVG (0b17ecf), closes #8115

Features

  • core: add 'getRotateFix' export to effect utils (c97ae5d), closes #8114

v12.0.2

Features

  • navigation: add styles for when buttons set before slider (4588c57), closes #8085
  • navigation: new addIcons parameter to add SVG icons to nav buttons (b955b0c), closes #8088 #8087

v12.0.1

Bug Fixes

  • navigation: tweak nav styles when adjacent (98440d9)

v12.0.0

Bug Fixes

... (truncated)

Changelog

Sourced from swiper's changelog.

Changelog

14.0.5 (2026-07-09)

Bug Fixes

  • virtual: render first slide on initial update (ebdb054), closes #8202

14.0.2 (2026-07-07)

Bug Fixes

  • build: spawn npx via shell on Windows in emit-types (494f7b1), closes #8197
  • pagination: divide fraction/progressbar total by grid rows (edfbfa5)
  • react: bind Thumbs tap handler when thumbs swiper is set after init (4fb72b9), closes #8198

14.0.1 (2026-06-29)

Patch release fixing two web-component (and Vue wrapper) regressions introduced by the v14 rewrite.

Bug Fixes

  • core: restore slide detection in web component — the <swiper-container> element initialized with zero slides because slidesEl was resolved to the shadow root instead of the host element (b3b822f), closes #8196
  • element: render navigation/pagination/scrollbar when set as boolean params — bare boolean usage (<swiper-container navigation>, Vue :navigation="true") stopped rendering the built-in controls (253fa39), closes #8196

14.0.0 (2026-06-26)

Swiper v14 is a ground-up TypeScript rewrite of the entire codebase, focused on smaller bundles, more accurate types, and a modern browser baseline. (We skipped v13.)

Upgrading from v12 requires no code changes. Every option, default, event, payload, method signature, and module import (swiper/modules, swiper/react, swiper/vue, swiper/element, …) behaves exactly as before. The only differences you may notice are tighter TypeScript types and a narrower set of supported browsers — see Breaking Changes below.

Highlights

  • Single TypeScript source of truth. src/ is now .ts/.tsx. The hand-maintained .d.ts tree (src/types/, the per-module .d.ts files) is gone — declarations are emitted directly from the runtime source with tsc, so the shipped types can no longer drift from the implementation. Several signatures that used to be any are now correctly typed (e.g. getTranslate(): number).
  • Per-module type augmentation. Each module augments the central Swiper / SwiperOptions / SwiperEvents interfaces. Importing a module (e.g. import { Navigation } from 'swiper/modules') brings its option, method, and event types along with it — mirroring how the runtime already requires registration.
  • More reliable type resolution. Types now resolve correctly under classic node, node16/nodenext, and bundler module resolution, and swiper/bundle exposes every module's options out of the box. Verified by a consumer-simulation test suite.
  • Zero runtime dependencies. The ssr-window dependency was removed and replaced with inline environment guards. Swiper now installs with no transitive runtime deps.
  • Smaller minified bundles. Legacy DOM-compat helpers and below-baseline feature detection were removed. The shared DOM utils shrank ~28%, and the main builds are ~2–4% smaller minified (swiper.min.js −4.1%, swiper-element.min.js −2.9%, swiper-bundle.min.js −2.3%).
  • Babel removed from the build. TypeScript now handles the JSX transform for the React wrapper, and @babel/preset-env is a no-op at the v14 baseline. Runtime output is byte-identical (React output is marginally smaller).

Breaking Changes

  • Browser baseline raised to the last ~2 years of evergreen browsers. Swiper v14 targets Chrome / Edge 110+, Safari 16.4+ (iOS 16.4+), and Firefox 110+. Code paths and feature detection for older browsers were removed (e.g. the smoothScroll support flag, the Safari < 16.2 perspective workaround, and the legacy DocumentTouch touch check). iOS/Android-specific quirk handling is kept but simplified. If you need to support older browsers, stay on v12.
  • Node.js >= 20.19.0 is now required to build/develop against the package (engines was >= 4.7.0). This does not affect the browser runtime.
  • Type-level changes. Stricter types may surface latent issues in code that previously relied on any-typed access to Swiper internals. These are compile-time only — there are no runtime behavior changes.

SSR

... (truncated)

Commits
  • 2fd88b7 12.1.2
  • d3e6633 fix prototype pollution bypass in extend() util
  • 70c48c1 12.1.1
  • 3055008 fix(a11y): fix focus in virtual mode enabled
  • 60b0052 fix(core): avoid double-subtracting offsets in centerInsufficientSlides (#8158)
  • 6bf76d5 fix(types): support boolean as a11y value (#8157)
  • 07738a2 fix(core): prevent duplicate module initialization in constructor (#8155) (#8...
  • 3a1777a 12.1.0
  • 3bc6cfe 12.1.0
  • 45b98d0 fix(core): support slidesOffsetBefore and slidesOffsetAfert in cssMode
  • Additional commits viewable in compare view

Updates @babel/core from 7.27.1 to 7.29.6

Release notes

Sourced from @​babel/core's releases.

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

📝 Documentation

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/core since your current version.


Updates postcss from 8.5.6 to 8.5.19

Release notes

Sourced from postcss's releases.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

8.5.18

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

8.5.17

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

8.5.18

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

8.5.17

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

... (truncated)

Commits
  • 9543b22 Release 8.5.19 version
  • 3d13bf9 Fix CI on Windows too
  • 00d0dd2 Keep explicitly set raws.before when inserting nodes into root (#2111)
  • 7a05b33 Temporary fix CI
  • 4c0d194 Release 8.5.18 version
  • 92b4e78 Update dependencies
  • 95663d3 Limit where source map can be loaded for security reasons
  • 74e25ae Release 8.5.17 version
  • d1518af Fix Maximum call stack size exceeded error
  • 2421312 Fix linter
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Updates @babel/plugin-transform-modules-systemjs from 7.25.9 to 7.29.7

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.29.7 (2026-05-25)

Re-release all packages with npm provenance attestations

v7.29.6 (2026-05-25)

🐛 Bug Fix

Committers: 3

v7.29.5 (2026-05-05)

🏠 Internal

  • babel-preset-env
    • Update @babel/* dependencies

v7.29.4 (2026-05-05)

🐛 Bug Fix

  • babel-plugin-transform-modules-systemjs
    • #17974 [7.x backport]fix(systemjs): improve module string name support (@​JLHwung)

Committers: 1

v7.29.3 (2026-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • #17931 fix(decorators): replace super within all removed static elements (@​JLHwung)
  • babel-register
  • babel-compat-data, babel-plugin-bugfix-safari-rest-destructuring-rhs-array, babel-preset-env

💅 Polish

  • babel-parser

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​babel/plugin-transform-modules-systemjs since your current version.


Updates bn.js from 4.12.0 to 4.12.5

Commits
  • 026da9f 4.12.5
  • 13b78c2 fix: correct divRound rounding for negative operands (#320)
  • 9c6ef2f fix: normalize sign when imuln multiplies by zero (#321)

Bumps the npm_and_yarn group with 21 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.0` |
| [joi](https://github.com/hapijs/joi) | `17.13.3` | `17.13.4` |
| [swiper](https://github.com/nolimits4web/Swiper) | `11.2.6` | `12.1.2` |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.27.1` | `7.29.6` |
| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.19` |
| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |
| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.5` |
| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.1.0` | `5.3.1` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.2.5` | `3.4.12` |
| [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.15.0` |
| [ip-address](https://github.com/beaugunderson/ip-address) | `10.1.0` | `10.2.0` |
| [launch-editor](https://github.com/vitejs/launch-editor) | `2.6.1` | `2.14.1` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |
| [mermaid](https://github.com/mermaid-js/mermaid) | `11.6.0` | `11.16.0` |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |
| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |
| [ws](https://github.com/websockets/ws) | `7.5.10` | `7.5.12` |
| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.3` |
| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |
| [svgo](https://github.com/svg/svgo) | `3.3.0` | `3.3.4` |



Updates `axios` from 1.13.5 to 1.16.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.5...v1.16.0)

Updates `joi` from 17.13.3 to 17.13.4
- [Commits](hapijs/joi@v17.13.3...v17.13.4)

Updates `swiper` from 11.2.6 to 12.1.2
- [Release notes](https://github.com/nolimits4web/Swiper/releases)
- [Changelog](https://github.com/nolimits4web/swiper/blob/master/CHANGELOG.md)
- [Commits](nolimits4web/swiper@v11.2.6...v12.1.2)

Updates `@babel/core` from 7.27.1 to 7.29.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.6/packages/babel-core)

Updates `postcss` from 8.5.6 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.19)

Updates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

Updates `bn.js` from 4.12.0 to 4.12.5
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v4.12.0...v4.12.5)

Updates `basic-ftp` from 5.1.0 to 5.3.1
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.1.0...v5.3.1)

Updates `dompurify` from 3.2.5 to 3.4.12
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.5...3.4.12)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `js-yaml` from 3.14.1 to 3.15.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.15.0)

Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](beaugunderson/ip-address@v10.1.0...v10.2.0)

Updates `launch-editor` from 2.6.1 to 2.14.1
- [Commits](vitejs/launch-editor@v2.6.1...v2.14.1)

Updates `lodash` from 4.17.21 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.18.1)

Updates `mermaid` from 11.6.0 to 11.16.0
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.6.0...mermaid@11.16.0)

Updates `node-forge` from 1.3.1 to 1.4.0
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.1...v1.4.0)

Updates `yaml` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v1.10.3)

Updates `ws` from 7.5.10 to 7.5.12
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...7.5.12)

Updates `qs` from 6.14.0 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.0...v6.15.3)

Updates `rollup` from 2.79.2 to 2.80.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md)
- [Commits](rollup/rollup@v2.79.2...v2.80.0)

Updates `shell-quote` from 1.8.1 to 1.10.0
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.1...v1.10.0)

Updates `svgo` from 3.3.0 to 3.3.4
- [Release notes](https://github.com/svg/svgo/releases)
- [Commits](svg/svgo@v3.3.0...v3.3.4)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: joi
  dependency-version: 17.13.4
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: swiper
  dependency-version: 12.1.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/core"
  dependency-version: 7.29.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: bn.js
  dependency-version: 4.12.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: basic-ftp
  dependency-version: 5.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: launch-editor
  dependency-version: 2.14.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mermaid
  dependency-version: 11.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yaml
  dependency-version: 1.10.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 2.80.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.10.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: svgo
  dependency-version: 3.3.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: pr: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from ajay-dhangar as a code owner July 16, 2026 12:01

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job, @dependabot[bot]! 🎉 Thank you for submitting your pull request to CodeHarborHub. We appreciate your contribution and enthusiasm! Our team will review it soon. If you have any questions or need further assistance, feel free to reach out. Thanks for contributing!

@deepsource-io

deepsource-io Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

DeepSource Code Review

We reviewed changes in d148591...68f22ba on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
JavaScript Jul 16, 2026 12:01p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@github-actions

Copy link
Copy Markdown

⚡️ Lighthouse Report for the Deploy Preview of this PR 🚀

🔗 Site: CodeHarborHub | Live Site

URL 🌐 Performance Accessibility Best Practices SEO 📊
/ 🔴 44 🟡 77 🟡 75 🟢 100 📄
/docs 🟡 54 🟡 87 🟢 96 🟢 100 📄
/courses 🟡 61 🟡 86 🟢 96 🟢 100 📄
/showcase 🟡 55 🟡 87 🟡 75 🟡 86 📄
/community 🟡 57 🟡 86 🟢 96 🟢 100 📄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants