Skip to content

fix(deps): update npm non-major dependencies#4098

Open
renovate[bot] wants to merge 5 commits intomainfrom
renovate/npm-minor-patch
Open

fix(deps): update npm non-major dependencies#4098
renovate[bot] wants to merge 5 commits intomainfrom
renovate/npm-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 8, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
@babel/preset-env (source) 7.29.27.29.3 age confidence
@eslint/compat (source) 2.0.42.0.5 age confidence
@navikt/aksel-icons (source) 8.9.08.10.3 age confidence
@percy/cli (source) 1.31.111.31.13 age confidence
@tanstack/react-query (source) 5.96.25.100.9 age confidence
@tanstack/react-query-devtools (source) 5.96.25.100.9 age confidence
@testing-library/cypress 10.1.010.1.3 age confidence
@typescript-eslint/eslint-plugin (source) 8.58.08.59.1 age confidence
@typescript-eslint/parser (source) 8.58.08.59.1 age confidence
ajv (source) 8.18.08.20.0 age confidence
axe-core (source) 4.11.24.11.4 age confidence
axios (source) 1.15.21.16.0 age confidence
cypress (source) 15.13.015.14.2 age confidence
dompurify 3.4.13.4.2 age confidence
dotenv 17.4.017.4.2 age confidence
eslint (source) 10.2.010.3.0 age confidence
eslint-plugin-cypress 6.2.26.4.0 age confidence
eslint-plugin-react-hooks (source) 7.0.17.1.1 age confidence
eslint-plugin-sonarjs (source) 4.0.24.0.3 age confidence
globals 17.4.017.6.0 age confidence
lru-cache 11.2.711.3.5 age confidence
marked (source) 17.0.517.0.6 age confidence
marked-mangle 1.1.121.1.13 age confidence
prettier (source) 3.8.13.8.3 age confidence
react (source) 19.2.419.2.5 age confidence
react-dom (source) 19.2.419.2.5 age confidence
react-toastify 11.0.511.1.0 age confidence
tinybench 6.0.06.0.1 age confidence
typescript-eslint (source) 8.58.08.59.1 age confidence
webpack 5.105.45.106.2 age confidence
yarn (source) 4.13.04.14.1 age confidence
zod (source) 4.3.64.4.3 age confidence

Release Notes

babel/babel (@​babel/preset-env)

v7.29.3

Compare Source

eslint/rewrite (@​eslint/compat)

v2.0.5

Compare Source

Dependencies
  • The following workspace dependencies were updated
navikt/aksel (@​navikt/aksel-icons)

v8.10.3

Compare Source

v8.10.2

Compare Source

v8.10.1

Compare Source

v8.10.0

Compare Source

v8.9.1

Compare Source

percy/cli (@​percy/cli)

v1.31.13

Compare Source

What's Changed

✨ Enhancements

Full Changelog: percy/cli@v1.31.12...v1.31.13

v1.31.12

Compare Source

New Contributors

Full Changelog: percy/cli@v1.31.11...v1.31.12

TanStack/query (@​tanstack/react-query)

v5.100.9

Compare Source

Patch Changes

v5.100.8

Compare Source

Patch Changes

v5.100.7

Compare Source

Patch Changes

v5.100.6

Compare Source

Patch Changes

v5.100.5

Compare Source

Patch Changes

v5.100.4

Compare Source

Patch Changes

v5.100.3

Compare Source

Patch Changes

v5.100.2

Patch Changes

v5.100.1

Patch Changes

v5.100.0

Compare Source

Patch Changes

v5.99.2

Compare Source

Patch Changes

v5.99.1

Compare Source

Patch Changes

v5.99.0

Compare Source

Patch Changes

v5.98.0

Compare Source

Patch Changes

v5.97.0

Compare Source

Patch Changes
TanStack/query (@​tanstack/react-query-devtools)

v5.100.9

Compare Source

Patch Changes

v5.100.8

Compare Source

Patch Changes

v5.100.7

Compare Source

Patch Changes

v5.100.6

Compare Source

Patch Changes

v5.100.5

Compare Source

Patch Changes

v5.100.4

Compare Source

Patch Changes

v5.100.3

Compare Source

Patch Changes

v5.100.2

Compare Source

Patch Changes

v5.100.1

Compare Source

Patch Changes

v5.100.0

Compare Source

Patch Changes

v5.99.2

Compare Source

Patch Changes

v5.99.1

Compare Source

Patch Changes

v5.99.0

Compare Source

Patch Changes

v5.98.0

Compare Source

Patch Changes

v5.97.0

Compare Source

Patch Changes
testing-library/cypress-testing-library (@​testing-library/cypress)

v10.1.3

Compare Source

Bug Fixes
  • Update Node.js version and add npm registry URL (a3a4dd6)
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.59.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#​12241)
  • eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#​12220)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#​12278)
  • eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#​12269)
  • eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#​12257)
  • eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#​12246)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

Compare Source

🚀 Features
  • eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#​11789)
❤️ Thank You
  • Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.2

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#​12147)
  • remove tsbuildinfo cache file from published packages (#​12187)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.1

Compare Source

🩹 Fixes
  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#​12004)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.59.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.2

Compare Source

🩹 Fixes
  • remove tsbuildinfo cache file from published packages (#​12187)
❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.1

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

ajv-validator/ajv (ajv)

v8.20.0

Compare Source

What's Changed

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

dequelabs/axe-core (axe-core)

v4.11.4

Compare Source

v4.11.3

Compare Source

axios/axios (axios)

v1.16.0

Compare Source

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

  • Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#​10795)
  • Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#​10822)
  • Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#​10825)
  • parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#​10729)
  • Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#​7378)
  • transformRequest input typing change was reverted. The typing change introduced in #​10745 was reverted in #​10810 after follow-up review — net behavior is unchanged from 1.15.2. (#​10745, #​10810)

🚀 New Features

  • QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#​10802)
  • ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #​6485). (#​10680)
  • Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#​6897)

🐛 Bug Fixes

  • HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#​10794, #​10800, #​6241, #​10822, #​10825)
  • HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#​10708, #​10819, #​7149)
  • Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#​10795, #​10772, #​10806, #​7260)
  • XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#​10787)
  • Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#​10724, #​7276, #​10729)
  • Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#​7414, #​6389, #​6460)
  • UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#​7378)
  • Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#​10833)

🔧 Maintenance & Chores

  • Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#​10588, #​7419)
  • Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#​10820, #​10791, #​10796)
  • Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#​10821, #​10782, #​10759, #​10804)
  • Reverted: Reverted the transformRequest input typing change from #​10745 after follow-up review. (#​10745, #​10810)
  • Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#​10785, #​10813, #​10814)
  • Release: Updated changelog and packages, and prepared the 1.16.0 release. (#​10790, #​10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

cypress-io/cypress (cypress)

v15.14.2

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-2

v15.14.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-1

v15.14.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-14-0

v15.13.1

Compare Source

cure53/DOMPurify (dompurify)

v3.4.2: DOMPurify 3.4.2

Compare Source

  • Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
  • Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible
motdotla/dotenv (dotenv)

v17.4.2

Compare Source

v17.4.1

Compare Source

eslint/eslint (eslint)

v10.3.0

Compare Source

v10.2.1

Compare Source

cypress-io/eslint-plugin-cypress (eslint-plugin-cypress)

v6.4.0

Compare Source

Features
  • support chains started of helper functions in unsafe-to-chain-command (#​307) (bdf94f2)

v6.3.1

Compare Source

Bug Fixes

v6.3.0

Compare Source

Features
  • added no-and rule to ensure .and() follows certain commands (#​310) (c0b7e3b)

v6.2.3

Compare Source

Bug Fixes
  • no-unnecessary-waiting flag identifiers defined in object/array patterns ([#​308](https://redirect.gith

Note

PR body was truncated to here.

@renovate renovate Bot added backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/dependencies Pull requests that update a dependency file labels Apr 8, 2026
@renovate renovate Bot force-pushed the renovate/npm-minor-patch branch 15 times, most recently from c86fccd to 527affe Compare April 15, 2026 11:56
@renovate renovate Bot force-pushed the renovate/npm-minor-patch branch 12 times, most recently from 8a34b61 to 5992241 Compare April 22, 2026 19:36
@renovate renovate Bot changed the title fix(deps): update npm non-major dependencies Update npm non-major dependencies Apr 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-minor-patch branch 16 times, most recently from 2e1d20f to e9bb0ce Compare May 5, 2026 13:00
@renovate renovate Bot changed the title Update npm non-major dependencies fix(deps): update npm non-major dependencies May 5, 2026
@renovate renovate Bot force-pushed the renovate/npm-minor-patch branch 4 times, most recently from 80cd5d1 to b903741 Compare May 6, 2026 18:58
@renovate renovate Bot force-pushed the renovate/npm-minor-patch branch from b903741 to afe37d7 Compare May 7, 2026 08:57
@Magnusrm @claude
fix(ci): cache node_modules so Cypress binary is available in run jobs
9144d1c 
The run jobs only downloaded the dist artifact, leaving node_modules absent.
The cypress-io action needs node_modules/cypress to resolve the binary cache
key, so after a version bump (15.13.0 → 15.14.2) the binary was not found.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 7, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 7, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport-ignore This PR is a new feature and should not be cherry-picked onto release branches kind/dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Magnusrm