chore(deps): bump the dependencies group across 1 directory with 34 updates

[dependabot]

Bumps the dependencies group with 33 updates in the /src/frontend directory:

Package	From	To
@codemirror/autocomplete	6.20.1	6.20.2
@codemirror/lint	6.9.5	6.9.6
@codemirror/search	6.6.0	6.7.0
@fortawesome/react-fontawesome	3.3.0	3.3.1
@lingui/core	5.9.3	6.1.0
@lingui/react	5.9.3	6.1.0
@sentry/react	10.46.0	10.54.0
@tabler/icons-react	3.40.0	3.44.0
@tanstack/react-query	5.95.2	5.100.14
@uiw/codemirror-theme-vscode	4.25.9	4.25.10
@uiw/react-codemirror	4.25.9	4.25.10
@vanilla-extract/css	1.20.0	1.20.1
axios	1.16.0	1.16.1
dayjs	1.11.20	1.11.21
dompurify	3.4.0	3.4.6
easymde	2.20.0	2.21.0
fuse.js	7.1.0	7.3.0
mantine-datatable	9.2.0	9.2.2
react-hook-form	7.72.0	7.76.1
react-is	19.2.4	19.2.6
undici	6.24.1	8.3.0
@codecov/vite-plugin	1.9.1	2.0.1
@lingui/babel-plugin-lingui-macro	5.9.3	6.1.0
@lingui/cli	5.9.3	6.1.0
@lingui/macro	5.9.3	5.9.5
@vanilla-extract/vite-plugin	5.2.1	5.2.2
@vitejs/plugin-react	5.2.0	6.0.2
otpauth	9.5.0	9.5.1
rollup	4.60.0	4.60.4
typescript	5.9.3	6.0.3
vite	6.4.2	8.0.14
vite-plugin-dts	4.5.4	5.0.1
vite-plugin-istanbul	8.0.0	9.0.0

Updates @codemirror/autocomplete from 6.20.1 to 6.20.2

Commits

• See full diff in compare view

Updates @codemirror/lint from 6.9.5 to 6.9.6

Commits

• See full diff in compare view

Updates @codemirror/search from 6.6.0 to 6.7.0

Commits

• See full diff in compare view

Updates @codemirror/view from 6.40.0 to 6.43.0

Changelog

Sourced from @​codemirror/view's changelog.

6.41.0 (2026-04-01)

Bug fixes

Fix an issue where EditorView.posAtCoords could incorrectly return a position near a higher element on the line, in mixed-font-size lines.

Expand the workaround for the Webkit bug that causes nonexistent selections to stay visible to be active on non-Safari Webkit browsers.

New features

The new EditorView.cursorScrollMargin facet can now be used to configure the extra space used when scrolling the cursor into view.

Commits

• See full diff in compare view

Updates @fortawesome/react-fontawesome from 3.3.0 to 3.3.1

Release notes

Sourced from @​fortawesome/react-fontawesome's releases.

v3.3.1

3.3.1 (2026-04-20)

Just a few dependency bumps to close off CVEs (not that our lib is really affected anyway).

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Changelog

Sourced from @​fortawesome/react-fontawesome's changelog.

3.3.1 (2026-04-20)

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Commits

• 75b30aa chore(release): 3.3.1 [skip ci]
• 99ba500 chore(deps): node 22.22.2, bump all dev dependencies
• 31a2676 Merge pull request #639 from FortAwesome/dependabot/npm_and_yarn/lodash-4.18.1
• 2d06890 chore(deps): bump lodash from 4.17.23 to 4.18.1
• 741a193 Merge pull request #638 from FortAwesome/dependabot/npm_and_yarn/lodash-es-4....
• 212496a chore(deps-dev): bump lodash-es from 4.17.23 to 4.18.1
• 8deeceb Merge pull request #636 from FortAwesome/dependabot/npm_and_yarn/handlebars-4...
• 5df5ade Merge pull request #635 from FortAwesome/dependabot/npm_and_yarn/picomatch-2.3.2
• f1d6d94 chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9
• 557ceaf chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• See full diff in compare view

Updates @lingui/core from 5.9.3 to 6.1.0

Release notes

Sourced from @​lingui/core's releases.

v6.1.0

6.1.0 (2026-05-21)

Features

• add lingui-set/lingui-reset comment directives (#2514) (96a52e8) (Documentation)

Bug Fixes

• disappearing placeholder comments in partial extract (#2543) (725a2bf)

v6.0.1

6.0.1 (2026-04-30)

Bug Fixes

• avoid throwing on object spreads in extractFromObjectExpression (#2538) (7cbc0a8)
• cli: declare files arguments (#2532) (4a55abe)

v6.0.0

v6.0.0

We are pleased to announce the release of Lingui 6.0 ✨

This release marks a major milestone for the project. It includes a transition to ESM-only distribution, reduced dependency graph, the removal of deprecated APIs, and improved TypeScript support. A few new features have also been introduced.

Check out the links below for more details:

• Blog Post: Announcing Lingui 6.0
• Migration Guide from 5.x to 6.x
• Full Changelog

Discussion

If you have any questions or suggestions regarding this release, please visit the Related Discussion or our Discord Server.

v6.0.0-next.4

v6.0.0-next.4 (2026-04-17)

Visit the v6 website deployment to see the relevant docs, including the migration guide from 5.x to 6.x.

Changelog

Breaking Changes

• consolidate metadata transformation options into descriptorFields (#2513)

Features

... (truncated)

Changelog

Sourced from @​lingui/core's changelog.

6.1.0 (2026-05-21)

Features

• add lingui-set/lingui-reset comment directives (#2514) (96a52e8)

6.0.1 (2026-04-30)

Note: Version bump only for package @​lingui/core

6.0.0 (2026-04-22)

• Announcing Lingui 6.0

5.9.5 (2026-04-06)

Note: Version bump only for package @​lingui/core

5.9.4 (2026-03-27)

Note: Version bump only for package @​lingui/core

Commits

• 46a340a chore(release): published v6.1.0 [skip ci] (#2550)
• 96a52e8 feat: add lingui-set/lingui-reset comment directives (#2514)
• a710fd3 chore(release): published v6.0.1 [skip ci] (#2541)
• b91bb94 chore: update tooling: Yarn, Vitest (#2539)
• a194ab4 chore: official v6 release (#2500)
• 9216f05 chore(release): published v6.0.0-next.4 (#2521)
• 1597e3a chore: improve public package descriptions and keywords (#2493)
• ebcb6dc chore(release): published v6.0.0-next.3 (#2491)
• 4b24431 feat(vite-plugin): Vite 8 compatibility + linguiTransformerBabelPreset (#2487)
• f4bcdd5 chore(release): published v6.0.0-next.2 (#2485)
• Additional commits viewable in compare view

Updates @lingui/react from 5.9.3 to 6.1.0

Release notes

Sourced from @​lingui/react's releases.

v6.1.0

6.1.0 (2026-05-21)

Features

• add lingui-set/lingui-reset comment directives (#2514) (96a52e8) (Documentation)

Bug Fixes

• disappearing placeholder comments in partial extract (#2543) (725a2bf)

v6.0.1

6.0.1 (2026-04-30)

Bug Fixes

• avoid throwing on object spreads in extractFromObjectExpression (#2538) (7cbc0a8)
• cli: declare files arguments (#2532) (4a55abe)

v6.0.0

v6.0.0

We are pleased to announce the release of Lingui 6.0 ✨

This release marks a major milestone for the project. It includes a transition to ESM-only distribution, reduced dependency graph, the removal of deprecated APIs, and improved TypeScript support. A few new features have also been introduced.

Check out the links below for more details:

• Blog Post: Announcing Lingui 6.0
• Migration Guide from 5.x to 6.x
• Full Changelog

Discussion

If you have any questions or suggestions regarding this release, please visit the Related Discussion or our Discord Server.

v6.0.0-next.4

v6.0.0-next.4 (2026-04-17)

Visit the v6 website deployment to see the relevant docs, including the migration guide from 5.x to 6.x.

Changelog

Breaking Changes

• consolidate metadata transformation options into descriptorFields (#2513)

Features

... (truncated)

Changelog

Sourced from @​lingui/react's changelog.

6.1.0 (2026-05-21)

Features

• add lingui-set/lingui-reset comment directives (#2514) (96a52e8)

6.0.1 (2026-04-30)

Note: Version bump only for package @​lingui/react

6.0.0 (2026-04-22)

• Announcing Lingui 6.0

5.9.5 (2026-04-06)

Note: Version bump only for package @​lingui/react

5.9.4 (2026-03-27)

Note: Version bump only for package @​lingui/react

Commits

• 46a340a chore(release): published v6.1.0 [skip ci] (#2550)
• 96a52e8 feat: add lingui-set/lingui-reset comment directives (#2514)
• a710fd3 chore(release): published v6.0.1 [skip ci] (#2541)
• b91bb94 chore: update tooling: Yarn, Vitest (#2539)
• a194ab4 chore: official v6 release (#2500)
• 9216f05 chore(release): published v6.0.0-next.4 (#2521)
• 1597e3a chore: improve public package descriptions and keywords (#2493)
• ebcb6dc chore(release): published v6.0.0-next.3 (#2491)
• 4b24431 feat(vite-plugin): Vite 8 compatibility + linguiTransformerBabelPreset (#2487)
• f4bcdd5 chore(release): published v6.0.0-next.2 (#2485)
• Additional commits viewable in compare view

Updates @sentry/react from 10.46.0 to 10.54.0

Release notes

Sourced from @​sentry/react's releases.

10.54.0

Important Changes

• feat(core): Support array attributes for spans, logs, and metrics (#20427)

  Arrays of primitive values (string, number, boolean) are now accepted as attribute values. Arrays containing non-primitive elements will be dropped and won't show up in Sentry. Array attributes on logs and metrics were previously stringified and will now be sent as actual arrays instead. If you have custom rules that process attribute values in any beforeSend* callbacks (e.g., data scrubbing), you may need to update them to correctly handle array values.

  For instance, here's how you can update a beforeSendLog callback to handle arrays:

  beforeSendLog: log => {
    const attributes = log.attributes;
    Object.keys(attributes).forEach(key => {
      const value = attributes[key];
      if (typeof value === 'string') {
        attributes[key] = scrubData(value);
      }
      if (Array.isArray(value)) {
        attributes[key] = value.map(v => (typeof v === 'string' ? scrubData(v) : v));
      }
    });
    return log;
  };

• feat(browser): Add fetchStreamPerformanceIntegration for streamed response tracking (#20778)

  A new integration that tracks the performance of streamed fetch responses. Use this to measure time-to-first-byte and streaming duration for APIs that return chunked/streamed data. This replaces the now deprecated trackFetchStreamPerformance option.

• feat(core): Add dataCollection client option (#20965)

  Adds a new dataCollection client option for controlling what data the SDK collects and sends to Sentry. This provides a centralized way to configure data collection behavior across different SDK features. In the future, this option will be used for fine-granular data filtering, while the simple sendDefaultPii boolean option will be deprecated and removed in a future release.

• feat(hono): Add hono.request spans for internal .request() calls (#20843)

  The Hono SDK now creates spans for internal .request() calls, providing better visibility into request handling within Hono applications.

Other Changes

• feat(core): Add data collection filtering utilities (#20989)
• feat(core): Convert scope contexts to segment span attributes in span streaming (#20828)
• feat(core): Emit sentry.sdk.integrations on streamed segment spans (#20428)
• feat(core): HTTP server diagnostics channel utility (#20779)
• feat(core): Migrate span streaming envelope to dataCollection (#21080)
• feat(core): Migrate Supabase integration to dataCollection (#21085)
• feat(core): Migrate trpc to dataCollection (#21072)
• feat(deno): Instrument node:http on versions that support it (#21009)
• feat(ember): Extract ember-specific logic into custom browserTracingIntegration (#20702)
• feat(logs): Migrate log envelope user inference to dataCollection (#21073)
• feat(nuxt): Allow custom configuration files paths in Nuxt module (#20650)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.54.0

Important Changes

• feat(core): Support array attributes for spans, logs, and metrics (#20427)

  Arrays of primitive values (string, number, boolean) are now accepted as attribute values. Arrays containing non-primitive elements will be dropped and won't show up in Sentry. Array attributes on logs and metrics were previously stringified and will now be sent as actual arrays instead. If you have custom rules that process attribute values in any beforeSend* callbacks (e.g., data scrubbing), you may need to update them to correctly handle array values.

  For instance, here's how you can update a beforeSendLog callback to handle arrays:

  beforeSendLog: log => {
    const attributes = log.attributes;
    Object.keys(attributes).forEach(key => {
      const value = attributes[key];
      if (typeof value === 'string') {
        attributes[key] = scrubData(value);
      }
      if (Array.isArray(value)) {
        attributes[key] = value.map(v => (typeof v === 'string' ? scrubData(v) : v));
      }
    });
    return log;
  };

• feat(browser): Add fetchStreamPerformanceIntegration for streamed response tracking (#20778)

  A new integration that tracks the performance of streamed fetch responses. Use this to measure time-to-first-byte and streaming duration for APIs that return chunked/streamed data. This replaces the now deprecated trackFetchStreamPerformance option.

• feat(core): Add dataCollection client option (#20965)

  Adds a new dataCollection client option for controlling what data the SDK collects and sends to Sentry. This provides a centralized way to configure data collection behavior across different SDK features. In the future, this option will be used for fine-granular data filtering, while the simple sendDefaultPii boolean option will be deprecated and removed in a future release.

• feat(hono): Add hono.request spans for internal .request() calls (#20843)

  The Hono SDK now creates spans for internal .request() calls, providing better visibility into request handling within Hono applications.

Other Changes

• feat(core): Add data collection filtering utilities (#20989)
• feat(core): Convert scope contexts to segment span attributes in span streaming (#20828)
• feat(core): Emit sentry.sdk.integrations on streamed segment spans (#20428)
• feat(core): HTTP server diagnostics channel utility (#20779)
• feat(core): Migrate span streaming envelope to dataCollection (#21080)
• feat(core): Migrate Supabase integration to dataCollection (#21085)
• feat(core): Migrate trpc to dataCollection (#21072)
• feat(deno): Instrument node:http on versions that support it (#21009)
• feat(ember): Extract ember-specific logic into custom browserTracingIntegration (#20702)
• feat(logs): Migrate log envelope user inference to dataCollection (#21073)

... (truncated)

Commits

• f31686b release: 10.54.0
• c9bb0d4 meta(changelog): Update changelog for 10.54.0 (#21163)
• 7546a18 meta(changelog): Update changelog for 10.54.0
• d16a889 fix(deno): support Deno.serve instrumentation on Deno 2.8 (#21155)
• 1e0341d fix(cloudflare): avoid repeated flush lock wrapping (#21156)
• d75440c ref(node): Vendor @opentelemetry/sql-common (#21140)
• ba8dd0c test(node-core): Fix flaky cron instrumentation test (#21092)
• 170161b ref(node): Vendor @fastify/otel (#21099)
• 683bee2 ref(node): Remove unused @opentelemetry/instrumentation-http dependency (#2...
• 2516805 ref(node): Vendor @opentelemetry/instrumentation-pg (#21102)
• Additional commits viewable in compare view

Updates @tabler/icons-react from 3.40.0 to 3.44.0

Release notes

Sourced from @​tabler/icons-react's releases.

Release 3.44.0

18 new icons:

• outline/code-ai
• outline/email-stamp
• outline/foodsteps
• outline/git-pull-request-conflict
• outline/noise-reduction
• outline/photo-alt
• outline/pointer-2
• outline/pointer-collaboration-2
• outline/pointer-collaboration
• outline/roulette
• outline/scan-cube
• outline/sketching
• outline/sparkle-2
• outline/sparkle-highlight
• outline/sparkle
• outline/sphere-2
• outline/text-scan-ai
• outline/vignette

Fixed icons: outline/air-balloon, outline/body-scan, outline/chart-sankey, outline/ear-scan, outline/grid-scan, outline/line-scan, outline/object-scan, outline/photo-scan, outline/route-scan, outline/scan-eye, outline/scan-letter-a, outline/scan-letter-t, outline/scan-position, outline/scan-traces, outline/scan, outline/text-scan-2, outline/user-scan, outline/zoom-scan

Release 3.43.0

18 new icons:

• outline/acorn
• outline/acrobatic
• outline/banana
• outline/brand-audible
• outline/building-eiffel-tower
• outline/car-door
• outline/car-lifter
• outline/chocolate
• outline/dumbbell
• outline/exercise-ball
• outline/flood
• outline/hula-hoop
• outline/leaf-maple
• outline/notdef
• outline/rugby
• outline/taiwan-dollar
• outline/target-2
• outline/unicycle

... (truncated)

Commits

• 6d128ed Release 3.44.0
• e40738b Release 3.43.0
• 076f4a9 Release 3.42.0
• 9b27b65 Release 3.41.1
• ebad60b Update homepage links in documentation and package files to point to the new ...
• 8ed617b Update README files to wrap images in anchor tags linking to the Tabler Icons...
• ef6e875 Update dependencies in pnpm-lock.yaml and package.json files (#1497)
• 6cbe885 Release 3.41.0
• 19d735e Add JSDoc with previews in icons-react (#1472)
• See full diff in compare view

Updates @tanstack/react-query from 5.95.2 to 5.100.14

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-persist-client-core@​5.100.14

@​tanstack/react-query@​5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

@​tanstack/react-query-devtools@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-next-experimental@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query-persist-client@​5.100.13

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.13
  • @​tanstack/react-query@​5.100.13

@​tanstack/react-query@​5.100.13

Patch Changes

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

5.100.10

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.10

5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.8

... (truncated)

Commits

• ba6e7be ci: Version Packages (#10767)
• ed20b6d fix(react): do not go into optimistic fetching state when not subscribed (#10...
• 05cf2bc ci: Version Packages (#10758)
• d423168 fix(query-core): use built-in NoInfer for generic indexed-access types (#10593)
• 5ff4f69 ci: Version Packages (#10755)
• 3e85350 ci: Version Packages (#10706)
• 9d2692c ci: Version Packages (#10695)
• 74fa05e chore(tsconfig.json): narrow 'include' pattern to prevent TS6053 race conditi...
• 8c3d523 ci: Version Packages (#10630)
• 9800c8f ci: Version Packages (#10623)
• Additional commits viewable in compare view

Updates @uiw/codemirror-theme-vscode from 4.25.9 to 4.25.10

Release notes

Sourced from @​uiw/codemirror-theme-vscode's releases.

v4.25.10

Documentation v4.25.10: https://raw.githack.com/uiwjs/react-codemirror/5e24acf/index.html
Comparing Changes: uiwjs/react-codemirror@v4.25.9...v4.25.10

npm i @uiw/react-codemirror@4.25.10

Commits

• d54c130 released v4.25.10
• 229eb4f chore: add sponsor SubList.
• d10a51f doc: update README.md
• 30a535e doc: Update READMEs
• See full diff in compare view

Updates @uiw/react-codemirror from 4.25.9 to 4.25.10

Release notes

Sourced from @​uiw/react-codemirror's releases.

v4.25.10

Documentation v4.25.10: https://raw.githack.com/uiwjs/react-codemirror/5e24acf/index.html
Comparing Changes: uiwjs/react-codemirror@v4.25.9...v4.25.10

npm i @uiw/react-codemirror@4.25.10

Commits

• d54c130 released v4.25.10
• 229eb4f chore: add sponsor SubList.
• d10a51f doc: update README.md
• 30a535e doc: Update READMEs
• See full diff in compare view

Updates @vanilla-extract/css from 1.20.0 to 1.20.1

Release notes

Sourced from @​vanilla-extract/css's releases.

@​vanilla-extract/css@​1.20.1

Patch Changes

• #1710 1677593 Thanks @​askoufis! - Replace cssesc dependency with vendored version

Changelog

Sourced from @​vanilla-extract/css's changelog.

1.20.1

Patch Changes

• #1710 1677593 Thanks @​askoufis! - Replace cssesc dependency with vendored version

Commits

• 5f3faae Version Packages (#1711)
• 1677593 Vendor cssesc dependency (#1710)
• See full diff in compare view

Updates axios from 1.16.0 to 1.16.1

Release notes

Sourced from axios's releases.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (#10858)
• CI Cache Removal: Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (#10882)

🐛 Bug Fixes

• Data URI Parsing: Updated the fromDataURI regex to match RFC 2397 more strictly, fixing edge cases in data: URL handling. (#10829)
• Unicode Headers: Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (#10850)
• XHR Upload Progress: Guarded against malformed ProgressEvent payloads emitted by some environments during XHR upload, preventing crashes when loaded / total are missing or invalid. (#10868)
• Webpack 4 Fetch Adapter: Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (#10864)
• Type Definitions: Made parseReviver context.source optional in the type definitions to align with the ES2023 specification. (#10837)
• URL Object Support Reverted: Reverted the change that allowed passing a URL object as config.url (originally #10866) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (#10874)

🔧 Maintenance & Chores

• Cycle Detection Refactor: Replaced the array-based cycle tracker in toJSONObject with a WeakSet, improving performance and memory behaviour on large nested structures. (#10832)
• composeSignals Cleanup: Refactored composeSignals to use a clearer early-return structure, simplifying the cancellation/abort composition path. (#10844)
• AI Readiness & Repo Docs: Added AGENTS.md and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (#10835, #10841)
• Docs Improvements: Clarified the GET request example, fixed the interceptor eject example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (#10836, #10853, #10856)
• Sponsorship Tooling: Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (#10843, #10859, #10869)
• Dependencies: Bumped @commitlint/cli from 20.5.0 to 20.5.2. (#10846)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​hpinmetaverse (#10836)
• @​tommyhgunz14 (#7413)
• @​abhu85 (#10829)
• @​divyanshuraj1095 (#10853)
• @​sagodi97 (#10856)
• @​rkdfx (#10868)
• @​Liuwei1125 (#10866)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.16.1 — May 13, 2026

This release ships a defence-in-depth fix for prototype pollution in formDataToJSON, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.

🔒 Security Fixes

• Prototype Pollution Defence-in-Depth: Hardened formDataToJSON against already-polluted Object.prototype by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (#7413)
• Proxy Cleartext Leak: Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (

[netlify]

❌ Deploy Preview for inventree-web-pui-preview failed.

Name	Link
🔨 Latest commit	eaa95ea
🔍 Latest deploy log	https://app.netlify.com/projects/inventree-web-pui-preview/deploys/6a1f9fece4bac100085d3568

[matmair]

@dependabot ignore @lingui/core major version

[dependabot]

OK, I won't notify you about version 6.x.x of @lingui/core again, unless you unignore it.

[matmair]

@dependabot ignore @lingui/react major version

[dependabot]

OK, I won't notify you about version 6.x.x of @lingui/react again, unless you unignore it.

[matmair]

@dependabot ignore @lingui/babel-plugin-lingui-macro major version

[dependabot]

OK, I won't notify you about version 6.x.x of @lingui/babel-plugin-lingui-macro again, unless you unignore it.

[matmair]

@dependabot ignore @lingui/cli major version

[dependabot]

OK, I won't notify you about version 6.x.x of @lingui/cli again, unless you unignore it.

[matmair]

@dependabot ignore @lingui/macro major version

[dependabot]

OK, I won't notify you about version 5.x.x of @lingui/macro again, unless you unignore it.

[matmair]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.