chore(deps): bump the dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the dependencies group with 17 updates in the / directory:

Package	From	To
@aws-sdk/client-s3	3.1031.0	3.1033.0
@nestjs/common	10.4.22	11.1.19
@nestjs/config	3.3.0	4.0.4
@nestjs/core	10.4.22	11.1.19
@nestjs/platform-express	10.4.17	11.1.19
@nestjs/swagger	8.1.1	11.3.2
@react-email/components	0.0.33	1.0.12
axios	1.15.0	1.15.1
bullmq	5.74.1	5.75.2
geoip-country	5.0.202604142355	5.0.202604172354
liquidjs	10.25.5	10.25.6
@swc/core	1.15.26	1.15.30
@types/mjml	4.7.4	5.0.0
@typescript-eslint/eslint-plugin	8.58.2	8.59.0
@typescript-eslint/parser	8.58.2	8.59.0
eslint	10.2.0	10.2.1
typescript	5.9.3	6.0.3

Updates @aws-sdk/client-s3 from 3.1031.0 to 3.1033.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1033.0

3.1033.0(2026-04-20)

Documentation Changes

• client-guardduty: Expanded support for new suppression rule fields. (f0bb9093)

New Features

• clients:
  • update client endpoints as of 2026-04-20 (d6a7886a)
  • use binary decision diagrams for endpoint resolution (#7931) (ff1b2bae)
• client-application-signals: Releasing Second phase of SLO Recommendations where you can create recommended SLOs out-of-the box using CreateSLO API (266b97c3)
• client-ec2: Added Transit Gateway Integration into AWS Client VPN. (7ea00cb5)
• client-observabilityadmin: Enablement for Security Hub v2 via Observability Admin Telemetry Rule for account and organization level. (f70978fb)
• client-evs: Amazon EVS now allows you to create connectors to your vCenter appliances and create Windows Server entitlements for virtual machines running in your EVS environments (f4cdcf8d)
• client-location: This release adds support for new Job APIs for bulk workloads. The initial job type supported is Address Validation. The new APIs added are StartJob, CancelJob, ListJobs, and GetJob. (444f15ce)
• client-kafka: Amazon MSK Replicator now supports data migration from external Apache Kafka clusters to Amazon MSK Express brokers. This release adds SaslScram authentication with TLS encryption, enhanced consumer offset synchronization, and customer log forwarding for troubleshooting. (543ff571)
• client-bedrock-agentcore-control: Supporting listingMode for AgentCore Gateway MCP server targets (23d06d56)

Bug Fixes

• core: replace Object.entries with for-in loops in shape serde (#7940) (785e3b28)

---

For list of updated packages, view updated-packages.md in assets-3.1033.0.zip

v3.1032.0

3.1032.0(2026-04-17)

Documentation Changes

• client-neptune: Improving Documentation for Neptune (e27d9cd0)

New Features

• clients: update client endpoints as of 2026-04-17 (1fd8c265)
• client-connect: Fixes in SDK for customers using TestCase APIs (bd88a7ec)
• client-imagebuilder: ImportDiskImage API adds registerImageOptions for Secure Boot control and custom UEFI data. It adds windowsConfiguration for selecting a specific edition from multi-image .wim files during ISO import. (d211b308)
• client-quicksight: Public release of dashboard customization summary, S3 Tables data source type, Athena cross-account connector, custom sorting for controls, and AI-powered analysis generation. (da327c47)
• client-sagemaker: Adds support for providing NetworkInterface for efa enabled instances and Simplified cluster creation for Slurm-orchestrated clusters with optional Lifecycle Script (LCS) configuration. (ffcb883d)
• client-cleanrooms: This release adds support for configurable spark properties for Cleanrooms PySpark workloads. (c5de5506)
• client-groundstation: Adds support for updating contacts, listing antennas, and listing ground station reservations. New API operations - UpdateContact, ListContactVersions, DescribeContactVersion, ListAntennas, and ListGroundStationReservations. (360c3817)
• client-sts: The STS client now supports configuring SigV4a through the auth scheme preference setting. SigV4a uses asymmetric cryptography, enabling customers using long-term IAM credentials to continue making STS API calls even when a region is isolated from the partition leader. (c5755466)
• client-connectcampaignsv2: This release adds support for campaign entry limits configuration and hourly refresh frequency in Amazon Connect Outbound Campaigns. (4ee31aed)

Bug Fixes

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1033.0 (2026-04-20)

Features

• clients: use binary decision diagrams for endpoint resolution (#7931) (ff1b2ba)

3.1032.0 (2026-04-17)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• a62021b Publish v3.1033.0
• ff1b2ba feat(clients): use binary decision diagrams for endpoint resolution (#7931)
• c0c0872 Publish v3.1032.0
• See full diff in compare view

Updates @nestjs/common from 10.4.22 to 11.1.19

Release notes

Sourced from @​nestjs/common's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.18 (2026-04-03)

Bug fixes

• microservices
  • #16675 fix(microservices): preserve packet headers in nats serializer (@​wwenrr)
• core
  • #16683 fix(core): prevent injector hang when design:paramtypes is missing (@​Youmoo)
  • #16637 fix(core): dependency injection edge case with moduleref.create (@​JakobStaudinger)
  • nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

• core, platform-express, platform-fastify
  • #16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@​renovate[bot])
• platform-fastify
  • #16623 fix(deps): update dependency fastify to v5.8.4 (@​renovate[bot])
• platform-ws
  • #16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@​dependabot[bot])
• common
  • #16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@​dependabot[bot])

Committers: 6

• Ankit San (@​ankitbelal)
• Jakob Staudinger (@​JakobStaudinger)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Krishna Chaitanya (@​Krishnachaitanyakc)
• MK (@​wwenrr)
• youmoo (@​Youmoo)

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

... (truncated)

Commits

• 6730995 chore(release): publish v11.1.19 release
• 3c1cc5f chore(release): publish v11.1.18 release
• a39e345 refactor(common): change console logger helpers to protected
• 34f0f28 chore(deps): bump file-type from 21.3.3 to 21.3.4
• 0e96b0a chore(deps): bump file-type from 21.3.2 to 21.3.3
• 5a05f52 chore: update readme
• 447a373 chore(release): publish v11.1.17 release
• 99ed6e6 fix(deps): update dependency file-type to v21.3.2
• 268a283 fix(deps): update dependency file-type to v21.3.1
• 315e698 chore(release): publish v11.1.16 release
• Additional commits viewable in compare view

Updates @nestjs/config from 3.3.0 to 4.0.4

Release notes

Sourced from @​nestjs/config's releases.

Release 4.0.4

• fix(deps): update dependency dotenv to v17.4.1 (6bc5737)
• fix(deps): update dependency lodash to v4.18.1 [security] (f31ee98)

Release 4.0.3

What's Changed

• fix(deps): update dependency lodash to v4.17.23 [security] by @​renovate[bot] in nestjs/config#2250
• fix(deps): update dependency dotenv-expand to v12.0.3 by @​renovate[bot] in nestjs/config#2146
• fix(deps): update dependency dotenv to v17 by @​renovate[bot] in nestjs/config#2100

Full Changelog: nestjs/config@4.0.2...4.0.3

Release 4.0.2

• fix(common): update KeyOf type to support symbol keys (f53f14e)

Release 4.0.1

• fix: validate predefined condition #1970 (79d82d6)
• feat: allow to use symbol as a token (99d8bca)

Release 4.0.0

Breaking changes

The order in which configuration variables are read by the ConfigService#get method has been updated. The new order is:

• Internal configuration (config namespaces and custom config files)
• Validated environment variables (if validation is enabled and a schema is provided)
• The process.env object

Previously, validated environment variables and the process.env object were read first, preventing them from being overridden by internal configuration. With this update, internal configuration will now always take precedence over environment variables.

Additionally, the ignoreEnvVars configuration option, which previously allowed disabling validation of the process.env object, has been deprecated. Instead, use the validatePredefined option (set to false to disable validation of predefined environment variables). Predefined environment variables refer to process.env variables that were set before the module was imported. For example, if you start your application with PORT=3000 node main.js, the PORT variable is considered predefined. However, variables loaded by the ConfigModule from a .env file are not classified as predefined.

A new skipProcessEnv option has also been introduced. This option allows you to prevent the ConfigService#get method from accessing the process.env object entirely, which can be helpful when you want to restrict the service from reading environment variables directly.

Changelog

• chore: update config attributes to more self descriptive names (c2eaf04)
• chore(deps): update nest monorepo to v11 (1c20713)
• feat: order of reading variables, add skip predefined (c53c63c)

Commits

• 3b5d592 chore(): release v4.0.4
• 4fbcb03 Merge pull request #2263 from nestjs/renovate/dotenv-17.x
• 33dae89 Merge pull request #2269 from nestjs/renovate/cimg-node-24.x
• 0a727c3 Merge pull request #2313 from nestjs/renovate/npm-lodash-vulnerability
• 6bc5737 fix(deps): update dependency dotenv to v17.4.1
• f31ee98 fix(deps): update dependency lodash to v4.18.1 [security]
• 059314c chore(deps): update dependency typescript-eslint to v8.58.1 (#2315)
• 0f81e2d chore(deps): update dependency eslint to v10.2.0 (#2314)
• e673ab2 chore(deps): update dependency @​types/node to v24.12.2 (#2311)
• b1ede30 chore(deps): update nest monorepo to v11.1.18 (#2312)
• Additional commits viewable in compare view

Updates @nestjs/core from 10.4.22 to 11.1.19

Release notes

Sourced from @​nestjs/core's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.18 (2026-04-03)

Bug fixes

• microservices
  • #16675 fix(microservices): preserve packet headers in nats serializer (@​wwenrr)
• core
  • #16683 fix(core): prevent injector hang when design:paramtypes is missing (@​Youmoo)
  • #16637 fix(core): dependency injection edge case with moduleref.create (@​JakobStaudinger)
  • nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

• core, platform-express, platform-fastify
  • #16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@​renovate[bot])
• platform-fastify
  • #16623 fix(deps): update dependency fastify to v5.8.4 (@​renovate[bot])
• platform-ws
  • #16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@​dependabot[bot])
• common
  • #16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@​dependabot[bot])

Committers: 6

• Ankit San (@​ankitbelal)
• Jakob Staudinger (@​JakobStaudinger)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Krishna Chaitanya (@​Krishnachaitanyakc)
• MK (@​wwenrr)
• youmoo (@​Youmoo)

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

... (truncated)

Commits

• 6730995 chore(release): publish v11.1.19 release
• 3c1cc5f chore(release): publish v11.1.18 release
• 0f962c7 fix(core): sanitize sse message
• 94aa424 Merge pull request #16679 from nestjs/renovate/path-to-regexp-8.x
• 368691c fix(core): prevent injector hang when design:paramtypes is missing
• 25d4fde fix(deps): update dependency path-to-regexp to v8.4.2
• 5c0b11e fix(deps): update dependency path-to-regexp to v8.4.1
• f7d4460 Merge pull request #16637 from JakobStaudinger/moduleref-create-transient-sco...
• d0a9dc9 fix(deps): update dependency path-to-regexp to v8.4.0
• 4677434 feat(core): export IEntryNestModule type
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 10.4.17 to 11.1.19

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.18 (2026-04-03)

Bug fixes

• microservices
  • #16675 fix(microservices): preserve packet headers in nats serializer (@​wwenrr)
• core
  • #16683 fix(core): prevent injector hang when design:paramtypes is missing (@​Youmoo)
  • #16637 fix(core): dependency injection edge case with moduleref.create (@​JakobStaudinger)
  • nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

• core, platform-express, platform-fastify
  • #16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@​renovate[bot])
• platform-fastify
  • #16623 fix(deps): update dependency fastify to v5.8.4 (@​renovate[bot])
• platform-ws
  • #16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@​dependabot[bot])
• common
  • #16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@​dependabot[bot])

Committers: 6

• Ankit San (@​ankitbelal)
• Jakob Staudinger (@​JakobStaudinger)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Krishna Chaitanya (@​Krishnachaitanyakc)
• MK (@​wwenrr)
• youmoo (@​Youmoo)

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

... (truncated)

Commits

• 6730995 chore(release): publish v11.1.19 release
• 3c1cc5f chore(release): publish v11.1.18 release
• 0ca5440 Merge pull request #16627 from ankitbelal/refactor/centralize-headers-and-par...
• 25d4fde fix(deps): update dependency path-to-regexp to v8.4.2
• 5c0b11e fix(deps): update dependency path-to-regexp to v8.4.1
• d0a9dc9 fix(deps): update dependency path-to-regexp to v8.4.0
• 1a14884 refactor(core): centralize headers for streamable file responses
• 5a05f52 chore: update readme
• 447a373 chore(release): publish v11.1.17 release
• 315e698 chore(release): publish v11.1.16 release
• Additional commits viewable in compare view

Updates @nestjs/swagger from 8.1.1 to 11.3.2

Release notes

Sourced from @​nestjs/swagger's releases.

Release 11.3.2

What's Changed

• fix(plugin): remap import paths within rootDir to outDir by @​alex-all3dp in nestjs/swagger#3858

New Contributors

• @​alex-all3dp made their first contribution in nestjs/swagger#3858

Full Changelog: nestjs/swagger@11.3.1...11.3.2

Release 11.3.1

11.3.1 (2026-04-20)

Bug fixes

• #3847 fix(plugin): adjust relative import paths for tsconfig outDir depth (@​kyungseopk1m)
• #3781 fix(schema): prioritize oneOf/anyOf/allOf over inferred type resolution (@​maruthang)
• #3820 fix(schema): support enumName with oneOf and anyOf combinators (@​maruthang)

Enhancements

• #3854 fix(swagger-ui): replace hardcoded sentinel with per-call UUID in buildJSInitOptions (@​kyuna0312)

Committers: 5

• Kamil Mysliwiec (@​kamilmysliwiec)
• Maruthan G (@​maruthang)
• Yukihiro Hasegawa (@​y-hsgw)
• @​kyungseopk1m
• kyuna0312 (@​kyuna0312)

Release 11.3.0

11.3.0 (2026-04-15)

Bug fixes

• #3826 fix: support nullable field in @​ApiResponse decorator (@​Nedunchezhiyan-M)
• #3784 fix(schema): include type field when nullable is used with allOf (@​maruthang)
• #3774 fix enum issue (@​SupunGeethanjana)
• #3798 fix(plugin): normalize workspace package import paths in metadata generator (@​maruthang)
• #3821 fix(plugin): handle same-file type references in SWC readonly metadata generation (@​maruthang)
• #3822 fix(type-helpers): eagerly apply plugin metadata properties in mapped type helpers (@​maruthang)
• #3840 fix: use child class type when re-declaring an inherited @​ApiProperty (@​Nedunchezhiyan-M)

Enhancements

• #3449 feat(api-header): add example property to ApiHeader decorator (@​leemhoon00)
• #3787 feat(decorators): support RegExp instances in @​ApiProperty({ pattern }) (@​temrjan)
• #3699 feat(api-body): add support for encoding in ApiBody decorator (@​lamuertepeluda)
• #3824 feat: support async patchDocumentOnRequest hook (@​Nedunchezhiyan-M)
• #3834 feat: expose generateSchema utility for programmatic schema access (@​Nedunchezhiyan-M)
• #3836 feat(plugin): add autoFillEnumName option to suppress duplicate enum schemas (@​Nedunchezhiyan-M)
• #3837 feat: merge descriptions when multiple decorators share the same HTTP status code (@​Nedunchezhiyan-M)
• #3839 feat: add excludeDynamicDefaults option to strip runtime-evaluated schema defaults (@​Nedunchezhiyan-M)
• #3841 feat: add DeepPartialType mapped-type helper for recursive optional properties (@​Nedunchezhiyan-M)

... (truncated)

Commits

• e236c73 chore(): release v11.3.2
• b16a1e1 Merge pull request #3858 from alex-all3dp/fix/rootdir-import-path-resolution
• 7787b95 fix(plugin): remap import paths within rootDir to outDir in replaceImportPath
• 4d33856 chore(): release v11.3.1
• 93744af Merge pull request #3790 from y-hsgw/fix/is-in-each
• a272b8d Merge pull request #3856 from nestjs/revert-3781-fix/oneOf-references-object-...
• 0e6dd75 Revert "fix(schema): prioritize oneOf/anyOf/allOf over inferred type resolution"
• 936c465 Merge branch 'master' into fix/is-in-each
• 7ae819b Merge pull request #3847 from kyungseopk1m/fix/plugin-outdir-path-resolution
• cc68f11 Merge pull request #3781 from maruthang/fix/oneOf-references-object-3549
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @react-email/components from 0.0.33 to 1.0.12

Release notes

Sourced from @​react-email/components's releases.

@​react-email/components@​1.0.12

Patch Changes

• Updated dependencies [f6cfef0]
  • @​react-email/render@​2.0.6
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/tailwind@​2.0.7
  • @​react-email/text@​0.1.6

@​react-email/components@​1.0.11

Patch Changes

• Updated dependencies [5a23505]
• Updated dependencies [ecfc141]
  • @​react-email/tailwind@​2.0.7
  • @​react-email/render@​2.0.5
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/text@​0.1.6

... (truncated)

Changelog

Sourced from @​react-email/components's changelog.

1.0.12

Patch Changes

• Updated dependencies [f6cfef0]
  • @​react-email/render@​2.0.6
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13
  • @​react-email/section@​0.0.17
  • @​react-email/tailwind@​2.0.7
  • @​react-email/text@​0.1.6

1.0.11

Patch Changes

• Updated dependencies [5a23505]
• Updated dependencies [ecfc141]
  • @​react-email/tailwind@​2.0.7
  • @​react-email/render@​2.0.5
  • @​react-email/body@​0.3.0
  • @​react-email/button@​0.2.1
  • @​react-email/code-block@​0.2.1
  • @​react-email/code-inline@​0.0.6
  • @​react-email/column@​0.0.14
  • @​react-email/container@​0.0.16
  • @​react-email/font@​0.0.10
  • @​react-email/head@​0.0.13
  • @​react-email/heading@​0.0.16
  • @​react-email/hr@​0.0.12
  • @​react-email/html@​0.0.12
  • @​react-email/img@​0.0.12
  • @​react-email/link@​0.0.13
  • @​react-email/markdown@​0.0.18
  • @​react-email/preview@​0.0.14
  • @​react-email/row@​0.0.13

... (truncated)

Commits

• 291aea4 chore(root): version packages (#3117)
• 1191b35 chore(root): version packages (#3084)
• 32b0eba chore(root): version packages (#3073)
• 197d094 chore: version packages (#3035)
• 1f27dcd feat: pnpm catalogs (#3014)
• 11aa935 chore(deps): update dependency tsdown to v0.19.0 (#2857)
• ea53ed8 chore(root): version packages (#2953)
• 047ba86 chore(root): version packages (#2911)
• 8ec4d26 chore(root): version packages (canary) (#2878)
• 6d381ae chore(root): version packages (#2872)
• Additional commits viewable in compare view

Updates axios from 1.15.0 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (#10705)
• Location Request Header Type: Adds Location to CommonRequestHeadersList for accurate typing of redirect-aware requests. (#7528)

🐛 Bug Fixes

• FormData Handling: Removes Content-Type when no boundary is present on FormData fetch requests, supports multi-select fields, cancels request.body instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (#7314, #10676, #10702, #10726)
• HTTP Adapter: Handles socket-only request errors without leaking keep-alive listeners. (#10576)
• Progress Events: Clamps loaded to total for computable upload/download progress events. (#7458)
• Types: Aligns runWhen type with the runtime behaviour in InterceptorManager and makes response header keys case-insensitive. (#7529, #10677)
• buildFullPath: Uses strict equality in the base/relative URL check. (#7252)
• AxiosURLSearchParams Regex: Improves the regex used for param serialisation to avoid edge-case mismatches. (#10736)
• Resilient Value Parsing: Parses out header/config values instead of throwing on malformed input. (#10687)
• Docs Artefact Cleanup: Removes the docs content that was incorrectly committed. (#10727)

🔧 Maintenance & Chores

• Threat Model & Security Docs: Ongoing refinement of THREATMODEL.md, including Hopper security update, TLS and tag-replay wording, mitigation descriptions, decompression-bomb guidance, and further cleanup. (#10672, #10715, #10718, #10722, #10763, #10765)
• Test Coverage & Migration: Expanded shouldBypassProxy coverage for wildcard/IPv6/edge cases, documented and tested AxiosError.status, and migrated progressEventReducer tests to Vitest. (#10723, #10725, #10741)
• Type Refactor: Uses TypeScript utility types to deduplicate literal unions. (#7520)
• Repo & CI: Adds CODEOWNERS, switches v1.x releases to an ephemeral release branch, and removes orphaned Bower support. (#10739, #10738, #10746)
• Changelog Backfill: Added missing version entries to the changelog. (#10704)
• Dependencies: Bumped follow-redirects (1.15.11 → 1.16.0) in root and docs, axios (1.14.0 → 1.15.0) in docs, and a group of 5 development dependencies. (#10717, #10716, #10684, #10709)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​curiouscoder-cmd (#7252)
• @​tryonelove (