Skip to content

Fix dependencies July 2026#1508

Merged
w666 merged 9 commits into
vpulim:masterfrom
smokhov:fix-deps-july-2026-1
Jul 13, 2026
Merged

Fix dependencies July 2026#1508
w666 merged 9 commits into
vpulim:masterfrom
smokhov:fix-deps-july-2026-1

Conversation

@smokhov

@smokhov smokhov commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

This PR bumps deps for various security issues in the direct or transient dependencies:

Changes:

Not addressed transitive deps of mocha, which is in RC stages of the pending 12.0.0 release:

  • serialize-javascript and diff / jsdiff

But it is a tests development tool, so can wait till mocha releases.

dependabot Bot and others added 2 commits May 23, 2026 13:36
Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs).


Updates `qs` from 6.15.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 902037b9-35cc-4f01-b3b6-761c01d6b474

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

dependabot Bot and others added 7 commits July 8, 2026 02:11
Bumps the npm_and_yarn group with 4 updates in the / directory: [form-data](https://github.com/form-data/form-data), [markdown-it](https://github.com/markdown-it/markdown-it), [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).


Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `markdown-it` from 14.1.1 to 14.3.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.3.0)

Updates `qs` from 6.15.0 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.3)

Removes `uuid`

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Bump the npm_and_yarn group across 1 directory with 4 updates
@smokhov
smokhov marked this pull request as ready for review July 8, 2026 15:37
@smokhov

smokhov commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

@w666 -- over to you

@w666
w666 merged commit af69ef5 into vpulim:master Jul 13, 2026
4 checks passed
smokhov added a commit to smokhov/node-soap that referenced this pull request Jul 14, 2026
* Bump qs in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs).


Updates `qs` from 6.15.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump the npm_and_yarn group across 1 directory with 4 updates

Bumps the npm_and_yarn group with 4 updates in the / directory: [form-data](https://github.com/form-data/form-data), [markdown-it](https://github.com/markdown-it/markdown-it), [qs](https://github.com/ljharb/qs) and [uuid](https://github.com/uuidjs/uuid).


Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `markdown-it` from 14.1.1 to 14.3.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.3.0)

Updates `qs` from 6.15.0 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.3)

Removes `uuid`

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: markdown-it
  dependency-version: 14.3.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: uuid
  dependency-version:
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix error TS2595: 'MIMEType' can only be imported by using a default import.

* Revert error TS2351: This expression is not constructable.

* Update @babel/core, js-yaml, and others for security patches.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update deps for 1.10.0 release

2 participants