Skip to content

chore(deps): bump the npm-minor-and-patch group across 1 directory with 6 updates#202

Merged
LukeHankey merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-and-patch-5904856a9b
Jun 14, 2026
Merged

chore(deps): bump the npm-minor-and-patch group across 1 directory with 6 updates#202
LukeHankey merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-minor-and-patch-5904856a9b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-and-patch group with 6 updates in the / directory:

Package From To
assert 2.0.0 2.1.0
axios 1.16.0 1.17.0
discord.js 14.19.3 14.26.4
winston 3.8.2 3.19.0
eslint-config-standard 17.0.0 17.1.0
eslint-plugin-import 2.26.0 2.32.0

Updates assert from 2.0.0 to 2.1.0

Changelog

Sourced from assert's changelog.

2.1.0

  • [New] Implement assert.match() and assert.doesNotMatch()
  • [Refactor] switching to a maintained Object.assign package
  • [readme] Add description for usage with webpack and vite (#60)
  • [readme] Remove duplicate line under usage section (#48)
  • [Deps] update is-nan, object-is, util
  • [Dev Deps] update @babel/cli, @babel/core, @babel/preset-env, airtap, core-js, cross-eng, object.entries, object.getownpropertydescriptors, tape
Commits
  • fc65923 v2.1.0
  • d99f50d [meta] add to FUNDING.yml
  • c6e09cb [Deps] update is-nan, object-is, util
  • a38013b [Dev Deps] update @babel/cli, @babel/core, @babel/preset-env, airtap,...
  • f5d7c66 [Refactor] switching to a maintained Object.assign package
  • 80664db [readme] Add description for usage with webpack and vite
  • d932a53 Implement assert.match() and assert.doesNotMatch()
  • bba838e Add security.md
  • ffd5479 Remove duplicate line under usage section (#48)
  • c112ec4 Remove duplicate line under usage section
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for assert since your current version.


Updates axios from 1.16.0 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

... (truncated)

Commits

Updates discord.js from 14.19.3 to 14.26.4

Release notes

Sourced from discord.js's releases.

14.26.4

Bug Fixes

  • MessageCreateAction: Receive DMs in uncached DMChannels again (#11495) (b8d8812)

14.26.3

Bug Fixes

  • TeamMember: Allow a default permissions (dced197)

14.26.2

Bug Fixes

  • Action: Don't add recipients to guild channels (#11479) (b86573d)

14.26.1

Bug Fixes

  • Only return DMChannel that have the user as known recipient (#11478) (67566d0)

14.26.0

Bug Fixes

Features

  • Allow partial DMChannel without client user (#11462) (45bd430)
  • Modal radio group and checkbox components for v14 (#11437) (b42e499)

Refactor

Typings

14.25.1

Bug Fixes

  • GuildEmojiManager: Allow CreateGuildExpressions for retrieving author data (#11288) (0d64ea0)

14.25.0

Bug Fixes

... (truncated)

Changelog

Sourced from discord.js's changelog.

14.26.4 - (2026-05-01)

Bug Fixes

  • MessageCreateAction: Receive DMs in uncached DMChannels again (#11495) (b8d8812)

14.26.3 - (2026-04-14)

Bug Fixes

  • TeamMember: Allow a default permissions (dced197)

14.26.2 - (2026-04-03)

Bug Fixes

  • Action: Don't add recipients to guild channels (#11479) (b86573d)

14.26.1 - (2026-04-03)

Bug Fixes

  • Only return DMChannel that have the user as known recipient (#11478) (67566d0)

14.26.0 - (2026-03-31)

Bug Fixes

Features

  • Allow partial DMChannel without client user (#11462) (45bd430)
  • Modal radio group and checkbox components for v14 (#11437) (b42e499)

Refactor

Typings

14.25.1 - (2025-11-21)

Bug Fixes

  • GuildEmojiManager: Allow CreateGuildExpressions for retrieving author data (#11288) (0d64ea0)

... (truncated)

Commits
  • 0516dc7 chore(discord.js): release discord.js@14.26.4
  • b8d8812 fix(MessageCreateAction): receive DMs in uncached DMChannels again (#11495)
  • f95b629 chore(TeamMember): update permissions comment
  • 666fce0 chore(discord.js): release discord.js@14.26.3
  • dced197 fix(TeamMember): allow a default permissions
  • e662290 chore(discord.js): release discord.js@14.26.2
  • b86573d fix(Action): don't add recipients to guild channels (#11479)
  • cd1b6a0 chore(discord.js): release discord.js@14.26.1
  • 67566d0 fix: only return DMChannel that have the user as known recipient (#11478)
  • eee6f94 chore(discord.js): release discord.js@14.26.0
  • Additional commits viewable in compare view

Updates winston from 3.8.2 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

  • Run npm audit fix e7ccdc4
  • Don&#39;t include jest.config.js in npm package 5a63c8c
  • fix: append error cause when using logger.child() (#2467) e74a7ae
  • Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
  • fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
  • Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
  • Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
  • Bump actions/checkout from 4 to 6 (#2593) dd7906e
  • chore: migrate test runner from mocha to jest (#2567) 2e9eb18

winstonjs/winston@v3.18.3...v3.19.0

v3.18.3

  • Update diagnostics dependency (removes fix-esm transitive dependency) a15a9e9

winstonjs/winston@v3.18.2...v3.18.3

v3.18.2

  • Bump diagnostics package to resolve #2583 (again) f4582c3

winstonjs/winston@v3.18.1...v3.18.2

v3.18.1

  • Bump diagnostics package to resolve #2583 e668c2c

winstonjs/winston@v3.18.0...v3.18.1

v3.18.0

  • Update diagnostics package to latest version to remove vulnerability 376e331
  • add @​initd.sg/winston-cloudwatch (#2532) 71ee92a
  • Update transports.md (#2549) 3547a95
  • docs: update transport.md (#2550) dc88db0
  • feat: adds helper function for highest log level (#2514) c69cdb0

winstonjs/winston@v3.17.0...v3.18.0

v3.17.0

  • Try winston-transport 4.9.0 3e87128
  • Revert "Try bumping winston-transport to 4.8.0" 69625fc

... (truncated)

Changelog

Sourced from winston's changelog.

CHANGELOG

v3.9.0

Functionality changes

Dependency updates by @​dependabot + CI autotesting

Documentation changes

Build Infrastructure changes

Commits

Updates eslint-config-standard from 17.0.0 to 17.1.0

Commits

Updates eslint-plugin-import from 2.26.0 to 2.32.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.32.0

Added

Fixed

Changed

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.32.0] - 2025-06-20

Added

  • add [enforce-node-protocol-usage] rule and import/node-version setting (#3024, thanks [@​GoldStrikeArch] and [@​sevenc-nanashi])
  • add TypeScript types (#3097, thanks [@​G-Rath])
  • [extensions]: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@​Xunnamius])
  • [order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@​Xunnamius])
  • [order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@​Xunnamius])
  • [order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@​Xunnamius])

Fixed

  • [no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@​michaelfaith])
  • configs: added missing name attribute for eslint config inspector (#3151, thanks [@​NishargShah])
  • [order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@​Xunnamius])
  • [order]: resolve undefined property access issue when using named ordering (#3166, thanks [@​Xunnamius])
  • [enforce-node-protocol-usage]: avoid a crash with some TS code (#3173, thanks [@​ljharb])
  • [order]: codify invariants from docs into config schema (#3152, thanks [@​Xunnamius])

Changed

[2.31.0] - 2024-10-03

Added

Fixed

  • ExportMap / flat config: include languageOptions in context (#3052, thanks [@​michaelfaith])
  • [no-named-as-default]: Allow using an identifier if the export is both a named and a default export (#3032, thanks [@​akwodkiewicz])
  • [export]: False positive for exported overloaded functions in TS (#3065, thanks [@​liuxingbaoyu])
  • exportMap: export map cache is tainted by unreliable parse results (#3062, thanks [@​michaelfaith])
  • exportMap: improve cacheKey when using flat config (#3072, thanks [@​michaelfaith])
  • adjust "is source type module" checks for flat config (#2996, thanks [@​G-Rath])

Changed

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 13, 2026
@dependabot dependabot Bot changed the title chore(deps): bump the npm-minor-and-patch group with 6 updates chore(deps): bump the npm-minor-and-patch group across 1 directory with 6 updates Jun 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-minor-and-patch-5904856a9b branch from adb0545 to 79d8416 Compare June 13, 2026 23:25
@dependabot
chore(deps): bump the npm-minor-and-patch group across 1 directory wi…
f8d9356 
…th 6 updates

Bumps the npm-minor-and-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [assert](https://github.com/browserify/commonjs-assert) | `2.0.0` | `2.1.0` |
| [axios](https://github.com/axios/axios) | `1.16.0` | `1.17.0` |
| [discord.js](https://github.com/discordjs/discord.js/tree/HEAD/packages/discord.js) | `14.19.3` | `14.26.4` |
| [winston](https://github.com/winstonjs/winston) | `3.8.2` | `3.19.0` |
| [eslint-config-standard](https://github.com/standard/eslint-config-standard) | `17.0.0` | `17.1.0` |
| [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.26.0` | `2.32.0` |



Updates `assert` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/browserify/commonjs-assert/releases)
- [Changelog](https://github.com/browserify/commonjs-assert/blob/main/CHANGELOG.md)
- [Commits](browserify/commonjs-assert@v2.0.0...v2.1.0)

Updates `axios` from 1.16.0 to 1.17.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.0...v1.17.0)

Updates `discord.js` from 14.19.3 to 14.26.4
- [Release notes](https://github.com/discordjs/discord.js/releases)
- [Changelog](https://github.com/discordjs/discord.js/blob/14.26.4/packages/discord.js/CHANGELOG.md)
- [Commits](https://github.com/discordjs/discord.js/commits/14.26.4/packages/discord.js)

Updates `winston` from 3.8.2 to 3.19.0
- [Release notes](https://github.com/winstonjs/winston/releases)
- [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md)
- [Commits](winstonjs/winston@v3.8.2...v3.19.0)

Updates `eslint-config-standard` from 17.0.0 to 17.1.0
- [Commits](standard/eslint-config-standard@v17.0.0...v17.1.0)

Updates `eslint-plugin-import` from 2.26.0 to 2.32.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.26.0...v2.32.0)

---
updated-dependencies:
- dependency-name: assert
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: discord.js
  dependency-version: 14.26.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: eslint-config-standard
  dependency-version: 17.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: eslint-plugin-import
  dependency-version: 2.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
- dependency-name: winston
  dependency-version: 3.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-minor-and-patch-5904856a9b branch from 79d8416 to f8d9356 Compare June 14, 2026 14:34
@LukeHankey LukeHankey merged commit 8de4ca2 into main Jun 14, 2026
3 checks passed
@LukeHankey LukeHankey deleted the dependabot/npm_and_yarn/npm-minor-and-patch-5904856a9b branch June 14, 2026 14:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LukeHankey