Skip to content

chore(deps)(deps): bump the production-dependencies group across 1 directory with 16 updates#204

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-2723eae108
Open

chore(deps)(deps): bump the production-dependencies group across 1 directory with 16 updates#204
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-dependencies-2723eae108

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the production-dependencies group with 16 updates in the / directory:

Package From To
@aws-sdk/client-s3 3.1009.0 3.1053.0
@aws-sdk/client-ses 3.1009.0 3.1053.0
@aws-sdk/s3-request-presigner 3.1014.0 3.1053.0
@prisma/adapter-pg 7.5.0 7.8.0
@vercel/functions 3.4.3 3.6.0
axios 1.13.6 1.16.1
canvas 3.2.1 3.2.3
csv-parse 6.1.0 6.2.1
dotenv 17.3.1 17.4.2
jose 6.2.1 6.2.3
next 16.1.6 16.2.6
proj4 2.20.4 2.20.8
react 19.2.4 19.2.6
react-dom 19.2.4 19.2.6
react-leaflet-cluster 4.0.0 4.1.3
zod 4.3.6 4.4.3

Updates @aws-sdk/client-s3 from 3.1009.0 to 3.1053.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1053.0

3.1053.0(2026-05-22)

Documentation Changes
  • client-gameliftstreams: Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. (bf88fa50)
New Features
  • clients: update client endpoints as of 2026-05-22 (3518814a)
  • client-appconfig: Adding new BDD representation of endpoint ruleset (e757a915)
  • client-repostspace: Adding new BDD representation of endpoint ruleset (15fec74b)
  • client-ivs-realtime: Adding new BDD representation of endpoint ruleset (adeea78b)
  • client-cloudcontrol: Adding new BDD representation of endpoint ruleset (2e7ef3bf)
  • client-tnb: Adding new BDD representation of endpoint ruleset (f07457cb)
  • client-sso-oidc: Adding new BDD representation of endpoint ruleset (2e909d25)
  • client-s3vectors: Adding new BDD representation of endpoint ruleset (4071f1a4)
  • client-internetmonitor: Adding new BDD representation of endpoint ruleset (117e04a9)
  • client-freetier: Adding new BDD representation of endpoint ruleset (e3cf14a2)
  • client-oam: Adding new BDD representation of endpoint ruleset (5a30b722)
  • client-forecastquery: Adding new BDD representation of endpoint ruleset (ada5ae32)
  • client-customer-profiles: Adding new BDD representation of endpoint ruleset (9de89c10)
  • client-migration-hub-refactor-spaces: Adding new BDD representation of endpoint ruleset (a4e5e7ba)
  • client-controltower: Adding new BDD representation of endpoint ruleset (b99b7a18)
  • client-databrew: Adding new BDD representation of endpoint ruleset (4a1bcdb9)
  • client-b2bi: Adding new BDD representation of endpoint ruleset (66bb63d1)
  • client-simspaceweaver: Adding new BDD representation of endpoint ruleset (c6617b6d)
  • client-emr-containers: Adding new BDD representation of endpoint ruleset (e99cccbd)
  • client-bcm-recommended-actions: Adding new BDD representation of endpoint ruleset (45477f08)
  • client-forecast: Adding new BDD representation of endpoint ruleset (5964d82b)
  • client-neptunedata: Adding new BDD representation of endpoint ruleset (418745d5)
  • client-qconnect: Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call (0213a862)
  • client-bcm-pricing-calculator: Adding new BDD representation of endpoint ruleset (69e44c0d)
  • client-panorama: Adding new BDD representation of endpoint ruleset (d227732b)
  • client-license-manager-user-subscriptions: Adding new BDD representation of endpoint ruleset (7fd5d202)
  • client-partnercentral-account: Adding new BDD representation of endpoint ruleset (ad88edbb)
  • client-schemas: Adding new BDD representation of endpoint ruleset (d8835cfc)
  • client-pi: Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. (b09c19bf)
  • client-outposts: Adding new BDD representation of endpoint ruleset (6e7917a6)
  • client-frauddetector: Adding new BDD representation of endpoint ruleset (9c130d58)
  • client-network-firewall: Adding new BDD representation of endpoint ruleset (963a1286)
  • client-geo-places: Adding new BDD representation of endpoint ruleset (965ac97a)
  • client-sesv2: Adding new BDD representation of endpoint ruleset (6f1bd2e8)
  • client-bedrock-agent-runtime: Adding new BDD representation of endpoint ruleset (7ac37e3a)
  • client-rbin: Adding new BDD representation of endpoint ruleset (5e73fd45)
  • client-codestar-notifications: Adding new BDD representation of endpoint ruleset (d95ca14c)
  • client-application-signals: Adding new BDD representation of endpoint ruleset (38a20bfa)
  • client-ec2: The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. (bc91aa62)
  • client-marketplace-discovery: Adding new BDD representation of endpoint ruleset (45132960)
  • client-notificationscontacts: Adding new BDD representation of endpoint ruleset (e9ca97ab)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1053.0 (2026-05-22)

Note: Version bump only for package @​aws-sdk/client-s3

3.1052.0 (2026-05-21)

Note: Version bump only for package @​aws-sdk/client-s3

3.1051.0 (2026-05-20)

Note: Version bump only for package @​aws-sdk/client-s3

3.1050.0 (2026-05-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.1049.0 (2026-05-18)

Bug Fixes

  • client-sts: update imports to new module locations (#8025) (be183b6)

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/client-s3

... (truncated)

Commits

Updates @aws-sdk/client-ses from 3.1009.0 to 3.1053.0

Release notes

Sourced from @​aws-sdk/client-ses's releases.

v3.1053.0

3.1053.0(2026-05-22)

Documentation Changes
  • client-gameliftstreams: Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. (bf88fa50)
New Features
  • clients: update client endpoints as of 2026-05-22 (3518814a)
  • client-appconfig: Adding new BDD representation of endpoint ruleset (e757a915)
  • client-repostspace: Adding new BDD representation of endpoint ruleset (15fec74b)
  • client-ivs-realtime: Adding new BDD representation of endpoint ruleset (adeea78b)
  • client-cloudcontrol: Adding new BDD representation of endpoint ruleset (2e7ef3bf)
  • client-tnb: Adding new BDD representation of endpoint ruleset (f07457cb)
  • client-sso-oidc: Adding new BDD representation of endpoint ruleset (2e909d25)
  • client-s3vectors: Adding new BDD representation of endpoint ruleset (4071f1a4)
  • client-internetmonitor: Adding new BDD representation of endpoint ruleset (117e04a9)
  • client-freetier: Adding new BDD representation of endpoint ruleset (e3cf14a2)
  • client-oam: Adding new BDD representation of endpoint ruleset (5a30b722)
  • client-forecastquery: Adding new BDD representation of endpoint ruleset (ada5ae32)
  • client-customer-profiles: Adding new BDD representation of endpoint ruleset (9de89c10)
  • client-migration-hub-refactor-spaces: Adding new BDD representation of endpoint ruleset (a4e5e7ba)
  • client-controltower: Adding new BDD representation of endpoint ruleset (b99b7a18)
  • client-databrew: Adding new BDD representation of endpoint ruleset (4a1bcdb9)
  • client-b2bi: Adding new BDD representation of endpoint ruleset (66bb63d1)
  • client-simspaceweaver: Adding new BDD representation of endpoint ruleset (c6617b6d)
  • client-emr-containers: Adding new BDD representation of endpoint ruleset (e99cccbd)
  • client-bcm-recommended-actions: Adding new BDD representation of endpoint ruleset (45477f08)
  • client-forecast: Adding new BDD representation of endpoint ruleset (5964d82b)
  • client-neptunedata: Adding new BDD representation of endpoint ruleset (418745d5)
  • client-qconnect: Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call (0213a862)
  • client-bcm-pricing-calculator: Adding new BDD representation of endpoint ruleset (69e44c0d)
  • client-panorama: Adding new BDD representation of endpoint ruleset (d227732b)
  • client-license-manager-user-subscriptions: Adding new BDD representation of endpoint ruleset (7fd5d202)
  • client-partnercentral-account: Adding new BDD representation of endpoint ruleset (ad88edbb)
  • client-schemas: Adding new BDD representation of endpoint ruleset (d8835cfc)
  • client-pi: Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. (b09c19bf)
  • client-outposts: Adding new BDD representation of endpoint ruleset (6e7917a6)
  • client-frauddetector: Adding new BDD representation of endpoint ruleset (9c130d58)
  • client-network-firewall: Adding new BDD representation of endpoint ruleset (963a1286)
  • client-geo-places: Adding new BDD representation of endpoint ruleset (965ac97a)
  • client-sesv2: Adding new BDD representation of endpoint ruleset (6f1bd2e8)
  • client-bedrock-agent-runtime: Adding new BDD representation of endpoint ruleset (7ac37e3a)
  • client-rbin: Adding new BDD representation of endpoint ruleset (5e73fd45)
  • client-codestar-notifications: Adding new BDD representation of endpoint ruleset (d95ca14c)
  • client-application-signals: Adding new BDD representation of endpoint ruleset (38a20bfa)
  • client-ec2: The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. (bc91aa62)
  • client-marketplace-discovery: Adding new BDD representation of endpoint ruleset (45132960)
  • client-notificationscontacts: Adding new BDD representation of endpoint ruleset (e9ca97ab)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ses's changelog.

3.1053.0 (2026-05-22)

Note: Version bump only for package @​aws-sdk/client-ses

3.1052.0 (2026-05-21)

Note: Version bump only for package @​aws-sdk/client-ses

3.1051.0 (2026-05-20)

Note: Version bump only for package @​aws-sdk/client-ses

3.1050.0 (2026-05-19)

Note: Version bump only for package @​aws-sdk/client-ses

3.1049.0 (2026-05-18)

Note: Version bump only for package @​aws-sdk/client-ses

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/client-ses

3.1047.0 (2026-05-14)

... (truncated)

Commits

Updates @aws-sdk/s3-request-presigner from 3.1014.0 to 3.1053.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1053.0

3.1053.0(2026-05-22)

Documentation Changes
  • client-gameliftstreams: Added new Gen6 stream classes based on the EC2 G6e instance family. These classes are designed for streaming high-fidelity, graphically demanding games and applications that benefit from additional GPU memory and performance. (bf88fa50)
New Features
  • clients: update client endpoints as of 2026-05-22 (3518814a)
  • client-appconfig: Adding new BDD representation of endpoint ruleset (e757a915)
  • client-repostspace: Adding new BDD representation of endpoint ruleset (15fec74b)
  • client-ivs-realtime: Adding new BDD representation of endpoint ruleset (adeea78b)
  • client-cloudcontrol: Adding new BDD representation of endpoint ruleset (2e7ef3bf)
  • client-tnb: Adding new BDD representation of endpoint ruleset (f07457cb)
  • client-sso-oidc: Adding new BDD representation of endpoint ruleset (2e909d25)
  • client-s3vectors: Adding new BDD representation of endpoint ruleset (4071f1a4)
  • client-internetmonitor: Adding new BDD representation of endpoint ruleset (117e04a9)
  • client-freetier: Adding new BDD representation of endpoint ruleset (e3cf14a2)
  • client-oam: Adding new BDD representation of endpoint ruleset (5a30b722)
  • client-forecastquery: Adding new BDD representation of endpoint ruleset (ada5ae32)
  • client-customer-profiles: Adding new BDD representation of endpoint ruleset (9de89c10)
  • client-migration-hub-refactor-spaces: Adding new BDD representation of endpoint ruleset (a4e5e7ba)
  • client-controltower: Adding new BDD representation of endpoint ruleset (b99b7a18)
  • client-databrew: Adding new BDD representation of endpoint ruleset (4a1bcdb9)
  • client-b2bi: Adding new BDD representation of endpoint ruleset (66bb63d1)
  • client-simspaceweaver: Adding new BDD representation of endpoint ruleset (c6617b6d)
  • client-emr-containers: Adding new BDD representation of endpoint ruleset (e99cccbd)
  • client-bcm-recommended-actions: Adding new BDD representation of endpoint ruleset (45477f08)
  • client-forecast: Adding new BDD representation of endpoint ruleset (5964d82b)
  • client-neptunedata: Adding new BDD representation of endpoint ruleset (418745d5)
  • client-qconnect: Added guardrail assessment results to inference spans in the ListSpans API. You can now see which AI Guardrail policies were evaluated, whether content was blocked or masked, and per-policy details for each Bedrock Converse call (0213a862)
  • client-bcm-pricing-calculator: Adding new BDD representation of endpoint ruleset (69e44c0d)
  • client-panorama: Adding new BDD representation of endpoint ruleset (d227732b)
  • client-license-manager-user-subscriptions: Adding new BDD representation of endpoint ruleset (7fd5d202)
  • client-partnercentral-account: Adding new BDD representation of endpoint ruleset (ad88edbb)
  • client-schemas: Adding new BDD representation of endpoint ruleset (d8835cfc)
  • client-pi: Added ListPerformanceAnalysisReportRecommendations API to retrieve recommendations for a performance analysis report. Added analysis configuration support to CreatePerformanceAnalysisReport for enhanced analysis types such as vacuum analysis. (b09c19bf)
  • client-outposts: Adding new BDD representation of endpoint ruleset (6e7917a6)
  • client-frauddetector: Adding new BDD representation of endpoint ruleset (9c130d58)
  • client-network-firewall: Adding new BDD representation of endpoint ruleset (963a1286)
  • client-geo-places: Adding new BDD representation of endpoint ruleset (965ac97a)
  • client-sesv2: Adding new BDD representation of endpoint ruleset (6f1bd2e8)
  • client-bedrock-agent-runtime: Adding new BDD representation of endpoint ruleset (7ac37e3a)
  • client-rbin: Adding new BDD representation of endpoint ruleset (5e73fd45)
  • client-codestar-notifications: Adding new BDD representation of endpoint ruleset (d95ca14c)
  • client-application-signals: Adding new BDD representation of endpoint ruleset (38a20bfa)
  • client-ec2: The ModifyInstanceAttribute API now supports modification of EnclaveOptions for the instance as a typed parameter. (bc91aa62)
  • client-marketplace-discovery: Adding new BDD representation of endpoint ruleset (45132960)
  • client-notificationscontacts: Adding new BDD representation of endpoint ruleset (e9ca97ab)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1053.0 (2026-05-22)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1052.0 (2026-05-21)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1051.0 (2026-05-20)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1050.0 (2026-05-19)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1049.0 (2026-05-18)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1047.0 (2026-05-14)

... (truncated)

Commits

Updates @prisma/adapter-pg from 7.5.0 to 7.8.0

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • f2ca67e feat: pg statement name generator (#29395)
  • 4131568 fix: set @​types/pg to ^8.16.0 (#29390)
  • 33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
  • e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
  • See full diff in compare view

Updates @vercel/functions from 3.4.3 to 3.6.0

Release notes

Sourced from @​vercel/functions's releases.

@​vercel/functions@​3.6.0

Minor Changes

  • 102f82b: getCache().set() now defaults options.name to the provided key when omitted, so cache entries get a human-readable label in o11y by default. Pass name: '' to suppress this behavior and use the hashed key.
Changelog

Sourced from @​vercel/functions's changelog.

3.6.0

Minor Changes

  • 102f82b: getCache().set() now defaults options.name to the provided key when omitted, so cache entries get a human-readable label in o11y by default. Pass name: '' to suppress this behavior and use the hashed key.

3.5.1

Patch Changes

  • ae20217: Upgrade to TypeScript 5.9
  • Updated dependencies [ae20217]
    • @​vercel/oidc@​3.4.1

3.5.0

Minor Changes

  • c56f851: Upgrade to TypeScript 5.9

Patch Changes

  • Updated dependencies [c56f851]
    • @​vercel/oidc@​3.4.0

3.4.6

Patch Changes

  • Updated dependencies [bf07448]
    • @​vercel/oidc@​3.3.1

3.4.5

Patch Changes

  • 56c9f89: add missing prettier dev dependency
  • Updated dependencies [24686d0]
  • Updated dependencies [56c9f89]
    • @​vercel/oidc@​3.3.0

3.4.4

Patch Changes

  • Pin typedoc-plugin-markdown to 3.15.2 and typedoc-plugin-mdn-links to 3.0.3 to match the version used by @vercel/edge. The previous 4.1.2 version requires typedoc@0.26.x as a peer dependency but was paired with typedoc@0.24.6, which caused CI failures whenever pnpm hoisted the 4.x plugin (the plugin calls app.internationalization.addTranslations, which does not exist in typedoc 0.24). The choice of which plugin version got hoisted was non-deterministic, which is why the failure appeared as flaky Build @vercel/<pkg> steps in CI. (#16072)

  • Updated dependencies [2aa78415831fe89d1b21dd89704706bd1ad5e78d]:

    • @​vercel/oidc@​3.2.1
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vercel/functions since your current version.


Updates axios from 1.13.6 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

  • Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
  • composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
  • AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
  • Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
  • Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
  • Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally

@dependabot dependabot Bot added automated dependencies Pull requests that update a dependency file labels May 4, 2026
@vercel

vercel Bot commented May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dea-map Error Error May 25, 2026 4:50pm

Request Review

@dependabot
chore(deps)(deps): bump the production-dependencies group across 1 di…
68246fd 
…rectory with 16 updates

Bumps the production-dependencies group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1009.0` | `3.1053.0` |
| [@aws-sdk/client-ses](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses) | `3.1009.0` | `3.1053.0` |
| [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner) | `3.1014.0` | `3.1053.0` |
| [@prisma/adapter-pg](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-pg) | `7.5.0` | `7.8.0` |
| [@vercel/functions](https://github.com/vercel/vercel/tree/HEAD/packages/functions) | `3.4.3` | `3.6.0` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.16.1` |
| [canvas](https://github.com/Automattic/node-canvas) | `3.2.1` | `3.2.3` |
| [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) | `6.1.0` | `6.2.1` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` |
| [jose](https://github.com/panva/jose) | `6.2.1` | `6.2.3` |
| [next](https://github.com/vercel/next.js) | `16.1.6` | `16.2.6` |
| [proj4](https://github.com/proj4js/proj4js) | `2.20.4` | `2.20.8` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.6` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.6` |
| [react-leaflet-cluster](https://github.com/akursat/react-leaflet-cluster) | `4.0.0` | `4.1.3` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |



Updates `@aws-sdk/client-s3` from 3.1009.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/clients/client-s3)

Updates `@aws-sdk/client-ses` from 3.1009.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ses/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/clients/client-ses)

Updates `@aws-sdk/s3-request-presigner` from 3.1014.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-request-presigner/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/packages/s3-request-presigner)

Updates `@prisma/adapter-pg` from 7.5.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/adapter-pg)

Updates `@vercel/functions` from 3.4.3 to 3.6.0
- [Release notes](https://github.com/vercel/vercel/releases)
- [Changelog](https://github.com/vercel/vercel/blob/main/packages/functions/CHANGELOG.md)
- [Commits](https://github.com/vercel/vercel/commits/@vercel/functions@3.6.0/packages/functions)

Updates `axios` from 1.13.6 to 1.16.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.6...v1.16.1)

Updates `canvas` from 3.2.1 to 3.2.3
- [Release notes](https://github.com/Automattic/node-canvas/releases)
- [Changelog](https://github.com/Automattic/node-canvas/blob/master/CHANGELOG.md)
- [Commits](Automattic/node-canvas@v3.2.1...v3.2.3)

Updates `csv-parse` from 6.1.0 to 6.2.1
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@6.2.1/packages/csv-parse)

Updates `dotenv` from 17.3.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.2)

Updates `jose` from 6.2.1 to 6.2.3
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md)
- [Commits](panva/jose@v6.2.1...v6.2.3)

Updates `next` from 16.1.6 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.6...v16.2.6)

Updates `proj4` from 2.20.4 to 2.20.8
- [Release notes](https://github.com/proj4js/proj4js/releases)
- [Changelog](https://github.com/proj4js/proj4js/blob/main/changelog.md)
- [Commits](proj4js/proj4js@v2.20.4...v2.20.8)

Updates `react` from 19.2.4 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.6
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.6/packages/react-dom)

Updates `react-leaflet-cluster` from 4.0.0 to 4.1.3
- [Release notes](https://github.com/akursat/react-leaflet-cluster/releases)
- [Commits](akursat/react-leaflet-cluster@v4.0.0...v4.1.3)

Updates `zod` from 4.3.6 to 4.4.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.3)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1041.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@aws-sdk/client-ses"
  dependency-version: 3.1041.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@aws-sdk/s3-request-presigner"
  dependency-version: 3.1041.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@prisma/adapter-pg"
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@vercel/functions"
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: canvas
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: csv-parse
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: jose
  dependency-version: 6.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: next
  dependency-version: 16.2.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: proj4
  dependency-version: 2.20.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react-leaflet-cluster
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zod
  dependency-version: 4.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/production-dependencies-2723eae108 branch from 01345d1 to 68246fd Compare May 25, 2026 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants