Skip to content

Bump the npm_and_yarn group across 1 directory with 4 updates#7

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f57a4b48c2
Open

Bump the npm_and_yarn group across 1 directory with 4 updates#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f57a4b48c2

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 21, 2026

Bumps the npm_and_yarn group with 4 updates in the / directory: axios, next, swiper and qs.

Updates axios from 1.13.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates next from 16.1.3 to 16.1.5

Release notes

Sourced from next's releases.

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

Commits
  • acba4a6 v16.1.5
  • e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
  • 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
  • 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
  • 522ed84 Sync DoS mitigations for React Flight
  • 8cad197 [backport][cna] Ensure created app is not considered the workspace root in pn...
  • 2718661 Backport/docs fixes (#89031)
  • 5333625 Backport/docs fixes 16.1.5 (#88916)
  • 60de6c2 v16.1.4
  • 5f75d22 backport: Only filter next config if experimental flag is enabled (#88733) (#...
  • See full diff in compare view

Updates swiper from 12.0.3 to 12.1.2

Release notes

Sourced from swiper's releases.

v12.1.2

No release notes provided.

v12.1.1

Bug Fixes

  • a11y: fix focus in virtual mode enabled (3055008), closes #8147
  • core: avoid double-subtracting offsets in centerInsufficientSlides (#8158) (60b0052)
  • core: prevent duplicate module initialization in constructor (#8155) (#8156) (07738a2)
  • types: support boolean as a11y value (#8157) (6bf76d5)

v12.1.0

Bug Fixes

  • autoplay: broken custom delay percentages with pause/resume (#8133) (0afecde)
  • core: Don't use data-swiper-slide-index for realIndex when virtual module is enabled (#8142) (bd957f8)
  • core: Escape all CSS selector special characters (d35f41a), closes #8135
  • core: support slidesOffsetBefore and slidesOffsetAfert in cssMode (45b98d0), closes #7926
  • fix lazy preloader removal error in react in vue (332f5c7), closes #8149
  • thumbs: update slide classes on virtual swiper update (#8141) (9752771)
  • types: Add autoScroll to thumbs.update type signature (#8146) (5d91e6e)
  • zoom: initialize gesture state after programmatic zoom (#8112) (71e9511)

Features

  • keyboard: add support for custom speed parameter in keyboard navigation (#8148) (7a4a0e5)
  • new snapToSlideEdge parameter (de3131f), closes #8021 #4780
Changelog

Sourced from swiper's changelog.

Changelog

12.1.1 (2026-02-13)

Bug Fixes

  • a11y: fix focus in virtual mode enabled (3055008), closes #8147
  • core: avoid double-subtracting offsets in centerInsufficientSlides (#8158) (60b0052)
  • core: prevent duplicate module initialization in constructor (#8155) (#8156) (07738a2)
  • types: support boolean as a11y value (#8157) (6bf76d5)

12.1.0 (2026-01-28)

Bug Fixes

  • autoplay: broken custom delay percentages with pause/resume (#8133) (0afecde)
  • core: Don't use data-swiper-slide-index for realIndex when virtual module is enabled (#8142) (bd957f8)
  • core: Escape all CSS selector special characters (d35f41a), closes #8135
  • core: support slidesOffsetBefore and slidesOffsetAfert in cssMode (45b98d0), closes #7926
  • fix lazy preloader removal error in react in vue (332f5c7), closes #8149
  • thumbs: update slide classes on virtual swiper update (#8141) (9752771)
  • types: Add autoScroll to thumbs.update type signature (#8146) (5d91e6e)
  • zoom: initialize gesture state after programmatic zoom (#8112) (71e9511)

Features

  • keyboard: add support for custom speed parameter in keyboard navigation (#8148) (7a4a0e5)
  • new snapToSlideEdge parameter (de3131f), closes #8021 #4780
Commits
  • 2fd88b7 12.1.2
  • d3e6633 fix prototype pollution bypass in extend() util
  • 70c48c1 12.1.1
  • 3055008 fix(a11y): fix focus in virtual mode enabled
  • 60b0052 fix(core): avoid double-subtracting offsets in centerInsufficientSlides (#8158)
  • 6bf76d5 fix(types): support boolean as a11y value (#8157)
  • 07738a2 fix(core): prevent duplicate module initialization in constructor (#8155) (#8...
  • 3a1777a 12.1.0
  • 3bc6cfe 12.1.0
  • 45b98d0 fix(core): support slidesOffsetBefore and slidesOffsetAfert in cssMode
  • Additional commits viewable in compare view

Updates qs from 6.5.3 to 6.5.5

Changelog

Sourced from qs's changelog.

6.5.5

  • [Fix] fix regressions from robustness refactor
  • [meta] add npmignore to autogenerate an npmignore file
  • [actions] update reusable workflows

6.5.4

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions
Commits
  • 3a6d9f8 v6.5.5
  • 48160e7 [actions] update reusable workflows
  • 2fc004a [meta] add npmignore to autogenerate an npmignore file
  • ddcc5d5 [Fix] fix regressions from robustness refactor
  • c190488 v6.5.4
  • 40b77c3 [actions] fix rebase workflow permissions
  • 6e39e92 [readme] document that addQueryPrefix does not add ? to empty output
  • 4e393de [readme] replace runkit CI badge with shields.io check-runs badge
  • dbb0346 [readme] clarify parseArrays and arrayLimit documentation
  • 6b8b4d8 [Robustness] avoid .push, use void
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 4 updates
5fb1951 
Bumps the npm_and_yarn group with 4 updates in the / directory: [axios](https://github.com/axios/axios), [next](https://github.com/vercel/next.js), [swiper](https://github.com/nolimits4web/Swiper) and [qs](https://github.com/ljharb/qs).


Updates `axios` from 1.13.2 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.5)

Updates `next` from 16.1.3 to 16.1.5
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.1.3...v16.1.5)

Updates `swiper` from 12.0.3 to 12.1.2
- [Release notes](https://github.com/nolimits4web/Swiper/releases)
- [Changelog](https://github.com/nolimits4web/swiper/blob/master/CHANGELOG.md)
- [Commits](nolimits4web/swiper@v12.0.3...v12.1.2)

Updates `qs` from 6.5.3 to 6.5.5
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.3...v6.5.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 16.1.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: swiper
  dependency-version: 12.1.2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants