Skip to content

build(deps): bump axios and @openapitools/openapi-generator-cli#428

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/multi-a42d1d50f5
Closed

build(deps): bump axios and @openapitools/openapi-generator-cli#428
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/multi-a42d1d50f5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps axios and @openapitools/openapi-generator-cli. These dependencies needed to be updated together.
Updates axios from 1.8.4 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)

... (truncated)

Commits
  • 2d06f96 chore(release): prepare release 1.18.0 (#11003)
  • 32fc489 fix: malformed http urls (#11000)
  • b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
  • fe964f9 docs: mark proxy config as Node.js only (#10995)
  • 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
  • fae9d4e docs: clarify package update PR policy (#10992)
  • 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
  • a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
  • 614f455 docs: publish v1.17.0 release notes (#10988)
  • 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @openapitools/openapi-generator-cli from 2.20.0 to 2.39.0

Release notes

Sourced from @​openapitools/openapi-generator-cli's releases.

v2.39.0

2.39.0 (2026-06-20)

Features

  • release: trigger a release after fixing sorting in list command (724575d)

v2.38.0

2.38.0 (2026-06-11)

Features

  • release: trigger a release after upgrading concurrently to newer versions (#1225) (a265046)

v2.37.0

2.37.0 (2026-06-11)

Features

  • release: trigger a release after upgrading deps to newer versions (#1223) (899c037)

v2.36.0

2.36.0 (2026-06-11)

Features

  • release: trigger a release after upgrading to node 22.x (#1217) (8f69e5a)

v2.35.0

2.35.0 (2026-06-08)

Features

v2.34.0

2.34.0 (2026-05-20)

Features

  • release: trigger a release (c7caa7e)

v2.33.1

2.33.1 (2026-05-19)

... (truncated)

Commits
  • 724575d feat(release): trigger a release after fixing sorting in list command
  • 5f0253d chore(release): trigger a release (#1236)
  • 050b66f chore(fix): sort rows in list command (#1234)
  • b92ebb0 test: fix tests for Windows (#1230)
  • b7164fc chore(deps): update dependency @​types/node to v22.20.0 (#1232)
  • 66e5b25 chore(deps): update actions/checkout action to v7 (#1231)
  • f6fc148 chore(deps): update nest monorepo to v11.1.27 (#1227)
  • 913e6d9 chore(deps): update dependency axios to v1.18.0 (#1226)
  • a265046 feat(release): trigger a release after upgrading concurrently to newer versio...
  • dd35ac1 chore(deps): update concurrently to newer version (#1222)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 5, 2026
github-actions[bot]
github-actions Bot previously approved these changes Jun 5, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 5, 2026 05:13
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-a42d1d50f5 branch from d5fbb40 to 3fe84b5 Compare June 21, 2026 00:11
Bumps [axios](https://github.com/axios/axios) and [@openapitools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli). These dependencies needed to be updated together.

Updates `axios` from 1.8.4 to 1.18.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.8.4...v1.18.0)

Updates `@openapitools/openapi-generator-cli` from 2.20.0 to 2.39.0
- [Release notes](https://github.com/OpenAPITools/openapi-generator-cli/releases)
- [Commits](OpenAPITools/openapi-generator-cli@v2.20.0...v2.39.0)

---
updated-dependencies:
- dependency-name: "@openapitools/openapi-generator-cli"
  dependency-version: 2.34.0
  dependency-type: direct:development
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-a42d1d50f5 branch from 3fe84b5 to 3ce4fa9 Compare June 21, 2026 00:18
@dependabot @github

dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 21, 2026
auto-merge was automatically disabled June 21, 2026 00:21

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-a42d1d50f5 branch June 21, 2026 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants