Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 28 updates#17

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-c0b3234fd4
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 28 updates#17
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-c0b3234fd4

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Feb 25, 2026

Bumps the npm_and_yarn group with 22 updates in the / directory:

Package From To
@openzeppelin/contracts 5.2.0 5.4.0
webpack 5.21.0 5.104.1
aws-sdk 2.841.0 2.1693.0
@babel/helpers 7.12.13 7.28.6
@babel/traverse 7.12.13 7.29.0
@smithy/config-resolver 4.0.1 4.4.9
axios 0.21.1 0.21.4
base-x 3.0.8 3.0.11
brace-expansion 1.1.11 1.1.12
cipher-base 1.0.4 1.0.7
diff 5.2.0 5.2.2
follow-redirects 1.13.2 1.15.11
js-yaml 3.14.1 3.14.2
lodash 4.17.20 4.17.23
min-document 2.19.0 2.19.2
minimatch 3.0.4 3.1.4
pbkdf2 3.1.1 3.1.5
qs 6.5.2 6.5.5
secp256k1 4.0.2 4.0.4
semver 5.7.1 5.7.2
sha.js 2.4.11 2.4.12
undici 5.28.5 5.29.0

Updates @openzeppelin/contracts from 5.2.0 to 5.4.0

Release notes

Sourced from @​openzeppelin/contracts's releases.

v5.4.0

Breaking changes

  • Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

  • Reduced pragma requirement of interface files

Changes by category

Account

  • Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
  • AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
  • AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
  • EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
  • IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

  • GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

  • ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5739)

Cryptography

Signers
  • AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
  • SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
  • SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
  • MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
  • MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5741)
Verifiers
  • ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)
Other
  • SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
  • ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
  • ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

  • EnumerableMap: Add support for BytesToBytesMap type. (#5658)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

5.4.0 (2025-07-17)

Breaking changes

  • Update minimum pragma to 0.8.24 in SignatureChecker, Governor and Governor's extensions. (#5716).

Pragma changes

  • Reduced pragma requirement of interface files.

Changes by category

Account

  • Account: Added a simple ERC-4337 account implementation with minimal logic to process user operations. (#5657)
  • AccountERC7579: Extension of Account that implements support for ERC-7579 modules of type executor, validator, and fallback handler. (#5657)
  • AccountERC7579Hooked: Extension of AccountERC7579 that implements support for ERC-7579 hook modules. (#5657)
  • EIP7702Utils: Add a library for checking if an address has an EIP-7702 delegation in place. (#5587)
  • IERC7821, ERC7821: Interface and logic for minimal batch execution. No support for additional opData is included. (#5657)

Governance

  • GovernorNoncesKeyed: Extension of Governor that adds support for keyed nonces when voting by sig. (#5574)

Tokens

  • ERC20Bridgeable: Implementation of ERC-7802 that makes an ERC-20 compatible with crosschain bridges. (#5735)

Cryptography

Signers
  • AbstractSigner, SignerECDSA, SignerP256, and SignerRSA: Add an abstract contract and various implementations for contracts that deal with signature verification. (#5657)
  • SignerERC7702: Implementation of AbstractSigner for Externally Owned Accounts (EOAs). Useful with ERC-7702. (#5657)
  • SignerERC7913: Abstract signer that verifies signatures using the ERC-7913 workflow. (#5659)
  • MultiSignerERC7913: Implementation of AbstractSigner that supports multiple ERC-7913 signers with a threshold-based signature verification system. (#5659)
  • MultiSignerERC7913Weighted: Extension of MultiSignerERC7913 that supports assigning different weights to each signer, enabling more flexible governance schemes. (#5718)
Verifiers
  • ERC7913P256Verifier and ERC7913RSAVerifier: Ready to use ERC-7913 verifiers that implement key verification for P256 (secp256r1) and RSA keys. (#5659)
Other
  • SignatureChecker: Add support for ERC-7913 signatures alongside existing ECDSA and ERC-1271 signature verification. (#5659)
  • ERC7739: An abstract contract to validate signatures following the rehashing scheme from ERC7739Utils. (#5664)
  • ERC7739Utils: Add a library that implements a defensive rehashing mechanism to prevent replayability of smart contract signatures based on the ERC-7739. (#5664)

Structures

... (truncated)

Commits
  • c64a1ed Release v5.4.0 (#5801)
  • 6f9f523 Exit release candidate
  • f19bf29 Fix bug in Bytes.lastIndexOf when array is empty and position is not 2²⁵⁶-1 (...
  • fffade5 Add warning about Clones pointing to implementation with no code (#5798)
  • 54a8027 Clarify documentation for IAccessManager.canCall (#5795)
  • f12605a Add Account framework docs and guides (#5660)
  • 83b829e Address 5.4 audit documentation improvements (#5779)
  • 2e152ba Cause _addSigners to revert if it triggers a totalWeight overflow (#5790)
  • a341850 Minimize pragma for MultiSignerERC7913Weighted.sol (#5778)
  • ca1494a Improve naming consystency in EnumerableSet (#5776)
  • Additional commits viewable in compare view

Updates webpack from 5.21.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

  • Added DotenvPlugin and top level dotenv option to enable this plugin
  • Added WebpackManifestPlugin
  • Added support the ignoreList option in devtool plugins
  • Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

  • 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
  • c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

  • d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
  • d3dd841: Enhance import.meta.env to support object access.
  • 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
  • 04cd530: Handle more at-rules for CSS modules.
  • cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
  • d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
  • 5983843: Provide a stable runtime function variable __webpack_global__.
  • d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

  • 22c48fb: Added module existence check for informative error message in development mode.
  • 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
  • d3dd841: Support universal lazy compilation.
  • d3dd841: Fixed module library export definitions when multiple runtimes.
  • d3dd841: Fixed CSS nesting and CSS custom properties parsing.
  • d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
  • aab1da9: Fixed bugs for css/global type.
  • d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
  • d3dd841: Handle nested __webpack_require__.
  • 728ddb7: The speed of identifier parsing has been improved.
  • 0f8b31b: Improve types.
  • d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
  • 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
  • d3dd841: Serialize HookWebpackError.
  • d3dd841: Added ability to use built-in properties in dotenv and define plugin.
  • 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
  • d3dd841: Reduce collision for local indent name in CSS.
  • d3dd841: Remove CSS link tags when CSS imports are removed.
Commits
  • 24e3c2d chore(release): new release (#20253)
  • 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
  • c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
  • 4b0501c ci: fix release (#20252)
  • 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
  • 5bf8bc5 refactor: types for benchmarks and tests
  • 505a5e7 chore(release): new release (#20188)
  • 0c06680 refactor: update eslint configuration
  • 2eb0d6a ci: release announcement (#20238)
  • b2b2459 ci: cancel in progress (#20239)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates aws-sdk from 2.841.0 to 2.1693.0

Release notes

Sourced from aws-sdk's releases.

Release v2.1693.0

See changelog for more information.

Release v2.1692.0

See changelog for more information.

Release v2.1691.0

See changelog for more information.

Release v2.1690.0

See changelog for more information.

Release v2.1689.0

See changelog for more information.

Release v2.1688.0

See changelog for more information.

Release v2.1687.0

See changelog for more information.

Release v2.1686.0

See changelog for more information.

Release v2.1685.0

See changelog for more information.

Release v2.1684.0

See changelog for more information.

Release v2.1683.0

See changelog for more information.

Release v2.1682.0

See changelog for more information.

Release v2.1681.0

See changelog for more information.

Release v2.1680.0

See changelog for more information.

Release v2.1679.0

See changelog for more information.

Release v2.1678.0

See changelog for more information.

Release v2.1677.0

See changelog for more information.

... (truncated)

Commits
  • 9d3c66e Updates SDK to v2.1693.0
  • c039567 test(client-elastictranscoder): remove feature test (#4711)
  • f5b1a6f docs: end-of-support (#4706)
  • 657d6fe chore: use ssh private key for git sync (#4705)
  • c12585b chore: remove regression label management (#4699)
  • 966fa6c Updates SDK to v2.1692.0
  • 5d0e38a Delete EC2 launch configuration e2e tests (#4685)
  • b9ce346 chore: fix issue config (#4683)
  • c066681 Update issue template config and disable docs requests (#4682)
  • 163a7cf Modified bug issue template to add checkbox to report potential regression. (...
  • Additional commits viewable in compare view

Updates @babel/helpers from 7.12.13 to 7.28.6

Release notes

Sourced from @​babel/helpers's releases.

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

🏃‍♀️ Performance

  • babel-plugin-transform-react-jsx

Committers: 7

v7.28.5 (2025-10-23)

Thank you @​CO0Ki3, @​Olexandr88, and @​youthfulhps for your first PRs!

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private
  • babel-parser
  • babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/helpers since your current version.


Updates @babel/traverse from 7.12.13 to 7.29.0

Release notes

Sourced from @​babel/traverse's releases.

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

  • babel-types
  • babel-standalone

🐛 Bug Fix

  • babel-parser
  • babel-traverse
    • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
  • babel-plugin-transform-block-scoping, babel-traverse
    • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

Committers: 6

v7.28.6 (2026-01-12)

Thanks @​kadhirash and @​kolvian for your first PRs!

🐛 Bug Fix

  • babel-cli, babel-code-frame, babel-core, babel-helper-check-duplicate-nodes, babel-helper-fixtures, babel-helper-plugin-utils, babel-node, babel-plugin-transform-flow-comments, babel-plugin-transform-modules-commonjs, babel-plugin-transform-property-mutators, babel-preset-env, babel-traverse, babel-types
  • babel-plugin-transform-regenerator
  • babel-plugin-transform-react-jsx

💅 Polish

  • babel-core, babel-standalone

🏠 Internal

  • babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-proposal-decorators, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-regexp-modifiers, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-sets-regex

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​babel/traverse since your current version.


Updates @smithy/config-resolver from 4.0.1 to 4.4.9

Release notes

Sourced from @​smithy/config-resolver's releases.

@​smithy/config-resolver@​4.4.9

Patch Changes

  • Updated dependencies [d0954cc]
    • @​smithy/types@​4.13.0
    • @​smithy/node-config-provider@​4.3.10
    • @​smithy/util-endpoints@​3.3.1
    • @​smithy/util-middleware@​4.2.10

@​smithy/config-resolver@​4.4.8

Patch Changes

  • Updated dependencies [2bf677c]
    • @​smithy/util-endpoints@​3.3.0
Changelog

Sourced from @​smithy/config-resolver's changelog.

4.4.9

Patch Changes

  • Updated dependencies [d0954cc]
    • @​smithy/types@​4.13.0
    • @​smithy/node-config-provider@​4.3.10
    • @​smithy/util-endpoints@​3.3.1
    • @​smithy/util-middleware@​4.2.10

4.4.8

Patch Changes

  • Updated dependencies [2bf677c]
    • @​smithy/util-endpoints@​3.3.0

4.4.7

Patch Changes

  • 03c3dc8: update for rollup build externalLiveBindings=false
  • Updated dependencies [03c3dc8]
    • @​smithy/node-config-provider@​4.3.9
    • @​smithy/types@​4.12.1
    • @​smithy/util-config-provider@​4.2.1
    • @​smithy/util-endpoints@​3.2.9
    • @​smithy/util-middleware@​4.2.9

4.4.6

Patch Changes

  • Updated dependencies [745867a]
    • @​smithy/types@​4.12.0
    • @​smithy/node-config-provider@​4.3.8
    • @​smithy/util-endpoints@​3.2.8
    • @​smithy/util-middleware@​4.2.8

4.4.5

Patch Changes

  • Updated dependencies [9ccb841]
    • @​smithy/types@​4.11.0
    • @​smithy/node-config-provider@​4.3.7
    • @​smithy/util-endpoints@​3.2.7
    • @​smithy/util-middleware@​4.2.7

4.4.4

... (truncated)

Commits

Updates axios from 0.21.1 to 0.21.4

Release notes

Sourced from axios's releases.

v0.21.4

Fixes and Functionality:

  • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.21.3

Fixes and Functionality:

  • Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.21.2

Fixes and Functionality:

  • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
  • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
  • Updating of transformResponse (#3377)
  • Adding ability to omit User-Agent header (#3703)
  • Adding multiple JSON improvements (#3688, #3763)
  • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
  • Adding parseInt to config.timeout (#3781)
  • Adding custom return type support to interceptor (#3783)
  • Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

  • Updating build dev dependancies (#3401)
  • Fixing builds running on Travis CI (#3538)
  • Updating follow rediect version (#3694, #3771)
  • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
  • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
  • Fixing tests by bumping karma-sauce-launcher version (#3813)
  • Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

  • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
  • Remove duplication of item in changelog (#3523)
  • Fixing gramatical errors (#2642)
  • Fixing spelling error (#3567)
  • Moving gitpod metion (#2637)
  • Adding new axios documentation website link (#3681, #3707)
  • Updating documentation around dispatching requests (#3772)

... (truncated)

Changelog

Sourced from axios's changelog.

0.21.4 (September 6, 2021)

Fixes and Functionality:

  • Fixing JSON transform when data is stringified. Providing backward compatability and complying to the JSON RFC standard (#4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

0.21.3 (September 4, 2021)

Fixes and Functionality:

  • Fixing response interceptor not being called when request interceptor is attached (#4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

0.21.2 (September 4, 2021)

Fixes and Functionality:

  • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
  • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
  • Updating of transformResponse (#3377)
  • Adding ability to omit User-Agent header (#3703)
  • Adding multiple JSON improvements (#3688, #3763)
  • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
  • Adding parseInt to config.timeout (#3781)
  • Adding custom return type support to interceptor (#3783)
  • Adding security fix for ReDoS vulnerability (#3980)

Internal and Tests:

  • Updating build dev dependancies (#3401)
  • Fixing builds running on Travis CI (#3538)
  • Updating follow rediect version (#3694, #3771)
  • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
  • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
  • Fixing tests by bumping karma-sauce-launcher version (#3813)
  • Changing testing process from Travis CI to GitHub Actions (#3938)

Documentation:

  • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
  • Remove duplication of item in changelog (#3523)

... (truncated)

Commits
  • 66c4602 Merge branch 'master' into release/0.21.4
  • fc15665 [Releasing] v0.21.4
  • c2714f0 [Updating] incorrect JSON syntax in README.md

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 28 u…
17ad268 
…pdates

Bumps the npm_and_yarn group with 22 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) | `5.2.0` | `5.4.0` |
| [webpack](https://github.com/webpack/webpack) | `5.21.0` | `5.104.1` |
| [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.841.0` | `2.1693.0` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.12.13` | `7.28.6` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.12.13` | `7.29.0` |
| [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.0.1` | `4.4.9` |
| [axios](https://github.com/axios/axios) | `0.21.1` | `0.21.4` |
| [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.8` | `3.0.11` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |
| [diff](https://github.com/kpdecker/jsdiff) | `5.2.0` | `5.2.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.13.2` | `1.15.11` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.23` |
| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.4` |
| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.1` | `3.1.5` |
| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |
| [secp256k1](https://github.com/cryptocoinjs/secp256k1-node) | `4.0.2` | `4.0.4` |
| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [undici](https://github.com/nodejs/undici) | `5.28.5` | `5.29.0` |



Updates `@openzeppelin/contracts` from 5.2.0 to 5.4.0
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v5.2.0...v5.4.0)

Updates `webpack` from 5.21.0 to 5.104.1
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.21.0...v5.104.1)

Updates `aws-sdk` from 2.841.0 to 2.1693.0
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Commits](aws/aws-sdk-js@v2.841.0...v2.1693.0)

Updates `@babel/helpers` from 7.12.13 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers)

Updates `@babel/traverse` from 7.12.13 to 7.29.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse)

Updates `@smithy/config-resolver` from 4.0.1 to 4.4.9
- [Release notes](https://github.com/smithy-lang/smithy-typescript/releases)
- [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.9/packages/config-resolver)

Updates `axios` from 0.21.1 to 0.21.4
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.4/CHANGELOG.md)
- [Commits](axios/axios@v0.21.1...v0.21.4)

Updates `base-x` from 3.0.8 to 3.0.11
- [Commits](cryptocoinjs/base-x@v3.0.8...v3.0.11)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `cipher-base` from 1.0.4 to 1.0.7
- [Changelog](https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md)
- [Commits](browserify/cipher-base@v1.0.4...v1.0.7)

Updates `cookie` from 0.4.0 to 0.4.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Changelog](https://github.com/jshttp/cookie/blob/v0.4.1/HISTORY.md)
- [Commits](jshttp/cookie@v0.4.0...v0.4.1)

Updates `diff` from 5.2.0 to 5.2.2
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2)

Updates `elliptic` from 6.5.3 to 6.5.4
- [Commits](indutny/elliptic@v6.5.3...v6.5.4)

Updates `follow-redirects` from 1.13.2 to 1.15.11
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.13.2...v1.15.11)

Updates `http-cache-semantics` from 4.1.0 to 4.1.1
- [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `lodash` from 4.17.20 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.20...4.17.23)

Updates `min-document` from 2.19.0 to 2.19.2
- [Commits](Raynos/min-document@v2.19.0...v2.19.2)

Updates `minimatch` from 3.0.4 to 3.1.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.4)

Updates `pbkdf2` from 3.1.1 to 3.1.5
- [Changelog](https://github.com/browserify/pbkdf2/blob/master/CHANGELOG.md)
- [Commits](browserify/pbkdf2@v3.1.1...v3.1.5)

Updates `qs` from 6.5.2 to 6.5.5
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.5)

Updates `secp256k1` from 4.0.2 to 4.0.4
- [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases)
- [Commits](cryptocoinjs/secp256k1-node@v4.0.2...v4.0.4)

Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tar` from 4.4.13 to 7.4.3
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.13...v7.4.3)

Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v5.29.0)

Updates `ws` from 3.3.3 to 7.4.3
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@3.3.3...7.4.3)

Updates `xml2js` from 0.4.19 to 0.6.2
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.6.2)

---
updated-dependencies:
- dependency-name: "@openzeppelin/contracts"
  dependency-version: 5.4.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-version: 5.104.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: aws-sdk
  dependency-version: 2.1693.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@smithy/config-resolver"
  dependency-version: 4.4.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 0.21.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: base-x
  dependency-version: 3.0.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cipher-base
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-version: 0.4.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 5.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.5.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.15.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-version: 4.1.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: min-document
  dependency-version: 2.19.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pbkdf2
  dependency-version: 3.1.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.5.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: secp256k1
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.4.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.4.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: xml2js
  dependency-version: 0.6.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 25, 2026
@dependabot dependabot bot mentioned this pull request Feb 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants