Skip to content

deps(backend): bump the backend-minor-patch group across 1 directory with 23 updates#4218

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/Servers/backend-minor-patch-0a196bdc9a
Open

deps(backend): bump the backend-minor-patch group across 1 directory with 23 updates#4218
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/Servers/backend-minor-patch-0a196bdc9a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the backend-minor-patch group with 22 updates in the /Servers directory:

Package From To
@aws-sdk/client-ses 3.1054.0 3.1077.0
@daytonaio/sdk 0.182.0 0.192.0
@e2b/code-interpreter 2.5.0 2.6.1
@mastra/core 1.37.0 1.48.0
@mastra/memory 1.20.0 1.22.0
@slack/web-api 7.16.0 7.18.0
axios 1.16.1 1.18.1
bullmq 5.77.6 5.79.2
docx 9.7.0 9.7.1
google-auth-library 10.6.2 10.9.0
ioredis 5.11.0 5.11.1
mjml 5.3.0 5.4.0
node-cron 4.2.1 4.5.0
pg 8.21.0 8.22.0
playwright 1.60.0 1.61.1
redis 6.0.0 6.0.1
resend 6.12.4 6.16.0
sanitize-html 2.17.4 2.17.5
xstate 5.31.1 5.32.2
lint-staged 17.0.5 17.0.8
prettier 3.8.3 3.9.4
tsc-watch 7.2.0 7.2.1

Updates @aws-sdk/client-ses from 3.1054.0 to 3.1077.0

Release notes

Sourced from @​aws-sdk/client-ses's releases.

v3.1077.0

3.1077.0(2026-06-30)

Chores
  • codegen: sync for internal checksum impls and IMDSv2 region fallback (#8134) (c4b42a44)
  • client-iot-events-data: remove IoTEventsData (#8131) (3544e8d5)
  • client-panorama: remove Panorama (#8133) (8941c2b3)
  • client-simspaceweaver: remove SimSpaceWeaver (#8132) (8b14e09b)
  • client-iot-events: remove IoTEvents (#8130) (85fbe9a0)
  • checksums: add crc32c and sha1 checksums (#8126) (ea8faa08)
  • packages: clean up remaining react-native dist-cjs instructions (#8128) (00460bb4)
Documentation Changes
  • client-ecs: Updated threshold configuration documentation. (aab4f35f)
New Features
  • clients: update client endpoints as of 2026-06-30 (f1848891)
  • client-observabilityadmin: Organization and account level telemetry rule via Observability Admin and CloudWatch pipelines for metrics (35b4d8a2)
  • client-datazone: Amazon DataZone now supports SNOWFLAKE as a connection type in the CreateConnection API, enabling metadata and lineage retrieval from Snowflake databases. Specify snowflakeProperties with connection details, a Secrets Manager secret, an Athena spill bucket, and an identity mapping for Snowflake. (4bdc89d6)
  • client-codebuild: Adds support for host kernel selection for on-demand builds. (c051e432)
  • client-cleanrooms: Adds support for intermediate tables in AWS Clean Rooms collaborations. (a259b5ab)
  • client-acm: AWS Certificate Manager now supports the Automatic Certificate Management Environment (ACME) protocol to issue public certificates. ACME is an industry-standard protocol for automating certificate lifecycle on customer-managed infrastructure such as on-premises servers and Kubernetes clusters. (9841f50d)
  • client-connect: Amazon Connect - Added CreateAttachedFile and StartContactConversationalAnalyticsJob APIs to import call recordings and run conversational analytics. (526d3d5f)
  • client-cloudformation: AWS CloudFormation adds a DeploymentConfig parameter to enable Express mode, which completes stack operations as soon as resource configuration is applied. Also adds a DisableValidation parameter to skip pre-deployment validation, which now runs automatically on CreateStack and UpdateStak. (5ac630b8)
  • client-eks: Adds Kubernetes version rollback support, including the CancelUpdate operation to cancel an in-progress VersionRollback update, the RollbackConfig structure with a timeoutMinutes field, and the Cancellation structure surfaced via the new cancellation field on the Update object. (17e627a9)
  • client-partnercentral-selling: This release adds AwsMarketplaceSolutions and AwsMarketplaceProducts entity types to the Associate and Disassociate APIs, returns them in GetOpportunity, and adds AwsMarketplaceSolutionArn to ListSolutions ,letting partners link Marketplace listings directly to opportunities. (2d2de8d1)
  • client-ec2: Adds ModifyVpcEndpointPayerResponsibility API, which enables VPC endpoint service owners to modify the billing account for VPC endpoint usage charges at the individual endpoint level (843c934c)
  • client-sso-admin: AWS IAM Identity Center now returns PrimaryRegion and Regions in the ListInstances response, providing information about replicated instances. (8538563a)
  • client-cloudwatch: Customers can configure alarms with wall-clock-aligned evaluation windows instead of sliding windows, with optional timezone support for daily or weekly periods (3b428259)
  • client-supportauthz: New SDK release for SupportAuthZ. (bad44b4b)
  • client-auto-scaling: This release adds support for a new reservations-then-balanced capacity distribution strategy, which first attempts to launch instances into your Capacity Reservations and then balances remaining capacity across healthy Availability Zones. (38d2d626)
  • client-network-firewall: AWS Network Firewall now supports container associations for monitoring ECS and EKS workloads. You can create container associations to dynamically track the IP addresses of running containers in your Amazon ECS and Amazon EKS clusters. (a884f90a)
  • lib-transfer-manager: add uploadDirectory functionality (#8121) (29b56564)

For list of updated packages, view updated-packages.md in assets-3.1077.0.zip

v3.1076.0

3.1076.0(2026-06-29)

Chores
  • codegen:
    • sync for checksum impls, hostLabel validation (#8127) (aa94fa04)
    • sync for CBOR serde performance and retry fixes (#8125) (b6d6a759)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ses's changelog.

3.1077.0 (2026-06-30)

Note: Version bump only for package @​aws-sdk/client-ses

3.1076.0 (2026-06-29)

Note: Version bump only for package @​aws-sdk/client-ses

3.1075.0 (2026-06-23)

Note: Version bump only for package @​aws-sdk/client-ses

3.1074.0 (2026-06-22)

Note: Version bump only for package @​aws-sdk/client-ses

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-ses

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-ses

3.1071.0 (2026-06-17)

... (truncated)

Commits
  • 5c490b6 Publish v3.1077.0
  • c4b42a4 chore(codegen): sync for internal checksum impls and IMDSv2 region fallback (...
  • dfd62f6 Publish v3.1076.0
  • aa94fa0 chore(codegen): sync for checksum impls, hostLabel validation (#8127)
  • b6d6a75 chore(codegen): sync for CBOR serde performance and retry fixes (#8125)
  • 29ee199 Publish v3.1075.0
  • c48dfa0 Publish v3.1074.0
  • 74d0a07 chore(xml-builder): parse XML internally (#7863)
  • ee71adc Publish v3.1073.0
  • 501cd33 Publish v3.1072.0
  • Additional commits viewable in compare view

Updates @daytonaio/sdk from 0.182.0 to 0.192.0

Release notes

Sourced from @​daytonaio/sdk's releases.

v0.192.0

0.192.0 (2026-06-26)

🚀 Features

  • secrets (#10)

🩹 Fixes

  • release: scope nx release to packages with package.json (8571c8693)

Refactor

  • flatten repo structure, relicense to Apache-2.0, prep Go SDK release pipeline (#6)

Chores

  • align replace directives with sdk-go v0.191.0 requires (#11)
  • fix release action (CLI build secrets, nx manifest, sync_gosum PR) (#12)
  • clarify Apache-2.0/AGPL-3.0 split and add REUSE LICENSES/ (7273f5be4)
  • fall back to disk version for release + make Go tagging idempotent (#16)
  • changelog automaticFromRef for releases without a reachable base tag (#17)
  • cli: restore CLI AGPL-3.0 headers, LICENSE, and checker (#14)
  • sdk-go: bump to v0.191.0 (#9)
  • sdk-go: bump to v0.192.0 (#15)
  • sdk-go: migrate module paths from go.daytona.io to github.com/daytona/clients (#18)

❤️ Thank You

v0.191.0

0.191.0 (2026-06-25)

🩹 Fixes

  • release: scope nx release to packages with package.json (8571c8693)

Refactor

  • flatten repo structure, relicense to Apache-2.0, prep Go SDK release pipeline (#6)

❤️ Thank You

Commits

Updates @e2b/code-interpreter from 2.5.0 to 2.6.1

Commits

Updates @mastra/core from 1.37.0 to 1.48.0

Release notes

Sourced from @​mastra/core's releases.

June 24, 2026

Highlights

Multi-session Harness architecture (Session-first APIs)

Harness is now a pure factory/shared-resource owner: create isolated sessions via harness.createSession() (get-or-create by resourceId), with run control, state, event bus, model/mode switching, permissions, OM, subagent settings, and thread lifecycle all moved onto Session domains (e.g. session.sendMessage(), session.thread.*, session.model.switch(), session.subscribe()), enabling safe concurrent multi-user/multi-thread hosting.

Drive Harness sessions over HTTP (and from the JS client)

Registered harnesses on Mastra can now be operated via new harness-scoped server routes (send/steer/abort/approve tool calls, manage threads, read state, and subscribe via SSE), and @mastra/client-js adds a first-class harness resource (client.getHarness(id).session(resourceId)) to control sessions remotely.

Cross-process signal delivery with distributed leasing + new accepted contract

Signal/message APIs now return an accepted promise resolving to a discriminated routing decision (wake/deliver/persist/discard) with authoritative runId when applicable, and introduce a LeaseProvider abstraction (in-memory and Redis Streams implementations) to ensure only one process owns/wakes a thread run in multi-instance/serverless deployments.

Deterministic agent experiments with item-level tool mocks + multi-tenant datasets/experiments

Dataset items can now declare ordered toolMocks (with strict/ignore arg matching) and experiments return a toolMockReport, enabling deterministic replay without running real tools; datasets and experiments also gain optional (organizationId, projectId) tenancy scoping plus dataset-level candidate identity (candidateKey, candidateId) and a new dataset item source type 'candidate-screener'.

New integrations & streaming ergonomics

New packages add major deployment/integration options: @mastra/next (Next.js App Router adapter), @mastra/tanstack-start (TanStack Start adapter), and @mastra/archil (Archil filesystem provider for workspaces); streaming gains a unified untilIdle option on DurableAgent.stream() and InngestAgent.stream() to keep streams open through background task continuations.

Breaking Changes

  • Harness no longer exposes a singleton harness.session; callers must use await harness.createSession() and operate on the returned Session.
  • Run control moved from Harness.* to Session (e.g. sendMessage, sendSignal, abort, respondToToolSuspension, etc. removed from Harness).
  • Event subscription moved from Harness.subscribe() to session.subscribe() (session-scoped event isolation).
  • Thread lifecycle APIs moved to session.thread.*; Harness no longer exposes createThread/switchThread/cloneThread/renameThread/detachFromCurrentThread or harness.memory.
  • Model/mode switching moved to session.model.switch() and session.mode.switch(); OM accessors moved to session.om.*; permissions to session.permissions.*; subagent model accessors to session.subagents.model.*.
  • Deprecated Harness.getState() / Harness.setState() compatibility wrappers removed (use session.state.get() / session.state.set()).

Changelog

@​mastra/core@1.46.0

Minor Changes

  • Removed the deprecated Harness.getState() and Harness.setState() compatibility wrappers, along with the unused private updateState. Harness state has lived on the session for a while; these were thin proxies marked @deprecated. (#18200)

    Before

    const state = harness.getState();
    await harness.setState({ count: 1 });

    After

    const state = harness.session.state.get();
    await harness.session.state.set({ count: 1 });

    This does not affect the tool-facing harness context, which continues to expose state / getState / setState / updateState alongside session.state.

    mastracode is updated to set browser settings via session.state.set().

... (truncated)

Commits
  • b0c544f chore: version - exit prerelease mode
  • 16bdaba chore: version packages (alpha) (#18711)
  • be875ed fix(core): unref scheduler interval to allow Node.js process exit (#18713)
  • 9eefdc0 fix(playground): stabilize OM extraction markers (#18655)
  • 7d112ca fix(core): broadcast to channels on any run on a channel-backed thread (#18630)
  • c01012f feat(memory): add OM-managed working memory (#18654)
  • 6c86bda feat: add Mastra Code plugin system (#18658)
  • 6f578ac feat(memory): add observational memory extractors (#18653)
  • d229d13 chore: version packages (alpha) (#18702)
  • b9d5a7c chore: regenerate providers and docs [skip ci]
  • Additional commits viewable in compare view

Updates @mastra/memory from 1.20.0 to 1.22.0

Release notes

Sourced from @​mastra/memory's releases.

December 9, 2025

Changelog

Summary

  • Total packages with changes: 12
  • Packages with major changes: 0
  • Packages with minor changes: 0
  • Packages with patch changes: 4

@​mastra/agent-builder@​0.2.6-alpha.1

Patch Changes

  • Fix install step validation error by making targetPath optional in InstallInputSchema. This resolves the "expected string, received undefined" error when running the agent builder template workflow without explicitly providing a targetPath parameter. (#10923)

Dependency Updates

  • @​mastra/core@​0.24.7-alpha.3

@​mastra/ai-sdk@​0.3.3-alpha.0

Patch Changes

  • Return NetworkDataPart on each agent-execution-event and workflow-execution-event in network streams (#10979)

  • Fixed tool-call-suspended chunks being dropped in workflow-step-output when using AI SDK. Previously, when an agent inside a workflow step called a tool that got suspended, the tool-call-suspended chunk was not received on the frontend even though tool-input-available chunks were correctly received. (#10988)

    The issue occurred because tool-call-suspended was not included in the isMastraTextStreamChunk list, causing it to be filtered out in transformWorkflow. Now tool-call-suspended, tool-call-approval, object, and tripwire chunks are properly included in the text stream chunk list and will be transformed and passed through correctly.

    Fixes #10978

Dependency Updates

  • @​mastra/core@​0.24.7-alpha.3

@​mastra/client-js@​0.17.0-alpha.3

Dependency Updates

  • @​mastra/core@​0.24.7-alpha.3

... (truncated)

Changelog

Sourced from @​mastra/memory's changelog.

1.22.0

Minor Changes

  • add observational memory extractors (#18653)

    Introduces a public Extractor API for Observational Memory with inline XML extraction and structured follow-up modes. Includes built-in extractors for current task, suggested response, and thread title. Persists extracted values into thread OM metadata with key-level merging and carry-forward into future observer/reflector prompts.

  • add OM-managed working memory (#18654)

    Adds observationalMemory.observation.manageWorkingMemory so the Observer can update working memory automatically instead of requiring the main agent to call the working memory tool.

    new Memory({
      options: {
        workingMemory: { enabled: true },
        observationalMemory: {
          enabled: true,
          observation: { manageWorkingMemory: true },
        },
      },
    });

    This option adds WorkingMemoryExtractor, defaults workingMemory.agentManaged to false, and defaults workingMemory.useStateSignals to true when working memory is enabled. Set workingMemory.agentManaged: true to keep the main agent's working memory tool and instructions enabled.

Patch Changes

  • Expose providerMetadata on Observational Memory ObserveHooks results (#18563)

    onObservationEnd and onReflectionEnd now receive the OM model call's providerMetadata alongside usage, so you can read per-call provider details — for example the AI Gateway's cost and generation id — straight from the hook instead of wrapping the observer/reflector models in a model-stream middleware:

    const hooks: ObserveHooks = {
      onObservationEnd: ({ usage, providerMetadata }) => {
        const gateway = providerMetadata?.gateway;
        recordCost({ tokens: usage?.totalTokens, cost: gateway?.cost, generationId: gateway?.generationId });
      },
      onReflectionEnd: ({ usage, providerMetadata }) => {
        recordCost({ tokens: usage?.totalTokens, cost: providerMetadata?.gateway?.cost });
      },
    };

    The field is additive and optional, and is omitted entirely when the provider emits no metadata, so existing hook consumers are unaffected. For batched observations and multi-attempt reflections it reflects the last batch/attempt that emitted provider metadata.

... (truncated)

Commits

Updates @slack/web-api from 7.16.0 to 7.18.0

Release notes

Sourced from @​slack/web-api's releases.

@​slack/web-api@​7.18.0

Minor Changes

  • 07744de: feat: make thread_ts optional for assistant.threads.setSuggestedPrompts

@​slack/web-api@​7.17.0

Minor Changes

  • 2085900: feat: expose public read-only ts getter on ChatStreamer for fallback to chat.update when a stream expires server-side

    import { WebClient } from "@slack/web-api";
    const client = new WebClient(process.env.SLACK_BOT_TOKEN);
    const streamer = client.chatStream({
    channel: "C0123456789",
    thread_ts: "1700000001.123456",
    recipient_team_id: "T0123456789",
    recipient_user_id: "U0123456789",
    });
    await streamer.append({ markdown_text: "hello!" });
    // streamer.ts is now set after the first flush
    console.log(streamer.ts);
    await streamer.stop();

Commits

Updates @smithy/node-http-handler from 4.7.4 to 4.9.1

Release notes

Sourced from @​smithy/node-http-handler's releases.

@​smithy/node-http-handler@​4.9.1

Patch Changes

  • Updated dependencies [d366537]
  • Updated dependencies [c0d7f5d]
    • @​smithy/core@​3.28.0

@​smithy/node-http-handler@​4.9.0

Minor Changes

  • c9575e1: use streamCollector from core/serde

Patch Changes

  • Updated dependencies [c9575e1]
  • Updated dependencies [2dcefdb]
  • Updated dependencies [91280a5]
    • @​smithy/core@​3.27.0
Changelog

Sourced from @​smithy/node-http-handler's changelog.

4.9.1

Patch Changes

  • Updated dependencies [d366537]
  • Updated dependencies [c0d7f5d]
    • @​smithy/core@​3.28.0

4.9.0

Minor Changes

  • c9575e1: use streamCollector from core/serde

Patch Changes

  • Updated dependencies [c9575e1]
  • Updated dependencies [2dcefdb]
  • Updated dependencies [91280a5]
    • @​smithy/core@​3.27.0

4.8.2

Patch Changes

  • Updated dependencies [3cfda3b]
    • @​smithy/core@​3.26.0

4.8.1

Patch Changes

  • Updated dependencies [63ddca4]
    • @​smithy/core@​3.25.1

4.8.0

Minor Changes

  • 17e50e9: update dist-cjs output format to use plain require/exports statements

Patch Changes

  • Updated dependencies [17e50e9]
    • @​smithy/types@​4.15.0
    • @​smithy/core@​3.25.0

4.7.8

Patch Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​smithy/node-http-handler since your current version.


Updates axios from 1.16.1 to 1.18.1

Release notes

Sourced from axios's releases.

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

  • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
  • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
  • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
  • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

🔧 Maintenance & Chores

  • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

  • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)

... (truncated)

Commits
  • a209bfb chore(release): prepare release 1.18.1 (#11027)
  • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
  • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
  • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
  • cf1306a docs: add Deno to install instructions (#11023)
  • b32880a fix: incorrect use of error (#11021)
  • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
  • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
  • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
  • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
  • Additional commits viewable in compare view

Updates bullmq from 5.77.6 to 5.79.2

Release notes

Sourced from bullmq's releases.

v5.79.2

5.79.2 (2026-06-27)

Bug Fixes

  • flow: use correct data structure when retrying failed child using ignoreDependencyOnFailure fixes #4235 (#4236) (6f1b2e3)

v5.79.1

5.79.1 (2026-06-21)

Bug Fixes

  • node-redis: accept plain createClient result without cast (#4201) (#4209) (1aefd5b)

v5.79.0

5.79.0 (2026-06-18)

v5.78.1

5.78.1 (2026-06-13)

Bug Fixes

  • scheduler: fail stalled jobs if scheduler does not longer exist (elixir) (rust) (#4222) (d1fcda5)

v5.78.0

5.78.0 (2026-06-02)

Features

  • rust: initial implementation of rust support (#4200) (38798cc)

v5.77.7

5.77.7 (2026-06-01)

Bug Fixes

  • deps: update dependency msgpackr to v2.0.2 [security] (#4202) (fbe04af)
Commits
  • 6f1b2e3 fix(flow): use correct data structure when retrying failed child using ignore...
  • d65a2b4 chore(deps): update dependency msgpackr to v2.0.4 [security] (#4233)
  • 57fd783 chore(deps): update dependency msgpack to v1.2.1 [security] (#4230)
  • 2a377a7 chore(deps): update dependency semver to v7.8.5 (#4214)

…with 23 updates

Bumps the backend-minor-patch group with 22 updates in the /Servers directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-ses](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses) | `3.1054.0` | `3.1077.0` |
| [@daytonaio/sdk](https://github.com/daytona/clients) | `0.182.0` | `0.192.0` |
| [@e2b/code-interpreter](https://github.com/e2b-dev/code-interpreter/tree/HEAD/js) | `2.5.0` | `2.6.1` |
| [@mastra/core](https://github.com/mastra-ai/mastra/tree/HEAD/packages/core) | `1.37.0` | `1.48.0` |
| [@mastra/memory](https://github.com/mastra-ai/mastra/tree/HEAD/packages/memory) | `1.20.0` | `1.22.0` |
| [@slack/web-api](https://github.com/slackapi/node-slack-sdk) | `7.16.0` | `7.18.0` |
| [axios](https://github.com/axios/axios) | `1.16.1` | `1.18.1` |
| [bullmq](https://github.com/taskforcesh/bullmq) | `5.77.6` | `5.79.2` |
| [docx](https://github.com/dolanmiu/docx) | `9.7.0` | `9.7.1` |
| [google-auth-library](https://github.com/googleapis/google-cloud-node/tree/HEAD/core/packages/google-auth-library-nodejs) | `10.6.2` | `10.9.0` |
| [ioredis](https://github.com/luin/ioredis) | `5.11.0` | `5.11.1` |
| [mjml](https://github.com/mjmlio/mjml/tree/HEAD/packages/mjml) | `5.3.0` | `5.4.0` |
| [node-cron](https://github.com/node-cron/node-cron) | `4.2.1` | `4.5.0` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.21.0` | `8.22.0` |
| [playwright](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.1` |
| [redis](https://github.com/redis/node-redis) | `6.0.0` | `6.0.1` |
| [resend](https://github.com/resend/resend-node) | `6.12.4` | `6.16.0` |
| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.4` | `2.17.5` |
| [xstate](https://github.com/statelyai/xstate) | `5.31.1` | `5.32.2` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.5` | `17.0.8` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.9.4` |
| [tsc-watch](https://github.com/gilamran/tsc-watch) | `7.2.0` | `7.2.1` |



Updates `@aws-sdk/client-ses` from 3.1054.0 to 3.1077.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ses/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1077.0/clients/client-ses)

Updates `@daytonaio/sdk` from 0.182.0 to 0.192.0
- [Release notes](https://github.com/daytona/clients/releases)
- [Commits](https://github.com/daytona/clients/commits/v0.192.0)

Updates `@e2b/code-interpreter` from 2.5.0 to 2.6.1
- [Release notes](https://github.com/e2b-dev/code-interpreter/releases)
- [Commits](https://github.com/e2b-dev/code-interpreter/commits/@e2b/code-interpreter@2.6.1/js)

Updates `@mastra/core` from 1.37.0 to 1.48.0
- [Release notes](https://github.com/mastra-ai/mastra/releases)
- [Changelog](https://github.com/mastra-ai/mastra/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/mastra-ai/mastra/commits/@mastra/core@1.48.0/packages/core)

Updates `@mastra/memory` from 1.20.0 to 1.22.0
- [Release notes](https://github.com/mastra-ai/mastra/releases)
- [Changelog](https://github.com/mastra-ai/mastra/blob/main/packages/memory/CHANGELOG.md)
- [Commits](https://github.com/mastra-ai/mastra/commits/@mastra/memory@1.22.0/packages/memory)

Updates `@slack/web-api` from 7.16.0 to 7.18.0
- [Release notes](https://github.com/slackapi/node-slack-sdk/releases)
- [Commits](https://github.com/slackapi/node-slack-sdk/compare/@slack/web-api@7.16.0...@slack/web-api@7.18.0)

Updates `@smithy/node-http-handler` from 4.7.4 to 4.9.1
- [Release notes](https://github.com/smithy-lang/smithy-typescript/releases)
- [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/node-http-handler/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/node-http-handler@4.9.1/packages/node-http-handler)

Updates `axios` from 1.16.1 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.1...v1.18.1)

Updates `bullmq` from 5.77.6 to 5.79.2
- [Release notes](https://github.com/taskforcesh/bullmq/releases)
- [Commits](taskforcesh/bullmq@v5.77.6...v5.79.2)

Updates `docx` from 9.7.0 to 9.7.1
- [Release notes](https://github.com/dolanmiu/docx/releases)
- [Commits](dolanmiu/docx@9.7.0...9.7.1)

Updates `google-auth-library` from 10.6.2 to 10.9.0
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/core/packages/google-auth-library-nodejs/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/google-auth-library-v10.9.0/core/packages/google-auth-library-nodejs)

Updates `ioredis` from 5.11.0 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.11.0...v5.11.1)

Updates `mjml` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/mjmlio/mjml/releases)
- [Commits](https://github.com/mjmlio/mjml/commits/v5.4.0/packages/mjml)

Updates `node-cron` from 4.2.1 to 4.5.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v4.2.1...v4.5.0)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `playwright` from 1.60.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.1)

Updates `redis` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/redis/node-redis/releases)
- [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/node-redis/compare/redis@6.0.0...redis@6.0.1)

Updates `resend` from 6.12.4 to 6.16.0
- [Release notes](https://github.com/resend/resend-node/releases)
- [Commits](resend/resend-node@v6.12.4...v6.16.0)

Updates `sanitize-html` from 2.17.4 to 2.17.5
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/sanitize-html@2.17.5/packages/sanitize-html)

Updates `xstate` from 5.31.1 to 5.32.2
- [Release notes](https://github.com/statelyai/xstate/releases)
- [Commits](https://github.com/statelyai/xstate/compare/xstate@5.31.1...xstate@5.32.2)

Updates `lint-staged` from 17.0.5 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.5...v17.0.8)

Updates `prettier` from 3.8.3 to 3.9.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.9.4)

Updates `tsc-watch` from 7.2.0 to 7.2.1
- [Release notes](https://github.com/gilamran/tsc-watch/releases)
- [Changelog](https://github.com/gilamran/tsc-watch/blob/master/CHANGELOG.md)
- [Commits](gilamran/tsc-watch@v7.2.0...v7.2.1)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-ses"
  dependency-version: 3.1077.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@daytonaio/sdk"
  dependency-version: 0.192.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@e2b/code-interpreter"
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@mastra/core"
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@mastra/memory"
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@slack/web-api"
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: "@smithy/node-http-handler"
  dependency-version: 4.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: bullmq
  dependency-version: 5.79.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: docx
  dependency-version: 9.7.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
- dependency-name: google-auth-library
  dependency-version: 10.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
- dependency-name: mjml
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: node-cron
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: playwright
  dependency-version: 1.61.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: redis
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
- dependency-name: resend
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: sanitize-html
  dependency-version: 2.17.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
- dependency-name: xstate
  dependency-version: 5.32.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
- dependency-name: prettier
  dependency-version: 3.9.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: backend-minor-patch
- dependency-name: tsc-watch
  dependency-version: 7.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: backend-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Minor security labels Jul 1, 2026
@MuhammadKhalilzadeh MuhammadKhalilzadeh added this to the 2.5 milestone Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Minor security

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant