chore(deps): bump the npm-non-major group with 5 updates by dependabot[bot] · Pull Request #103 · kaffolder7/davvy

dependabot · 2026-06-18T00:06:49Z

Bumps the npm-non-major group with 5 updates:

Package	From	To
axios	`1.17.0`	`1.18.0`
react-router-dom	`7.17.0`	`7.18.0`
@tailwindcss/postcss	`4.3.0`	`4.3.1`
tailwindcss	`4.3.0`	`4.3.1`
vitest	`4.1.8`	`4.1.9`

Updates axios from 1.17.0 to 1.18.0

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@drori12 (#10984)

@eyupcanakman (#10899)

@Adi-Beker (#10995)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

@drori12 (#10984)

@eyupcanakman (#10899)

@Adi-Beker (#10995)

Full Changelog

Commits

2d06f96 chore(release): prepare release 1.18.0 (#11003)
32fc489 fix: malformed http urls (#11000)
b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
fe964f9 docs: mark proxy config as Node.js only (#10995)
5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
fae9d4e docs: clarify package update PR policy (#10992)
28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
614f455 docs: publish v1.17.0 release notes (#10988)
6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
Additional commits viewable in compare view

Updates react-router-dom from 7.17.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

Updated dependencies:

react-router@7.18.0

Commits

6fb1e79 Release v7.18.0 (#15187)
See full diff in compare view

Updates @tailwindcss/postcss from 4.3.0 to 4.3.1

Release notes

Sourced from @tailwindcss/postcss's releases.

v4.3.1

Added

Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)

Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)

Allow @apply to be used with CSS mixins (#19427)

Ensure not-* correctly negates @container queries, including style(…) queries (#20059)

Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)

Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)

Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)

Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)

Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)

Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)

Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)

Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)

Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)

Allow @variant to be used inside addBase (#19480)

Ensure @source globs with symlinks are preserved (#20203)

Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)

Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)

Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)

Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)

Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)

Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)

Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from @tailwindcss/postcss's changelog.

[4.3.1] - 2026-06-12

Added

Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)

Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)

Allow @apply to be used with CSS mixins (#19427)

Ensure not-* correctly negates @container queries, including style(…) queries (#20059)

Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)

Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)

Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)

Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)

Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)

Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)

Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)

Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)

Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)

Allow @variant to be used inside addBase (#19480)

Ensure @source globs with symlinks are preserved (#20203)

Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)

Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)

Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)

Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)

Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)

Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)

Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

8a14a71 4.3.1 (#20226)
522288c Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)
8dcdb66 Bump dependencies (#20095)
See full diff in compare view

Updates tailwindcss from 4.3.0 to 4.3.1

Release notes

Sourced from tailwindcss's releases.

v4.3.1

Added

Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)

Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)

Allow @apply to be used with CSS mixins (#19427)

Ensure not-* correctly negates @container queries, including style(…) queries (#20059)

Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)

Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)

Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)

Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)

Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)

Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)

Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)

Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)

Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)

Allow @variant to be used inside addBase (#19480)

Ensure @source globs with symlinks are preserved (#20203)

Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)

Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)

Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)

Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)

Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)

Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)

Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Changelog

Sourced from tailwindcss's changelog.

[4.3.1] - 2026-06-12

Added

Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)

Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)

Allow @apply to be used with CSS mixins (#19427)

Ensure not-* correctly negates @container queries, including style(…) queries (#20059)

Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)

Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)

Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)

Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)] → px-[calc(1rem+0)]) (#20127)

Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px] → left-[99999px], not left-24999.75) (#20130)

Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)

Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)

Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)

Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)

Allow @variant to be used inside addBase (#19480)

Ensure @source globs with symlinks are preserved (#20203)

Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)

Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)

Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)

Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)

Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)

Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)] → w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)

Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)

Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)

Commits

8a14a71 4.3.1 (#20226)
12833aa Fix canonicalization bug where we end up with a high precision number (#20221)
97a5b3a docs: fix double word 'to to' in test comment (#20216)
d01e103 Add missing inset keyword for inset-shadow-none (#20208)
ad66939 Allow @variant to be used inside addBase (#19480)
efae52c Simplify CSS when using utilities that use a *-0 or *-1 value (#20196)
6b43b64 Canonicalization: limit arbitrary to bare values conversion (#20130)
d4f24c5 Fix invalid canonicalization where 0\<unit> was migrated to 0 (#20127)
749c45e Expose index and siblings on walk context (#20109)
8dcdb66 Bump dependencies (#20095)
Additional commits viewable in compare view

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)

browser:

Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)

Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)

mocker:

Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)

pool:

Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

Commits

a7a61e7 chore: release v4.1.9 (#10598)
934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-non-major group with 5 updates: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.17.0` | `1.18.0` | | [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.0` | | [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.3.0` | `4.3.1` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.3.0` | `4.3.1` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` | Updates `axios` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.17.0...v1.18.0) Updates `react-router-dom` from 7.17.0 to 7.18.0 - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.0/packages/react-router-dom/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.0/packages/react-router-dom) Updates `@tailwindcss/postcss` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/@tailwindcss-postcss) Updates `tailwindcss` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss) Updates `vitest` from 4.1.8 to 4.1.9 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: react-router-dom dependency-version: 7.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-non-major - dependency-name: "@tailwindcss/postcss" dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: tailwindcss dependency-version: 4.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major - dependency-name: vitest dependency-version: 4.1.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-non-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies npm labels Jun 18, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the npm-non-major group with 5 updates#103

chore(deps): bump the npm-non-major group with 5 updates#103
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-non-major-877acb14cb

dependabot Bot commented on behalf of github Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 18, 2026

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v1.18.0 — June 13, 2026

🔒 Security Fixes

🐛 Bug Fixes

🔧 Maintenance & Chores

🌟 New Contributors

v7.18.0

Patch Changes

v4.3.1

Added

Fixed

Changed

[4.3.1] - 2026-06-12

Added

Fixed

Changed

v4.3.1

Added

Fixed

Changed

[4.3.1] - 2026-06-12

Added

Fixed

Changed

v4.1.9

🐞 Bug Fixes

View changes on GitHub

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants