build(deps): bump the alldependencies group across 1 directory with 16 updates

[dependabot]

Bumps the alldependencies group with 4 updates in the / directory: axios, ramda, @types/ramda and dprint.

Updates axios from 1.13.2 to 1.13.3

Release notes

Sourced from axios's releases.

Release v1.13.3

Release notes:

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Changelog

Sourced from axios's changelog.

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma

... (truncated)

Commits

• ab06109 chore(release): v1.13.3 (#7335)
• 2d6ad5e revert(deps): bump peter-evans/create-pull-request from 7 to 8 in the github-...
• cb49a6f chore(sponsor): update sponsor block (#7330)
• d8233d9 fix(types): restore AxiosError.cause type from unknown to Error (#7327)
• 5945e40 fix(interceptor): handle the error in the same interceptor (#6269)
• 7373fbf fix: main field in package.json should correspond to cjs artifacts (#5756)
• 8d1271b fix(types): add handlers to AxiosInterceptorManager interface (#5551)
• f869434 docs: refresh CDN URLs and example JSON headers (#7236)
• 46db331 doc: update deprecated var usage in documentation examples (#7246)
• d6bbb3d docs: add async/await timeout handling example (#7250)
• Additional commits viewable in compare view

Updates cors from 2.8.5 to 2.8.6

Release notes

Sourced from cors's releases.

v2.8.6

What's Changed

• Build: Node.js@12.16 and Node.js.13.12 by @​smondal in expressjs/cors#189
• Update README.md for origin function callback parameters by @​dstudzinski in expressjs/cors#180
• Suggest passing false for disallowed domains, not erroring by @​shackpank in expressjs/cors#175
• Changed the term whitelist to allowlist in Documentation by @​jkasun in expressjs/cors#200
• Fix typo in README by @​alex-grover in expressjs/cors#207
• Added new link & website in the README by @​manjunath00 in expressjs/cors#269
• Fix functions call with extra parameter by @​LuisEGR in expressjs/cors#245
• 🐛 Fix readme status badge by @​homersimpsons in expressjs/cors#306
• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/cors#321
• ci: fix errors in ci github action for node 8 by @​inigomarquinez in expressjs/cors#322
• test: improved test robustness by @​Alex-GF in expressjs/cors#320
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/cors#341
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/cors#340
• docs: remove broken link to demo site by @​dpopp07 in expressjs/cors#344
• OSSF Scorecard recommendations by @​UlisesGascon in expressjs/cors#350
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.19 by @​dependabot[bot] in expressjs/cors#351
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/cors#353
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in expressjs/cors#354
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 by @​dependabot[bot] in expressjs/cors#355
• build(deps-dev): bump express from 4.17.1 to 4.21.2 by @​dependabot[bot] in expressjs/cors#356
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in expressjs/cors#352
• build(deps-dev): bump mocha from 9.1.1 to 9.2.2 by @​dependabot[bot] in expressjs/cors#358
• update the docs for per request config by @​jonchurch in expressjs/cors#338
• (fix): readme updated for #271 origin option for * by @​dhananjaysa92 in expressjs/cors#289
• ci: upgrade Node versions by @​UlisesGascon in expressjs/cors#359
• chore: add funding to package.json by @​bjohansebas in expressjs/cors#363
• build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 by @​dependabot[bot] in expressjs/cors#371
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in expressjs/cors#370
• docs: Cleanup README by @​efekrskl in expressjs/cors#374
• chore: add node v25 by @​imangas in expressjs/cors#375
• Extend CI test matrix by @​imangas in expressjs/cors#376
• docs: simplify code examples with header comments by @​jonchurch in expressjs/cors#386
• docs: tweak intro, add note w/ browser enforcement, FAQ by @​jonchurch in expressjs/cors#385
• chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball by @​Phillip9587 in expressjs/cors#388
• Release: 2.8.6 by @​UlisesGascon in expressjs/cors#390

New Contributors

• @​smondal made their first contribution in expressjs/cors#189
• @​dstudzinski made their first contribution in expressjs/cors#180
• @​shackpank made their first contribution in expressjs/cors#175
• @​jkasun made their first contribution in expressjs/cors#200
• @​alex-grover made their first contribution in expressjs/cors#207
• @​manjunath00 made their first contribution in expressjs/cors#269
• @​LuisEGR made their first contribution in expressjs/cors#245
• @​homersimpsons made their first contribution in expressjs/cors#306
• @​inigomarquinez made their first contribution in expressjs/cors#321
• @​Alex-GF made their first contribution in expressjs/cors#320
• @​carpasse made their first contribution in expressjs/cors#341

... (truncated)

Changelog

Sourced from cors's changelog.

2.8.6 / 2026-01-22

• Improve documentation (API, context, examples...)
• Remove additional markdown files from tarball

Commits

• f00a8c1 2.8.6 (#390)
• 848e2bd chore: remove HISTORY.md and nonexistent CONTRIBUTING.md from tarball (#388)
• cf8947e docs: tweak intro, add note w/ browser enforcement, FAQ (#385)
• bbf62a5 docs: simplify code examples with header comments (#386)
• f442e77 Extend CI test matrix (#376)
• d5cf6cd ci: add support for node@25 (#375)
• 7e6f7ee docs: revamp content (#374)
• b25644c build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#370)
• f881e91 build(deps): bump github/codeql-action from 3.28.19 to 4.31.2 (#371)
• 9a9a760 chore: add funding to package.json (#363)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cors since your current version.

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 4.22.1 by @​UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• Refactor: improve readability by @​sazk07 in expressjs/express#6190
• ci: add support for Node.js@23.0 by @​UlisesGascon in expressjs/express#6080
• Method functions with no path should error by @​wesleytodd in expressjs/express#5957
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6323
• ci: reorder npm i steps to fix ci for older node versions by @​Phillip9587 in expressjs/express#6336
• Backport: ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6506
• chore(4.x): wider range for query test skip by @​jonchurch in expressjs/express#6513
• use tilde notation for certain dependencies by @​UlisesGascon in expressjs/express#6905
• deps: qs@6.14.0 by @​UlisesGascon in expressjs/express#6909
• deps: use tilde notation for qs by @​Phillip9587 in expressjs/express#6919
• Release: 4.22.0 by @​UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: use tilde notation for dependencies
• deps: qs@6.14.0

Commits

• 12fae14 4.22.1
• 5ddf311 Revert "sec: security patch for CVE-2024-51999"
• 49744ab 4.22.0 (#6921)
• 6e97452 sec: security patch for CVE-2024-51999
• 6a23d34 deps: use tilde notation for qs (#6919)
• 8c12cdf deps: qs@6.14.0 (#6909)
• 7fea74f deps: use tilde notation for certain dependencies (#6905)
• dac7a04 chore: wider range for query test skip (#6513)
• 997919b ci: add node.js 24 to test matrix (#6506)
• 36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
• Additional commits viewable in compare view

Updates ramda from 0.30.1 to 0.32.0

Release notes

Sourced from ramda's releases.

v0.32.0

upgrade guide

v0.31.3

upgrade guide

Commits

• f0b1fb5 Version 0.32.0
• fc8f028 fix exports in package.json (#3522)
• 29470a6 docs(rebuild): fix typo (#3521)
• 7414650 docs(pipeWith): add usage example (#3520)
• 746e0f8 docs: update jsdelivr link (#3518)
• 3c81269 docs: add Map & Set example to type.js (#3517)
• 3cade36 feat: better handling of decimal arguments to range (#3516)
• d4443e6 Update head.js and last.js docs example (#3515)
• 7ee3d7a Version 0.31.3
• 69dfa7f do not clean dist
• Additional commits viewable in compare view

Updates winston from 3.18.3 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

• Run npm audit fix e7ccdc4
• Don't include jest.config.js in npm package 5a63c8c
• fix: append error cause when using logger.child() (#2467) e74a7ae
• Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
• fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
• Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
• Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
• Bump actions/checkout from 4 to 6 (#2593) dd7906e
• chore: migrate test runner from mocha to jest (#2567) 2e9eb18

---

winstonjs/winston@v3.18.3...v3.19.0

Commits

• ed45345 3.19.0
• e7ccdc4 Run npm audit fix
• 5a63c8c Don't include jest.config.js in npm package
• e74a7ae fix: append error cause when using logger.child() (#2467)
• 8a956fd Bump rimraf from 5.0.1 to 5.0.10 (#2517)
• 86c890f fix: ensure File transport flushes all data before emitting finish (#2594)
• 3b8be02 Bump actions/setup-node from 4 to 6 (#2589)
• f4c3e2c Bump @​babel/core from 7.28.0 to 7.28.5 (#2591)
• dd7906e Bump actions/checkout from 4 to 6 (#2593)
• 2e9eb18 chore: migrate test runner from mocha to jest (#2567)
• See full diff in compare view

Updates @eslint/js from 9.39.1 to 9.39.2

Release notes

Sourced from @​eslint/js's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• c43ce24 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates @swc/cli from 0.7.9 to 0.7.10

Commits

• See full diff in compare view

Updates @swc/core from 1.15.0 to 1.15.10

Changelog

Sourced from @​swc/core's changelog.

[1.15.10] - 2026-01-19

Bug Fixes

• (ci) Handle merged PRs separately in milestone manager (#11409) (3554268)

• (es/compat) Preserve this context in nested arrow functions (#11423) (f2bdaf2)

• (es/es2017) Replace this in arrow functions during async-to-generator (#11450) (a993da6)

Features

• (bindings/wasm) Enable ecma_lints feature to support semantic error detection (#11414) (1faa4a5)

• (es/hooks) Implement VisitMutHook for Either type (#11428) (395c85e)

• (es/hooks) Implement VisitMutHook for Option (#11429) (0bf1954)

• (es/hooks) Add VisitHook trait for immutable AST visitors (#11437) (3efb41d)

• (es/minifier) Improve nested template literal evaluation (#11411) (147df2f)

• (es/minifier) Remove inlined IIFE arg and param (#11436) (2bc5d40)

• (es/minifier) Remove inlined IIFE arg and param (#11446) (baa1ae3)

Miscellaneous Tasks

• (deps) Update rkyv (#11419) (432197b)

• (deps) Update lru to 0.16.3 (#11438) (67c2d75)

• (deps) Update browserslist-data to v0.1.5 (#11454) (e9f78f0)

... (truncated)

Commits

• 073b0bb chore: Publish 1.15.10 with swc_core v55.0.1
• f6afa7f chore: Update changelog
• dadfc1e chore: Publish 1.15.10-nightly-20260119.1 with swc_core v55.0.1
• 2361588 chore: Publish crates with swc_core v55.0.1
• e9f78f0 chore(deps): Update browserslist-data to v0.1.5 (#11454)
• baa1ae3 feat(es/minifier): Remove inlined IIFE arg and param (#11446)
• ab917ab chore: Publish crates with swc_core v55.0.0
• a993da6 fix(es/es2017): Replace this in arrow functions during async-to-generator (...
• 764c3af chore: Fix collapsing of claude code reviews
• affb6a2 ci: Collapse preivous claude[bot] PR review comments
• Additional commits viewable in compare view

Updates @types/express from 5.0.5 to 5.0.6

Commits

• See full diff in compare view

Updates @types/node from 22.19.0 to 22.19.7

Commits

• See full diff in compare view

Updates @types/ramda from 0.30.2 to 0.31.1

Commits

• See full diff in compare view

Updates dprint from 0.49.1 to 0.51.1

Release notes

Sourced from dprint's releases.

0.51.1

Changes

• fix: prefer $HOME/.config/dprint on macOS for global config (#1062)
  • After feedback, the dprint executable now prefers putting the global config in the folder at $HOME/.config/dprint, but will continue to use the "Application Support" macOS config directory if a config file exists in there.
• dprint is now published using trusted publishing to npm and crates.io

0.51.0 release notes: https://github.com/dprint/dprint/releases/tag/0.51.0

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact	SHA-256 Checksum
dprint-x86_64-apple-darwin.zip	d7afcb650f4a6e7d60dc46924dede9a44f276a4f044600de7babad67c0479876
dprint-aarch64-apple-darwin.zip	cc1321a524d8e1312d376ce2c51343f43f8f5489c2e265f11aea5a6af4de52ad
dprint-x86_64-pc-windows-msvc.zip	e3f6604c7fec54cc737e2be215e467d194d912141de7b9569436503c6edd2195
dprint-x86_64-pc-windows-msvc-installer.exe	9afc76ec95e2eb0e1255df7c060f9c382b5c2f3f0dd8d957a776e98eca618f87
dprint-x86_64-unknown-linux-gnu.zip	674c1f9fcdf8a564c26cc027e080d0c4758a40a566e04a776fc83c875ad51d45
dprint-x86_64-unknown-linux-musl.zip	0bc7904de86cc70384a4d295902c69fc5239ed45ab19a7361216263d1a8cb572
dprint-aarch64-unknown-linux-gnu.zip	05a0df273453f099092967641462951fd26dcad282a564f91cc4ad16ea02d526
dprint-aarch64-unknown-linux-musl.zip	8cd2a46ff5d6940db5e708c9a5be8abc9f68e6324d6fd51c8977addd2188648a
dprint-riscv64gc-unknown-linux-gnu.zip	35cf03b5c8f3e0218f78f9351463e035c411b2c3743a911e3d103613a4e282f8
dprint-loongarch64-unknown-linux-gnu.zip	42a37f38275156fe5fe8306608d0e764c69bb9441f3bbb8faf8145b27a33acde
dprint-loongarch64-unknown-linux-musl.zip	2c5e926fedc40214bbf947447909761dafc6e26990b983c823e7e971818a8fd2

0.51.0

dprint is a pluggable, configurable code formatting platform written in Rust. It aims to unify all your code formatters in one tool.

Features

Global Configuration File

dprint now supports a global configuration file that can be used when not in a project. (#1040)

Initialize a global config:

dprint init --global
# or
dprint config init --global

The global config location is customizable via the DPRINT_CONFIG_DIR environment variable, but by default is stored in (this reflects the update that was published in 0.51.1 after feedback):

• Linux/Mac: ~/.config/dprint/dprint.jsonc (or $XDG_CONFIG_HOME/dprint/dprint.jsonc)
  • Note: On Mac it will respect $HOME/Library/Application Support/dprint/dprint.jsonc if it exists

... (truncated)

Commits

• 33ec136 0.51.1
• bbe415f fix: prefer $HOME/.config/dprint on macOS for global config (#1062)
• 4083ac9 docs: correct location of Mac global config file (#1061)
• 52191d5 chore: fix main ci (#1059)
• de3aebe ci: update to use trusted publishing (#1058)
• d3f6d97 0.51.0
• e08fffc docs: global configuration (#1051)
• 0fb3b44 feat: update dprint check message to suggest running dprint fmt (#1056)
• 999eead feat: dprint check --fail-fast (#1054)
• adf0049 feat(BREAKING): add dprint config update --recursive and make default non-r...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dprint since your current version.

Updates eslint from 9.39.1 to 9.39.2

Release notes

Sourced from eslint's releases.

v9.39.2

Bug Fixes

• 5705833 fix: warn when eslint-env configuration comments are found (#20381) (sethamus)

Build Related

• 506f154 build: add .scss files entry to knip (#20391) (Milos Djermanovic)

Chores

• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (#20394) (Francesco Trotta)
• c43ce24 chore: package.json update for @​eslint/js release (Jenkins)
• 4c9858e ci: add v9.x-dev branch (#20382) (Milos Djermanovic)

Commits

• 9278324 9.39.2
• 542266a Build: changelog update for 9.39.2
• 7ca0af7 chore: upgrade to @eslint/js@9.39.2 (

[rzkytmgr]

@dependabot recreate

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml