chore(deps): bump the quotes-frontend-npm group across 1 directory with 8 updates

[dependabot]

Bumps the quotes-frontend-npm group with 8 updates in the /quotes-frontend directory:

Package	From	To
axios	1.13.2	1.13.4
next	16.0.10	16.1.6
pino	10.1.0	10.3.0
react	19.2.3	19.2.4
@types/react	19.2.7	19.2.10
react-dom	19.2.3	19.2.4
@types/node	25.0.1	25.1.0
eslint-config-next	16.0.10	16.1.6

Updates axios from 1.13.2 to 1.13.4

Release notes

Sourced from axios's releases.

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

Release v1.13.3

Release notes:

Bug Fixes

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 9336cf9 chore(release): prepare release 1.13.4 (#7353)
• ee90dfc fix: issues with version 1.13.3 (#7352)
• af4f6d9 fix: release branch yml
• 253e3ad fix: all merge configs
• 8ff6c19 refactor: ci and build (#7340)
• ab06109 chore(release): v1.13.3 (#7335)
• 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
• cb49a6f chore(sponsor): update sponsor block (#7330)
• d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
• 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates pino from 10.1.0 to 10.3.0

Release notes

Sourced from pino's releases.

v10.3.0

What's Changed

• feat: improve the return type of multistream().clone() by @​mrazauskas in pinojs/pino#2377
• feat: set worker thread name for transport identification by @​mcollina in pinojs/pino#2380

Full Changelog: pinojs/pino@v10.2.1...v10.3.0

v10.2.1

What's Changed

• fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools by @​mcollina in pinojs/pino#2379

Full Changelog: pinojs/pino@v10.2.0...v10.2.1

v10.2.0

What's Changed

• chore: lint TypeScript files by @​mrazauskas in pinojs/pino#2363
• fix: prevent memory leak when using transport with --import preload by @​mcollina in pinojs/pino#2374

New Contributors

• @​mrazauskas made their first contribution in pinojs/pino#2363

Full Changelog: pinojs/pino@v10.1.1...v10.2.0

v10.1.1

What's Changed

• fix(types): Correct conditional type handling for generic log function arguments by @​samchungy in pinojs/pino#2329
• perf: use JSON.stringify in fast path for node v25+ by @​ronag in pinojs/pino#2330
• build(deps): bump actions/setup-node from 4 to 6 by @​dependabot[bot] in pinojs/pino#2336
• build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @​dependabot[bot] in pinojs/pino#2337
• build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @​dependabot[bot] in pinojs/pino#2338
• docs: update CONTRIBUTING.md to reference 'main' instead of 'master' by @​NoobFullStack in pinojs/pino#2334
• feat(browser): add reportCaller to surface user callsite by @​dev-KingMaster in pinojs/pino#2340
• docs: update transports.md by @​marklai1998 in pinojs/pino#2224
• docs: add Node.js 22+ native TypeScript type stripping support by @​mcollina in pinojs/pino#2347
• feat(types): use ThreadStream type from thread-stream by @​CHC383 in pinojs/pino#2320
• build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in pinojs/pino#2354
• build(deps): update thread-stream to v4 by @​mcollina in pinojs/pino#2356
• fix: harden transport loading against prototype pollution by @​omdxp in pinojs/pino#2358
• docs: add threat model to SECURITY.md by @​mcollina in pinojs/pino#2360
• build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in pinojs/pino#2365
• build(deps-dev): bump @​types/node from 24.10.4 to 25.0.3 by @​dependabot[bot] in pinojs/pino#2367
• fix: allow passing string, number, null for %o placeholder by @​rChaoz in pinojs/pino#2372

New Contributors

• @​NoobFullStack made their first contribution in pinojs/pino#2334
• @​dev-KingMaster made their first contribution in pinojs/pino#2340
• @​marklai1998 made their first contribution in pinojs/pino#2224
• @​CHC383 made their first contribution in pinojs/pino#2320

... (truncated)

Commits

• d6adf03 Bumped v10.3.0
• 06d55b1 feat: set worker thread name for transport identification (#2380)
• a728702 fix: fix multistream().clone() return type (#2377)
• 31966a3 Bumped v10.2.1
• 417ef57 fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools (#2379)
• 1833a6d Bumped v10.2.0
• 47619e6 Add claude files to .gitignore
• 658effe fix: prevent memory leak when using transport with --import preload (#2374)
• 79a6087 chore: lint the .ts files (#2363)
• 3390470 Bumped v10.1.1
• Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.10

Commits

• See full diff in compare view

Updates react-dom from 19.2.3 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @​gnoff, @​lubieowoce, @​sebmarkbage, @​unstubbable)

Commits

• 90ab3f8 Version 19.2.4
• See full diff in compare view

Updates @types/node from 25.0.1 to 25.1.0

Commits

• See full diff in compare view

Updates @types/react from 19.2.7 to 19.2.10

Commits

• See full diff in compare view

Updates eslint-config-next from 16.0.10 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• 60de6c2 v16.1.4
• f01cf07 v16.1.3
• cb436b3 v16.1.2
• 3aa5398 v16.1.1
• 3491676 v16.1.0
• 58e8f8c v16.1.0-canary.34
• 3284587 v16.1.0-canary.33
• 04290ab v16.1.0-canary.32
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions