chore(deps): bump the npm_and_yarn group across 2 directories with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /ark-indexer-marketplace-admin directory: @trpc/server.
Bumps the npm_and_yarn group with 5 updates in the /infrastructure/cdk-ark-indexer-marketplace directory:

Package	From	To
brace-expansion	1.1.11	1.1.12
diff	4.0.2	4.0.4
form-data	4.0.0	4.0.5
js-yaml	3.14.1	3.14.2
aws-sdk	2.1639.0	2.1693.0

Updates @trpc/server from 10.40.0 to 10.45.3

Release notes

Sourced from @​trpc/server's releases.

v10.45.3

• fixes GHSA-43p4-m455-4f4j

Full Changelog: trpc/trpc@v10.45.2...v10.45.3

v10.45.2

What's Changed

• patch(server): upgrade to typescript 5.4 and do fixes due to breaking changes in typescript by @​KATT in trpc/trpc#5560

Full Changelog: trpc/trpc@v10.45.1...v10.45.2

v10.45.1

What's Changed

• fix(server): parse url safer in fetch adapter by @​KATT in trpc/trpc#5410
• fix(react-query): no ref in useHookResult() by @​KATT in trpc/trpc#5433

New Contributors

• @​cah4a made their first contribution in trpc/trpc#5250
• @​zacanger made their first contribution in trpc/trpc#5276

Full Changelog: trpc/trpc@v10.45.0...v10.45.1

v10.45.0

What's Changed

• chore(next/app-dir): make a union of nextHttpLink options by @​KATT in trpc/trpc#5173
• chore: bump typescript and fix TS errors by @​KATT in trpc/trpc#5178
• fix(server + client): add noImplicitOverride & add explicit overrides in TRPCError / TRPCClientError by @​me-imfhd in trpc/trpc#5195
• fix(next): rm react-ssr-prepass dependency by @​KATT in trpc/trpc#5201
• feat(next): exclude non-ssr queries from the hydrated state by @​jonluca in trpc/trpc#5135
• fix(server+client): Incorrect serialization of IndexSignature and Record by @​microdev1 in trpc/trpc#5211
• feat(server): deprecate .createCaller() in favor of t.createCallerFactory() by @​KATT in trpc/trpc#5213

New Contributors

• @​kwaimind made their first contribution in trpc/trpc#5143
• @​me-imfhd made their first contribution in trpc/trpc#5195
• @​microdev1 made their first contribution in trpc/trpc#5211

Full Changelog: trpc/trpc@v10.44.1...v10.45.0

v10.44.1

What's Changed

• fix(server): fix fetch adapter with trailing slash by @​KATT in trpc/trpc#5090

New Contributors

... (truncated)

Commits

• 1117bb3 v10.45.3
• 936db6d v10.45.2
• e9e0821 patch(server): upgrade to typescript 5.4 and do fixes (#5560)
• 8db7f76 v10.45.1
• 0d93bc9 fix(server): parse url safer in fetch adapter (#5410)
• 82f7310 fix: enforce consistent type import/export (#5298)
• 444b08a docs: update error.cause comment (#5276)
• 4e101e3 fix: cache artifcats in entrypoints generation script (#5241)
• 353f6c2 chore(deps): update dependency valibot to ^0.25.0 (#5231)
• 06fd40d v10.45.0
• Additional commits viewable in compare view

Updates axios from 1.5.1 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 13.5.5 to 13.5.11

Commits

• 492b7fb v13.5.11
• 6443078 lock swc binaries version
• c92233b v13.5.10
• 1c2249d Match subrequest handling for edge and node (#77477)
• 422223e v13.5.9
• 654ab60 fix another artifact
• 39497fb fix artifact name
• 0a49ce1 [backport] middleware subrequest patch (#77418)
• cde2a1a v13.5.8
• 82e0af7 Backport v13: Update React from d900fadbf to 1dba980e1f (#74202)
• Additional commits viewable in compare view

Updates next-auth from 4.24.4 to 4.24.13

Commits

• 1a70ee8 chore(release): bump version [skip ci]
• edafd21 chore: bump version
• aafbfb9 chore: fix apps deps
• 1f48cf7 chore(release): bump version [skip ci]
• 4758a2f ci: add workflow_dispatch for release.yml
• d3aecfe feat: add next 16 support (#13303)
• 82efcf8 fix: security issue from nodemailer (#13304)
• 798c3d5 docs: update banner
• 02d3480 chore: remove clerk ads
• 7f88fa0 chore: remove sponsors
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates nodemailer from 6.9.6 to 6.10.1

Release notes

Sourced from nodemailer's releases.

v6.10.1

6.10.1 (2025-02-06)

