chore(deps): bump the npm_and_yarn group across 12 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /docs/site directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/non-monorepo directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/with-typeorm/apps/docs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/with-typeorm/apps/web directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/with-yarn/apps/docs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/with-yarn/apps/web directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/create-turbo directory: tsup.
Bumps the npm_and_yarn group with 1 update in the /packages/eslint-plugin-turbo directory: tsup.
Bumps the npm_and_yarn group with 2 updates in the /packages/turbo-benchmark directory: esbuild and vega.
Bumps the npm_and_yarn group with 2 updates in the /packages/turbo-codemod directory: tsup and axios.
Bumps the npm_and_yarn group with 1 update in the /packages/turbo-releaser directory: tar.
Bumps the npm_and_yarn group with 1 update in the /packages/turbo-utils directory: tar.

Updates next from 15.4.0-canary.23 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates next from 15.3.3 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates next from 14.2.35 to 16.1.6

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

• https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472
• https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

Commits

• 60a2aa9 v15.5.10
• e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
• bf9f084 Sync DoS mitigations for React Flight
• c5de33e v15.5.9
• dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
• 7526cd6 v15.5.8
• 1e9ec41 Update React Version (#41)
• 16141e5 Update React Version (#30)
• e01e589 Backport Next.js changes to v15.5.8 (#23)
• Additional commits viewable in compare view

Updates tsup from 6.7.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

v8.5.0

   🚀 Features

• Use fix-dts-default-cjs-exports to transform CJS types  -  by @​userquin in egoist/tsup#1310 (c654e)
• Allow passing custom swc configuration to swcPlugin  -  by @​Romakita in egoist/tsup#1313 (fdfd5)

   🐞 Bug Fixes

• Make removeNodeProtocol work with shims  -  by @​aryaemami59 (769aa)
• CopyPublicDir in watch mode  -  by @​geeee in egoist/tsup#1331 (7c1e1)

    View changes on GitHub

v8.4.0

   🚀 Features

• Upgrade svelte and css compiler  -  by @​DaniAcu in egoist/tsup#1288 (c3f32)

   🐞 Bug Fixes

• Upgrade esbuild to 0.25  -  by @​RobinTail in egoist/tsup#1309 (89c47)

    View changes on GitHub

v8.3.6

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in egoist/tsup#1256 (314a6)

    View changes on GitHub

v8.3.5

   🐞 Bug Fixes

• Run experimentalDts only once  -  by @​aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

... (truncated)

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• 92ee842 chore: release v8.5.0
• 7c1e13e fix: copyPublicDir in watch mode (#1331)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Updates tsup from 6.7.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

v8.5.0

   🚀 Features

• Use fix-dts-default-cjs-exports to transform CJS types  -  by @​userquin in egoist/tsup#1310 (c654e)
• Allow passing custom swc configuration to swcPlugin  -  by @​Romakita in egoist/tsup#1313 (fdfd5)

   🐞 Bug Fixes

• Make removeNodeProtocol work with shims  -  by @​aryaemami59 (769aa)
• CopyPublicDir in watch mode  -  by @​geeee in egoist/tsup#1331 (7c1e1)

    View changes on GitHub

v8.4.0

   🚀 Features

• Upgrade svelte and css compiler  -  by @​DaniAcu in egoist/tsup#1288 (c3f32)

   🐞 Bug Fixes

• Upgrade esbuild to 0.25  -  by @​RobinTail in egoist/tsup#1309 (89c47)

    View changes on GitHub

v8.3.6

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in egoist/tsup#1256 (314a6)

    View changes on GitHub

v8.3.5

   🐞 Bug Fixes

• Run experimentalDts only once  -  by @​aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

... (truncated)

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• 92ee842 chore: release v8.5.0
• 7c1e13e fix: copyPublicDir in watch mode (#1331)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Updates esbuild from 0.15.18 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.

Updates vega from 5.33.1 to 6.2.0

Release notes

Sourced from vega's releases.

v6.2.0

What's Changed

• feat: switch to npm, use native fetch by @​domoritz in vega/vega#4047
• chore: remove sourcemaps for bundled files by @​domoritz in vega/vega#4049
• fix: correct mode handling in loader by @​domoritz in vega/vega#4048
• chore: delete map files and old compatibility libraries by @​domoritz in vega/vega#4053
• chore(deps-dev): bump @​types/node from 22.13.14 to 22.13.15 by @​dependabot[bot] in vega/vega#4058
• chore(deps-dev): bump typescript-eslint from 8.28.0 to 8.29.0 by @​dependabot[bot] in vega/vega#4057
• chore(deps-dev): bump rollup from 4.37.0 to 4.38.0 by @​dependabot[bot] in vega/vega#4056
• chore(deps-dev): bump vega-datasets from 3.0.1 to 3.1.0 by @​dependabot[bot] in vega/vega#4054
• chore(deps-dev): bump @​definitelytyped/dtslint from 0.2.29 to 0.2.30 by @​dependabot[bot] in vega/vega#4055
• docs: addition of the labelled donut example by @​PBI-David in vega/vega#4062
• docs: update of the labelled donut example by @​PBI-David in vega/vega#4064
• chore(deps-dev): bump @​types/node from 22.13.15 to 22.15.3 by @​dependabot[bot] in vega/vega#4070
• chore(deps-dev): bump rollup from 4.38.0 to 4.40.1 by @​dependabot[bot] in vega/vega#4068
• chore(deps-dev): bump jsdom from 26.0.0 to 26.1.0 by @​dependabot[bot] in vega/vega#4069
• chore(deps-dev): bump @​eslint/js from 9.23.0 to 9.25.1 by @​dependabot[bot] in vega/vega#4067
• chore(deps-dev): bump typescript-eslint from 8.29.0 to 8.31.1 by @​dependabot[bot] in vega/vega#4066
• chore(deps-dev): bump @​definitelytyped/dtslint from 0.2.30 to 0.2.32 by @​dependabot[bot] in vega/vega#4079
• chore(deps): bump tar-fs from 2.1.2 to 2.1.3 in the npm_and_yarn group by @​dependabot[bot] in vega/vega#4080
• chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by @​dependabot[bot] in vega/vega#4076
• chore(deps-dev): bump @​types/node from 22.15.3 to 22.15.29 by @​dependabot[bot] in vega/vega#4075
• chore(deps-dev): bump @​babel/eslint-parser from 7.27.0 to 7.27.1 by @​dependabot[bot] in vega/vega#4077
• chore(deps-dev): bump eslint from 9.23.0 to 9.28.0 by @​dependabot[bot] in vega/vega#4078
• docs: update versions in docs by @​domoritz in vega/vega#4050
• fix: update file name in weather example by @​domoritz in vega/vega#4083
• ci: switch to supported node versions by @​domoritz in vega/vega#4084
• docs: replace version in specs by @​domoritz in vega/vega#4085
• ci: disable flaky ci test by @​domoritz in vega/vega#4086
• chore: update deps by @​domoritz in vega/vega#4088
• chore(deps): bump canvas from 3.1.1 to 3.1.2 by @​dependabot[bot] in vega/vega#4093
• chore(deps-dev): bump rollup from 4.44.0 to 4.44.1 by @​dependabot[bot] in vega/vega#4092
• chore(deps-dev): bump lerna from 8.2.2 to 8.2.3 by @​dependabot[bot] in vega/vega#4091
• chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 by @​dependabot[bot] in vega/vega#4090
• chore(deps-dev): bump @​types/node from 24.0.3 to 24.0.8 by @​dependabot[bot] in vega/vega#4089
• docs: Update links to Prefuse and Protovis by @​star1327p in vega/vega#4095
• chore(deps-dev): bump axios from 1.10.0 to 1.11.0 in the npm_and_yarn group by @​dependabot[bot] in vega/vega#4096
• ci: create merge-dependabot.yml by @​domoritz in vega/vega#4102
• chore(deps-dev): bump typescript-eslint from 8.34.1 to 8.38.0 by @​dependabot[bot] in vega/vega#4101
• chore(deps-dev): bump eslint from 9.29.0 to 9.32.0 by @​dependabot[bot] in vega/vega#4100
• chore(deps-dev): bump @​babel/plugin-transform-runtime from 7.27.4 to 7.28.0 by @​dependabot[bot] in vega/vega#4099
• chore(deps-dev): bump @​babel/core from 7.27.4 to 7.28.0 by @​dependabot[bot] in vega/vega#4098
• chore(deps-dev): bump @​eslint/js from 9.29.0 to 9.32.0 by @​dependabot[bot] in vega/vega#4097
• chore(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in vega/vega#4107
• chore(deps): bump amannn/action-semantic-pull-request from 5 to 6 by @​dependabot[bot] in vega/vega#4106
• chore(deps-dev): bump typescript-eslint from 8.38.0 to 8.41.0 by @​dependabot[bot] in vega/vega#4112
• chore(deps-dev): bump @​babel/plugin-transform-runtime from 7.28.0 to 7.28.3 by @​dependabot[bot] in vega/vega#4111
• chore(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in vega/vega#4109
• chore(deps): bump canvas from 3.1.2 to 3.2.0 by @​dependabot[bot] in vega/vega#4108
• chore(deps-dev): bump @​babel/cli from 7.27.2 to 7.28.3 by @​dependabot[bot] in vega/vega#4114

... (truncated)

Commits

• 4dea729 chore: v6.2.0 (#4126)
• fff016b Merge commit from fork
• 7971816 fix: replace all problematic Unicode characters (#4130)
• 8c1d17a fix: fix handling of null values in stringValue (#4127)
• 4ac16df fix: Typo in codegen expression (#4128)
• f5c1f43 feat: use blazediff to speed up visual diffs (#4125)
• 81a72cb Merge commit from fork
• 9e3f408 chore(deps-dev): bump @​babel/core from 7.28.0 to 7.28.3 (#4123)
• 158d62e chore(deps-dev): bump rollup from 4.44.1 to 4.50.0 (#4124)
• 248718b chore(deps-dev): bump typescript from 5.8.3 to 5.9.2 (#4122)
• Additional commits viewable in compare view

Updates tsup from 6.7.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

v8.5.0

   🚀 Features

• Use fix-dts-default-cjs-exports to transform CJS types  -  by @​userquin in egoist/tsup#1310 (c654e)
• Allow passing custom swc configuration to swcPlugin  -  by @​Romakita in egoist/tsup#1313 (fdfd5)

   🐞 Bug Fixes

• Make removeNodeProtocol work with shims  -  by @​aryaemami59 (769aa)
• CopyPublicDir in watch mode  -  by @​geeee in egoist/tsup#1331 (7c1e1)

    View changes on GitHub

v8.4.0

   🚀 Features

• Upgrade svelte and css compiler  -  by @​DaniAcu in egoist/tsup#1288 (c3f32)

   🐞 Bug Fixes

• Upgrade esbuild to 0.25  -  by @​RobinTail in egoist/tsup#1309 (89c47)

    View changes on GitHub

v8.3.6

   🐞 Bug Fixes

• Don't await sub-process of onSuccess  -  by @​laat in egoist/tsup#1256 (314a6)

    View changes on GitHub

v8.3.5

   🐞 Bug Fixes

• Run experimentalDts only once  -  by @​aryaemami59 in egoist/tsup#1236 (fddd4)

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

... (truncated)

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• 92ee842 chore: release v8.5.0
• 7c1e13e fix: copyPublicDir in watch mode (#1331)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Updates axios from 0.27.2 to 0.30.3

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

• Backport: Fix DoS via proto key in merge config
  • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @​FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

• CI Infrastructure Update
  • Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @​jasonsaayman in [PR #7407](axios/axios#7407)

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

• Backport maxContentLength vulnerability fix to v0.x by @​FeBe95 in axios/axios#7034

New Contributors

• @​FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

• chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @​wolandec in axios/axios#6978

Contributors to this release

• @​wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Description has been truncated