deps(deps): bump the npm-production group across 1 directory with 26 updates by dependabot[bot] · Pull Request #1250 · sublime247/mobile-money

dependabot · 2026-06-05T13:13:08Z

Bumps the npm-production group with 26 updates in the / directory:

Package	From	To
@apollo/client	`4.2.1`	`4.2.2`
@aws-sdk/client-s3	`3.1019.0`	`3.1062.0`
@aws-sdk/lib-storage	`3.1019.0`	`3.1062.0`
@sentry/node	`10.47.0`	`10.56.0`
africastalking	`0.7.9`	`0.8.0`
axios	`1.15.2`	`1.17.0`
bullmq	`5.76.1`	`5.78.0`
casbin	`5.49.0`	`5.50.0`
csv-parser	`3.2.0`	`3.2.1`
dd-trace	`5.93.0`	`5.106.0`
dotenv	`17.3.1`	`17.4.2`
express-rate-limit	`8.3.2`	`8.5.2`
firebase-admin	`13.8.0`	`13.10.0`
geoip-lite	`2.0.1`	`2.0.2`
graphql	`16.13.2`	`16.14.1`
helmet	`8.1.0`	`8.2.0`
ioredis	`5.10.1`	`5.11.1`
jspdf-autotable	`5.0.7`	`5.0.8`
libphonenumber-js	`1.12.41`	`1.13.5`
nodemailer	`8.0.5`	`8.0.10`
pg	`8.20.0`	`8.21.0`
pg-query-stream	`4.14.0`	`4.15.0`
rate-limiter-flexible	`11.0.1`	`11.1.1`
ua-parser-js	`2.0.9`	`2.0.10`
ws	`8.20.0`	`8.21.0`
zod	`4.3.6`	`4.4.3`

Updates @apollo/client from 4.2.1 to 4.2.2

Release notes

Sourced from @apollo/client's releases.

@apollo/client@4.2.2

Patch Changes

#13184 c207b88 Thanks @audrius-savickas! - Preserve referential equality of masked data on refetch when the result is deeply equal to the previous result.

Changelog

Sourced from @apollo/client's changelog.

4.2.2

Patch Changes

#13184 c207b88 Thanks @audrius-savickas! - Preserve referential equality of masked data on refetch when the result is deeply equal to the previous result.

Commits

0bc5acd Version Packages (#13255)
72a587c Temporarily disable slack notifications for releases (#13257)
14a0b84 Only run cleanup checks for non-fork PRs (#13256)
c207b88 🤖🤖🤖 fix(masking): preserve referential equality of masked data on refetch (#1...
aa61f21 Bump testing matrix to use GraphQL 17 rc (#13253)
See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1019.0 to 3.1062.0

Release notes

Sourced from @aws-sdk/client-s3's releases.

v3.1062.0

3.1062.0(2026-06-04)

Chores

scripts: include generated packages when validating declared imports 1-1 with used imports (#8072) (291ad366)

Documentation Changes

client-guardduty: Remove unsupported RDS field for filter (5815da7f)

New Features

client-interconnect: Adding new BDD representation of endpoint ruleset (34e23ef2)

client-ec2-instance-connect: Adding new BDD representation of endpoint ruleset (c2a4981e)

client-mq: BDD bulk update change rollout (e058b8fd)

client-workspaces: Adding new BDD representation of endpoint ruleset (6b1e3602)

client-connectparticipant: Adding new BDD representation of endpoint ruleset (22db2a6a)

client-emr: Added support for Spark Connect interactive sessions on Amazon EMR on EC2 with new APIs - StartSession, GetSession, GetSessionEndpoint, ListSessions, and TerminateSession. Added sessionEnabled field in RunJobFlow and DescribeCluster to enable Spark Connect endpoints on EMR clusters. (ba570192)

client-s3files: Adding new BDD representation of endpoint ruleset (e538b485)

client-chime-sdk-voice: Adding new BDD representation of endpoint ruleset (1ff98336)

client-efs: Adding new BDD representation of endpoint ruleset (c7b29f33)

client-signer-data: Adding new BDD representation of endpoint ruleset (36e20555)

client-mediaconnect: BDD bulk update change rollout (789ef792)

client-sagemaker: Adds the IncludedData parameter to DescribeModelCard and DescribeModelPackage. Set it to MetadataOnly to retrieve a model card without decrypt permission on the customer managed AWS KMS key (default AllData returns full content). Adds support for the MTRL Job resource in SageMaker Search. (215af86d)

client-ivs: adds UpdateAdConfiguration operation to AWS IVS low-latency APIs (8cda4ea1)

client-geo-maps: Adding new BDD representation of endpoint ruleset (58350842)

client-appflow: Adding new BDD representation of endpoint ruleset (63dd2cd0)

client-sustainability: Adding new BDD representation of endpoint ruleset (506f985f)

client-config-service: AWS Config now supports internal service-linked rules, allowing AWS service partners to deploy Config rules for customers and use the evaluation results to build enhanced features. (ba9173b9)

client-kendra: Adding new BDD representation of endpoint ruleset (51dfa7c3)

client-workdocs: Adding new BDD representation of endpoint ruleset (a88a31d0)

client-mwaa-serverless: Adding new BDD representation of endpoint ruleset (7cb91604)

client-mediapackage: Adding new BDD representation of endpoint ruleset (eaa31923)

client-opensearchserverless: Adding new BDD representation of endpoint ruleset (d08ce2ed)

client-uxc: Adding new BDD representation of endpoint ruleset (4d2a8026)

client-route53-recovery-readiness: Adding new BDD representation of endpoint ruleset (78b2555f)

client-glue: AWS Glue Interactive Sessions now supports Apache Spark Connect, enabling remote Spark execution over gRPC with minimal client-side dependencies. Adds GetSessionEndpoint and GetDashboardUrl APIs. Modifies CreateSession now accepts SPARK CONNECT session type. (41ebf943)

client-appintegrations: Adding new BDD representation of endpoint ruleset (3b257e66)

client-auditmanager: Adding new BDD representation of endpoint ruleset (b2fff655)

client-amplifybackend: Adding new BDD representation of endpoint ruleset (40fcadd6)

client-taxsettings: Adding new BDD representation of endpoint ruleset (dcc90bee)

client-cloudformation: Adding new BDD representation of endpoint ruleset (64f2514b)

client-wickr: AWS Wickr now allows network administrators to configure a maximum session duration for non-SSO users in security groups, and display customizable consent popups to users at login for terms of use or compliance acknowledgements. (ceb38f6b)

client-sagemaker-runtime-http2: Adding new BDD representation of endpoint ruleset (924b2e3a)

client-cost-explorer: Adding new BDD representation of endpoint ruleset (fb8ea9cb)

client-sns: Adding new BDD representation of endpoint ruleset (1cc60ac8)

client-mediapackage-vod: Adding new BDD representation of endpoint ruleset (f949a4c5)

... (truncated)

Changelog

Sourced from @aws-sdk/client-s3's changelog.

3.1062.0 (2026-06-04)

Note: Version bump only for package @aws-sdk/client-s3

3.1061.0 (2026-06-03)

Note: Version bump only for package @aws-sdk/client-s3

3.1060.0 (2026-06-03)

Note: Version bump only for package @aws-sdk/client-s3

3.1059.0 (2026-06-02)

Note: Version bump only for package @aws-sdk/client-s3

3.1058.0 (2026-06-01)

Note: Version bump only for package @aws-sdk/client-s3

3.1057.0 (2026-05-29)

Note: Version bump only for package @aws-sdk/client-s3

3.1056.0 (2026-05-28)

... (truncated)

Commits

f5235bb Publish v3.1062.0
291ad36 chore(scripts): include generated packages when validating declared imports 1...
71df2cc Publish v3.1061.0
1216094 chore(middleware-sdk-s3): consolidate S3 internal packages (#8026)
8aeb92d Publish v3.1060.0
75bb4fc Publish v3.1059.0
6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
d7602d4 Publish v3.1058.0
e836d5c Publish v3.1057.0
e55a387 chore(codegen): sync for smithy 1.71.0 and snapshot-testing fix (#8053)
Additional commits viewable in compare view

Updates @aws-sdk/lib-storage from 3.1019.0 to 3.1062.0

Release notes

Sourced from @aws-sdk/lib-storage's releases.

v3.1062.0

3.1062.0(2026-06-04)

Chores

scripts: include generated packages when validating declared imports 1-1 with used imports (#8072) (291ad366)

Documentation Changes

client-guardduty: Remove unsupported RDS field for filter (5815da7f)

New Features

client-interconnect: Adding new BDD representation of endpoint ruleset (34e23ef2)

client-ec2-instance-connect: Adding new BDD representation of endpoint ruleset (c2a4981e)

client-mq: BDD bulk update change rollout (e058b8fd)

client-workspaces: Adding new BDD representation of endpoint ruleset (6b1e3602)

client-connectparticipant: Adding new BDD representation of endpoint ruleset (22db2a6a)

client-emr: Added support for Spark Connect interactive sessions on Amazon EMR on EC2 with new APIs - StartSession, GetSession, GetSessionEndpoint, ListSessions, and TerminateSession. Added sessionEnabled field in RunJobFlow and DescribeCluster to enable Spark Connect endpoints on EMR clusters. (ba570192)

client-s3files: Adding new BDD representation of endpoint ruleset (e538b485)

client-chime-sdk-voice: Adding new BDD representation of endpoint ruleset (1ff98336)

client-efs: Adding new BDD representation of endpoint ruleset (c7b29f33)

client-signer-data: Adding new BDD representation of endpoint ruleset (36e20555)

client-mediaconnect: BDD bulk update change rollout (789ef792)

client-sagemaker: Adds the IncludedData parameter to DescribeModelCard and DescribeModelPackage. Set it to MetadataOnly to retrieve a model card without decrypt permission on the customer managed AWS KMS key (default AllData returns full content). Adds support for the MTRL Job resource in SageMaker Search. (215af86d)

client-ivs: adds UpdateAdConfiguration operation to AWS IVS low-latency APIs (8cda4ea1)

client-geo-maps: Adding new BDD representation of endpoint ruleset (58350842)

client-appflow: Adding new BDD representation of endpoint ruleset (63dd2cd0)

client-sustainability: Adding new BDD representation of endpoint ruleset (506f985f)

client-config-service: AWS Config now supports internal service-linked rules, allowing AWS service partners to deploy Config rules for customers and use the evaluation results to build enhanced features. (ba9173b9)

client-kendra: Adding new BDD representation of endpoint ruleset (51dfa7c3)

client-workdocs: Adding new BDD representation of endpoint ruleset (a88a31d0)

client-mwaa-serverless: Adding new BDD representation of endpoint ruleset (7cb91604)

client-mediapackage: Adding new BDD representation of endpoint ruleset (eaa31923)

client-opensearchserverless: Adding new BDD representation of endpoint ruleset (d08ce2ed)

client-uxc: Adding new BDD representation of endpoint ruleset (4d2a8026)

client-route53-recovery-readiness: Adding new BDD representation of endpoint ruleset (78b2555f)

client-glue: AWS Glue Interactive Sessions now supports Apache Spark Connect, enabling remote Spark execution over gRPC with minimal client-side dependencies. Adds GetSessionEndpoint and GetDashboardUrl APIs. Modifies CreateSession now accepts SPARK CONNECT session type. (41ebf943)

client-appintegrations: Adding new BDD representation of endpoint ruleset (3b257e66)

client-auditmanager: Adding new BDD representation of endpoint ruleset (b2fff655)

client-amplifybackend: Adding new BDD representation of endpoint ruleset (40fcadd6)

client-taxsettings: Adding new BDD representation of endpoint ruleset (dcc90bee)

client-cloudformation: Adding new BDD representation of endpoint ruleset (64f2514b)

client-wickr: AWS Wickr now allows network administrators to configure a maximum session duration for non-SSO users in security groups, and display customizable consent popups to users at login for terms of use or compliance acknowledgements. (ceb38f6b)

client-sagemaker-runtime-http2: Adding new BDD representation of endpoint ruleset (924b2e3a)

client-cost-explorer: Adding new BDD representation of endpoint ruleset (fb8ea9cb)

client-sns: Adding new BDD representation of endpoint ruleset (1cc60ac8)

client-mediapackage-vod: Adding new BDD representation of endpoint ruleset (f949a4c5)

... (truncated)

Changelog

Sourced from @aws-sdk/lib-storage's changelog.

3.1062.0 (2026-06-04)

Note: Version bump only for package @aws-sdk/lib-storage

3.1061.0 (2026-06-03)

Note: Version bump only for package @aws-sdk/lib-storage

3.1060.0 (2026-06-03)

Note: Version bump only for package @aws-sdk/lib-storage

3.1059.0 (2026-06-02)

Note: Version bump only for package @aws-sdk/lib-storage

3.1058.0 (2026-06-01)

Note: Version bump only for package @aws-sdk/lib-storage

3.1057.0 (2026-05-29)

Note: Version bump only for package @aws-sdk/lib-storage

3.1056.0 (2026-05-28)

... (truncated)

Commits

f5235bb Publish v3.1062.0
71df2cc Publish v3.1061.0
8aeb92d Publish v3.1060.0
75bb4fc Publish v3.1059.0
6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
d7602d4 Publish v3.1058.0
e836d5c Publish v3.1057.0
4b03542 Publish v3.1056.0
7ae617c chore(codegen): sync for cyclic file dependency fixes (#8051)
2981565 Publish v3.1055.0
Additional commits viewable in compare view

Updates @sentry/node from 10.47.0 to 10.56.0

Release notes

Sourced from @sentry/node's releases.

10.56.0

Important Changes

feat(deno): Redis diagnostics channel based integration for Deno (#21087)

Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)

feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)

feat(node): Use ioredis tracing channels (#21187)

fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)

fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)

fix(cloudflare): Wait for span links to be set (#21167)

fix(core): Use WeakRef for Span-Scope circular references (#21242)

fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)

fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

chore: Ignore scheduled_tasks.lock (#21252)

chore: Promote lint warnings to errors (#21213)

chore(docs): Document how to support a new node version (#21228)

chore(size-limit): Weekly auto-bump (#21243)

chore(skills): Add linear-project-status skill (#21214)

chore(skills): Add linear-project-update skill (#21233)

chore(skills): Improve triage-issue skill (#21257)

chore(skills): Update linear-project-status skill with more details & context (#21234)

feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)

feat(server-utils): Initial scaffolding (#21200)

ref(cloudflare): Move D1 instrumentation (#21266)

ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)

ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)

ref(opentelemetry): Vendor minimal TraceState implementation (#21192)

test(browser): Add unit test for http client header collection behavior (#21273)

test(browser): Move browser integration tests to dataCollection (#21282)

test(cloudflare): Remove vitest in CF e2e tests (#21259)

Bundle size 📦

Path Size

@sentry/browser 26.57 KB

@sentry/browser - with treeshaking flags 25.05 KB

@sentry/browser (incl. Tracing) 44.19 KB

@sentry/browser (incl. Tracing + Span Streaming) 46.37 KB

... (truncated)

Changelog

Sourced from @sentry/node's changelog.

10.56.0

Important Changes

feat(deno): Redis diagnostics channel based integration for Deno (#21087)

Adds Redis integration support for Deno, covering both redis and ioredis clients.

Other Changes

feat(cloudflare): Only capture workflow step error on final retry attempt (#21025)

feat(hono): Emit warning if @sentry/node was imported instead of @sentry/hono/node (#21240)

feat(node): Use ioredis tracing channels (#21187)

fix(browser): Correctly parse sampleRate when consistentTraceSampling is enabled (#21281)

fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Agents (#21101)

fix(cloudflare): Wait for span links to be set (#21167)

fix(core): Use WeakRef for Span-Scope circular references (#21242)

fix(node): Vendor InstrumentationNodeModuleFile to fix Bun --bytecode crash (#21262)

fix(profiling-node): Ensure node version support warning includes latest 26 (#21229)

chore: Ignore scheduled_tasks.lock (#21252)

chore: Promote lint warnings to errors (#21213)

chore(docs): Document how to support a new node version (#21228)

chore(size-limit): Weekly auto-bump (#21243)

chore(skills): Add linear-project-status skill (#21214)

chore(skills): Add linear-project-update skill (#21233)

chore(skills): Improve triage-issue skill (#21257)

chore(skills): Update linear-project-status skill with more details & context (#21234)

feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic (#21263)

feat(server-utils): Initial scaffolding (#21200)

ref(cloudflare): Move D1 instrumentation (#21266)

ref(node): Refactor usage of hrTime utilities from @opentelemetry/core (#21191)

ref(node): Stop mutating OTel RPC metadata to set http.route (#21193)

ref(opentelemetry): Vendor minimal TraceState implementation (#21192)

test(browser): Add unit test for http client header collection behavior (#21273)

test(browser): Move browser integration tests to dataCollection (#21282)

test(cloudflare): Remove vitest in CF e2e tests (#21259)

10.55.0

Important Changes

feat(hono): Promote @sentry/hono to stable and deprecate honoIntegration (#21208)

The @sentry/hono SDK is now stable. See the Sentry Hono SDK docs to get started.

... (truncated)

Commits

29b276c release: 10.56.0
f94a87b Merge pull request #21291 from getsentry/prepare-release/10.56.0
165c82a meta(changelog): Update changelog for 10.56.0
a7cb7e6 fix(cloudflare): Fix instrumentDurableObjectWithSentry breaking Cloudflare Ag...
d8015e2 feat(deps): Bump axios from 1.15.0 to 1.16.0 in /dev-packages/e2e-tests/test-...
01104fb fix(browser): Correctly parse sampleRate when consistentTraceSampling is en...
0613ef7 test(browser): Move browser integration tests to dataCollection (#21282)
231e1f5 test(browser): Add unit test for http client header collection behavior (#21273)
ec5f82c feat(server-utils): initial scaffolding (#21200)
dfeeb11 fix(cloudflare): Wait for span links to be set (#21167)
Additional commits viewable in compare view

Updates africastalking from 0.7.9 to 0.8.0

Release notes

Sourced from africastalking's releases.

Release v0.8.0

This SDK has moved to refs/tags/v0.8.0

Commits

bb3028f chore: clean up
141072e feat: Add product_items to interctive list payload
1ed6c09 feat: rename whatsapp methods; fix schema
2f5b5b3 chore: Clean up mock setup
26bc112 feat: Update docs
00b88af feat: Update tests
b76f92b feat: Restore npm tests
80edf3f feat: Prepare whatsapp service
cc85be6 update package-lock
See full diff in compare view

Updates axios from 1.15.2 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (#6792)

@carladams1299-lab (#10861)

@LaplaceYoung (#10812)

@JamieMagee (#10939)

@RonGamzu (#10905)

@sapirbaruch (#10891)

@nezukoagent (#10901)

@devareddy05 (#10929)

@Mohammad-Faiz-Cloud-Engineer (#10922)

@azandabot (#10931)

@niksy (#10896)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)

Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)

React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)

Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)

Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)

Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)

Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)

Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)

CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)

Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)

Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)

Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@BasixKOR (...
Description has been truncated

…updates Bumps the npm-production group with 26 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@apollo/client](https://github.com/apollographql/apollo-client) | `4.2.1` | `4.2.2` | | [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) | `3.1019.0` | `3.1062.0` | | [@aws-sdk/lib-storage](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/lib/lib-storage) | `3.1019.0` | `3.1062.0` | | [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.47.0` | `10.56.0` | | [africastalking](https://github.com/AfricasTalkingLtd/africastalking-node.js) | `0.7.9` | `0.8.0` | | [axios](https://github.com/axios/axios) | `1.15.2` | `1.17.0` | | [bullmq](https://github.com/taskforcesh/bullmq) | `5.76.1` | `5.78.0` | | [casbin](https://github.com/apache/casbin-node-casbin) | `5.49.0` | `5.50.0` | | [csv-parser](https://github.com/mafintosh/csv-parser) | `3.2.0` | `3.2.1` | | [dd-trace](https://github.com/DataDog/dd-trace-js) | `5.93.0` | `5.106.0` | | [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` | | [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.3.2` | `8.5.2` | | [firebase-admin](https://github.com/firebase/firebase-admin-node) | `13.8.0` | `13.10.0` | | [geoip-lite](https://github.com/geoip-lite/node-geoip) | `2.0.1` | `2.0.2` | | [graphql](https://github.com/graphql/graphql-js) | `16.13.2` | `16.14.1` | | [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` | | [ioredis](https://github.com/luin/ioredis) | `5.10.1` | `5.11.1` | | [jspdf-autotable](https://github.com/simonbengtsson/jsPDF-AutoTable) | `5.0.7` | `5.0.8` | | [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.12.41` | `1.13.5` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.5` | `8.0.10` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.20.0` | `8.21.0` | | [pg-query-stream](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg-query-stream) | `4.14.0` | `4.15.0` | | [rate-limiter-flexible](https://github.com/animir/node-rate-limiter-flexible) | `11.0.1` | `11.1.1` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.9` | `2.0.10` | | [ws](https://github.com/websockets/ws) | `8.20.0` | `8.21.0` | | [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` | Updates `@apollo/client` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/apollographql/apollo-client/releases) - [Changelog](https://github.com/apollographql/apollo-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-client/compare/@apollo/client@4.2.1...@apollo/client@4.2.2) Updates `@aws-sdk/client-s3` from 3.1019.0 to 3.1062.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1062.0/clients/client-s3) Updates `@aws-sdk/lib-storage` from 3.1019.0 to 3.1062.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/lib/lib-storage/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1062.0/lib/lib-storage) Updates `@sentry/node` from 10.47.0 to 10.56.0 - [Release notes](https://github.com/getsentry/sentry-javascript/releases) - [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md) - [Commits](getsentry/sentry-javascript@10.47.0...10.56.0) Updates `africastalking` from 0.7.9 to 0.8.0 - [Release notes](https://github.com/AfricasTalkingLtd/africastalking-node.js/releases) - [Commits](AfricasTalkingLtd/africastalking-node.js@v0.7.9...v0.8.0) Updates `axios` from 1.15.2 to 1.17.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.2...v1.17.0) Updates `bullmq` from 5.76.1 to 5.78.0 - [Release notes](https://github.com/taskforcesh/bullmq/releases) - [Commits](taskforcesh/bullmq@v5.76.1...v5.78.0) Updates `casbin` from 5.49.0 to 5.50.0 - [Release notes](https://github.com/apache/casbin-node-casbin/releases) - [Commits](apache/casbin-node-casbin@v5.49.0...v5.50.0) Updates `csv-parser` from 3.2.0 to 3.2.1 - [Release notes](https://github.com/mafintosh/csv-parser/releases) - [Commits](mafintosh/csv-parser@v3.2.0...v3.2.1) Updates `dd-trace` from 5.93.0 to 5.106.0 - [Release notes](https://github.com/DataDog/dd-trace-js/releases) - [Commits](DataDog/dd-trace-js@v5.93.0...v5.106.0) Updates `dotenv` from 17.3.1 to 17.4.2 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.3.1...v17.4.2) Updates `express-rate-limit` from 8.3.2 to 8.5.2 - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v8.3.2...v8.5.2) Updates `firebase-admin` from 13.8.0 to 13.10.0 - [Release notes](https://github.com/firebase/firebase-admin-node/releases) - [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md) - [Commits](firebase/firebase-admin-node@v13.8.0...v13.10.0) Updates `geoip-lite` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/geoip-lite/node-geoip/releases) - [Commits](geoip-lite/node-geoip@v2.0.1...v2.0.2) Updates `graphql` from 16.13.2 to 16.14.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.13.2...v16.14.1) Updates `helmet` from 8.1.0 to 8.2.0 - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v8.1.0...v8.2.0) Updates `ioredis` from 5.10.1 to 5.11.1 - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md) - [Commits](redis/ioredis@v5.10.1...v5.11.1) Updates `jspdf-autotable` from 5.0.7 to 5.0.8 - [Release notes](https://github.com/simonbengtsson/jsPDF-AutoTable/releases) - [Commits](simonbengtsson/jsPDF-AutoTable@v5.0.7...v5.0.8) Updates `libphonenumber-js` from 1.12.41 to 1.13.5 - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.12.41...v1.13.5) Updates `nodemailer` from 8.0.5 to 8.0.10 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.5...v8.0.10) Updates `pg` from 8.20.0 to 8.21.0 - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg) Updates `pg-query-stream` from 4.14.0 to 4.15.0 - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/pg-query-stream@4.15.0/packages/pg-query-stream) Updates `rate-limiter-flexible` from 11.0.1 to 11.1.1 - [Release notes](https://github.com/animir/node-rate-limiter-flexible/releases) - [Commits](animir/node-rate-limiter-flexible@v11.0.1...v11.1.1) Updates `ua-parser-js` from 2.0.9 to 2.0.10 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@2.0.9...2.0.10) Updates `ws` from 8.20.0 to 8.21.0 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.20.0...8.21.0) Updates `zod` from 4.3.6 to 4.4.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.3.6...v4.4.3) --- updated-dependencies: - dependency-name: "@apollo/client" dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: "@aws-sdk/client-s3" dependency-version: 3.1062.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: "@aws-sdk/lib-storage" dependency-version: 3.1062.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: "@sentry/node" dependency-version: 10.56.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: africastalking dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: axios dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: bullmq dependency-version: 5.78.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: casbin dependency-version: 5.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: csv-parser dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: dd-trace dependency-version: 5.106.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: dotenv dependency-version: 17.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: express-rate-limit dependency-version: 8.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: firebase-admin dependency-version: 13.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: geoip-lite dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: graphql dependency-version: 16.14.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: helmet dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: ioredis dependency-version: 5.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: jspdf-autotable dependency-version: 5.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: libphonenumber-js dependency-version: 1.13.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: nodemailer dependency-version: 8.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: pg dependency-version: 8.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: pg-query-stream dependency-version: 4.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: rate-limiter-flexible dependency-version: 11.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: ua-parser-js dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-production - dependency-name: ws dependency-version: 8.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production - dependency-name: zod dependency-version: 4.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-06-05T13:13:09Z

Assignees

The following users could not be added as assignees: RemmyAcee. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot Bot added the security label Jun 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the npm-production group across 1 directory with 26 updates#1250

deps(deps): bump the npm-production group across 1 directory with 26 updates#1250
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-1a10c2d17d

dependabot Bot commented on behalf of github Jun 5, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Path	Size
`@sentry/browser`	26.57 KB
`@sentry/browser` - with treeshaking flags	25.05 KB
`@sentry/browser` (incl. Tracing)	44.19 KB
`@sentry/browser` (incl. Tracing + Span Streaming)	46.37 KB

Conversation

dependabot Bot commented on behalf of github Jun 5, 2026

@​apollo/client@​4.2.2

Patch Changes

4.2.2

Patch Changes

v3.1062.0

3.1062.0(2026-06-04)

Chores

Documentation Changes

New Features

3.1062.0 (2026-06-04)

3.1061.0 (2026-06-03)

3.1060.0 (2026-06-03)

3.1059.0 (2026-06-02)

3.1058.0 (2026-06-01)

3.1057.0 (2026-05-29)

3.1056.0 (2026-05-28)

v3.1062.0

3.1062.0(2026-06-04)

Chores

Documentation Changes

New Features

3.1062.0 (2026-06-04)

3.1061.0 (2026-06-03)

3.1060.0 (2026-06-03)

3.1059.0 (2026-06-02)

3.1058.0 (2026-06-01)

3.1057.0 (2026-05-29)

3.1056.0 (2026-05-28)

10.56.0

Important Changes

Other Changes

Bundle size 📦

10.56.0

Important Changes

Other Changes

10.55.0

Important Changes

Release v0.8.0

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.17.0 — June 1, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

Uh oh!

dependabot Bot commented on behalf of github Jun 5, 2026

Assignees

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`@apollo/client@4`.2.2