Skip to content

chore(deps): bump axios, @nx/eslint, @nx/js, @nx/node and @nx/vite#85

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-3922d68271
Open

chore(deps): bump axios, @nx/eslint, @nx/js, @nx/node and @nx/vite#85
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-3922d68271

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps axios, @nx/eslint, @nx/js, @nx/node and @nx/vite. These dependencies needed to be updated together.
Updates axios from 1.15.0 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates @nx/eslint from 22.6.4 to 22.7.6

Release notes

Sourced from @​nx/eslint's releases.

22.7.6 (2026-06-23)

🩹 Fixes

  • misc: bump happy-dom, tmp, and form-data to patched versions (#36013)

❤️ Thank You

22.7.5 (2026-05-27)

🩹 Fixes

❤️ Thank You

22.7.4 (2026-05-25)

🩹 Fixes

  • core: update brace-expansion and yaml (#35790)

❤️ Thank You

22.7.3 (2026-05-22)

🚀 Features

  • js: support pnpm 11.2.2 (#35772)

🩹 Fixes

  • angular: only add @​oxc-project/runtime on the vitest-analog path (#35734)
  • angular-rspack: exclude eslint config from tailwind v4 source scan (#35663)
  • core: warn before installing unknown npm packages as preset (#35644)
  • core: preserve input order in createNodes plugin results (#35595)
  • core: resolve local plugin subpath imports from source (#35631)
  • core: treat undefined task parallelism as parallel when scheduling (#35736)
  • core: handle object form of bin field in getPrettierPath (#35680)
  • core: detect vscode copilot ai agent (#35757)
  • core: allow local plugin subpath imports without custom conditions (#35751, #35631)
  • dotnet: include Directory.. files in inputs (#35738)
  • gradle: add transitive:true to all tasks (#35677)
  • gradle: pin generated e2e project toolchain to installed JDK (#35703)

... (truncated)

Commits
  • 640e69a chore(linter): write pnpm-workspace.yaml in workspace-rules-project TS soluti...
  • b58ccd8 fix(core): preserve input order in createNodes plugin results (#35595)
  • 2930dca fix(linter): improve convert-to-flat-config output fidelity (#35330)
  • d84f424 fix(devkit): expand @​nx/devkit/internal re-exports for cherry-picked v23 deep...
  • ac81879 fix(repo): revert deep-import rewrites that targeted v23-only @​nx/devkit/inte...
  • 7e4bce9 feat(testing): add migration for Jest 30 snapshot guide link (#35629)
  • d8cf210 fix(linter): detect root lint target added in same generator run (#35296)
  • 2f5e5b1 chore(linter): declare @​nx/jest as optional peer dependency (#35377)
  • 4bbd4b1 chore(repo): migrate nx repo to eslint v9 flat config (#35359)
  • a884f55 fix(linter): add missing inputs to eslint executor target defaults (#35236)
  • Additional commits viewable in compare view

Updates @nx/js from 22.6.4 to 22.7.6

Release notes

Sourced from @​nx/js's releases.

22.7.6 (2026-06-23)

🩹 Fixes

  • misc: bump happy-dom, tmp, and form-data to patched versions (#36013)

❤️ Thank You

22.7.5 (2026-05-27)

🩹 Fixes

❤️ Thank You

22.7.4 (2026-05-25)

🩹 Fixes

  • core: update brace-expansion and yaml (#35790)

❤️ Thank You

22.7.3 (2026-05-22)

🚀 Features

  • js: support pnpm 11.2.2 (#35772)

🩹 Fixes

  • angular: only add @​oxc-project/runtime on the vitest-analog path (#35734)
  • angular-rspack: exclude eslint config from tailwind v4 source scan (#35663)
  • core: warn before installing unknown npm packages as preset (#35644)
  • core: preserve input order in createNodes plugin results (#35595)
  • core: resolve local plugin subpath imports from source (#35631)
  • core: treat undefined task parallelism as parallel when scheduling (#35736)
  • core: handle object form of bin field in getPrettierPath (#35680)
  • core: detect vscode copilot ai agent (#35757)
  • core: allow local plugin subpath imports without custom conditions (#35751, #35631)
  • dotnet: include Directory.. files in inputs (#35738)
  • gradle: add transitive:true to all tasks (#35677)
  • gradle: pin generated e2e project toolchain to installed JDK (#35703)

... (truncated)

Commits
  • eba3fba feat(js): support pnpm 11.2.2 (#35772)
  • 8ce0683 fix(js): fall back to npm publish when bun publish fails with auth error (#35...
  • d84f424 fix(devkit): expand @​nx/devkit/internal re-exports for cherry-picked v23 deep...
  • ac81879 fix(repo): revert deep-import rewrites that targeted v23-only @​nx/devkit/inte...
  • c7c56d8 chore(core): bump detect-port from ^1.5.1 to ^2.1.0 (#35533)
  • 37fb080 chore(linter): bump ignore from ^5.0.4 to ^7.0.5 (#35508)
  • 0eef651 fix(js): reference vitest.config in eslint dep-checks for vitest libs (#35460)
  • cdca177 chore(repo): declare lazy-loaded packages as implicit deps (#35392)
  • 0591aa5 fix(js): strip glob from inferred outputs before resolving as path (#35463)
  • 362fb03 fix(node): include tsconfig input in node-app esbuild scaffold (#35466)
  • Additional commits viewable in compare view

Updates @nx/node from 22.6.4 to 22.7.6

Release notes

Sourced from @​nx/node's releases.

22.7.6 (2026-06-23)

🩹 Fixes

  • misc: bump happy-dom, tmp, and form-data to patched versions (#36013)

❤️ Thank You

22.7.5 (2026-05-27)

🩹 Fixes

❤️ Thank You

22.7.4 (2026-05-25)

🩹 Fixes

  • core: update brace-expansion and yaml (#35790)

❤️ Thank You

22.7.3 (2026-05-22)

🚀 Features

  • js: support pnpm 11.2.2 (#35772)

🩹 Fixes

  • angular: only add @​oxc-project/runtime on the vitest-analog path (#35734)
  • angular-rspack: exclude eslint config from tailwind v4 source scan (#35663)
  • core: warn before installing unknown npm packages as preset (#35644)
  • core: preserve input order in createNodes plugin results (#35595)
  • core: resolve local plugin subpath imports from source (#35631)
  • core: treat undefined task parallelism as parallel when scheduling (#35736)
  • core: handle object form of bin field in getPrettierPath (#35680)
  • core: detect vscode copilot ai agent (#35757)
  • core: allow local plugin subpath imports without custom conditions (#35751, #35631)
  • dotnet: include Directory.. files in inputs (#35738)
  • gradle: add transitive:true to all tasks (#35677)
  • gradle: pin generated e2e project toolchain to installed JDK (#35703)

... (truncated)

Commits
  • d84f424 fix(devkit): expand @​nx/devkit/internal re-exports for cherry-picked v23 deep...
  • ac81879 fix(repo): revert deep-import rewrites that targeted v23-only @​nx/devkit/inte...
  • cdca177 chore(repo): declare lazy-loaded packages as implicit deps (#35392)
  • 7a68bf4 fix(bundling): include tsconfig solution input for webpack (#35477)
  • 362fb03 fix(node): include tsconfig input in node-app esbuild scaffold (#35466)
  • 4bbd4b1 chore(repo): migrate nx repo to eslint v9 flat config (#35359)
  • cf9c96a fix(node): split package-manager exec command for VS Code launch.json (#35295)
  • dc479c5 fix(js): stop generating baseUrl in tsconfig, use ./ prefix for path mappings...
  • 887fca4 fix(repo): narrow copy-assets outputs to prevent overlap with build-base (#35...
  • 37eb4ec fix(bundling): bump esbuild for new projects to a version compatible with vit...
  • Additional commits viewable in compare view

Updates @nx/vite from 22.6.4 to 22.7.6

Release notes

Sourced from @​nx/vite's releases.

22.7.6 (2026-06-23)

🩹 Fixes

  • misc: bump happy-dom, tmp, and form-data to patched versions (#36013)

❤️ Thank You

22.7.5 (2026-05-27)

🩹 Fixes

❤️ Thank You

22.7.4 (2026-05-25)

🩹 Fixes

  • core: update brace-expansion and yaml (#35790)

❤️ Thank You

22.7.3 (2026-05-22)

🚀 Features

  • js: support pnpm 11.2.2 (#35772)

🩹 Fixes

  • angular: only add @​oxc-project/runtime on the vitest-analog path (#35734)
  • angular-rspack: exclude eslint config from tailwind v4 source scan (#35663)
  • core: warn before installing unknown npm packages as preset (#35644)
  • core: preserve input order in createNodes plugin results (#35595)
  • core: resolve local plugin subpath imports from source (#35631)
  • core: treat undefined task parallelism as parallel when scheduling (#35736)
  • core: handle object form of bin field in getPrettierPath (#35680)
  • core: detect vscode copilot ai agent (#35757)
  • core: allow local plugin subpath imports without custom conditions (#35751, #35631)
  • dotnet: include Directory.. files in inputs (#35738)
  • gradle: add transitive:true to all tasks (#35677)
  • gradle: pin generated e2e project toolchain to installed JDK (#35703)

... (truncated)

Commits
  • d84f424 fix(devkit): expand @​nx/devkit/internal re-exports for cherry-picked v23 deep...
  • ac81879 fix(repo): revert deep-import rewrites that targeted v23-only @​nx/devkit/inte...
  • 7e4bce9 feat(testing): add migration for Jest 30 snapshot guide link (#35629)
  • cdca177 chore(repo): declare lazy-loaded packages as implicit deps (#35392)
  • b02e138 fix(misc): resolve pnpm catalog: refs in version lookups (#35459)
  • 6c6d399 feat(vite): add compiler option to vite plugin for tsgo support (#35429)
  • 4bbd4b1 chore(repo): migrate nx repo to eslint v9 flat config (#35359)
  • 1507788 chore(repo): short-circuit isUsingTsSolutionSetup in unit tests (#35371)
  • 878ec01 fix(vitest): infer ancestor tsconfig files as test task inputs (#35241)
  • 931f86c fix(vitest): add dependent task output files as inputs for vitest test target...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [axios](https://github.com/axios/axios), [@nx/eslint](https://github.com/nrwl/nx/tree/HEAD/packages/eslint), [@nx/js](https://github.com/nrwl/nx/tree/HEAD/packages/js), [@nx/node](https://github.com/nrwl/nx/tree/HEAD/packages/node) and [@nx/vite](https://github.com/nrwl/nx/tree/HEAD/packages/vite). These dependencies needed to be updated together.

Updates `axios` from 1.15.0 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.18.1)

Updates `@nx/eslint` from 22.6.4 to 22.7.6
- [Release notes](https://github.com/nrwl/nx/releases)
- [Commits](https://github.com/nrwl/nx/commits/22.7.6/packages/eslint)

Updates `@nx/js` from 22.6.4 to 22.7.6
- [Release notes](https://github.com/nrwl/nx/releases)
- [Commits](https://github.com/nrwl/nx/commits/22.7.6/packages/js)

Updates `@nx/node` from 22.6.4 to 22.7.6
- [Release notes](https://github.com/nrwl/nx/releases)
- [Commits](https://github.com/nrwl/nx/commits/22.7.6/packages/node)

Updates `@nx/vite` from 22.6.4 to 22.7.6
- [Release notes](https://github.com/nrwl/nx/releases)
- [Commits](https://github.com/nrwl/nx/commits/22.7.6/packages/vite)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
- dependency-name: "@nx/eslint"
  dependency-version: 22.7.6
  dependency-type: direct:development
- dependency-name: "@nx/js"
  dependency-version: 22.7.6
  dependency-type: direct:development
- dependency-name: "@nx/node"
  dependency-version: 22.7.6
  dependency-type: direct:development
- dependency-name: "@nx/vite"
  dependency-version: 22.7.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
@santi698 santi698 enabled auto-merge (rebase) July 8, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants