Bump the test-resources-minor-patch group across 1 directory with 12 updates

[dependabot]

Bumps the test-resources-minor-patch group with 12 updates in the /test-resources directory:

Package	From	To
@aws-sdk/client-dynamodb	3.1058.0	3.1065.0
@aws-sdk/client-s3	3.1058.0	3.1065.0
@aws-sdk/util-dynamodb	3.996.2	3.996.4
@smithy/node-http-handler	4.7.6	4.7.7
@aws-sdk/client-secrets-manager	3.1058.0	3.1065.0
@aws-sdk/credential-providers	3.1058.0	3.1065.0
@types/aws-lambda	8.10.161	8.10.162
@types/node	22.19.19	22.19.20
aws-sdk-client-mock-vitest	7.0.1	7.1.0
axios	1.16.1	1.17.0
prettier	3.8.3	3.8.4
typescript-eslint	8.60.1	8.61.0

Updates @aws-sdk/client-dynamodb from 3.1058.0 to 3.1065.0

Release notes

Sourced from @​aws-sdk/client-dynamodb's releases.

v3.1065.0

3.1065.0(2026-06-09)

Chores

• lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)

New Features

• clients: update client endpoints as of 2026-06-09 (935d71be)
• client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
• client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
• client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
• client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
• client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
• client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
• client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
• client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
• client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
• client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
• client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)

Bug Fixes

• credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)
• core: export legacy root symbols from submodules instead of relative paths (#8086) (abea090c)

Tests

• middleware-sdk-s3: use crypto.randomUUID for E2E test bucket names (#8088) (ba4d1941)

---

For list of updated packages, view updated-packages.md in assets-3.1065.0.zip

v3.1064.0

3.1064.0(2026-06-08)

Chores

• scripts: update pkg json linting (#8082) (86792c5e)

New Features

• client-cost-optimization-hub: Adds new Idle Recommendation types in the Cost Optimization Hub API (872710e9)
• client-deadline: Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. (5f03ea0e)
• client-devops-agent: Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. (bcef9614)
• client-mgn: AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. (2cff08e6)
• client-mediapackagev2: Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. (5aad0234)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-dynamodb's changelog.

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1060.0 (2026-06-03)

Bug Fixes

• client-dynamodb: dynamodb special retry config fixed to be merge-compatible with user-supplied retry config (#8068) (a569d9c)

... (truncated)

Commits

• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• 0dfa4ad test(clients): add client error deserialization tests (#8075)
• f5235bb Publish v3.1062.0
• 71df2cc Publish v3.1061.0
• 8aeb92d Publish v3.1060.0
• a569d9c fix(client-dynamodb): dynamodb special retry config fixed to be merge-compati...
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.1058.0 to 3.1065.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1065.0

3.1065.0(2026-06-09)

Chores

• lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)

New Features

• clients: update client endpoints as of 2026-06-09 (935d71be)
• client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
• client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
• client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
• client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
• client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
• client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
• client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
• client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
• client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
• client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
• client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)

Bug Fixes

• credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)
• core: export legacy root symbols from submodules instead of relative paths (#8086) (abea090c)

Tests

• middleware-sdk-s3: use crypto.randomUUID for E2E test bucket names (#8088) (ba4d1941)

---

For list of updated packages, view updated-packages.md in assets-3.1065.0.zip

v3.1064.0

3.1064.0(2026-06-08)

Chores

• scripts: update pkg json linting (#8082) (86792c5e)

New Features

• client-cost-optimization-hub: Adds new Idle Recommendation types in the Cost Optimization Hub API (872710e9)
• client-deadline: Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. (5f03ea0e)
• client-devops-agent: Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. (bcef9614)
• client-mgn: AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. (2cff08e6)
• client-mediapackagev2: Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. (5aad0234)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-s3

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-s3

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-s3

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1059.0 (2026-06-02)

... (truncated)

Commits

• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 291ad36 chore(scripts): include generated packages when validating declared imports 1...
• 71df2cc Publish v3.1061.0
• 1216094 chore(middleware-sdk-s3): consolidate S3 internal packages (#8026)
• 8aeb92d Publish v3.1060.0
• Additional commits viewable in compare view

Updates @aws-sdk/util-dynamodb from 3.996.2 to 3.996.4

Commits

• See full diff in compare view

Updates @smithy/node-http-handler from 4.7.6 to 4.7.7

Changelog

Sourced from @​smithy/node-http-handler's changelog.

4.7.7

Patch Changes

• 9ea5ce5: import node:http,https,http2 using default export object (writable)

Commits

• See full diff in compare view

Updates @aws-sdk/client-secrets-manager from 3.1058.0 to 3.1065.0

Release notes

Sourced from @​aws-sdk/client-secrets-manager's releases.

v3.1065.0

3.1065.0(2026-06-09)

Chores

• lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)

New Features

• clients: update client endpoints as of 2026-06-09 (935d71be)
• client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
• client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
• client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
• client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
• client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
• client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
• client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
• client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
• client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
• client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
• client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)

Bug Fixes

• credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)
• core: export legacy root symbols from submodules instead of relative paths (#8086) (abea090c)

Tests

• middleware-sdk-s3: use crypto.randomUUID for E2E test bucket names (#8088) (ba4d1941)

---

For list of updated packages, view updated-packages.md in assets-3.1065.0.zip

v3.1064.0

3.1064.0(2026-06-08)

Chores

• scripts: update pkg json linting (#8082) (86792c5e)

New Features

• client-cost-optimization-hub: Adds new Idle Recommendation types in the Cost Optimization Hub API (872710e9)
• client-deadline: Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. (5f03ea0e)
• client-devops-agent: Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. (bcef9614)
• client-mgn: AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. (2cff08e6)
• client-mediapackagev2: Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. (5aad0234)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-secrets-manager's changelog.

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1059.0 (2026-06-02)

... (truncated)

Commits

• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 71df2cc Publish v3.1061.0
• 8aeb92d Publish v3.1060.0
• 75bb4fc Publish v3.1059.0
• 6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
• See full diff in compare view

Updates @aws-sdk/credential-providers from 3.1058.0 to 3.1065.0

Release notes

Sourced from @​aws-sdk/credential-providers's releases.

v3.1065.0

3.1065.0(2026-06-09)

Chores

• lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)

New Features

• clients: update client endpoints as of 2026-06-09 (935d71be)
• client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
• client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
• client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
• client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
• client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
• client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
• client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
• client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
• client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
• client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
• client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)

Bug Fixes

• credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)
• core: export legacy root symbols from submodules instead of relative paths (#8086) (abea090c)

Tests

• middleware-sdk-s3: use crypto.randomUUID for E2E test bucket names (#8088) (ba4d1941)

---

For list of updated packages, view updated-packages.md in assets-3.1065.0.zip

v3.1064.0

3.1064.0(2026-06-08)

Chores

• scripts: update pkg json linting (#8082) (86792c5e)

New Features

• client-cost-optimization-hub: Adds new Idle Recommendation types in the Cost Optimization Hub API (872710e9)
• client-deadline: Added optional identityCenterRegion parameter to AssociateMember APIs to allow managing memberships for users and groups in other regions. (5f03ea0e)
• client-devops-agent: Add Asset APIs for managing versioned assets and asset files in AWS DevOps Agent agent spaces. (bcef9614)
• client-mgn: AWS Transform discovery tool now supported as network migration input source. You can now use the AWS Transform Discovery tool as a source for network migration alongside modelizeIT, enabling hybrid network migrations for environments running both VMware and non-VMware workloads. (2cff08e6)
• client-mediapackagev2: Adds support for DASH Audio Timeline Patternization. This enables your DASH manifests to templatize the repeating patterns that emerge in audio segment timelines. This compacts the total timeline length, utilizing the repeat notation, such that manifests don't grow indefinitely long. (5aad0234)

... (truncated)

Changelog

Sourced from @​aws-sdk/credential-providers's changelog.

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1063.0 (2026-06-05)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1062.0 (2026-06-04)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1061.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/credential-providers

3.1059.0 (2026-06-02)

... (truncated)

Commits

• 62daf07 Publish v3.1065.0
• bac7175 Publish v3.1064.0
• 86792c5 chore(scripts): update pkg json linting (#8082)
• 85dabf4 Publish v3.1063.0
• 9bd1a86 chore: update author URL in package.json (#8080)
• f5235bb Publish v3.1062.0
• 71df2cc Publish v3.1061.0
• 8aeb92d Publish v3.1060.0
• 75bb4fc Publish v3.1059.0
• 6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
• See full diff in compare view

Updates @types/aws-lambda from 8.10.161 to 8.10.162

Commits

• See full diff in compare view

Updates @types/node from 22.19.19 to 22.19.20

Commits

• See full diff in compare view

Updates aws-sdk-client-mock-vitest from 7.0.1 to 7.1.0

Release notes

Sourced from aws-sdk-client-mock-vitest's releases.

Release v7.1.0

Added

• Additional exports AliasMatcher and BaseMatcher which can be used instead of CustomMatcher. Those can be used in your vitest.d.ts to only make matchers known that you actually extend.

Changed

• Updated dependencies

Changelog

Sourced from aws-sdk-client-mock-vitest's changelog.

[7.1.0] - 2026-06-05

Added

• Additional exports AliasMatcher and BaseMatcher which can be used instead of CustomMatcher. Those can be used in your vitest.d.ts to only make matchers known that you actually extend.

Changed

• Updated dependencies

Commits

• 83f238c Prepare 7.1.0 Release
• d0fceb6 maint: Adapt CHANGELOG and README
• b1391eb Merge pull request #24 from ScottRobinson03/export-base-matcher-type
• 3c5e977 Merge pull request #25 from stschulte/update-dependencies-2026-06-05
• 3fbb602 Test failing matcher correctly
• d339e1d Update dependencies
• a8ccacf feat: export BaseMatcher and AliasMatcher types
• 21cd79d Merge pull request #22 from stschulte/update-dependencies-2026-03
• a8179a3 maint: Update dependencies
• See full diff in compare view

Updates axios from 1.16.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 ...

  Description has been truncated

[sonarqubecloud]

Quality Gate passed for 'mobile-id-check-async-sts-mock'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.