Skip to content

Update dependencies#668

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/dependencies
Open

Update dependencies#668
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/dependencies

Conversation

@renovate

@renovate renovate Bot commented Mar 31, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
@actions/github (source) 6.0.06.0.1 age confidence
axios (source) 1.16.01.17.0 age confidence

Release Notes

actions/toolkit (@​actions/github)

v6.0.1

axios/axios (axios)

v1.17.0

Compare Source

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#​10901, #​10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#​10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#​6792, #​10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#​10929, #​10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#​10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#​10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#​10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#​10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#​10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#​10956, #​10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#​10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#​10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#​10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#​10907, #​10911, #​10916, #​10927, #​10935, #​10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#​10925, #​10914, #​10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#​10890, #​10889, #​10921, #​10945, #​10905, #​10933, #​10915, #​10887, #​10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#​10871, #​10879, #​10918, #​10919, #​10934, #​10947, #​10954, #​10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.16.1

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner March 31, 2026 05:53
@renovate renovate Bot added patch Release with a patch level update renovate-deps labels Mar 31, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from 6540ea0 to 08a15b7 Compare April 2, 2026 13:08
@renovate renovate Bot changed the title Update dependencies fix(deps): update dependency @actions/github to v6.0.1 Apr 2, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from 08a15b7 to 4e49c51 Compare April 8, 2026 15:05
@renovate renovate Bot changed the title fix(deps): update dependency @actions/github to v6.0.1 Update dependency @actions/github to v6.0.1 Apr 8, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from 4e49c51 to f703057 Compare April 27, 2026 17:12
@renovate renovate Bot changed the title Update dependency @actions/github to v6.0.1 Update dependencies Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from f703057 to ccbd56d Compare April 27, 2026 21:32
@renovate renovate Bot changed the title Update dependencies Update dependency @actions/github to v6.0.1 Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 9971b9f to 8cfb040 Compare May 6, 2026 11:04
@renovate renovate Bot changed the title Update dependency @actions/github to v6.0.1 Update dependencies May 6, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 0158650 to 5e7b661 Compare May 16, 2026 16:50
@renovate renovate Bot force-pushed the renovate/dependencies branch from 5e7b661 to 39e99a4 Compare June 2, 2026 10:03
@renovate renovate Bot changed the title Update dependencies Update dependency @actions/github to v6.0.1 Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from 39e99a4 to 7cddc1e Compare June 2, 2026 10:19
@renovate renovate Bot changed the title Update dependency @actions/github to v6.0.1 Update dependencies Jun 2, 2026
@renovate renovate Bot force-pushed the renovate/dependencies branch from 7cddc1e to 3ed5bab Compare June 6, 2026 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

patch Release with a patch level update renovate-deps

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants