Bump the dependencies group with 7 updates by dependabot[bot] · Pull Request #36 · oharu121/ms-graph-devtools

dependabot · 2026-04-27T20:57:34Z

Bumps the dependencies group with 7 updates:

Package	From	To
axios	`1.15.1`	`1.15.2`
jsdom	`29.0.2`	`29.1.0`
@typescript-eslint/eslint-plugin	`8.59.0`	`8.59.1`
@typescript-eslint/parser	`8.59.0`	`8.59.1`
@vitest/coverage-v8	`4.1.4`	`4.1.5`
@vitest/ui	`4.1.4`	`4.1.5`
vitest	`4.1.4`	`4.1.5`

Updates axios from 1.15.1 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)

SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)

Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Commits

5829343 chore(release): prepare release 1.15.2 (#10789)
4709a48 fix: added fix for memory leak in sockets (#10788)
be33360 chore: update changelog (#10781)
4791514 fix: more header pollutions (#10779)
6feafcf fix: socket issue (#10777)
302e273 docs: update docs, add a couple actions etc (#10776)
See full diff in compare view

Updates jsdom from 29.0.2 to 29.1.0

Release notes

Sourced from jsdom's releases.

v29.1.0

Added basic support for the ratio CSS type. (@asamuzaK)

Fixed getComputedStyle() sometimes returning outdated results after CSS was modified. (@asamuzaK)

Commits

5a3e88e 29.1.0
73db204 Update dependencies and dev dependencies
a7168a5 Support ratio CSS unit type
15346e0 Fix style cache invalidation
See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.59.0 to 8.59.1

Release notes

Sourced from @typescript-eslint/eslint-plugin's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/eslint-plugin's changelog.

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

5245793 chore(release): publish 8.59.1
3cef124 chore(eslint-plugin): switch auto-generated test cases to hand-written in dot...
27c507b test: make sort-type-constituents tests fully static (#12262)
a03b31d chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
a7099a7 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
bfbd4a5 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
b49d4b1 chore(eslint-plugin): switch auto-generated test cases to hand-written in no-...
3097e72 chore(eslint-plugin): switch auto-generated test cases to hand-written in nam...
676191b chore(eslint-plugin): switch auto-generated test cases to hand-written in mem...
e9dce8b fix(eslint-plugin): [no-unnecessary-condition] treat void as nullish in no-un...
Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.59.0 to 8.59.1

Release notes

Sourced from @typescript-eslint/parser's releases.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)

eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)

eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)

eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)

eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)

eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

anasm266 @anasm266

Anshika Jain @Anshikakalpana

Ulrich Stark

yugo innami @nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @typescript-eslint/parser's changelog.

8.59.1 (2026-04-27)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

5245793 chore(release): publish 8.59.1
See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.4 to 4.1.5

Release notes

Sourced from @vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

e399846 chore: release v4.1.5
See full diff in compare view

Updates @vitest/ui from 4.1.4 to 4.1.5

Release notes

Sourced from @vitest/ui's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

e399846 chore: release v4.1.5
596f739 fix: project color label on html reporter (#10142)
f1b1f6c fix(ui): fix jsx/tsx syntax highlight (#10152)
See full diff in compare view

Updates vitest from 4.1.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

e399846 chore: release v4.1.5
7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
9787ded fix: respect diff config options in soft assertions (#8696)
325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
663b99f fix: alias agent reporter to minimal (#10157)
122c25b fix: fix vi.defineHelper called as object method (#10163)
6abd557 feat(api): make test-specification options writable (#10154)
596f739 fix: project color label on html reporter (#10142)
9423dc0 fix: --project negation excludes browser instances (#10131)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.15.1` | `1.15.2` | | [jsdom](https://github.com/jsdom/jsdom) | `29.0.2` | `29.1.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.0` | `8.59.1` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.59.0` | `8.59.1` | | [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.4` | `4.1.5` | | [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) | `4.1.4` | `4.1.5` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.4` | `4.1.5` | Updates `axios` from 1.15.1 to 1.15.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.15.1...v1.15.2) Updates `jsdom` from 29.0.2 to 29.1.0 - [Release notes](https://github.com/jsdom/jsdom/releases) - [Commits](jsdom/jsdom@v29.0.2...v29.1.0) Updates `@typescript-eslint/eslint-plugin` from 8.59.0 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.59.0 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/parser) Updates `@vitest/coverage-v8` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/coverage-v8) Updates `@vitest/ui` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/ui) Updates `vitest` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: jsdom dependency-version: 29.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: "@vitest/ui" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-27T20:57:35Z

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 27, 2026

github-actions Bot approved these changes Apr 27, 2026

View reviewed changes

github-actions Bot merged commit f5c192f into main Apr 27, 2026
3 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/dependencies-fc5d5f548b branch April 27, 2026 20:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group with 7 updates#36

Bump the dependencies group with 7 updates#36
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dependencies-fc5d5f548b

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026

v1.15.2

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v1.15.2 - April 21, 2026

🔒 Security Fixes

🚀 New Features

🐛 Bug Fixes

🔧 Maintenance & Chores

v29.1.0

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

❤️ Thank You

8.59.1 (2026-04-27)

🩹 Fixes

❤️ Thank You

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

❤️ Thank You

8.59.1 (2026-04-27)

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

Uh oh!

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants