build(deps): bump the npm_and_yarn group across 1 directory with 21 updates by dependabot[bot] · Pull Request #88 · BuildTheEarth/web

dependabot · 2026-03-14T19:55:31Z

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
@keycloak/keycloak-admin-client	`24.0.5`	`26.5.5`
axios	`1.8.4`	`1.13.5`
body-parser	`2.2.0`	`2.2.1`
minimatch	`8.0.4`	`8.0.6`
next	`15.3.0`	`15.5.10`
next-auth	`4.24.7`	`4.24.12`
@smithy/config-resolver	`4.1.0`	`4.4.11`
ajv	`6.12.6`	`6.14.0`
basic-ftp	`5.0.5`	`5.2.0`
bn.js	`4.12.0`	`4.12.3`
brace-expansion	`1.1.11`	`1.1.12`
diff	`4.0.2`	`4.0.4`
flatted	`3.3.1`	`3.4.1`
form-data	`4.0.0`	`4.0.5`
js-yaml	`4.1.0`	`4.1.1`
jws	`3.2.2`	`3.2.3`
linkifyjs	`4.2.0`	`4.3.2`
lodash	`4.17.21`	`4.17.23`
markdown-it	`14.1.0`	`14.1.1`
tar-fs	`2.1.1`	`2.1.4`
tar	`7.4.3`	`7.5.11`

Updates @keycloak/keycloak-admin-client from 24.0.5 to 26.5.5

Release notes

Sourced from @keycloak/keycloak-admin-client's releases.

26.5.5

26.5.4

... (truncated)

Commits

011adab Set version to 26.5.5
d385dbd token could be undefined when using other grant type
05b7a79 added ability to refresh token when within time (#45789) (#45813)
c0fa4d5 Bump the npm-dependencies group across 1 directory with 32 updates (#45148)
40eb51f Add timeout option for keycloak-admin-client
93812a6 Enable unit tests for keycloak-admin-client
f91363d Improve Public Key Management for JWTAuthorizationGrant identity provider
b0b3817 Manage Organization Invites
f7e4b78 Prevent slash duplication in request URLs
3319e8d Add optional parameter in WorkflowResource.toRepresentation to allow retrieva...
Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates body-parser from 2.2.0 to 2.2.1

Release notes

Sourced from body-parser's releases.

v2.2.1

Important: Security

Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

ci: add dependabot by @Phillip9587 in expressjs/body-parser#593

ci: use full SHAs for github action versions by @Phillip9587 in expressjs/body-parser#594

deps: type-is@^2.0.1 by @Phillip9587 in expressjs/body-parser#599

build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in expressjs/body-parser#609

build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in expressjs/body-parser#610

build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in expressjs/body-parser#611

build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in expressjs/body-parser#613

build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in expressjs/body-parser#612

ci: add codeql github workflows scanning by @Phillip9587 in expressjs/body-parser#614

ci: update CodeQL config to ignore the test directory by @Phillip9587 in expressjs/body-parser#615

build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in expressjs/body-parser#620

build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in expressjs/body-parser#619

chore(deps): unpin devDependencies by @Phillip9587 in expressjs/body-parser#616

ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/body-parser#621

build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in expressjs/body-parser#623

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in expressjs/body-parser#624

chore: add funding to package.json by @Phillip9587 in expressjs/body-parser#617

build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in expressjs/body-parser#625

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in expressjs/body-parser#630

refactor: move common request validation to read function by @Phillip9587 in expressjs/body-parser#600

deps: bump iconv-lite by @bjohansebas in expressjs/body-parser#631

doc: pull beta changelog forward into 2.0.0 by @jonchurch in expressjs/body-parser#629

refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in expressjs/body-parser#634

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#640

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in expressjs/body-parser#639

build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#636

build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#637

build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in expressjs/body-parser#638

deps: raw-body@^3.0.1 by @Phillip9587 in expressjs/body-parser#641

deps: debug@^4.4.3 by @Phillip9587 in expressjs/body-parser#642

docs: add iconv-lite 0.7.0 changes to history entry by @Phillip9587 in expressjs/body-parser#645

ci: add node.js 25 to test matrix by @Phillip9587 in expressjs/body-parser#650

perf: move read options outside parser middlewares by @Phillip9587 in expressjs/body-parser#648

test(json): add RFC 7159 whitespace edge cases by @Ayoub-Mabrouk in expressjs/body-parser#653

test: add test for urlencoded invalid defaultCharset by @Phillip9587 in expressjs/body-parser#643

build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#657

build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in expressjs/body-parser#656

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in expressjs/body-parser#655

build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in expressjs/body-parser#654

ci: also test on first supported node.js version by @Phillip9587 in expressjs/body-parser#646

chore: switch badges from badgen.net to shields.io by @Phillip9587 in expressjs/body-parser#661

Remove history.md from being packaged on publish by @bjohansebas in expressjs/body-parser#660

Release: 2.2.1 by @UlisesGascon in expressjs/body-parser#659

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.1 / 2025-11-24

Security fix for GHSA-wqch-xfxh-vrr4

deps:

type-is@^2.0.1

iconv-lite@^0.7.0

Handle split surrogate pairs when encoding UTF-8

Avoid false positives in encodingExists by using prototype-less objects

raw-body@^3.0.1

debug@^4.4.3

Commits

d96b63d 2.2.1 (#659)
b204886 sec: security patch for CVE-2025-13466
e20e351 feat: remove history.md from being packaged on publish (#660)
0d7ce71 docs: switch badges from badgen.net to shields.io (#661)
168afff ci: also test on first supported node.js version (#646)
e539a71 build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#654)
9391612 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#655)
57baafb build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (#656)
a6a088e build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (#657)
10a114d test: add test for urlencoded invalid defaultCharset (#643)
Additional commits viewable in compare view

Updates minimatch from 8.0.4 to 8.0.6

Commits

a5f07f4 8.0.6
c42643a lock node to v16 in dev
9bbb456 limit nested extglob recursion, flatten extglobs
f4ce011 8.0.5
50c739a update CI matrix and actions
e16b0f0 update test expectations for coalesced consecutive stars
5173367 coalesce consecutive non-globstar * characters
ee9f152 [meta] add publishConfig.tag legacy-v8
See full diff in compare view

Updates next from 15.3.0 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates next-auth from 4.24.7 to 4.24.12

Commits

1f48cf7 chore(release): bump version [skip ci]
4758a2f ci: add workflow_dispatch for release.yml
d3aecfe feat: add next 16 support (#13303)
82efcf8 fix: security issue from nodemailer (#13304)
798c3d5 docs: update banner
02d3480 chore: remove clerk ads
7f88fa0 chore: remove sponsors
46e01af chore(docs): update credentials.md app router route.js filename (#13025)
11939f2 feat(core): add default cache control headers for GET endpoints (#12627)
918a6ac docs: Update FAQ with allowDangerousEmailAccountLinking (#12586)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by himself_65, a new releaser for next-auth since your current version.

Updates @smithy/config-resolver from 4.1.0 to 4.4.11

Release notes

Sourced from @smithy/config-resolver's releases.

@smithy/config-resolver@4.4.11

Patch Changes

Updated dependencies [5340b11]

@smithy/types@4.13.1

@smithy/node-config-provider@4.3.12

@smithy/util-endpoints@3.3.3

@smithy/util-middleware@4.2.12

Changelog

Sourced from @smithy/config-resolver's changelog.

4.4.11

Patch Changes

Updated dependencies [5340b11]

@smithy/types@4.13.1

@smithy/node-config-provider@4.3.12

@smithy/util-endpoints@3.3.3

@smithy/util-middleware@4.2.12

4.4.10

Patch Changes

a4d95e6: Set downlevel types to be used in typescript@'<4.5'

Updated dependencies [a4d95e6]

@smithy/node-config-provider@4.3.11

@smithy/util-config-provider@4.2.2

@smithy/util-middleware@4.2.11

@smithy/util-endpoints@3.3.2

4.4.9

Patch Changes

Updated dependencies [d0954cc]

@smithy/types@4.13.0

@smithy/node-config-provider@4.3.10

@smithy/util-endpoints@3.3.1

@smithy/util-middleware@4.2.10

4.4.8

Patch Changes

Updated dependencies [2bf677c]

@smithy/util-endpoints@3.3.0

4.4.7

Patch Changes

03c3dc8: update for rollup build externalLiveBindings=false

Updated dependencies [03c3dc8]

@smithy/node-config-provider@4.3.9

@smithy/types@4.12.1

@smithy/util-config-provider@4.2.1

@smithy/util-endpoints@3.2.9

@smithy/util-middleware@4.2.9

... (truncated)

Commits

0bdca15 Version NPM packages
5eab7ea Version NPM packages
a4d95e6 fix: set downlevel types to be used in typescript@'<4.5' (#1906)
2acebec Version NPM packages
06793cc Version NPM packages
1f51a0c Version NPM packages
a028fc5 chore: replace rimraf with premove (#1834)
0e8cc49 Version NPM packages
7e4bbf6 chore: upgrade rimraf to v5.0.10 (#1829)
521d67c Version NPM packages
Additional commits viewable in compare view

Updates ajv from 6.12.6 to 6.14.0

Commits

e3af0a7 6.14.0
b552ed6 add regExp option to address $data exploit via a regular expression (CVE-2025...
72f2286 docs: update v7 info
231e52b Merge pull request #1320 from philsturgeon/patch-1
d3475fc Add spectral, an AJV util from a sponsor
413afe0 docs: v7.0.0-beta.3
11e997b update readme for v7
See full diff in compare view

Updates basic-ftp from 5.0.5 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Changelog

Sourced from basic-ftp's changelog.

5.2.0

Changed: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see GHSA-5rq4-664w-9x2c.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Commits

5d41e45 Bump version
49c2e73 Update dependencies
2a2a0e6 Skip invalid filenames
65c90d9 Fix permissions for workflows
593cb78 Set permissions for workflow jobs
36adf11 Remove deprecated CodeQL check
9da4af0 Update changelog
6993039 Improve naming
0b8f756 Improve naming
67a53f2 Bump version
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates bn.js from 4.12.0 to 4.12.3

Commits

39fe438 4.12.3
67ecb35 backport(4.x): fix imaskn state (#317)
c4098ba 4.12.2
6277fd7 backport(4.x): Fix imuln/muln with zero (backport of #313) (#314)
ac0d4af 4.12.1
a5f14b4 Fix serious issue in .toString(16) (#309)
0cd2661 Remove package-lock.json added by npm
See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

44f33b4 1.1.12
c460dbd pkg: publish on tag 1.x
ccb8ac6 fmt
c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates diff from 4.0.2 to 4.0.4

Changelog

Sourced from diff's changelog.

v4.0.4 - January 2026

Only change from 4.0.2 is a backport of the fix to GHSA-73rr-hh4g-fpgx.

v4.0.3 (deprecated)

Accidental release - do not use.

Commits

f06f3e4 v4.0.4
0179a48 v4.0.3
4568cae Backport kpdecker/jsdiff#649
4de0ffa Backport kpdecker/jsdiff#647
See full diff in compare view

Maintainer changes

This version was pushed to npm by explodingcabbage, a new releaser for diff since your current version.

Updates flatted from 3.3.1 to 3.4.1

Commits

2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
d3418c7 3.4.0
7eb65d8 Merge pull request #88 from WebReflection/avoid-recusrion
7774aae Avoid recursion on parse due possible shenanigans
Additional commits viewable in compare view

Updates form-data from 4.0.0 to 4.0.5

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

[meta] add auto-changelog 811f682

[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76

[Fix] Switch to using crypto random for boundary values 3d17230

[Tests] fix linting errors 5e34080

[meta] actually ensure the readme backup isn’t published 316c82b

[Dev Deps] update @ljharb/eslint-config 58c25d7

[meta] fix readme capitalization 2300ca1

v4.0.3

v4.0.3 - 2025-06-05

Fixed

[Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

[eslint] use a shared config 426ba9a

[eslint] fix some spacing issues 2094191

[Refactor] use hasown 81ab41b

[Fix] validate boundary type in setBoundary() method 8d8e469

[Tests] add tests to check the behavior of getBoundary with non-strings 837b8a1

[Dev Deps] remove unused deps 870e4e6

[meta] remove local commit hooks e6e83cc

[Dev Deps] update eslint 4066fd6

[meta] fix scripts to use prepublishOnly c4bbb13

v4.0.2

v4.0.2 - 2025-02-14

Merged

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

[Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

fix (npmignore): ignore temporary build files [#532](https://github.com/form-data/form-data/issues/532)

Fixed

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

[Fix] set Symbol.toStringTag when available [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Changelog

Sourced from form-data's changelog.

v4.0....
Description has been truncated

…pdates Bumps the npm_and_yarn group with 21 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@keycloak/keycloak-admin-client](https://github.com/keycloak/keycloak/tree/HEAD/js/libs/keycloak-admin-client) | `24.0.5` | `26.5.5` | | [axios](https://github.com/axios/axios) | `1.8.4` | `1.13.5` | | [body-parser](https://github.com/expressjs/body-parser) | `2.2.0` | `2.2.1` | | [minimatch](https://github.com/isaacs/minimatch) | `8.0.4` | `8.0.6` | | [next](https://github.com/vercel/next.js) | `15.3.0` | `15.5.10` | | [next-auth](https://github.com/nextauthjs/next-auth) | `4.24.7` | `4.24.12` | | [@smithy/config-resolver](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/config-resolver) | `4.1.0` | `4.4.11` | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.2.0` | | [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.1` | | [form-data](https://github.com/form-data/form-data) | `4.0.0` | `4.0.5` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` | | [linkifyjs](https://github.com/nfrasser/linkifyjs/tree/HEAD/packages/linkifyjs) | `4.2.0` | `4.3.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` | | [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.11` | Updates `@keycloak/keycloak-admin-client` from 24.0.5 to 26.5.5 - [Release notes](https://github.com/keycloak/keycloak/releases) - [Commits](https://github.com/keycloak/keycloak/commits/26.5.5/js/libs/keycloak-admin-client) Updates `axios` from 1.8.4 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `body-parser` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@v2.2.0...v2.2.1) Updates `minimatch` from 8.0.4 to 8.0.6 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v8.0.4...v8.0.6) Updates `next` from 15.3.0 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.3.0...v15.5.10) Updates `next-auth` from 4.24.7 to 4.24.12 - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Commits](https://github.com/nextauthjs/next-auth/compare/next-auth@4.24.7...next-auth@4.24.12) Updates `@smithy/config-resolver` from 4.1.0 to 4.4.11 - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/config-resolver/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/config-resolver@4.4.11/packages/config-resolver) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) Updates `basic-ftp` from 5.0.5 to 5.2.0 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) Updates `bn.js` from 4.12.0 to 4.12.3 - [Release notes](https://github.com/indutny/bn.js/releases) - [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md) - [Commits](indutny/bn.js@v4.12.0...v4.12.3) Updates `brace-expansion` from 1.1.11 to 1.1.12 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `flatted` from 3.3.1 to 3.4.1 - [Commits](WebReflection/flatted@v3.3.1...v3.4.1) Updates `form-data` from 4.0.0 to 4.0.5 - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.0...v4.0.5) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `linkifyjs` from 4.2.0 to 4.3.2 - [Release notes](https://github.com/nfrasser/linkifyjs/releases) - [Changelog](https://github.com/nfrasser/linkifyjs/blob/main/CHANGELOG.md) - [Commits](https://github.com/nfrasser/linkifyjs/commits/v4.3.2/packages/linkifyjs) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `tar-fs` from 2.1.1 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.1...v2.1.4) Updates `tar` from 7.4.3 to 7.5.11 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.11) --- updated-dependencies: - dependency-name: "@keycloak/keycloak-admin-client" dependency-version: 26.5.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-version: 2.2.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 8.0.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next-auth dependency-version: 4.24.12 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@smithy/config-resolver" dependency-version: 4.4.11 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bn.js dependency-version: 4.12.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.12 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: flatted dependency-version: 3.4.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: form-data dependency-version: 4.0.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: linkifyjs dependency-version: 4.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.11 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 14, 2026

github-project-automation bot moved this to Backlog in @BuildTheEarth/web Tracker Mar 14, 2026

github-project-automation bot added this to @BuildTheEarth/web Tracker Mar 14, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#88

build(deps): bump the npm_and_yarn group across 1 directory with 21 updates#88
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-099f891073

dependabot bot commented on behalf of github Mar 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 14, 2026

26.5.5

26.5.4

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v2.2.1

Important: Security

What's Changed

2.2.1 / 2025-11-24

v15.5.10

v15.4.11

v15.3.9

@​smithy/config-resolver@​4.4.11

Patch Changes

4.4.11

Patch Changes

4.4.10

Patch Changes

4.4.9

Patch Changes

4.4.8

Patch Changes

4.4.7

Patch Changes

5.2.0

5.1.0

5.2.0

5.1.0

v1.1.12

v4.0.4 - January 2026

v4.0.3 (deprecated)

v4.0.4

v4.0.4 - 2025-07-16

Commits

v4.0.3

v4.0.3 - 2025-06-05

Fixed

Commits

v4.0.2

v4.0.2 - 2025-02-14

Merged

Fixed

Commits

v4.0.... Description has been truncated

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`@smithy/config-resolver@4`.4.11

v4.0....
Description has been truncated