Bug Fixes

• close correct socket (a18062c)

v6.10.0

6.10.0 (2025-01-23)

Features

• services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

• proxy: Set error and timeout errors for proxied sockets (aa0c99c)

v6.9.16

6.9.16 (2024-10-28)

Bug Fixes

• addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

v6.9.15

6.9.15 (2024-08-08)

Bug Fixes

• Fix memory leak (#1667) (baa28f6)
• mime: Added GeoJSON closes #1637 (#1665) (79b8293)

v6.9.14

6.9.14 (2024-06-19)

Bug Fixes

• api: Added support for Ethereal authentication (56b2205)
• services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
• services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
• well-known-services: Add Loopia in well known services (#1655) (21a28a1)

v6.9.13

... (truncated)

Changelog

Sourced from nodemailer's changelog.

6.10.1 (2025-02-06)

Bug Fixes

• close correct socket (a18062c)

6.10.0 (2025-01-23)

Features

• services: add Seznam email service configuration (#1695) (d1ae0a8)

Bug Fixes

• proxy: Set error and timeout errors for proxied sockets (aa0c99c)

6.9.16 (2024-10-28)

Bug Fixes

• addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

6.9.15 (2024-08-08)

Bug Fixes

• Fix memory leak (#1667) (baa28f6)
• mime: Added GeoJSON closes #1637 (#1665) (79b8293)

6.9.14 (2024-06-19)

Bug Fixes

• api: Added support for Ethereal authentication (56b2205)
• services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
• services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
• well-known-services: Add Loopia in well known services (#1655) (21a28a1)

6.9.13 (2024-03-20)

Bug Fixes

• tls: Ensure servername for SMTP (d66fdd3)

6.9.12 (2024-03-08)

Bug Fixes

• message-generation: Escape single quote in address names (4ae5fad)

... (truncated)

Commits

• e1d9123 chore(master): release 6.10.1 [skip-ci] (#1719)
• f093aaa Merge branch 'master' of github.com:nodemailer/nodemailer
• a18062c fix: close correct socket
• 0856796 chore(master): release 6.10.0 [skip-ci] (#1700)
• db59df0 Bumped deps
• aa0c99c fix(proxy): Set error and timeout errors for proxied sockets
• 15146d8 Proton mail fix, issue: nodemailer/nodemailer#1691...
• d1ae0a8 feat(services): add Seznam email service configuration (#1695)
• e70b9c1 chore(master): release 6.9.16 [skip-ci] (#1688)
• bcf55be Bumped deps
• Additional commits viewable in compare view

Updates @smithy/config-resolver from 2.2.0 to 4.4.6

Release notes

Sourced from @​smithy/config-resolver's releases.

@​smithy/util-defaults-mode-browser@​4.3.32

Patch Changes

• @​smithy/smithy-client@​4.11.5

@​smithy/middleware-compression@​4.3.31

Patch Changes

• Updated dependencies [c5db01c]
  • @​smithy/core@​3.23.2

@​smithy/util-defaults-mode-browser@​4.3.31

Patch Changes

• @​smithy/smithy-client@​4.11.4

@​smithy/util-defaults-mode-browser@​4.3.30

Patch Changes

• @​smithy/smithy-client@​4.11.3

@​smithy/middleware-compression@​4.3.30

Patch Changes

• Updated dependencies [6f96c01]
  • @​smithy/core@​3.23.1

@​smithy/util-defaults-mode-browser@​4.3.29

Patch Changes

• @​smithy/smithy-client@​4.11.2

@​smithy/middleware-compression@​4.3.29

Patch Changes

• Updated dependencies [4f05c6a]
  • @​smithy/core@​3.23.0

@​smithy/util-defaults-mode-browser@​4.3.28

Patch Changes

• @​smithy/smithy-client@​4.11.1

@​smithy/middleware-compression@​4.3.28

Patch Changes

• @​smithy/core@​3.22.1

@​smithy/middleware-compression@​4.3.27

Patch Changes

... (truncated)

Changelog

Sourced from @​smithy/config-resolver's changelog.

4.4.6

Patch Changes

• Updated dependencies [745867a]
  • @​smithy/types@​4.12.0
  • @​smithy/node-config-provider@​4.3.8
  • @​smithy/util-endpoints@​3.2.8
  • @​smithy/util-middleware@​4.2.8

4.4.5

Patch Changes

• Updated dependencies [9ccb841]
  • @​smithy/types@​4.11.0
  • @​smithy/node-config-provider@​4.3.7
  • @​smithy/util-endpoints@​3.2.7
  • @​smithy/util-middleware@​4.2.7

4.4.4

Patch Changes

• Updated dependencies [5a56762]
  • @​smithy/types@​4.10.0
  • @​smithy/node-config-provider@​4.3.6
  • @​smithy/util-endpoints@​3.2.6
  • @​smithy/util-middleware@​4.2.6

4.4.3

Patch Changes

• Updated dependencies [3926fd7]
  • @​smithy/types@​4.9.0
  • @​smithy/node-config-provider@​4.3.5
  • @​smithy/util-endpoints@​3.2.5
  • @​smithy/util-middleware@​4.2.5

4.4.2

Patch Changes

• 372b46f: allow * region with warning

4.4.1

Patch Changes

... (truncated)

Commits

• 0e8cc49 Version NPM packages
• 7e4bbf6 chore: upgrade rimraf to v5.0.10 (#1829)
• 521d67c Version NPM packages
• 8b90f36 Version NPM packages
• cc0124e Version NPM packages
• 07f95d9 Version NPM packages
• 372b46f fix(config-resolver): allow asterisk region with warning (#1760)
• 472a5ea Version NPM packages
• 8af2d33 Version NPM packages
• 13c5cd9 chore(config-resolver): add region validation cache (#1750)
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

• f06f3e4 v4.0.4
• 0179a48 v4.0.3
• 4568cae Backport kpdecker/jsdiff#649
• 4de0ffa Backport kpdecker/jsdiff#647
• See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates fast-xml-parser from 4.2.5 to 5.3.6

Release notes

Sourced from fast-xml-parser's releases.

Entity security and performance

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.5...v5.3.6

v5.3.5

What's Changed

• Add missing exports to fxp commonjs types by @​jeremymeng in NaturalIntelligence/fast-xml-parser#782
• fix: Escape regex char in entity name
• update strnum to 2.1.2

New Contributors

• @​jeremymeng made their first contribution in NaturalIntelligence/fast-xml-parser#782

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.3.4...v5.3.5

fix: handle HTML numeric and hex entities when out of range

No release notes provided.

bug fix and performance improvements

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute
• Performance improvement for stopNodes (By Maciek Lamberski)

Replace Buffer with Uint8Array

• Launched Separate CLI module
• Replace Buffer with Uint8Array

Support EMPTY and ANY with ELEMENT in DOCTYPE

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.2.4...v5.2.4

upgrade to ESM module and fixing value parsing issues

• Support ESM modules
• fix value parsing issues
• a feature to access tag location is added (metadata)
• fix to read DOCTYPE correctly

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md

Summary update on all the previous releases from v4.2.4

• Multiple minor fixes provided in the validator and parser
• v6 is added for experimental use.
• ignoreAttributes support function, and array of string or regex
• Add support for parsing HTML numeric entities
• v5 of the application is ESM module now. However, JS is also supported

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

5.3.6 / 2026-02-14

• Improve security and performance of entity processing
  • new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter
  • fast return when no edtity is present
  • improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

• fix: Escape regex char in entity name
• update strnum to 2.1.2
• add missing exports in CJS typings

5.3.4 / 2026-01-30

• fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

• fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

• Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

• Inform user to use fxp-cli instead of in-built CLI feature
• Export typings for direct use

5.2.4 / 2025-06-06

• fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE

5.2.3 / 2025-05-11

• fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE

5.2.2 / 2025-05-05

• fix (#746): update strnum to fix parsing issues related to enotations

5.2.1 / 2025-04-22

• fix: read DOCTYPE entity value correctly
• read DOCTYPE NOTATION, ELEMENT exp but not using read values

5.2.0 / 2025-04-03

... (truncated)

Commits

• ecb2ca1 update release info
• 910dae5 fix entities performance & security issues
• fe9a852 update strnum and release detail
• 943ef0e fix: Escape regex char in entity name
• ddcd0ac Escape regex char in entity name
• 341b582 Add missing exports to fxp commonjs types (#782)
• 753e770 update release details
• 4e387f6 handle html entities when out of range
• 088b47a correct typo (#780)
• f335cbf update publish detail
• Additional commits viewable in compare view

Updates form-data from 4.0.0 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use hasown 81ab41b
• [Fix] validate boundary type in setBoundary() method 8d8e469
• [Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1
• [Dev Deps] remove unused deps 870e4e6
• [meta] remove local commit hooks e6e83cc
• [Dev Deps] update eslint 4066fd6
• [meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)
• fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)
• [Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0.5 - 2025-11-17

Commits

• [Tests] Switch to newer v8 prediction library; enable node 24 testing 16e0076
• [Dev Deps] update @ljharb/eslint-config, eslint 5822467
• [Fix] set Symbol.toStringTag in the proper place 76d0dee

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

v4.0.3 - 2025-06-05

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] use a shared config 426ba9a
• [eslint] fix some spacing issues 2094191
• [Refactor] use has...

  Description has been truncated