Skip to content

chore: bump the prod-dependencies group across 1 directory with 4 updates#116

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-77a19cfc0c
Open

chore: bump the prod-dependencies group across 1 directory with 4 updates#116
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/prod-dependencies-77a19cfc0c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the prod-dependencies group with 4 updates in the / directory: vue, vue-router, axios and livekit-client.

Updates vue from 3.5.33 to 3.5.34

Release notes

Sourced from vue's releases.

v3.5.34

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.34 (2026-05-06)

Bug Fixes

  • compiler-sfc: infer Vue ref wrapper types when source is unresolvable (#14758) (7f46fd4), closes #14729
  • compiler-sfc: preserve hash hrefs on <image> elements (#14756) (090b2e3)
  • compiler-sfc: resolve type re-exports inside declare global (#14766) (acfffe3)
  • reactivity: prevent orphan effect when created in a stopped scope (#14778) (c8e2d4a), closes #14777
  • runtime-core: avoid symbol coercion during props validation (#8539) (23d4fb5), closes #8487
  • suspense: avoid DOM leak with out-in transition in v-if fragment (#14762) (9667e0d), closes #14761
Commits
  • 57545e9 release: v3.5.34
  • a3b2617 chore(deps): update dependency jsdom to ^29.1.1 (#14775)
  • 23d4fb5 fix(runtime-core): avoid symbol coercion during props validation (#8539)
  • 090b2e3 fix(compiler-sfc): preserve hash hrefs on \<image> elements (#14756)
  • 9667e0d fix(suspense): avoid DOM leak with out-in transition in v-if fragment (#14762)
  • c8e2d4a fix(reactivity): prevent orphan effect when created in a stopped scope (#14778)
  • 7f46fd4 fix(compiler-sfc): infer Vue ref wrapper types when source is unresolvable (#...
  • acfffe3 fix(compiler-sfc): resolve type re-exports inside declare global (#14766)
  • a037385 chore(deps): update build (#14759)
  • 0bc56ff chore(deps): update pnpm to v10.33.3 (#14760)
  • Additional commits viewable in compare view

Updates vue-router from 5.0.6 to 5.0.7

Release notes

Sourced from vue-router's releases.

v5.0.7

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • ddd20c3 release: vue-router@5.0.7
  • 91cdec3 feat(param-parsers): add include/exclude options
  • 8af50c9 fix(volar): drop runtime @vue/language-core import (#2710)
  • b840cd6 chore(ci): set least-privilege workflow token permissions (#2708)
  • 51c1672 chore(release): use @​clack/prompts
  • af77a7c chore: playground param type
  • 641200a refactor(param-parsers): simplify defineParamParser
  • 9b9896e chore: comments
  • d41897b refactor: wip of defineParamParser
  • 17d51fb chore: logs
  • Additional commits viewable in compare view

Updates axios from 1.16.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

  • Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
  • Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
  • CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

  • Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
  • Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
  • XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
  • Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
  • Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
  • URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

  • Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
  • composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
  • AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
  • Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
  • Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
  • Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits
  • 1337d6b chore(release): prepare release 1.16.1 (#10877)
  • 858a790 fix: remove all caches (#10882)
  • 34adfd9 revert: "fix: support URL object as config.url input (#10866)" (#10874)
  • 847d89b fix: support URL object as config.url input (#10866)
  • 4094886 fix(progress): guard malformed XHR upload events (#10868)
  • 44f0c5b chore: change sponsorship link and add Twicsy advertisement (#10869)
  • 64e1095 chore: update PR and issue template to use h2 (#10865)
  • 3e6b4e1 fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...
  • c4453ba fix: add the ability to add additional sponsors to the process sponsors scrip...
  • caa00a9 fix: https data in cleartext to proxy (#10858)
  • Additional commits viewable in compare view

Updates livekit-client from 2.18.8 to 2.19.0

Release notes

Sourced from livekit-client's releases.

v2.19.0

Minor Changes

  • Add new RPC protocol updates to support infinite payload length in requests / responses - #1832 (@​1egoman)

v2.18.10

Patch Changes

  • Improved data tracks depacketizer to support mutliple in flight packets - #1923 (@​1egoman)

v2.18.9

Patch Changes

  • Ensure that flush called when there are no in flight data track packets works - #1929 (@​1egoman)
Changelog

Sourced from livekit-client's changelog.

2.19.0

Minor Changes

  • Add new RPC protocol updates to support infinite payload length in requests / responses - #1832 (@​1egoman)

2.18.10

Patch Changes

  • Improved data tracks depacketizer to support mutliple in flight packets - #1923 (@​1egoman)

2.18.9

Patch Changes

  • Ensure that flush called when there are no in flight data track packets works - #1929 (@​1egoman)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the prod-dependencies group across 1 directory with 4 upd…
36990e5 
…ates

Bumps the prod-dependencies group with 4 updates in the / directory: [vue](https://github.com/vuejs/core), [vue-router](https://github.com/vuejs/router), [axios](https://github.com/axios/axios) and [livekit-client](https://github.com/livekit/client-sdk-js).


Updates `vue` from 3.5.33 to 3.5.34
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](vuejs/core@v3.5.33...v3.5.34)

Updates `vue-router` from 5.0.6 to 5.0.7
- [Release notes](https://github.com/vuejs/router/releases)
- [Commits](vuejs/router@v5.0.6...v5.0.7)

Updates `axios` from 1.16.0 to 1.16.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.16.0...v1.16.1)

Updates `livekit-client` from 2.18.8 to 2.19.0
- [Release notes](https://github.com/livekit/client-sdk-js/releases)
- [Changelog](https://github.com/livekit/client-sdk-js/blob/main/CHANGELOG.md)
- [Commits](livekit/client-sdk-js@v2.18.8...v2.19.0)

---
updated-dependencies:
- dependency-name: vue
  dependency-version: 3.5.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: vue-router
  dependency-version: 5.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: axios
  dependency-version: 1.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-dependencies
- dependency-name: livekit-client
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file frontend Frontend related changes labels May 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file frontend Frontend related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants