chore(deps): bump the npm_and_yarn group across 19 directories with 16 updates by dependabot[bot] · Pull Request #4 · thewlabs/orval

dependabot · 2026-02-20T12:16:50Z

Bumps the npm_and_yarn group with 3 updates in the / directory: ajv, markdown-it and validator.
Bumps the npm_and_yarn group with 5 updates in the /docs directory:

Package	From	To
lodash	`4.17.21`	`4.17.23`
markdown-it	`14.1.0`	`14.1.1`
validator	`13.11.0`	`13.15.26`
next	`13.5.9`	`15.5.10`
qs	`6.5.3`	`6.5.5`

Bumps the npm_and_yarn group with 1 update in the /packages/angular directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/axios directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/fetch directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/hono directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/mcp directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/mock directory: @orval/core.
Bumps the npm_and_yarn group with 3 updates in the /packages/orval directory: @orval/core, @orval/mcp and @orval/mock.
Bumps the npm_and_yarn group with 1 update in the /packages/query directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/swr directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/zod directory: @orval/core.
Bumps the npm_and_yarn group with 10 updates in the /samples directory:

Package	From	To
ajv	`8.14.0`	`8.18.0`
lodash	`4.17.21`	`4.17.23`
next	`14.2.26`	`15.5.10`
@angular/compiler	`12.2.17`	`19.2.18`
hono	`4.4.0`	`4.11.10`
wrangler	`3.57.2`	`3.114.17`
@modelcontextprotocol/sdk	`1.10.1`	`1.26.0`
svelte	`3.59.2`	`5.51.5`
diff	`4.0.2`	`4.0.4`
undici	`5.28.4`	`5.29.0`

Bumps the npm_and_yarn group with 1 update in the /samples/angular-app directory: @angular/compiler.
Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: next.
Bumps the npm_and_yarn group with 3 updates in the /samples/mcp/petstore directory: qs, @modelcontextprotocol/sdk and diff.
Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: next.
Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: svelte.
Bumps the npm_and_yarn group with 4 updates in the /tests directory: lodash, qs, hono and @modelcontextprotocol/sdk.

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates validator from 13.12.0 to 13.15.26

Release notes

Sourced from validator's releases.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

New Contributors

@ds1371dani made their first contribution in validatorjs/validator.js#2634

@Numbers0689 made their first contribution in validatorjs/validator.js#2535

Full Changelog: validatorjs/validator.js@13.15.23...13.15.26

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

Full Changelog: validatorjs/validator.js@13.15.22...13.15.23

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

New Contributors

@mbtools made their first contribution in validatorjs/validator.js#2622

@koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

... (truncated)

Changelog

Sourced from validator's changelog.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

13.15.15

Fixes, New Locales and Enhancements

isMobilePhone

#2514 improve el-CY locale @rezk2ll

#2512 improve pt-AO locale @renaldodev

#2502 improve ar-OM locale @tomcastro

#2089 isIP: allow usage of option object @pixelbucket-dev

#2526 isPassportNumber: improve CA locale @evanbechtol

#2491 isBase64: improve validation based on RFC4648 @aseyfpour

... (truncated)

Commits

784e52a docs(matches): add ReDoS note to README (#2640)
6531047 fix(isHexColor): add require_hashtag option (#2535)
f605a9c fix(isURL): handle possible bypass with URL-encoded content (#2633)
a165ebe fix(isIBAN): improve IR locale (#2634)
9113304 fix(build): move to trusted publishing (#2631)
f2b5c17 maintenance: 2511 release (#2627)
d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
f2e3633 docs: add install instructions to contibution guide (#2621)
cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
4af6124 maintenance: 2510 release (#2585)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for validator since your current version.

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates validator from 13.11.0 to 13.15.26

Release notes

Sourced from validator's releases.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

New Contributors

@ds1371dani made their first contribution in validatorjs/validator.js#2634

@Numbers0689 made their first contribution in validatorjs/validator.js#2535

Full Changelog: validatorjs/validator.js@13.15.23...13.15.26

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

Full Changelog: validatorjs/validator.js@13.15.22...13.15.23

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

New Contributors

@mbtools made their first contribution in validatorjs/validator.js#2622

@koral-- made their first contribution in validatorjs/validator.js#2616

Full Changelog: validatorjs/validator.js@13.15.20...13.15.22

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

... (truncated)

Changelog

Sourced from validator's changelog.

13.15.26

Fixes, New Locales and Enhancements

#2535 isHexColor: add require_hashtag option @Numbers0689

#2633 isURL: handle possible bypass with URL-encoded content @WikiRik

#2634 isIBAN: improve IR locale @ds1371dani

Doc fixes and others:

#2640 @WikiRik

13.15.23

Fixes, New Locales and Enhancements

Doc fixes and others:

#2631 @WikiRik

13.15.22

Fixes, New Locales and Enhancements

#2622 isURL: fix regression with hostnames with ports @mbtools

#2616 isLength: improve handling Unicode variation selectors @koral--

Doc fixes and others:

#2621 @mbtools

13.15.20

Fixes, New Locales and Enhancements

#2556 isMobilePhone: add ar-QA locale @WardKhaddour

#2576 isAlpha/isAlphanuneric: add Indic locales (ta-IN, te-IN, kn-IN, ml-IN, gu-IN, pa-IN, or-IN) @avadootharajesh

#2574 isBase64: improve padding regex @KrayzeeKev

#2584 isVAT: improve FR locale @iamAmer

#2608 isURL: improve protocol detection. Resolves CVE-2025-56200 @theofidry

Doc fixes and others:

#2563 @stoneLeaf

#2581 @camillobruni

13.15.15

Fixes, New Locales and Enhancements

isMobilePhone

#2514 improve el-CY locale @rezk2ll

#2512 improve pt-AO locale @renaldodev

#2502 improve ar-OM locale @tomcastro

#2089 isIP: allow usage of option object @pixelbucket-dev

#2526 isPassportNumber: improve CA locale @evanbechtol

#2491 isBase64: improve validation based on RFC4648 @aseyfpour

... (truncated)

Commits

784e52a docs(matches): add ReDoS note to README (#2640)
6531047 fix(isHexColor): add require_hashtag option (#2535)
f605a9c fix(isURL): handle possible bypass with URL-encoded content (#2633)
a165ebe fix(isIBAN): improve IR locale (#2634)
9113304 fix(build): move to trusted publishing (#2631)
f2b5c17 maintenance: 2511 release (#2627)
d457eca fix(isLength): correctly handle Unicode variation selectors (#2616)
f2e3633 docs: add install instructions to contibution guide (#2621)
cf40145 fix: URL validation for hostnames with ports (no protocol) (#2622)
4af6124 maintenance: 2510 release (#2585)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for validator since your current version.

Updates next from 13.5.9 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates qs from 6.5.3 to 6.5.5

Changelog

Sourced from qs's changelog.

6.5.5

[Fix] fix regressions from robustness refactor

[meta] add npmignore to autogenerate an npmignore file

[actions] update reusable workflows

6.5.4

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

Commits

3a6d9f8 v6.5.5
48160e7 [actions] update reusable workflows
2fc004a [meta] add npmignore to autogenerate an npmignore file
ddcc5d5 [Fix] fix regressions from robustness refactor
c190488 v6.5.4
40b77c3 [actions] fix rebase workflow permissions
6e39e92 [readme] document that addQueryPrefix does not add ? to empty output
4e393de [readme] replace runkit CI badge with shields.io check-runs badge
dbb0346 [readme] clarify parseArrays and arrayLimit documentation
6b8b4d8 [Robustness] avoid .push, use void
See full diff in compare view

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/mcp from 7.10.0 to 7.18.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/mcp since your current version.

Updates @orval/mock from 7.10.0 to 7.20.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/mock since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates ajv from 8.14.0 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates next from 14.2.26 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates @angular/compiler from 12.2.17 to 19.2.18

Release notes

Sourced from @angular/compiler's releases.

19.2.18

core

Commit Description

sanitize sensitive attributes on SVG script elements

19.2.17

compiler

Commit Description

prevent XSS via SVG animation attributeName and MathML/SVG URLs

19.2.16

http

Commit Description

prevent XSRF token leakage to protocol-relative URLs

19.2.15

core

Commit Description

introduce BootstrapContext for improved server bootstrapping (#63639)

Breaking Changes

core
The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.

Before:
const bootstrap = () => bootstrapApplication(AppComponent, config);
After:
const bootstrap = (context: BootstrapContext) =>
  bootstrapApplication(AppComponent, config, context);
A schematic is provided to automatically update main.server.ts files to pass the BootstrapContext to the bootstrapApplication call.

In addition, getPlatform() and destroyPlatform() will now return null and be a no-op respectively when running in a server environment.
For more information please see: GHSA-68x2-mx4q-78m7

18.2.14

core

Commit Description

introduce BootstrapContext for improved server bootstrapping (#63640)

... (truncated)

Changelog

Sourced from @angular/compiler's changelog.

19.2.18 (2026-01-07)

core

Commit Type Description

26cdc53d9c fix sanitize sensitive attributes on SVG script elements

21.0.7 (2026-01-07)

compiler

Commit Type Description

8e808740c9Description has been truncated

…6 updates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [markdown-it](https://github.com/markdown-it/markdown-it) and [validator](https://github.com/validatorjs/validator.js). Bumps the npm_and_yarn group with 5 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [validator](https://github.com/validatorjs/validator.js) | `13.11.0` | `13.15.26` | | [next](https://github.com/vercel/next.js) | `13.5.9` | `15.5.10` | | [qs](https://github.com/ljharb/qs) | `6.5.3` | `6.5.5` | Bumps the npm_and_yarn group with 1 update in the /packages/angular directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/axios directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/fetch directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/hono directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/mcp directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/mock directory: @orval/core. Bumps the npm_and_yarn group with 3 updates in the /packages/orval directory: @orval/core, @orval/mcp and @orval/mock. Bumps the npm_and_yarn group with 1 update in the /packages/query directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/swr directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/zod directory: @orval/core. Bumps the npm_and_yarn group with 10 updates in the /samples directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.14.0` | `8.18.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [next](https://github.com/vercel/next.js) | `14.2.26` | `15.5.10` | | [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) | `12.2.17` | `19.2.18` | | [hono](https://github.com/honojs/hono) | `4.4.0` | `4.11.10` | | [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `3.57.2` | `3.114.17` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.10.1` | `1.26.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.59.2` | `5.51.5` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` | Bumps the npm_and_yarn group with 1 update in the /samples/angular-app directory: [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler). Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 3 updates in the /samples/mcp/petstore directory: [qs](https://github.com/ljharb/qs), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [diff](https://github.com/kpdecker/jsdiff). Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 4 updates in the /tests directory: [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs), [hono](https://github.com/honojs/hono) and [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk). Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `validator` from 13.12.0 to 13.15.26 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.12.0...13.15.26) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `validator` from 13.11.0 to 13.15.26 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@13.12.0...13.15.26) Updates `next` from 13.5.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `qs` from 6.5.3 to 6.5.5 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/mcp` from 7.10.0 to 7.18.0 Updates `@orval/mock` from 7.10.0 to 7.20.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `ajv` from 8.14.0 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `@angular/compiler` from 12.2.17 to 19.2.18 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.18/packages/compiler) Updates `hono` from 4.4.0 to 4.11.10 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.11.10) Updates `wrangler` from 3.57.2 to 3.114.17 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Changelog](https://github.com/cloudflare/workers-sdk/blob/wrangler@3.114.17/packages/wrangler/CHANGELOG.md) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@3.114.17/packages/wrangler) Updates `@modelcontextprotocol/sdk` from 1.10.1 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) Updates `svelte` from 3.59.2 to 5.51.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.5/packages/svelte) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `undici` from 5.28.4 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.29.0) Updates `@angular/compiler` from 12.2.17 to 21.1.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/v19.2.18/packages/compiler) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `@modelcontextprotocol/sdk` from 1.10.1 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `svelte` from 3.59.2 to 5.53.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.5/packages/svelte) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `hono` from 4.6.16 to 4.11.10 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.11.10) Updates `@modelcontextprotocol/sdk` from 1.9.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.26 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: validator dependency-version: 13.15.26 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/mcp" dependency-version: 7.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/mock" dependency-version: 7.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@angular/compiler" dependency-version: 19.2.18 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.11.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: wrangler dependency-version: 3.114.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.51.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/compiler" dependency-version: 21.1.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.0 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.11.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 20, 2026

This was referenced Feb 20, 2026

chore(deps): bump the npm_and_yarn group across 18 directories with 15 updates #2

Closed

chore(deps): bump the npm_and_yarn group across 19 directories with 15 updates #3

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 19 directories with 16 updates#4

chore(deps): bump the npm_and_yarn group across 19 directories with 16 updates#4
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-1cca132930

dependabot bot commented on behalf of github Feb 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 20, 2026

v8.18.0

What's Changed

New Contributors

[14.1.1] - 2026-01-11

Security

13.15.26

Fixes, New Locales and Enhancements

New Contributors

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

New Contributors

13.15.20

Fixes, New Locales and Enhancements

13.15.26

Fixes, New Locales and Enhancements

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

13.15.20

Fixes, New Locales and Enhancements

13.15.15

Fixes, New Locales and Enhancements

[14.1.1] - 2026-01-11

Security

13.15.26

Fixes, New Locales and Enhancements

New Contributors

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

New Contributors

13.15.20

Fixes, New Locales and Enhancements

13.15.26

Fixes, New Locales and Enhancements

13.15.23

Fixes, New Locales and Enhancements

13.15.22

Fixes, New Locales and Enhancements

13.15.20

Fixes, New Locales and Enhancements

13.15.15

Fixes, New Locales and Enhancements

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

6.5.5

6.5.4

v8.18.0

What's Changed

New Contributors

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

19.2.18

core

19.2.17

compiler

19.2.16

http

19.2.15

core

Breaking Changes

core

18.2.14

core

19.2.18 (2026-01-07)

core