Skip to content

☕ chore: bump the minor-and-patch group across 1 directory with 6 updates#55

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/dev/minor-and-patch-0fa6cf6a81
Open

☕ chore: bump the minor-and-patch group across 1 directory with 6 updates#55
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/dev/minor-and-patch-0fa6cf6a81

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps the minor-and-patch group with 6 updates in the / directory:

Package From To
dotenv 17.3.1 17.4.2
express-validator 7.3.1 7.3.2
@types/node 25.5.0 25.6.0
@typescript-eslint/eslint-plugin 8.45.0 8.58.1
@typescript-eslint/parser 8.45.0 8.58.1
axios 1.14.0 1.15.0

Updates dotenv from 17.3.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)
Commits

Updates express-validator from 7.3.1 to 7.3.2

Release notes

Sourced from express-validator's releases.

v7.3.2

What's Changed

Plus several docs changes.

New Contributors

Full Changelog: express-validator/express-validator@v7.3.1...v7.3.2

Commits

Updates @types/node from 25.5.0 to 25.6.0

Commits

Updates @typescript-eslint/eslint-plugin from 8.45.0 to 8.58.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
  • eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)

❤️ Thank You

... (truncated)

Commits
  • 5311ed3 chore(release): publish 8.58.1
  • c3f8ed5 fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...
  • e372a66 Revert: feat(eslint-plugin): [no-unnecessary-type-arguments] report inferred ...
  • 4933417 chore(release): publish 8.58.0
  • 5a9bd36 fix(eslint-plugin): [prefer-regexp-exec] avoid fixing unknown RegExp flags (#...
  • edb90eb fix(eslint-plugin): [no-extraneous-class] handle index signatures (#12142)
  • 8cde2d0 feat: support TypeScript 6 (#12124)
  • 1bf86c9 fix(eslint-plugin): crash in no-unnecessary-type-arguments (#12163)
  • e9cc25a docs(eslint-plugin): fix typo (#12155)
  • be4d54d chore(release): publish 8.57.2
  • Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.45.0 to 8.58.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.58.0

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

🩹 Fixes

  • eslint-plugin: crash in no-unnecessary-type-arguments (#12163)
  • eslint-plugin: [no-extraneous-class] handle index signatures (#12142)
  • eslint-plugin: [prefer-regexp-exec] avoid fixing unknown RegExp flags (#12161)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
  • eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
  • eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
  • eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.1 (2026-04-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.58.0 (2026-03-30)

🚀 Features

  • support TypeScript 6 (#12124)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.2 (2026-03-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.56.1 (2026-02-23)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

Updates axios from 1.14.0 to 1.15.0

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

  • Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

  • Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)
  • Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

  • Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

  • CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)
  • Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)
  • Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)
  • Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)
  • Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 772a4e5 chore(release): prepare release 1.15.0 (#10671)
  • 4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
  • 51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
  • fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
  • 0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
  • 8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
  • e66530e ci: require npm-publish environment for releases (#10666)
  • 49f23cb chore(sponsor): update sponsor block (#10668)
  • 3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
  • fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
☕ chore: bump the minor-and-patch group across 1 directory with 6 upd…
41ce08d 
…ates

Bumps the minor-and-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dotenv](https://github.com/motdotla/dotenv) | `17.3.1` | `17.4.2` |
| [express-validator](https://github.com/express-validator/express-validator) | `7.3.1` | `7.3.2` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.6.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.45.0` | `8.58.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.45.0` | `8.58.1` |
| [axios](https://github.com/axios/axios) | `1.14.0` | `1.15.0` |



Updates `dotenv` from 17.3.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.3.1...v17.4.2)

Updates `express-validator` from 7.3.1 to 7.3.2
- [Release notes](https://github.com/express-validator/express-validator/releases)
- [Commits](express-validator/express-validator@v7.3.1...v7.3.2)

Updates `@types/node` from 25.5.0 to 25.6.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.45.0 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.45.0 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/parser)

Updates `axios` from 1.14.0 to 1.15.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: express-validator
  dependency-version: 7.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@types/node"
  dependency-version: 25.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added infra [Area] Build system, CI/CD, deployment, config, and DevOps [issues, PRs] security [Type] Security vulnerability or hardening [issues, PRs] labels Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

infra [Area] Build system, CI/CD, deployment, config, and DevOps [issues, PRs] security [Type] Security vulnerability or hardening [issues, PRs]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants