build(deps): bump the infra-deps group across 8 directories with 7 updates by dependabot[bot] · Pull Request #223 · bsv-blockchain/ts-stack

dependabot · 2026-06-22T08:49:59Z

Bumps the infra-deps group with 2 updates in the /infra/chaintracks-server directory: body-parser and @types/node.
Bumps the infra-deps group with 2 updates in the /infra/message-box-server directory: @types/node and firebase-admin.
Bumps the infra-deps group with 1 update in the /infra/overlay-server directory: @types/node.
Bumps the infra-deps group with 3 updates in the /infra/uhrp-server-basic directory: body-parser, @types/node and axios.
Bumps the infra-deps group with 5 updates in the /infra/uhrp-server-cloud-bucket directory:

Package	From	To
body-parser	`2.2.2`	`2.3.0`
@types/node	`25.9.2`	`26.0.0`
axios	`1.17.0`	`1.18.0`
@google-cloud/storage	`7.19.0`	`7.21.0`
semver	`7.8.2`	`7.8.5`

Bumps the infra-deps group with 2 updates in the /infra/uhrp-server-cloud-bucket/notifier directory: axios and @google-cloud/storage.
Bumps the infra-deps group with 2 updates in the /infra/wab directory: body-parser and @types/node.
Bumps the infra-deps group with 3 updates in the /infra/wallet-infra directory: body-parser, @types/node and prettier.

Updates body-parser from 2.2.2 to 2.3.0

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#681

build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @dependabot[bot] in expressjs/body-parser#682

build(deps): bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in expressjs/body-parser#683

build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#685

build(deps): bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in expressjs/body-parser#684

perf(urlencoded): move empty-body guard to avoid extra function closure by @Phillip9587 in expressjs/body-parser#647

Improve ESM compatibility by @Phillip9587 in expressjs/body-parser#697

docs: add recommendations for configuring payload limits by @bjohansebas in expressjs/body-parser#699

build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot[bot] in expressjs/body-parser#701

build(deps): bump github/codeql-action from 4.31.10 to 4.32.0 by @dependabot[bot] in expressjs/body-parser#702

build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in expressjs/body-parser#700

chore: add explicit type commonjs to package.json by @Phillip9587 in expressjs/body-parser#711

deps: update dependencies to latest versions by @Phillip9587 in expressjs/body-parser#708

build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in expressjs/body-parser#712

build(deps): bump github/codeql-action from 4.32.0 to 4.32.4 by @dependabot[bot] in expressjs/body-parser#713

build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#714

fix: improve limit option validation by @Phillip9587 in expressjs/body-parser#698

build(deps): bump github/codeql-action from 4.32.4 to 4.35.1 by @dependabot[bot] in expressjs/body-parser#719

build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in expressjs/body-parser#718

build(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in expressjs/body-parser#717

perf: eliminate conditional check in json strict mode hot path by @Phillip9587 in expressjs/body-parser#651

ci: add node.js 26 to text matrix by @Phillip9587 in expressjs/body-parser#726

build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in expressjs/body-parser#725

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in expressjs/body-parser#724

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in expressjs/body-parser#723

Upgrade "content-type" by @blakeembrey in expressjs/body-parser#728

refactor: switch to const/let and enable eslint no-var rule by @Phillip9587 in expressjs/body-parser#729

Update outdated reference to MDN docs by @krzysdz in expressjs/body-parser#730

build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @dependabot[bot] in expressjs/body-parser#731

build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in expressjs/body-parser#732

chore: updated deps to latest by @Phillip9587 in expressjs/body-parser#733

2.3.0 by @UlisesGascon in expressjs/body-parser#735

New Contributors

@krzysdz made their first contribution in expressjs/body-parser#730

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

fix: use static exports instead of lazy getters to improve ESM compatibility

feat: add subpath exports for individual parsers

fix: improve limit option validation (#698)

Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement

null and undefined fall back to the default 100kb limit

deps:

content-type@^2.0.0

http-errors@^2.0.1

iconv-lite^0.7.2

qs@^6.15.2

raw-body@^3.0.2

type-is@^2.1.0

Commits

d0f2ace 2.3.0 (#735)
7d03f2f chore: updated deps to latest (#733)
8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
ff0f6b9 docs: update outdated reference to MDN docs (#730)
14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
37f36a2 deps: update content-type and type-is (#728)
e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
Additional commits viewable in compare view

Updates @types/node from 25.9.2 to 26.0.0

Commits

See full diff in compare view

Updates @types/node from 25.9.4 to 26.0.0

Commits

See full diff in compare view

Updates firebase-admin from 13.10.0 to 14.0.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v14.0.0

Breaking Changes

change(instance-id): Remove deprecated Instance ID service (#3166)

change: Remove Deprecated Legacy Namespace Support (#3164)

change(fcm): Drop legacy messaging types (#3157)

change: Drop support for Node.js 18 and 20 (v14) (#3138)

New Features

feat(auth): Enhance emulator support across authentication classes (#3080)

feat(core): Error Handling Revamp (v14) (#3140)

Bug Fixes

fix(functions): store CLOUD_TASKS_EMULATOR_HOST at construction time (#3167)

fix(auth): Decouple CreateRequest interface from UpdateRequest (#3165)

fix(auth): skip project config name assertion when using the Auth emulator (#3142)

fix(api-request): replace deprecated url.parse() with WHATWG URL (#3124)

fix: resolve failing getApplicationDefault unit tests in gcloud SDK environment (#3163)

fix(fcm): Map topic subscription RESOURCE_EXHAUSTED server code to new TOPICS_SUBSCRIPTION_RATE_EXCEEDED SDK error code (#3148)

Miscellaneous

[chore] Release 14.0.0 (#3171)

build: upgrade compilation target and lib to ES2021 (#3172)

build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1 (#3160)

build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3168)

build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3169)

chore: fixed api docs typos and omissions (#3170)

build(deps-dev): bump eslint from 10.3.0 to 10.4.1 (#3155)

Merge pull request #3162 from firebase/v14

chore(deps): bump jwks-rsa to 4.0.1 (#3125)

fix package.json

chore: Drop send-tweet and upgrade GitHub Actions (#3158)

chore: upgrade nock to v14 and fix api-request unit tests (#3153)

chore: bump eslint to 10.3.0 and migrate to flat config (#3150)

build(deps-dev): bump sinon from 18.0.1 to 22.0.0 (#3149)

chore(deps): bump jwks-rsa to 4.0.1 (#3125)

chore: Upgrade dependencies for v14 (#3137)

Commits

4754a2f [chore] Release 14.0.0 (#3171)
25285ee build: upgrade compilation target and lib to ES2021 (#3172)
d96319e build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1 (#3160)
0c34e89 build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3168)
52d02f7 build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3169)
dc788b2 chore: fixed api docs typos and omissions (#3170)
a39e897 build(deps-dev): bump eslint from 10.3.0 to 10.4.1 (#3155)
ce6c4dc Merge pull request #3162 from firebase/v14
fe71c55 fix(functions): store CLOUD_TASKS_EMULATOR_HOST at construction time (#3167)
659c056 change(instance-id): Remove deprecated Instance ID service (#3166)
Additional commits viewable in compare view

Updates @types/node from 25.9.2 to 26.0.0

Commits

See full diff in compare view

Updates body-parser from 2.2.2 to 2.3.0

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#681

build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @dependabot[bot] in expressjs/body-parser#682

build(deps): bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in expressjs/body-parser#683

build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#685

build(deps): bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in expressjs/body-parser#684

perf(urlencoded): move empty-body guard to avoid extra function closure by @Phillip9587 in expressjs/body-parser#647

Improve ESM compatibility by @Phillip9587 in expressjs/body-parser#697

docs: add recommendations for configuring payload limits by @bjohansebas in expressjs/body-parser#699

build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot[bot] in expressjs/body-parser#701

build(deps): bump github/codeql-action from 4.31.10 to 4.32.0 by @dependabot[bot] in expressjs/body-parser#702

build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in expressjs/body-parser#700

chore: add explicit type commonjs to package.json by @Phillip9587 in expressjs/body-parser#711

deps: update dependencies to latest versions by @Phillip9587 in expressjs/body-parser#708

build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in expressjs/body-parser#712

build(deps): bump github/codeql-action from 4.32.0 to 4.32.4 by @dependabot[bot] in expressjs/body-parser#713

build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#714

fix: improve limit option validation by @Phillip9587 in expressjs/body-parser#698

build(deps): bump github/codeql-action from 4.32.4 to 4.35.1 by @dependabot[bot] in expressjs/body-parser#719

build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in expressjs/body-parser#718

build(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in expressjs/body-parser#717

perf: eliminate conditional check in json strict mode hot path by @Phillip9587 in expressjs/body-parser#651

ci: add node.js 26 to text matrix by @Phillip9587 in expressjs/body-parser#726

build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in expressjs/body-parser#725

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in expressjs/body-parser#724

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in expressjs/body-parser#723

Upgrade "content-type" by @blakeembrey in expressjs/body-parser#728

refactor: switch to const/let and enable eslint no-var rule by @Phillip9587 in expressjs/body-parser#729

Update outdated reference to MDN docs by @krzysdz in expressjs/body-parser#730

build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @dependabot[bot] in expressjs/body-parser#731

build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in expressjs/body-parser#732

chore: updated deps to latest by @Phillip9587 in expressjs/body-parser#733

2.3.0 by @UlisesGascon in expressjs/body-parser#735

New Contributors

@krzysdz made their first contribution in expressjs/body-parser#730

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

fix: use static exports instead of lazy getters to improve ESM compatibility

feat: add subpath exports for individual parsers

fix: improve limit option validation (#698)

Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement

null and undefined fall back to the default 100kb limit

deps:

content-type@^2.0.0

http-errors@^2.0.1

iconv-lite^0.7.2

qs@^6.15.2

raw-body@^3.0.2

type-is@^2.1.0

Commits

d0f2ace 2.3.0 (#735)
7d03f2f chore: updated deps to latest (#733)
8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
ff0f6b9 docs: update outdated reference to MDN docs (#730)
14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
37f36a2 deps: update content-type and type-is (#728)
e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
Additional commits viewable in compare view

Updates @types/node from 25.9.2 to 26.0.0

Commits

See full diff in compare view

Updates axios from 1.17.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@drori12 (#10984)

@eyupcanakman (#10899)

@Adi-Beker (#10995)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@drori12 (#10984)

@eyupcanakman (#10899)

@Adi-Beker (#10995)

Full Changelog

Commits

2d06f96 chore(release): prepare release 1.18.0 (#11003)
32fc489 fix: malformed http urls (#11000)
b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
fe964f9 docs: mark proxy config as Node.js only (#10995)
5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
fae9d4e docs: clarify package update PR policy (#10992)
28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
614f455 docs: publish v1.17.0 release notes (#10988)
6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
Additional commits viewable in compare view

Updates body-parser from 2.2.2 to 2.3.0

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#681

build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @dependabot[bot] in expressjs/body-parser#682

build(deps): bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in expressjs/body-parser#683

build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#685

build(deps): bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in expressjs/body-parser#684

perf(urlencoded): move empty-body guard to avoid extra function closure by @Phillip9587 in expressjs/body-parser#647

Improve ESM compatibility by @Phillip9587 in expressjs/body-parser#697

docs: add recommendations for configuring payload limits by @bjohansebas in expressjs/body-parser#699

build(deps): bump actions/setup-node from 6.1.0 to 6.2.0 by @dependabot[bot] in expressjs/body-parser#701

build(deps): bump github/codeql-action from 4.31.10 to 4.32.0 by @dependabot[bot] in expressjs/body-parser#702

build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in expressjs/body-parser#700

chore: add explicit type commonjs to package.json by @Phillip9587 in expressjs/body-parser#711

deps: update dependencies to latest versions by @Phillip9587 in expressjs/body-parser#708

build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in expressjs/body-parser#712

build(deps): bump github/codeql-action from 4.32.0 to 4.32.4 by @dependabot[bot] in expressjs/body-parser#713

build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in expressjs/body-parser#714

fix: improve limit option validation by @Phillip9587 in expressjs/body-parser#698

build(deps): bump github/codeql-action from 4.32.4 to 4.35.1 by @dependabot[bot] in expressjs/body-parser#719

build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in expressjs/body-parser#718

build(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @dependabot[bot] in expressjs/body-parser#717

perf: eliminate conditional check in json strict mode hot path by @Phillip9587 in expressjs/body-parser#651

ci: add node.js 26 to text matrix by @Phillip9587 in expressjs/body-parser#726

build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in expressjs/body-parser#725

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in expressjs/body-parser#724

build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 by @dependabot[bot] in expressjs/body-parser#723

Upgrade "content-type" by @blakeembrey in expressjs/body-parser#728

refactor: switch to const/let and enable eslint no-var rule by @Phillip9587 in expressjs/body-parser#729

Update outdated reference to MDN docs by @krzysdz in expressjs/body-parser#730

build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @dependabot[bot] in expressjs/body-parser#731

build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in expressjs/body-parser#732

chore: updated deps to latest by @Phillip9587 in expressjs/body-parser#733

2.3.0 by @UlisesGascon in expressjs/body-parser#735

New Contributors

@krzysdz made their first contribution in expressjs/body-parser#730

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

fix: use static exports instead of lazy getters to improve ESM compatibility

feat: add subpath exports for individual parsers

fix: improve limit option validation (#698)

Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement

null and undefined fall back to the default 100kb limit

deps:

content-type@^2.0.0

http-errors@^2.0.1

iconv-lite^0.7.2

qs@^6.15.2

raw-body@^3.0.2

type-is@^2.1.0

Commits

d0f2ace 2.3.0 (#735)
7d03f2f chore: updated deps to latest (#733)
8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
ff0f6b9 docs: update outdated reference to MDN docs (#730)
14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
37f36a2 deps: update content-type and type-is (#728)
e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
Additional commits viewable in compare view

Updates @types/node from 25.9.2 to 26.0.0

Commits

See full diff in compare view

Updates axios from 1.17.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@drori12 (#10984)

@eyupcanakman (#10899)

@Adi-Beker (#10995)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint...
Description has been truncated

…dates Bumps the infra-deps group with 2 updates in the /infra/chaintracks-server directory: [body-parser](https://github.com/expressjs/body-parser) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the infra-deps group with 2 updates in the /infra/message-box-server directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [firebase-admin](https://github.com/firebase/firebase-admin-node). Bumps the infra-deps group with 1 update in the /infra/overlay-server directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the infra-deps group with 3 updates in the /infra/uhrp-server-basic directory: [body-parser](https://github.com/expressjs/body-parser), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [axios](https://github.com/axios/axios). Bumps the infra-deps group with 5 updates in the /infra/uhrp-server-cloud-bucket directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.2` | `2.3.0` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.2` | `26.0.0` | | [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.0` | | [@google-cloud/storage](https://github.com/googleapis/google-cloud-node/tree/HEAD/handwritten/storage) | `7.19.0` | `7.21.0` | | [semver](https://github.com/npm/node-semver) | `7.8.2` | `7.8.5` | Bumps the infra-deps group with 2 updates in the /infra/uhrp-server-cloud-bucket/notifier directory: [axios](https://github.com/axios/axios) and [@google-cloud/storage](https://github.com/googleapis/google-cloud-node/tree/HEAD/handwritten/storage). Bumps the infra-deps group with 2 updates in the /infra/wab directory: [body-parser](https://github.com/expressjs/body-parser) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node). Bumps the infra-deps group with 3 updates in the /infra/wallet-infra directory: [body-parser](https://github.com/expressjs/body-parser), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [prettier](https://github.com/prettier/prettier). Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.2...v2.3.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/node` from 25.9.4 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `firebase-admin` from 13.10.0 to 14.0.0 - [Release notes](https://github.com/firebase/firebase-admin-node/releases) - [Changelog](https://github.com/firebase/firebase-admin-node/blob/main/CHANGELOG.md) - [Commits](firebase/firebase-admin-node@v13.10.0...v14.0.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.2...v2.3.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.17.0...v1.18.0) Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.2...v2.3.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.17.0...v1.18.0) Updates `@google-cloud/storage` from 7.19.0 to 7.21.0 - [Release notes](https://github.com/googleapis/google-cloud-node/releases) - [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/handwritten/storage/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node/commits/storage-v7.21.0/handwritten/storage) Updates `semver` from 7.8.2 to 7.8.5 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.8.2...v7.8.5) Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.17.0...v1.18.0) Updates `@google-cloud/storage` from 7.19.0 to 7.21.0 - [Release notes](https://github.com/googleapis/google-cloud-node/releases) - [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/handwritten/storage/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-cloud-node/commits/storage-v7.21.0/handwritten/storage) Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.2...v2.3.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `body-parser` from 2.2.2 to 2.3.0 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.2...v2.3.0) Updates `@types/node` from 25.9.2 to 26.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `prettier` from 3.8.3 to 3.8.4 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.3...3.8.4) --- updated-dependencies: - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: firebase-admin dependency-version: 14.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@google-cloud/storage" dependency-version: 7.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: semver dependency-version: 7.8.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: infra-deps - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@google-cloud/storage" dependency-version: 7.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: body-parser dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra-deps - dependency-name: "@types/node" dependency-version: 26.0.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: infra-deps - dependency-name: prettier dependency-version: 3.8.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: infra-deps ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-06-22T08:50:55Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

socket-security · 2026-06-22T08:51:06Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/@types/node@25.9.2 ⏵ 26.0.0
	npm/firebase-admin@13.10.0 ⏵ 14.0.0	⁺¹

View full report

socket-security · 2026-06-22T08:51:07Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `rimraf` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: infra/message-box-server/package-lock.json → `npm/firebase-admin@14.0.0` → `npm/rimraf@5.0.10` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/rimraf@5.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026

dependabot Bot requested a review from sirdeggen as a code owner June 22, 2026 08:50

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the infra-deps group across 8 directories with 7 updates#223

build(deps): bump the infra-deps group across 8 directories with 7 updates#223
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/infra/chaintracks-server/infra-deps-1cb2f64486

dependabot Bot commented on behalf of github Jun 22, 2026

Uh oh!

sonarqubecloud Bot commented Jun 22, 2026

Uh oh!

socket-security Bot commented Jun 22, 2026

Uh oh!

socket-security Bot commented Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 22, 2026

v2.3.0

What's Changed

New Contributors

2.3.0 / 2026-06-15

Firebase Admin Node.js SDK v14.0.0

Breaking Changes

New Features

Bug Fixes

Miscellaneous

v2.3.0

What's Changed

New Contributors

2.3.0 / 2026-06-15

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v2.3.0

What's Changed

New Contributors

2.3.0 / 2026-06-15

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

Uh oh!

sonarqubecloud Bot commented Jun 22, 2026

Quality Gate passed

Uh oh!

socket-security Bot commented Jun 22, 2026

Uh oh!

socket-security Bot commented Jun 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants