fix(deps): update default npm tools

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@openai/codex (source)	0.142.0 → 0.142.3
axios (source)	1.16.0 → 1.18.1
firecrawl-cli (source)	1.19.18 → 1.19.21
js-yaml	5.0.0 → 5.2.0
socket	1.1.127 → 1.1.129

---

Release Notes

axios/axios (axios)

v1.18.1

Compare Source

v1.18.1 — June 21, 2026

This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

🐛 Bug Fixes

• AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#​10913)
• Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#​10917, #​10930, #​10942, #​10993)
• Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#​10959, #​11021)
• AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#​11019)

🔧 Maintenance & Chores

• Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#​11007, #​11010, #​11023, #​11025)

• Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#​11011, #​11012, #​11013, #​11014, #​11015, #​11016, #​11017, #​11026)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​webdevelopersrinu (#​10913)
• @​sijie-Z (#​10993)
• @​bartlomieju (#​11023)
• @​JSap0914 (#​11019)

Full Changelog

v1.18.0

Compare Source

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

v1.17.0

Compare Source

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

v1.16.1

Compare Source

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

firecrawl/cli (firecrawl-cli)

v1.19.21: Firecrawl CLI v1.19.21

Compare Source

• Merge pull request #​145 from firecrawl/jonathan/monitor-cli-ux
• Clarify monitor target modes + link to dashboard on create

v1.19.20: Firecrawl CLI v1.19.20

Compare Source

• Merge pull request #​142 from firecrawl/search-monitor
• Merge remote-tracking branch 'origin/main' into search-monitor
• Update package.json
• Update SKILL.md
• Use 'web monitors' in error and test
• feat(monitor): add search-target support to monitor create

v1.19.19: Firecrawl CLI v1.19.19

Compare Source

• Merge pull request #​143 from firecrawl/mogery/fix-crawl-wait-poll-interval
• fix(crawl): keep wait polling in seconds
• Merge pull request #​141 from firecrawl/docs/skill-keyless-fallback
• docs(skill): note keyless free tier fallback in CLI skill

nodeca/js-yaml (js-yaml)

v5.2.0

Compare Source

Added

• Added maxTotalMergeKeys (10000) loader option to limit the total number of
  keys processed by YAML merge (<<) across one load() / loadAll() call.
• Added maxAliases (-1) loader option to limit the number of YAML aliases per
  document.

Removed

• maxMergeSeqLength replaced with maxTotalMergeKeys for limiting YAML merge
  processing.

Fixed

• Round-trip of integers with exponential form (>= 1e21)

v5.1.0

Compare Source

Added

• Collection tags can finalize an incrementally populated carrier into a
  different result value.

Changed

• [breaking] quoteStyle now selects the preferred quote style; use the
  restored forceQuotes option to force quoting non-key strings.

SocketDev/socket-cli (socket)

v1.1.129

Compare Source

v1.1.128

Compare Source

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Between 12:00 AM and 02:59 AM (* 0-2 * * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​firecrawl-cli@​1.19.18 ⏵ 1.19.21	-3			+1
	npm/​@​openai/​codex@​0.142.0-win32-x64 ⏵ 0.142.3	+20		+16
	npm/​socket@​1.1.127 ⏵ 1.1.129

View full report