Skip to content

chore(deps): bump the test group across 1 directory with 2 updates#108

Merged
line-o merged 1 commit intomainfrom
dependabot/npm_and_yarn/test-5b6fd14e29
Mar 5, 2026
Merged

chore(deps): bump the test group across 1 directory with 2 updates#108
line-o merged 1 commit intomainfrom
dependabot/npm_and_yarn/test-5b6fd14e29

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 19, 2026
edited
Loading

Bumps the test group with 2 updates in the / directory: axios and jsdom.

Updates axios from 1.13.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view

Updates jsdom from 28.0.0 to 28.1.0

Release notes

Sourced from jsdom's releases.

Version 28.1.0

  • Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
  • Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
  • Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
  • Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
  • Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
  • Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
  • Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
  • Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
  • Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
  • Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.
Changelog

Sourced from jsdom's changelog.

28.1.0

  • Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
  • Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
  • Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
  • Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
  • Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
  • Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
  • Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
  • Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
  • Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
  • Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.
Commits
  • 12949b5 Version 28.1.0
  • ce4c58f Apply CSS specificity when computing styles
  • 7ed55a0 Skip single-byte-decoder encoding tests on Node 20
  • f3b1973 Generalize node version conditions in test expectations
  • 853c596 Rewrite getElementById ID caching for tree-order correctness
  • 5fbfde6 Fix potential sync XHR worker hang from unhandled dispatch errors
  • 82df38f Cache the root node for document-connected trees
  • ed7c5c0 Add documentation comment to create-event-accessor.js
  • b4562e9 Simplify Window.js installEventHandlers
  • 7da340f Centralize "determine the target of an event handler"
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the test group across 1 directory with 2 updates
dd21327 
Bumps the test group with 2 updates in the / directory: [axios](https://github.com/axios/axios) and [jsdom](https://github.com/jsdom/jsdom).


Updates `axios` from 1.13.4 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.4...v1.13.5)

Updates `jsdom` from 28.0.0 to 28.1.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@28.0.0...28.1.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: test
- dependency-name: jsdom
  dependency-version: 28.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: test
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026
@line-o line-o merged commit a561dc5 into main Mar 5, 2026
8 of 10 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/test-5b6fd14e29 branch March 5, 2026 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@line-o