chore(deps): bump the npm_and_yarn group across 19 directories with 18 updates by dependabot[bot] · Pull Request #7 · thewlabs/orval

dependabot · 2026-02-26T06:38:24Z

Bumps the npm_and_yarn group with 3 updates in the / directory: ajv, basic-ftp and markdown-it.
Bumps the npm_and_yarn group with 6 updates in the /docs directory:

Package	From	To
ajv	`6.12.6`	`6.14.0`
lodash	`4.17.21`	`4.17.23`
markdown-it	`14.1.0`	`14.1.1`
axios	`1.8.4`	`1.13.5`
next	`13.5.9`	`15.5.10`
qs	`6.5.3`	`6.5.5`

Bumps the npm_and_yarn group with 1 update in the /packages/angular directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/axios directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/fetch directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/hono directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/mcp directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/mock directory: @orval/core.
Bumps the npm_and_yarn group with 3 updates in the /packages/orval directory: @orval/core, @orval/mcp and @orval/mock.
Bumps the npm_and_yarn group with 1 update in the /packages/query directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/swr directory: @orval/core.
Bumps the npm_and_yarn group with 1 update in the /packages/zod directory: @orval/core.
Bumps the npm_and_yarn group with 11 updates in the /samples directory:

Package	From	To
ajv	`8.14.0`	`8.18.0`
lodash	`4.17.21`	`4.17.23`
rollup	`2.79.1`	`2.80.0`
axios	`1.8.3`	`1.13.5`
next	`14.2.26`	`15.5.10`
hono	`4.4.0`	`4.11.10`
wrangler	`3.57.2`	`3.114.17`
@modelcontextprotocol/sdk	`1.10.1`	`1.26.0`
svelte	`3.59.2`	`5.51.5`
diff	`4.0.2`	`4.0.4`
undici	`5.28.4`	`5.29.0`

Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: next.
Bumps the npm_and_yarn group with 3 updates in the /samples/mcp/petstore directory: qs, @modelcontextprotocol/sdk and diff.
Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: next.
Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: svelte.
Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/custom-fetch directory: svelte.
Bumps the npm_and_yarn group with 6 updates in the /tests directory:

Package	From	To
lodash	`4.17.21`	`4.17.23`
minimatch	`3.0.4`	`3.1.5`
axios	`1.8.3`	`1.13.5`
qs	`6.14.0`	`6.15.0`
hono	`4.6.16`	`4.11.10`
@modelcontextprotocol/sdk	`1.9.0`	`1.26.0`

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates basic-ftp from 5.0.5 to 5.2.0

Release notes

Sourced from basic-ftp's releases.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Changelog

Sourced from basic-ftp's changelog.

5.2.0

Changed: Skip files with invalid name in downloadToDir.

5.1.0

Added: Add the option to prevent the use of separate transfer host IPs when using PASV. (#259)

Commits

5d41e45 Bump version
49c2e73 Update dependencies
2a2a0e6 Skip invalid filenames
65c90d9 Fix permissions for workflows
593cb78 Set permissions for workflow jobs
36adf11 Remove deprecated CodeQL check
9da4af0 Update changelog
6993039 Improve naming
0b8f756 Improve naming
67a53f2 Bump version
Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates ajv from 6.12.6 to 6.14.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates axios from 1.8.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

Justin Dhillon

Rudransh

WuMingDao

codenomnom

Nandan Acharya

Eric Dubé

Tibor Pilz

Gabriel Quaresma

Turadg Aleahmad

... (truncated)

Commits

29f7542 chore(release): prepare release 1.13.5 (#7379)
431c3a3 ci: fix run condition (#7373)
9ff3a78 ci: update ymls (#7372)
265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
475e75a feat: add input validation to isAbsoluteURL (#7326)
28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
04cf019 docs: clarify object check comment (#7323)
696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
569f028 fix: added a option to choose between legacy and the new request/response int...
44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 13.5.9 to 15.5.10

Release notes

Sourced from next's releases.

v15.5.10

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472

https://vercel.com/changelog/summary-of-cve-2026-23864

v15.4.11

Please see this changelog for more information about this security patch.

v15.3.9

Please see this changelog for more information about this security patch.

v15.2.9

Please see this changelog for more information about this security patch.

v15.1.12

Please see this changelog for more information about this security patch.

v15.0.8

Please see this changelog for more information about this security patch.

Commits

60a2aa9 v15.5.10
e5b834d fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
39a2f6a feat(next/image)!: add images.maximumResponseBody config (#88183)
bf9f084 Sync DoS mitigations for React Flight
c5de33e v15.5.9
dd23399 Backport facebook/react#35351 for 15.5.8 (#87086)
7526cd6 v15.5.8
1e9ec41 Update React Version (#41)
16141e5 Update React Version (#30)
e01e589 Backport Next.js changes to v15.5.8 (#23)
Additional commits viewable in compare view

Updates qs from 6.5.3 to 6.5.5

Changelog

Sourced from qs's changelog.

6.5.5

[Fix] fix regressions from robustness refactor

[meta] add npmignore to autogenerate an npmignore file

[actions] update reusable workflows

6.5.4

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

Commits

3a6d9f8 v6.5.5
48160e7 [actions] update reusable workflows
2fc004a [meta] add npmignore to autogenerate an npmignore file
ddcc5d5 [Fix] fix regressions from robustness refactor
c190488 v6.5.4
40b77c3 [actions] fix rebase workflow permissions
6e39e92 [readme] document that addQueryPrefix does not add ? to empty output
4e393de [readme] replace runkit CI badge with shields.io check-runs badge
dbb0346 [readme] clarify parseArrays and arrayLimit documentation
6b8b4d8 [Robustness] avoid .push, use void
See full diff in compare view

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/mcp from 7.10.0 to 7.18.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/mcp since your current version.

Updates @orval/mock from 7.10.0 to 7.20.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/mock since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates @orval/core from 7.10.0 to 7.21.0

Maintainer changes

This version was pushed to npm by melloware, a new releaser for @orval/core since your current version.

Updates ajv from 8.14.0 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

feat: allow tree-shaking by adding "sideEffects": false to package.json by @josdejong in ajv-validator/ajv#2480

fix: #2482 Infinity and NaN serialise to null by @jasoniangreen in ajv-validator/ajv#2487

fix: small grammatical error in managing-schemas.md by @monteiro-renato in ajv-validator/ajv#2508

fix: typos in schema-language.md by @monteiro-renato in ajv-validator/ajv#2507

fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @epoberezkin in ajv-validator/ajv#2586

New Contributors

@josdejong made their first contribution in ajv-validator/ajv#2480

@monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

142ce84 8.18.0
720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
82735a1 fix: typos in schema-language.md (#2507)
b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Updates rollup from 2.79.1 to 2.80.0

Release notes

Sourced from rollup's releases.

v.2.79.2

2.79.2

2024-09-26

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

#5671: Fix DOM Clobbering CVE (@lukastaegert)

Changelog

Sourced from rollup's changelog.

2.80.0

2026-02-22

Features

Throw when the generated bundle contains paths that would leave the output directory (#6277)

Pull Requests

#6277: Validate bundle stays within output dir (@lukastaegert)

2.79.2

2024-09-26

Bug Fixes

Resolve CVE-2024-43788 (#5677)

Pull Requests

#5677: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (@fabianszabo)

Commits

d17ae15 2.80.0
d6dee5e Validate bundle stays within output dir (#6277)
c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
See full diff in compare view

Updates axios from 1.8.3 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)

Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

Fix/5657. (PR #7313)

Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

Add input validation to isAbsoluteURL. (PR #7326)

Refactor: bump minor package versions. (PR #7356)

Documentation

Clarify object-check comment. (PR #7323)

Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

Chore: fix issues with YAML. (PR #7355)

CI: update workflow YAMLs. (PR #7372)

CI: fix run condition. (PR #7373)

Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)

Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

@sachin11063 (first contribution — PR #7323)

@asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

fix: issues with version 1.13.3 (#7352) (ee90dfc)

Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)

interceptor: handle the error in the same interceptor (#6269) (5945e40)

main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)

package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)

silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)

turn AxiosError into a native error (#5394) (#5558) (1c6a86d)

types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)

types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)

unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

add undefined as a value in AxiosRequestConfig (#5560) (095033c)

add automatic minor and patch upgrades to dependabot (#6053) (65a7584)

add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)

added copilot instructions (3f83143)

compatibility with frozen prototypes (#6265) (860e033)

enhance pipeFileToResponse with error handling (#7169) (88d7884)

types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298

deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

Ashvin Tiwari

Nikunj Mochi

Anchal Singh

jasonsaayman

Julian Dax

Akash Dhar Dubey

Madhumita

Tackoil

…8 updates Bumps the npm_and_yarn group with 3 updates in the / directory: [ajv](https://github.com/ajv-validator/ajv), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [markdown-it](https://github.com/markdown-it/markdown-it). Bumps the npm_and_yarn group with 6 updates in the /docs directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.14.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [axios](https://github.com/axios/axios) | `1.8.4` | `1.13.5` | | [next](https://github.com/vercel/next.js) | `13.5.9` | `15.5.10` | | [qs](https://github.com/ljharb/qs) | `6.5.3` | `6.5.5` | Bumps the npm_and_yarn group with 1 update in the /packages/angular directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/axios directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/fetch directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/hono directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/mcp directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/mock directory: @orval/core. Bumps the npm_and_yarn group with 3 updates in the /packages/orval directory: @orval/core, @orval/mcp and @orval/mock. Bumps the npm_and_yarn group with 1 update in the /packages/query directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/swr directory: @orval/core. Bumps the npm_and_yarn group with 1 update in the /packages/zod directory: @orval/core. Bumps the npm_and_yarn group with 11 updates in the /samples directory: | Package | From | To | | --- | --- | --- | | [ajv](https://github.com/ajv-validator/ajv) | `8.14.0` | `8.18.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` | | [axios](https://github.com/axios/axios) | `1.8.3` | `1.13.5` | | [next](https://github.com/vercel/next.js) | `14.2.26` | `15.5.10` | | [hono](https://github.com/honojs/hono) | `4.4.0` | `4.11.10` | | [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `3.57.2` | `3.114.17` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.10.1` | `1.26.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.59.2` | `5.51.5` | | [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` | | [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` | Bumps the npm_and_yarn group with 1 update in the /samples/hono/hono-with-fetch-client/next-app directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 3 updates in the /samples/mcp/petstore directory: [qs](https://github.com/ljharb/qs), [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [diff](https://github.com/kpdecker/jsdiff). Bumps the npm_and_yarn group with 1 update in the /samples/next-app-with-fetch directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/basic directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 1 update in the /samples/svelte-query/custom-fetch directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Bumps the npm_and_yarn group with 6 updates in the /tests directory: | Package | From | To | | --- | --- | --- | | [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` | | [axios](https://github.com/axios/axios) | `1.8.3` | `1.13.5` | | [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.0` | | [hono](https://github.com/honojs/hono) | `4.6.16` | `4.11.10` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.9.0` | `1.26.0` | Updates `ajv` from 8.17.1 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `basic-ftp` from 5.0.5 to 5.2.0 - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `ajv` from 6.12.6 to 6.14.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `axios` from 1.8.4 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `next` from 13.5.9 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `qs` from 6.5.3 to 6.5.5 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/mcp` from 7.10.0 to 7.18.0 Updates `@orval/mock` from 7.10.0 to 7.20.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `@orval/core` from 7.10.0 to 7.21.0 Updates `ajv` from 8.14.0 to 8.18.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v8.17.1...v8.18.0) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `rollup` from 2.79.1 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.80.0) Updates `axios` from 1.8.3 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `hono` from 4.4.0 to 4.11.10 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.11.10) Updates `wrangler` from 3.57.2 to 3.114.17 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Changelog](https://github.com/cloudflare/workers-sdk/blob/wrangler@3.114.17/packages/wrangler/CHANGELOG.md) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@3.114.17/packages/wrangler) Updates `@modelcontextprotocol/sdk` from 1.10.1 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) Updates `svelte` from 3.59.2 to 5.51.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.5/packages/svelte) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `undici` from 5.28.4 to 5.29.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.29.0) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `@modelcontextprotocol/sdk` from 1.10.1 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) Updates `diff` from 4.0.2 to 4.0.4 - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4) Updates `next` from 14.2.26 to 15.5.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.9...v15.5.10) Updates `svelte` from 3.59.2 to 5.53.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.5/packages/svelte) Updates `svelte` from 4.2.20 to 5.53.5 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG-pre-5.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.5/packages/svelte) Updates `lodash` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `minimatch` from 3.0.4 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.5) Updates `axios` from 1.8.3 to 1.13.5 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.4...v1.13.5) Updates `qs` from 6.14.0 to 6.15.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.3...v6.5.5) Updates `hono` from 4.6.16 to 4.11.10 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.4.0...v4.11.10) Updates `@modelcontextprotocol/sdk` from 1.9.0 to 1.26.0 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.10.1...v1.26.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.5.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/mcp" dependency-version: 7.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/mock" dependency-version: 7.20.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@orval/core" dependency-version: 7.21.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 8.18.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.11.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: wrangler dependency-version: 3.114.17 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.51.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-version: 5.29.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: diff dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: next dependency-version: 15.5.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: svelte dependency-version: 5.53.5 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: qs dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hono dependency-version: 4.11.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.26.0 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 26, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 19 directories with 18 updates#7

chore(deps): bump the npm_and_yarn group across 19 directories with 18 updates#7
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-11f17835cc

dependabot bot commented on behalf of github Feb 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 26, 2026

v8.18.0

What's Changed

New Contributors

5.2.0

5.1.0

5.2.0

5.1.0

[14.1.1] - 2026-01-11

Security

v8.18.0

What's Changed

New Contributors

[14.1.1] - 2026-01-11

Security

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

v15.5.10

v15.4.11

v15.3.9

v15.2.9

v15.1.12

v15.0.8

6.5.5

6.5.4

v8.18.0

What's Changed

New Contributors

v.2.79.2

2.79.2

Bug Fixes

Pull Requests

2.80.0

Features

Pull Requests

2.79.2

Bug Fixes

Pull Requests

v1.13.5

Release 1.13.5

Highlights

Changes

Security

Fixes

Features / Improvements

Documentation

CI / Maintenance

New Contributors

v1.13.4

Overview

What's New in v1.13.4

Bug Fixes

Changelog

1.13.3 (2026-01-20)

Bug Fixes

Features

Reverts

Contributors to this release

Uh oh!

Reviewers

Assignees