Skip to content

chore: batch dependabot updates 2026-06-08#14908

Open
svidgen wants to merge 50 commits into
devfrom
chore/dependabot-batch-2026-06-08
Open

chore: batch dependabot updates 2026-06-08#14908
svidgen wants to merge 50 commits into
devfrom
chore/dependabot-batch-2026-06-08

Conversation

@svidgen

@svidgen svidgen commented Jun 8, 2026

Copy link
Copy Markdown
Member

Batch Dependabot Updates

This PR consolidates the following 25 dependabot dependency updates into a single PR.

Included Updates

Bundler (iOS example app)

  • addressable → 2.9.0
  • aws-sdk-s3 → 1.208.0
  • faraday → 1.10.5
  • jwt → 2.10.3

npm/yarn

  • axios → 1.16.0
  • @babel/plugin-transform-modules-systemjs → 7.29.4
  • basic-ftp → 5.3.1
  • bn.js → 4.12.3
  • brace-expansion → 1.1.13
  • diff → 4.0.4
  • fast-xml-parser → 4.5.6
  • follow-redirects → 1.16.0
  • lodash → 4.18.1
  • lodash-es → 4.18.1
  • node-forge → 1.4.0
  • picomatch → 2.3.2
  • postcss → 8.5.10
  • scripts/axios → 1.16.0
  • scripts/diff → 4.0.4
  • uuid → 14.0.0
  • webpack → 5.104.1
  • webpack-dev-server → 5.2.4
  • ws → 8.20.1
  • yaml → 2.8.3
  • yauzl → 3.2.1

Conflict Resolution

  • webpack-5.104.1: lockfile-only conflict, resolved by accepting theirs
  • webpack-dev-server-5.2.4: lockfile-only conflict, resolved by accepting theirs

Skipped

None — all branches merged successfully.

dependabot Bot and others added 30 commits December 18, 2025 19:34
@dependabot
chore(deps): bump aws-sdk-s3
4d75662 
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.199.0 to 1.208.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.208.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump diff from 4.0.2 to 4.0.4 in /scripts
751037a 
Bumps [diff](https://github.com/kpdecker/jsdiff) from 4.0.2 to 4.0.4.
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

---
updated-dependencies:
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump diff from 4.0.2 to 4.0.4
c5e7931 
Bumps [diff](https://github.com/kpdecker/jsdiff) from 4.0.2 to 4.0.4.
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

---
updated-dependencies:
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump webpack from 5.94.0 to 5.104.1
82c5f26 
Bumps [webpack](https://github.com/webpack/webpack) from 5.94.0 to 5.104.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.94.0...v5.104.1)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.104.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump faraday
a07efe0 
Bumps [faraday](https://github.com/lostisland/faraday) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](lostisland/faraday@v1.10.4...v1.10.5)

---
updated-dependencies:
- dependency-name: faraday
  dependency-version: 1.10.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump bn.js from 4.12.0 to 4.12.3
ea96040 
Bumps [bn.js](https://github.com/indutny/bn.js) from 4.12.0 to 4.12.3.
- [Release notes](https://github.com/indutny/bn.js/releases)
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md)
- [Commits](indutny/bn.js@v4.12.0...v4.12.3)

---
updated-dependencies:
- dependency-name: bn.js
  dependency-version: 4.12.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump yauzl from 3.1.3 to 3.2.1
e791a30 
Bumps [yauzl](https://github.com/thejoshwolfe/yauzl) from 3.1.3 to 3.2.1.
- [Commits](thejoshwolfe/yauzl@3.1.3...3.2.1)

---
updated-dependencies:
- dependency-name: yauzl
  dependency-version: 3.2.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump picomatch from 2.3.1 to 2.3.2
e851c94 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump yaml from 2.7.0 to 2.8.3
79a5d63 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.7.0 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.7.0...v2.8.3)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump node-forge from 1.3.3 to 1.4.0
fa72e74 
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.3 to 1.4.0.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.3...v1.4.0)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.4.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump brace-expansion from 1.1.12 to 1.1.13
26eedae 
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.13.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.13)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump lodash-es from 4.17.23 to 4.18.1
4cc0367 
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash-es
  dependency-version: 4.18.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump addressable
7d10024 
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](sporkmonger/addressable@addressable-2.8.7...addressable-2.9.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-version: 2.9.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump fast-xml-parser from 4.5.4 to 4.5.6
e8d045c 
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.5.4 to 4.5.6.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.5.4...v4.5.6)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-version: 4.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump lodash from 4.17.23 to 4.18.1
80f2df5 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump follow-redirects from 1.15.6 to 1.16.0
7e5cda9 
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.6 to 1.16.0.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.6...v1.16.0)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump postcss from 8.5.3 to 8.5.10
eaa3266 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.3 to 8.5.10.
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.3...8.5.10)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump uuid from 8.3.2 to 14.0.0
322a1a9 
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 14.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v8.3.2...v14.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump basic-ftp from 5.2.0 to 5.3.1
a2afa93 
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.1.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.2.0...v5.3.1)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump @babel/plugin-transform-modules-systemjs
54e40a3 
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.29.0 to 7.29.4.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump webpack-dev-server from 5.2.2 to 5.2.4
ca0b364 
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.2 to 5.2.4.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.2...v5.2.4)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump ws from 8.18.1 to 8.20.1
79496b7 
Bumps [ws](https://github.com/websockets/ws) from 8.18.1 to 8.20.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.18.1...8.20.1)

---
updated-dependencies:
- dependency-name: ws
  dependency-version: 8.20.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump jwt
12cb7c1 
Bumps [jwt](https://github.com/jwt/ruby-jwt) from 2.10.2 to 2.10.3.
- [Release notes](https://github.com/jwt/ruby-jwt/releases)
- [Changelog](https://github.com/jwt/ruby-jwt/blob/main/CHANGELOG.md)
- [Commits](jwt/ruby-jwt@v2.10.2...v2.10.3)

---
updated-dependencies:
- dependency-name: jwt
  dependency-version: 2.10.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump axios from 1.12.2 to 1.16.0
bb12e3b 
Bumps [axios](https://github.com/axios/axios) from 1.12.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.12.2...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump axios from 1.15.0 to 1.16.0 in /scripts
661a586 
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@svidgen
Merge remote-tracking branch 'origin/dependabot/bundler/packages/ampl…
ff8e68d 
…ify-e2e-tests/resources/example-ios-app/addressable-2.9.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/bundler/packages/ampl…
4536cd4 
…ify-e2e-tests/resources/example-ios-app/aws-sdk-s3-1.208.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/bundler/packages/ampl…
32c61d3 
…ify-e2e-tests/resources/example-ios-app/faraday-1.10.5' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/bundler/packages/ampl…
2bd982e 
…ify-e2e-tests/resources/example-ios-app/jwt-2.10.3' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/axios-1.…
901a48c 
…16.0' into chore/dependabot-batch-2026-06-08
svidgen added 20 commits June 8, 2026 14:50
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/babel/pl…
4f7e9e8 
…ugin-transform-modules-systemjs-7.29.4' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/basic-ft…
d0ae396 
…p-5.3.1' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/bn.js-4.…
21f9f50 
…12.3' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/brace-ex…
3f6c6ac 
…pansion-1.1.13' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/diff-4.0…
d88d618 
….4' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/fast-xml…
21457a7 
…-parser-4.5.6' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/follow-r…
f5bbef5 
…edirects-1.16.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-4…
b1e2bfd 
….18.1' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-e…
83f4076 
…s-4.18.1' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/node-for…
e5649dd 
…ge-1.4.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/picomatc…
fc1a2db 
…h-2.3.2' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/postcss-…
79b5a3f 
…8.5.10' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/scripts/…
32c92e2 
…axios-1.16.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/scripts/…
660a583 
…diff-4.0.4' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/uuid-14.…
fc68dcf 
…0.0' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/webpack-…
5b8572c 
…5.104.1' into chore/dependabot-batch-2026-06-08

# Conflicts:
#	yarn.lock
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/webpack-…
f6750d7 
…dev-server-5.2.4' into chore/dependabot-batch-2026-06-08

# Conflicts:
#	yarn.lock
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/ws-8.20.…
c48c8b1 
…1' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/yaml-2.8…
c77e8c0 
….3' into chore/dependabot-batch-2026-06-08
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/yauzl-3.…
3635919 
…2.1' into chore/dependabot-batch-2026-06-08
@svidgen svidgen requested a review from a team as a code owner June 8, 2026 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@svidgen