Skip to content

Bump the npm-production group across 1 directory with 2 updates#10

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-c2f7087980
Open

Bump the npm-production group across 1 directory with 2 updates#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-production-c2f7087980

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-production group with 2 updates in the / directory: @clack/prompts and axios.

Updates @clack/prompts from 1.5.1 to 1.6.0

Release notes

Sourced from @​clack/prompts's releases.

@​clack/prompts@​1.6.0

Minor Changes

  • #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

    If you want the old behavior, provide a format() function:

    import { note } from '@clack/prompts';
    +import { styleText } from 'node:util';
    note(
    'You can edit the file src/index.jsx',
    'Next steps.'
    
    { format: (text) => styleText('dim', text) }
    );
  • #567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

  • Patch Changes

    Changelog

    Sourced from @​clack/prompts's changelog.

    1.6.0

    Minor Changes

    • #568 f87933f Thanks @​florian-lefebvre! - Updates default formatter of note() to note dim lines anymore

      If you want the old behavior, provide a format() function:

      import { note } from '@clack/prompts';
      +import { styleText } from 'node:util';
      note(
      'You can edit the file src/index.jsx',
      'Next steps.'
      
      { format: (text) => styleText('dim', text) }
      );
  • #567 cc6aab5 Thanks @​dreyfus92! - Add keyboard instruction footers to select, multiselect, and groupMultiselect in the active state, matching autocomplete. No option — always shown.

  • Patch Changes

    Commits

    Updates axios from 1.17.0 to 1.18.1

    Release notes

    Sourced from axios's releases.

    v1.18.1 — June 21, 2026

    This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

    🐛 Bug Fixes

    • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
    • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
    • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
    • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

    🔧 Maintenance & Chores

    • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

    • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

    🌟 New Contributors

    We are thrilled to welcome our new contributors. Thank you for helping improve axios:

    Full Changelog

    v1.18.0 — June 13, 2026

    This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

    🔒 Security Fixes

    • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

    • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

    🐛 Bug Fixes

    • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

    🔧 Maintenance & Chores

    • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

    • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

    • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

    ... (truncated)

    Changelog

    Sourced from axios's changelog.

    Changelog

    v1.18.0 — June 13, 2026

    This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

    🔒 Security Fixes

    • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

    • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

    🐛 Bug Fixes

    • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

    🔧 Maintenance & Chores

    • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

    • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

    • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

    🌟 New Contributors

    We are thrilled to welcome our new contributors. Thank you for helping improve axios:

    Full Changelog

    Commits
    • a209bfb chore(release): prepare release 1.18.1 (#11027)
    • fa6a55e chore(deps-dev): bump multer from 2.1.1 to 2.2.0 (#11026)
    • 40e7be8 docs: clarifies that request data is request-specific in axios (#11025)
    • a446b39 fix(AxiosURLSearchParams): use arrow function so encoder.call(this) receives ...
    • cf1306a docs: add Deno to install instructions (#11023)
    • b32880a fix: incorrect use of error (#11021)
    • 1792eda fix: ensure maxBodyLength is explicitly passed to follow-redirects (#10993)
    • 30499d6 fix: various runtime crashes and type definition mismatches (#10959)
    • 20ce9c4 fix(http): defer env proxy handling to Node (#10942)
    • e64bcf9 chore(deps): merge branch 'v1.x' into tests/module/cjs (#11014)
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
    • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
    • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
    • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
    • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

    Bumps the npm-production group with 2 updates in the / directory: [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) and [axios](https://github.com/axios/axios).
    
    
    Updates `@clack/prompts` from 1.5.1 to 1.6.0
    - [Release notes](https://github.com/bombshell-dev/clack/releases)
    - [Changelog](https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md)
    - [Commits](https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.6.0/packages/prompts)
    
    Updates `axios` from 1.17.0 to 1.18.1
    - [Release notes](https://github.com/axios/axios/releases)
    - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
    - [Commits](axios/axios@v1.17.0...v1.18.1)
    
    ---
    updated-dependencies:
    - dependency-name: "@clack/prompts"
      dependency-version: 1.6.0
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: npm-production
    - dependency-name: axios
      dependency-version: 1.18.1
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: npm-production
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 25, 2026
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Labels

    dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

    Projects

    None yet

    Development

    Successfully merging this pull request may close these issues.

    0 participants