build(deps): bump the dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the dependencies group with 21 updates in the / directory:

Package	From	To
@nestjs/common	11.1.19	11.1.20
@nestjs/core	11.1.19	11.1.20
@nestjs/platform-express	11.1.19	11.1.20
@nestjs/testing	11.1.19	11.1.20
@nestjs/websockets	11.1.19	11.1.20
@sentry/node	10.51.0	10.53.1
@types/node	25.6.0	25.7.0
amqplib	1.0.5	2.0.1
archiver	7.0.1	8.0.0
axios	1.16.0	1.16.1
better-sqlite3	12.9.0	12.10.0
bullmq	5.76.5	5.76.8
express-rate-limit	8.5.0	8.5.1
graphql	16.13.2	16.14.0
puppeteer	24.42.0	24.43.1
rate-limiter-flexible	11.0.2	11.1.0
stripe	22.1.0	22.1.1
@opentelemetry/sdk-node	0.216.0	0.218.0
@opentelemetry/auto-instrumentations-node	0.74.0	0.76.0
@opentelemetry/exporter-trace-otlp-http	0.216.0	0.218.0
jest	30.3.0	30.4.2

Updates @nestjs/common from 11.1.19 to 11.1.20

Release notes

Sourced from @​nestjs/common's releases.

v11.1.20 (2026-05-13)

Bug fixes

• core, testing
  • #16939 fix(core): fix deeply nested transient providers resolution (@​kamilmysliwiec)
• core
  • #16861 fix(core): fix @​Sse losing events on complete (@​MatthiasBrehmer)
  • #16753 fix(core): defer sse writehead until after lifecycle completes (@​jkalberer)
  • #16782 fix(core): use strict null check for SSE message id (@​burhanharoon)
• microservices
  • #16850 fix(microservices): ServerRMQ crashes at boot when @​MessagePattern(undefined) is combined with wildcards: true (@​lavieennoir)
• common
  • #16845 fix(common): accept zero timestamp in parse date pipe (@​Mysh3ll)
• platform-socket.io
  • #16742 fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (@​fru1tworld)

Enhancements

• microservices
  • #16676 feat(microservices): add return buffers option for binary data (@​Forceres)
  • #16826 feat(microservices): handle rmq blocked/unblocked connection events (@​thisalihassan)
• common
  • #16902 fix(common): filetype validator buffer message (@​QusaiAlbonni)
• platform-express
  • #16844 feat(platform-express): add defParamCharset to MulterOptions (@​starnayuta)

Dependencies

• platform-ws
  • #16941 chore(deps): bump ws from 8.20.0 to 8.20.1 (@​dependabot[bot])

Committers: 13

• Ali Hassan (@​thisalihassan)
• Burhan Haroon⚡ (@​burhanharoon)
• Dmytro Khyzhniak (@​lavieennoir)
• Harsh Rathod (@​harshrathod50)
• IlyaCredo (@​Forceres)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mysh3ll (@​Mysh3ll)
• @​MatthiasBrehmer
• @​QusaiAlbonni
• @​jkalberer
• @​pazaderey
• fru1tworld (@​fru1tworld)
• starnayuta (@​starnayuta)

Commits

• 7caeb3f chore(release): publish v11.1.20 release
• f6a3c2f fix(docs): update some old links in docs
• 4b6420b Merge pull request #16902 from QusaiAlbonni/fix/filetype-validator-buffer-mes...
• 33515ed fix(common): improve missing buffer error message in file type validator
• 9226a6f fix: Add missing validateEach for UsePipes
• 1501bc0 fix(common): accept zero timestamp in parse date pipe
• See full diff in compare view

Updates @nestjs/core from 11.1.19 to 11.1.20

Release notes

Sourced from @​nestjs/core's releases.

v11.1.20 (2026-05-13)

Bug fixes

• core, testing
  • #16939 fix(core): fix deeply nested transient providers resolution (@​kamilmysliwiec)
• core
  • #16861 fix(core): fix @​Sse losing events on complete (@​MatthiasBrehmer)
  • #16753 fix(core): defer sse writehead until after lifecycle completes (@​jkalberer)
  • #16782 fix(core): use strict null check for SSE message id (@​burhanharoon)
• microservices
  • #16850 fix(microservices): ServerRMQ crashes at boot when @​MessagePattern(undefined) is combined with wildcards: true (@​lavieennoir)
• common
  • #16845 fix(common): accept zero timestamp in parse date pipe (@​Mysh3ll)
• platform-socket.io
  • #16742 fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (@​fru1tworld)

Enhancements

• microservices
  • #16676 feat(microservices): add return buffers option for binary data (@​Forceres)
  • #16826 feat(microservices): handle rmq blocked/unblocked connection events (@​thisalihassan)
• common
  • #16902 fix(common): filetype validator buffer message (@​QusaiAlbonni)
• platform-express
  • #16844 feat(platform-express): add defParamCharset to MulterOptions (@​starnayuta)

Dependencies

• platform-ws
  • #16941 chore(deps): bump ws from 8.20.0 to 8.20.1 (@​dependabot[bot])

Committers: 13

• Ali Hassan (@​thisalihassan)
• Burhan Haroon⚡ (@​burhanharoon)
• Dmytro Khyzhniak (@​lavieennoir)
• Harsh Rathod (@​harshrathod50)
• IlyaCredo (@​Forceres)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mysh3ll (@​Mysh3ll)
• @​MatthiasBrehmer
• @​QusaiAlbonni
• @​jkalberer
• @​pazaderey
• fru1tworld (@​fru1tworld)
• starnayuta (@​starnayuta)

Commits

• 7caeb3f chore(release): publish v11.1.20 release
• 2e290c6 fix(core): fix deeply nested transient providers resolution
• f6a3c2f fix(docs): update some old links in docs
• 958ff95 fix(core): Delay SSE response .end() until flush
• 7c10646 Merge pull request #16753 from jkalberer/fix/sse-pipe-validation-error-status
• 895fdf3 fix(core): Use strict null check for SSE message id
• 457630a fix(core): defer sse writehead until after lifecycle completes
• See full diff in compare view

Updates @nestjs/platform-express from 11.1.19 to 11.1.20

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.20 (2026-05-13)

Bug fixes

• core, testing
  • #16939 fix(core): fix deeply nested transient providers resolution (@​kamilmysliwiec)
• core
  • #16861 fix(core): fix @​Sse losing events on complete (@​MatthiasBrehmer)
  • #16753 fix(core): defer sse writehead until after lifecycle completes (@​jkalberer)
  • #16782 fix(core): use strict null check for SSE message id (@​burhanharoon)
• microservices
  • #16850 fix(microservices): ServerRMQ crashes at boot when @​MessagePattern(undefined) is combined with wildcards: true (@​lavieennoir)
• common
  • #16845 fix(common): accept zero timestamp in parse date pipe (@​Mysh3ll)
• platform-socket.io
  • #16742 fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (@​fru1tworld)

Enhancements

• microservices
  • #16676 feat(microservices): add return buffers option for binary data (@​Forceres)
  • #16826 feat(microservices): handle rmq blocked/unblocked connection events (@​thisalihassan)
• common
  • #16902 fix(common): filetype validator buffer message (@​QusaiAlbonni)
• platform-express
  • #16844 feat(platform-express): add defParamCharset to MulterOptions (@​starnayuta)

Dependencies

• platform-ws
  • #16941 chore(deps): bump ws from 8.20.0 to 8.20.1 (@​dependabot[bot])

Committers: 13

• Ali Hassan (@​thisalihassan)
• Burhan Haroon⚡ (@​burhanharoon)
• Dmytro Khyzhniak (@​lavieennoir)
• Harsh Rathod (@​harshrathod50)
• IlyaCredo (@​Forceres)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mysh3ll (@​Mysh3ll)
• @​MatthiasBrehmer
• @​QusaiAlbonni
• @​jkalberer
• @​pazaderey
• fru1tworld (@​fru1tworld)
• starnayuta (@​starnayuta)

Commits

• 7caeb3f chore(release): publish v11.1.20 release
• f6a3c2f fix(docs): update some old links in docs
• 5e33ecf feat: add MulterOptions and MulterField interfaces for express platform confi...
• See full diff in compare view

Updates @nestjs/testing from 11.1.19 to 11.1.20

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.20 (2026-05-13)

Bug fixes

• core, testing
  • #16939 fix(core): fix deeply nested transient providers resolution (@​kamilmysliwiec)
• core
  • #16861 fix(core): fix @​Sse losing events on complete (@​MatthiasBrehmer)
  • #16753 fix(core): defer sse writehead until after lifecycle completes (@​jkalberer)
  • #16782 fix(core): use strict null check for SSE message id (@​burhanharoon)
• microservices
  • #16850 fix(microservices): ServerRMQ crashes at boot when @​MessagePattern(undefined) is combined with wildcards: true (@​lavieennoir)
• common
  • #16845 fix(common): accept zero timestamp in parse date pipe (@​Mysh3ll)
• platform-socket.io
  • #16742 fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (@​fru1tworld)

Enhancements

• microservices
  • #16676 feat(microservices): add return buffers option for binary data (@​Forceres)
  • #16826 feat(microservices): handle rmq blocked/unblocked connection events (@​thisalihassan)
• common
  • #16902 fix(common): filetype validator buffer message (@​QusaiAlbonni)
• platform-express
  • #16844 feat(platform-express): add defParamCharset to MulterOptions (@​starnayuta)

Dependencies

• platform-ws
  • #16941 chore(deps): bump ws from 8.20.0 to 8.20.1 (@​dependabot[bot])

Committers: 13

• Ali Hassan (@​thisalihassan)
• Burhan Haroon⚡ (@​burhanharoon)
• Dmytro Khyzhniak (@​lavieennoir)
• Harsh Rathod (@​harshrathod50)
• IlyaCredo (@​Forceres)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mysh3ll (@​Mysh3ll)
• @​MatthiasBrehmer
• @​QusaiAlbonni
• @​jkalberer
• @​pazaderey
• fru1tworld (@​fru1tworld)
• starnayuta (@​starnayuta)

Commits

• 7caeb3f chore(release): publish v11.1.20 release
• 2e290c6 fix(core): fix deeply nested transient providers resolution
• f6a3c2f fix(docs): update some old links in docs
• See full diff in compare view

Updates @nestjs/websockets from 11.1.19 to 11.1.20

Release notes

Sourced from @​nestjs/websockets's releases.

v11.1.20 (2026-05-13)

Bug fixes

• core, testing
  • #16939 fix(core): fix deeply nested transient providers resolution (@​kamilmysliwiec)
• core
  • #16861 fix(core): fix @​Sse losing events on complete (@​MatthiasBrehmer)
  • #16753 fix(core): defer sse writehead until after lifecycle completes (@​jkalberer)
  • #16782 fix(core): use strict null check for SSE message id (@​burhanharoon)
• microservices
  • #16850 fix(microservices): ServerRMQ crashes at boot when @​MessagePattern(undefined) is combined with wildcards: true (@​lavieennoir)
• common
  • #16845 fix(common): accept zero timestamp in parse date pipe (@​Mysh3ll)
• platform-socket.io
  • #16742 fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers (@​fru1tworld)

Enhancements

• microservices
  • #16676 feat(microservices): add return buffers option for binary data (@​Forceres)
  • #16826 feat(microservices): handle rmq blocked/unblocked connection events (@​thisalihassan)
• common
  • #16902 fix(common): filetype validator buffer message (@​QusaiAlbonni)
• platform-express
  • #16844 feat(platform-express): add defParamCharset to MulterOptions (@​starnayuta)

Dependencies

• platform-ws
  • #16941 chore(deps): bump ws from 8.20.0 to 8.20.1 (@​dependabot[bot])

Committers: 13

• Ali Hassan (@​thisalihassan)
• Burhan Haroon⚡ (@​burhanharoon)
• Dmytro Khyzhniak (@​lavieennoir)
• Harsh Rathod (@​harshrathod50)
• IlyaCredo (@​Forceres)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mysh3ll (@​Mysh3ll)
• @​MatthiasBrehmer
• @​QusaiAlbonni
• @​jkalberer
• @​pazaderey
• fru1tworld (@​fru1tworld)
• starnayuta (@​starnayuta)

Commits

• 7caeb3f chore(release): publish v11.1.20 release
• f6a3c2f fix(docs): update some old links in docs
• See full diff in compare view

Updates @sentry/node from 10.51.0 to 10.53.1

Release notes

Sourced from @​sentry/node's releases.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

Bundle size 📦

Path	Size
@​sentry/browser	26.22 KB
@​sentry/browser - with treeshaking flags	24.69 KB
@​sentry/browser (incl. Tracing)	43.69 KB
@​sentry/browser (incl. Tracing + Span Streaming)	45.62 KB
@​sentry/browser (incl. Tracing, Profiling)	48.56 KB
@​sentry/browser (incl. Tracing, Replay)	82.4 KB
@​sentry/browser (incl. Tracing, Replay) - with treeshaking flags	72.08 KB
@​sentry/browser (incl. Tracing, Replay with Canvas)	86.99 KB
@​sentry/browser (incl. Tracing, Replay, Feedback)	99.33 KB
@​sentry/browser (incl. Feedback)	43 KB
@​sentry/browser (incl. sendFeedback)	30.92 KB
@​sentry/browser (incl. FeedbackAsync)	35.91 KB
@​sentry/browser (incl. Metrics)	27.27 KB
@​sentry/browser (incl. Logs)	27.42 KB
@​sentry/browser (incl. Metrics & Logs)	28.08 KB
@​sentry/react	27.92 KB
@​sentry/react (incl. Tracing)	45.9 KB
@​sentry/vue	31.01 KB
@​sentry/vue (incl. Tracing)	45.5 KB
@​sentry/svelte	26.24 KB
CDN Bundle	28.55 KB
CDN Bundle (incl. Tracing)	46.04 KB
CDN Bundle (incl. Logs, Metrics)	29.89 KB
CDN Bundle (incl. Tracing, Logs, Metrics)	47.14 KB
CDN Bundle (incl. Replay, Logs, Metrics)	68.3 KB
CDN Bundle (incl. Tracing, Replay)	82.55 KB
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	83.6 KB
CDN Bundle (incl. Tracing, Replay, Feedback)	88.23 KB
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	89.3 KB
CDN Bundle - uncompressed	83.97 KB
CDN Bundle (incl. Tracing) - uncompressed	138.12 KB
CDN Bundle (incl. Logs, Metrics) - uncompressed	88.07 KB
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	141.5 KB
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	209.97 KB

... (truncated)

Changelog

Sourced from @​sentry/node's changelog.

10.53.1

• fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• fix(core): Include subpath type shims in published package (#20835)
• ref(hono): Consolidate route patching and add clarification comments (#20829)

• chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/test-applications/nextjs-15-intl (#20821)

10.53.0

Important Changes

• feat(core): Add streamGenAiSpans options to stream gen_ai spans (#20785)

  Adds a new streamGenAiSpans option that controls how gen_ai spans are sent to Sentry. When set, the SDK extracts all gen_ai spans out of a transaction and sends them as v2 envelope items.

  Enable this option if gen_ai spans are being dropped because the transaction payload exceeds size limits.

  Sentry.init({
    dsn: 'https://examplePublicKey@o0.ingest.sentry.io/0',
    streamGenAiSpans: true,
  });

Other Changes

• feat(browser): Migrate browser profiling thread data to span attributes (#20800)
• feat(core): Add addConsoleInstrumentationFilter utility (#20790)
• feat(core): Add applicationKey to BuildTimeOptionsBase (#20789)
• feat(core): split exports by browser/server for bundle size (#20435)
• feat(nextjs): Add top-level applicationKey option (#20794)
• feat(node): Support Node 26 (#20710)
• feat(profiling-node): Bump @sentry-internal/node-cpu-profiler to 2.4.0 (#20720)
• fix(cloudflare): avoid flush lock self-wait (#20719)
• fix(hono): Capture transaction name on request for correct culprit (#20801)
• fix(mcp): retroactively wrap handlers registered before wrapMcpServerWithSentry (#20699)
• fix(node-core): Guard against undefined util.getSystemErrorMap (#20660)
• fix(replay): Capture aborted/errored fetch requests in replay network tab (#20722)

... (truncated)

Commits

• cd97408 release: 10.53.1
• 66cfb25 Merge pull request #20838 from getsentry/prepare-release/10.53.1
• df8fd38 meta(changelog): Update changelog for 10.53.1
• 5881009 fix(core): Include subpath type shims in published package (#20835)
• 6a7d179 fix(core): Don't gate user data for streamed spans at scope read time (#20827)
• ad47c3c ref(hono): Consolidate route patching and add clarification comments (#20829)
• 28d6fe5 Merge pull request #20826 from getsentry/master
• 46aca45 Merge branch 'release/10.53.0'
• b5cbc9c chore(deps): Bump next from 15.5.15 to 15.5.18 in /dev-packages/e2e-tests/tes...
• 05489b8 release: 10.53.0
• Additional commits viewable in compare view

Updates @types/node from 25.6.0 to 25.7.0

Commits

• See full diff in compare view

Updates amqplib from 1.0.5 to 2.0.1

Release notes

Sourced from amqplib's releases.

v2.0.1

• Remove buffer-more-ints dependency; use Node.js built-in BigInt Buffer methods (readBigInt64BE, readBigUInt64BE, writeBigInt64BE, writeBigUInt64BE) which have been available since Node.js v10.4

v2.0.0

BREAKING CHANGE

heartbeat: 0 now correctly disables heartbeats, sending 0 in the ConnectionTuneOk frame regardless of the server's suggestion. This aligns with the AMQP 0-9-1 spec, which defines heartbeat=0 as "disabled".

Previously, 0 was passed through negotiate() which treated it as "no preference", causing the server's suggested value to be used instead.

Migration: if you are passing heartbeat: 0 and want to preserve the old behaviour of accepting the server's value, omit the option or pass null instead.

Fixes #467. Supersedes #469.

1.2.0

Add bundled TypeScript type definitions (fixes #843)

For full history see CHANGELOG.md.

Changelog

Sourced from amqplib's changelog.

v2.0.1

• Remove buffer-more-ints dependency; use Node.js built-in BigInt Buffer methods (readBigInt64BE, readBigUInt64BE, writeBigInt64BE, writeBigUInt64BE) which have been available since Node.js v10.4

v2.0.0

• BREAKING: heartbeat: 0 now disables heartbeats, overriding any value suggested by the server. Previously, 0 was treated as "no preference" and the server's suggested value was used. If you are passing heartbeat: 0 and want to preserve the old behaviour, omit the option or pass null instead (fixes #467)

v1.2.0

• Add bundled TypeScript type definitions (fixes #843)

v1.1.1

• Forward handler-error events from the underlying connection to the recovery wrapper, so listeners attached to RecoveringPromiseModel/RecoveringCallbackModel receive handler errors

v1.1.0

• Add connection recovery via connectWithRecoveryPromise and connectWithRecoveryCallback — automatically reconnects on connection loss with configurable backoff delay, jitter, and retry limits (thanks @​ShiriNmi1520)

v1.0.7

• Fix update-secret-ok event not being forwarded by ChannelModel and CallbackModel (fixes #849)
• Add handler-error event to connections and channels. If a user-supplied event handler (e.g. connection.on('close', ...), channel.on('error', ...), channel.on('delivery', ...) etc.) throws a synchronous error, amqplib will emit a handler-error event on the same emitter with the thrown error and the name of the event whose handler threw — provided a handler-error listener is registered. If no handler-error listener is registered, behaviour is unchanged from previous versions. Note: in previous versions, errors thrown in connection close event handlers were silently swallowed; errors thrown in channel event handlers (other than delivery/return) would kill the channel and possibly the connection (fixes #334).

v1.0.6

• Fix channel.get() not invoking callback with error on channel close; previously only an error event was emitted (fixes #832). Note: if you use the callback API, ensure your channel.get() callbacks handle errors — they will now be invoked in error cases where previously they were not. If you use the promise API, the returned promise now rejects with a proper Error object (with .code, .classId and .methodId properties) rather than a raw close frame.

Commits

• 7706d75 2.0.1
• 658fd13 Prep for release
• 4c15c08 Merge pull request #854 from amqp-node/feat/remove-buffer-more-ints
• 3645d4f Remove buffer-more-ints dependency, use Node.js built-in BigInt Buffer methods
• 7e4b002 2.0.0
• 2dbdaee Prep for release
• 97b9f26 Merge pull request #853 from amqp-node/feat/heartbeat-zero
• de9e660 Make heartbeat:0 disable heartbeats rather than deferring to server
• 5e9a65e 1.2.0
• 851b75d Prep for release
• Additional commits viewable in compare view

Updates archiver from 7.0.1 to 8.0.0

Release notes

Sourced from archiver's releases.

8.0.0

What’s changed

Breaking changes

• esm: node v18+ required @​ctalkington (#790)

Maintenance

• Update actions/checkout action to v4.1.6 @renovate[bot] (#758)
• Update actions/checkout action to v4.1.7 @renovate[bot] (#767)
• Update actions/setup-node action to v4.0.3 @renovate[bot] (#775)
• Update actions/checkout action to v4.2.1 @renovate[bot] (#786)
• Update actions/setup-node action to v4.0.4 @renovate[bot] (#784)
• Update actions/setup-node action to v4.2.0 @renovate[bot] (#797)
• Update actions/checkout action to v4.2.2 @renovate[bot] (#796)
• Update release-drafter/release-drafter action to v6.1.0 @renovate[bot] (#805)
• Update actions/setup-node action to v4.4.0 @renovate[bot] (#811)
• Update release-drafter/release-drafter action to v6.4.0 @renovate[bot] (#825)
• Update actions/checkout action to v4.3.1 @renovate[bot] (#826)
• Update actions/setup-node action to v6 @renovate[bot] (#827)
• Update actions/checkout action to v6 @renovate[bot] (#833)
• Update release-drafter/release-drafter action to v7 @renovate[bot] (#836)

Documentation

• Add glob method's options.cwd to API docs @​PixievoltNo1 (#756)
• release 8.0.0 @​ctalkington (#832)

Dependency updates

• Update actions/checkout action to v4.1.6 @renovate[bot] (#758)
• Lock file maintenance @renovate[bot] (#752)
• Update dependency readdir-glob to v2 @renovate[bot] (#755)
• Update dependency yauzl to v3.1.3 @renovate[bot] (#757)
• Update dependency jsdoc to v4.0.3 @renovate[bot] (#761)
• Update dependency mocha to v10.4.0 @renovate[bot] (#750)
• Update dependency tar to v6.2.1 @renovate[bot] (#749)
• Update actions/checkout action to v4.1.7 @renovate[bot] (#767)
• Update actions/setup-node action to v4.0.3 @renovate[bot] (#775)
• Lock file maintenance @renovate[bot] (#771)
• Update actions/checkout action to v4.2.1 @renovate[bot] (#786)
• Update dependency mocha to v10.7.3 @renovate[bot] (#769)
• Lock file maintenance @renovate[bot] (#789)
• Update actions/setup-node action to v4.0.4 @renovate[bot] (#784)
• Update dependency chai to v4.5.0 @renovate[bot] (#779)
• Update dependency rimraf to v5.0.10 @renovate[bot] (#766)
• Update docusaurus monorepo to v3.5.2 @renovate[bot] (#751)
• Lock file maintenance @renovate[bot] (#795)
• Update actions/setup-node action to v4.2.0 @renovate[bot] (#797)

... (truncated)

Changelog

Sourced from archiver's changelog.

Changelog

8.0.0 - May 8, 2026 — Diff

7.0.1 - March 9, 2024 — Diff

7.0.0 - February 28, 2024 — Diff

6.0.2 - February 27, 2024 — Diff

6.0.1 - September 3, 2023 — Diff

6.0.0 - August 17, 2023 — Diff

Release Archive

Commits

• 52d1d34 release 8.0.0 (#832)
• 5547c6d Update dependency zip-stream to v7.0.5 (#837)
• 08c7370 Update release-drafter/release-drafter action to v7 (#836)
• 8810635 Update dependency mocha to v11 (#806)
• 756d1a1 Update docusaurus monorepo to v3.10.1 (#804)
• 74725a7 Update dependency rimraf to v6 (#774)
• 0a42a6c Update dependency chai to v6 (#834)
• 639553b Update dependency zip-stream to v7.0.4 (#830)
• 1d550c6 Update actions/checkout action to v6 (#833)
• fed1618 Update dependency yauzl to v3.3.0 (#831)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for archiver since your current version.

Updates axios from 1.16.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (Description has been truncated