chore(deps): bump the dependencies group across 1 directory with 33 updates

[dependabot]

Bumps the dependencies group with 32 updates in the /src/frontend directory:

Package	From	To
@codemirror/autocomplete	6.20.1	6.20.2
@codemirror/lint	6.9.5	6.9.6
@codemirror/search	6.6.0	6.7.0
@fortawesome/react-fontawesome	3.3.0	3.3.1
@lingui/core	5.9.3	6.0.1
@lingui/react	5.9.3	6.0.1
@sentry/react	10.46.0	10.52.0
@tabler/icons-react	3.40.0	3.44.0
@tanstack/react-query	5.95.2	5.100.10
@vanilla-extract/css	1.20.0	1.20.1
axios	1.15.2	1.16.0
dompurify	3.4.0	3.4.2
easymde	2.20.0	2.21.0
fuse.js	7.1.0	7.3.0
react-hook-form	7.72.0	7.75.0
react-is	19.2.4	19.2.6
styled-components	6.3.12	6.4.1
undici	6.24.1	8.2.0
@codecov/vite-plugin	1.9.1	2.0.1
@lingui/babel-plugin-lingui-macro	5.9.3	6.0.1
@lingui/cli	5.9.3	6.0.1
@lingui/macro	5.9.3	5.9.5
@playwright/test	1.58.2	1.60.0
@types/node	25.5.0	25.7.0
@vanilla-extract/vite-plugin	5.2.1	5.2.2
@vitejs/plugin-react	5.2.0	6.0.1
otpauth	9.5.0	9.5.1
rollup	4.60.0	4.60.3
rollup-plugin-license	3.7.0	3.7.1
typescript	5.9.3	6.0.3
vite	6.4.2	8.0.12
vite-plugin-dts	4.5.4	5.0.0

Updates @codemirror/autocomplete from 6.20.1 to 6.20.2

Commits

• See full diff in compare view

Updates @codemirror/lint from 6.9.5 to 6.9.6

Commits

• See full diff in compare view

Updates @codemirror/search from 6.6.0 to 6.7.0

Commits

• See full diff in compare view

Updates @codemirror/view from 6.40.0 to 6.43.0

Changelog

Sourced from @​codemirror/view's changelog.

6.41.0 (2026-04-01)

Bug fixes

Fix an issue where EditorView.posAtCoords could incorrectly return a position near a higher element on the line, in mixed-font-size lines.

Expand the workaround for the Webkit bug that causes nonexistent selections to stay visible to be active on non-Safari Webkit browsers.

New features

The new EditorView.cursorScrollMargin facet can now be used to configure the extra space used when scrolling the cursor into view.

Commits

• See full diff in compare view

Updates @fortawesome/react-fontawesome from 3.3.0 to 3.3.1

Release notes

Sourced from @​fortawesome/react-fontawesome's releases.

v3.3.1

3.3.1 (2026-04-20)

Just a few dependency bumps to close off CVEs (not that our lib is really affected anyway).

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Changelog

Sourced from @​fortawesome/react-fontawesome's changelog.

3.3.1 (2026-04-20)

Chores

• deps-dev: bump handlebars from 4.7.8 to 4.7.9 (f1d6d94)
• deps-dev: bump lodash-es from 4.17.23 to 4.18.1 (212496a)
• deps-dev: bump picomatch from 2.3.1 to 2.3.2 (557ceaf)
• deps: bump lodash from 4.17.23 to 4.18.1 (2d06890)
• deps: node 22.22.2, bump all dev dependencies (99ba500)

Commits

• 75b30aa chore(release): 3.3.1 [skip ci]
• 99ba500 chore(deps): node 22.22.2, bump all dev dependencies
• 31a2676 Merge pull request #639 from FortAwesome/dependabot/npm_and_yarn/lodash-4.18.1
• 2d06890 chore(deps): bump lodash from 4.17.23 to 4.18.1
• 741a193 Merge pull request #638 from FortAwesome/dependabot/npm_and_yarn/lodash-es-4....
• 212496a chore(deps-dev): bump lodash-es from 4.17.23 to 4.18.1
• 8deeceb Merge pull request #636 from FortAwesome/dependabot/npm_and_yarn/handlebars-4...
• 5df5ade Merge pull request #635 from FortAwesome/dependabot/npm_and_yarn/picomatch-2.3.2
• f1d6d94 chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9
• 557ceaf chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• See full diff in compare view

Updates @lingui/core from 5.9.3 to 6.0.1

Release notes

Sourced from @​lingui/core's releases.

v6.0.1

6.0.1 (2026-04-30)

Bug Fixes

• avoid throwing on object spreads in extractFromObjectExpression (#2538) (7cbc0a8)
• cli: declare files arguments (#2532) (4a55abe)

v6.0.0

v6.0.0

We are pleased to announce the release of Lingui 6.0 ✨

This release marks a major milestone for the project. It includes a transition to ESM-only distribution, reduced dependency graph, the removal of deprecated APIs, and improved TypeScript support. A few new features have also been introduced.

Check out the links below for more details:

• Blog Post: Announcing Lingui 6.0
• Migration Guide from 5.x to 6.x
• Full Changelog

Discussion

If you have any questions or suggestions regarding this release, please visit the Related Discussion or our Discord Server.

v6.0.0-next.4

v6.0.0-next.4 (2026-04-17)

Visit the v6 website deployment to see the relevant docs, including the migration guide from 5.x to 6.x.

Changelog

Breaking Changes

• consolidate metadata transformation options into descriptorFields (#2513)

Features

• macro: add optional configurable JSX placeholder naming (#2505)

Fixes

• loader: make webpack peer dependency optional and update Rspack example (#2475)
• po-format: remove duplicated references when lineNumbers is false (#2509)
• cli: support braces in catalog pathname (#2495) (backported from v5.x)

Discussion

Visit the related discussion if you have any questions about this release or feedback. We'd love to hear from you!

... (truncated)

Changelog

Sourced from @​lingui/core's changelog.

6.0.1 (2026-04-30)

Note: Version bump only for package @​lingui/core

6.0.0 (2026-04-22)

• Announcing Lingui 6.0

5.9.5 (2026-04-06)

Note: Version bump only for package @​lingui/core

5.9.4 (2026-03-27)

Note: Version bump only for package @​lingui/core

Commits

• a710fd3 chore(release): published v6.0.1 [skip ci] (#2541)
• b91bb94 chore: update tooling: Yarn, Vitest (#2539)
• a194ab4 chore: official v6 release (#2500)
• 9216f05 chore(release): published v6.0.0-next.4 (#2521)
• 1597e3a chore: improve public package descriptions and keywords (#2493)
• ebcb6dc chore(release): published v6.0.0-next.3 (#2491)
• 4b24431 feat(vite-plugin): Vite 8 compatibility + linguiTransformerBabelPreset (#2487)
• f4bcdd5 chore(release): published v6.0.0-next.2 (#2485)
• 2848e87 fix(macro): add shims for macro executed in nodejs without transpilation (#2471)
• c3247d6 chore: fix eslint config for react (#2449)
• Additional commits viewable in compare view

Updates @lingui/react from 5.9.3 to 6.0.1

Release notes

Sourced from @​lingui/react's releases.

v6.0.1

6.0.1 (2026-04-30)

Bug Fixes

• avoid throwing on object spreads in extractFromObjectExpression (#2538) (7cbc0a8)
• cli: declare files arguments (#2532) (4a55abe)

v6.0.0

v6.0.0

We are pleased to announce the release of Lingui 6.0 ✨

This release marks a major milestone for the project. It includes a transition to ESM-only distribution, reduced dependency graph, the removal of deprecated APIs, and improved TypeScript support. A few new features have also been introduced.

Check out the links below for more details:

• Blog Post: Announcing Lingui 6.0
• Migration Guide from 5.x to 6.x
• Full Changelog

Discussion

If you have any questions or suggestions regarding this release, please visit the Related Discussion or our Discord Server.

v6.0.0-next.4

v6.0.0-next.4 (2026-04-17)

Visit the v6 website deployment to see the relevant docs, including the migration guide from 5.x to 6.x.

Changelog

Breaking Changes

• consolidate metadata transformation options into descriptorFields (#2513)

Features

• macro: add optional configurable JSX placeholder naming (#2505)

Fixes

• loader: make webpack peer dependency optional and update Rspack example (#2475)
• po-format: remove duplicated references when lineNumbers is false (#2509)
• cli: support braces in catalog pathname (#2495) (backported from v5.x)

Discussion

Visit the related discussion if you have any questions about this release or feedback. We'd love to hear from you!

... (truncated)

Changelog

Sourced from @​lingui/react's changelog.

6.0.1 (2026-04-30)

Note: Version bump only for package @​lingui/react

6.0.0 (2026-04-22)

• Announcing Lingui 6.0

5.9.5 (2026-04-06)

Note: Version bump only for package @​lingui/react

5.9.4 (2026-03-27)

Note: Version bump only for package @​lingui/react

Commits

• a710fd3 chore(release): published v6.0.1 [skip ci] (#2541)
• b91bb94 chore: update tooling: Yarn, Vitest (#2539)
• a194ab4 chore: official v6 release (#2500)
• 9216f05 chore(release): published v6.0.0-next.4 (#2521)
• 1597e3a chore: improve public package descriptions and keywords (#2493)
• ebcb6dc chore(release): published v6.0.0-next.3 (#2491)
• 4b24431 feat(vite-plugin): Vite 8 compatibility + linguiTransformerBabelPreset (#2487)
• f4bcdd5 chore(release): published v6.0.0-next.2 (#2485)
• 2848e87 fix(macro): add shims for macro executed in nodejs without transpilation (#2471)
• c3247d6 chore: fix eslint config for react (#2449)
• Additional commits viewable in compare view

Updates @sentry/react from 10.46.0 to 10.52.0

Release notes

Sourced from @​sentry/react's releases.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)
• chore(deps): Bump vulnerable testem version (#20634)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.52.0

Important Changes

• Beta release of the official Hono Sentry SDK

  This release marks the beta release of the @sentry/hono Sentry SDK. For details on how to use it, check out the Sentry Hono SDK docs. Please reach out on GitHub if you have any feedback or concerns.

• feat(browser): Add ingest_settings to v2 log envelope payload (#20453)

  Inference of user data (e.g. IP address, browser name/version) on log events is now gated behind the sendDefaultPii option. Previously, this data was always inferred by default.

Other Changes

• docs(hono): Add new docs link and move to BETA release (#20666)
• feat(browser): Add ingest_settings to v2 metrics envelope payload (#20454)
• feat(browser): Migrate spotlight event processor to ignoreSpans (#20595)
• feat(cloudflare): Capture request body via httpServerIntegration (#20614)
• feat(cloudflare): Support rpc trace propagation for WorkerEntrypoint (#20523)
• feat(cloudflare): Support tracing for queue producer (#20529)
• feat(core): Apply request data to segment spans in span streaming (#20654)
• feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• feat(deno): Add processSegmentSpan to Deno context integration (#20613)
• feat(http): Portable node:http client instrumentation (#20393)
• feat(nitro): Add unstorage tracing channel instrumentation (#20615)
• feat(node-core): Add processSegmentSpan to node context integration (#20678)
• feat(node): Use diagnostics_channel for redis >= 5.12.0 (#20573)
• feat(node): Vendor ioredis, redis instrumentations (#20510)
• feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• fix: Bump fast-xml-parser to fix vulnerability (#20644)
• fix: Bump vite versions to fix vulnerability (#20646)
• fix(core): Drain buffers in flush() when there is no transport (#20207)
• fix(core): Guard against undefined chained in copyProps (#20637)
• fix(deps): Bump rollup-plugin-license to fix lodash vulnerabilities (#20636)
• fix(deps): Bump transitive deps for medium security fixes (#20683)
• fix(hono): Do not capture 3xx and 4xx errors and add tests (#20640)
• fix(nextjs): Skip build modification when SRI is enabled (#20694)
• fix(opentelemetry): Respect OTEL_SERVICE_NAME, OTEL_RESOURCE_ATTRIBUTES (#20509)

• chore: Remove bundle-analyzer-scenarios dev packages (#20680)
• chore(deps): Bump @​hono/node-server from 1.19.10 to 1.19.13 (#20117)
• chore(deps): Bump @​nestjs packages to fix path-to-regexp ReDoS (#20642)
• chore(deps): Bump axios from 1.15.0 to 1.15.2 (#20665)
• chore(deps): Bump ip-address from 10.1.0 to 10.2.0 (#20695)
• chore(deps): Bump simple-git from 3.33.0 to 3.36.0 (#20696)

... (truncated)

Commits

• 4b911e0 release: 10.52.0
• 781f31c Merge pull request #20707 from getsentry/prepare-release/10.52.0
• 11a64f6 meta(changelog): Update changelog for 10.52.0
• e185818 feat(node-core): Add processSegmentSpan to node context integration (#20678)
• 7e49571 feat(node): use diagnostics_channel for redis >= 5.12.0 (#20573)
• a8ab715 feat(replay): Reset replay id from DSC on session expiry/refresh (#20129)
• 7efc03f feat(core): Apply request data to segment spans in span streaming (#20654)
• 01d0a70 feat(core): Migrate Vercel AI event processor to span streaming (#20608)
• 12cd3e5 fix(nextjs): Skip build modification when SRI is enabled (#20694)
• f1f534c fix(deps): Bump transitive deps for medium security fixes (#20683)
• Additional commits viewable in compare view

Updates @tabler/icons-react from 3.40.0 to 3.44.0

Release notes

Sourced from @​tabler/icons-react's releases.

Release 3.44.0

18 new icons:

• outline/code-ai
• outline/email-stamp
• outline/foodsteps
• outline/git-pull-request-conflict
• outline/noise-reduction
• outline/photo-alt
• outline/pointer-2
• outline/pointer-collaboration-2
• outline/pointer-collaboration
• outline/roulette
• outline/scan-cube
• outline/sketching
• outline/sparkle-2
• outline/sparkle-highlight
• outline/sparkle
• outline/sphere-2
• outline/text-scan-ai
• outline/vignette

Fixed icons: outline/air-balloon, outline/body-scan, outline/chart-sankey, outline/ear-scan, outline/grid-scan, outline/line-scan, outline/object-scan, outline/photo-scan, outline/route-scan, outline/scan-eye, outline/scan-letter-a, outline/scan-letter-t, outline/scan-position, outline/scan-traces, outline/scan, outline/text-scan-2, outline/user-scan, outline/zoom-scan

Release 3.43.0

18 new icons:

• outline/acorn
• outline/acrobatic
• outline/banana
• outline/brand-audible
• outline/building-eiffel-tower
• outline/car-door
• outline/car-lifter
• outline/chocolate
• outline/dumbbell
• outline/exercise-ball
• outline/flood
• outline/hula-hoop
• outline/leaf-maple
• outline/notdef
• outline/rugby
• outline/taiwan-dollar
• outline/target-2
• outline/unicycle

... (truncated)

Commits

• 6d128ed Release 3.44.0
• e40738b Release 3.43.0
• 076f4a9 Release 3.42.0
• 9b27b65 Release 3.41.1
• ebad60b Update homepage links in documentation and package files to point to the new ...
• 8ed617b Update README files to wrap images in anchor tags linking to the Tabler Icons...
• ef6e875 Update dependencies in pnpm-lock.yaml and package.json files (#1497)
• 6cbe885 Release 3.41.0
• 19d735e Add JSDoc with previews in icons-react (#1472)
• See full diff in compare view

Updates @tanstack/react-query from 5.95.2 to 5.100.10

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.9

Patch Changes

• Updated dependencies [3d21cac]:
  • @​tanstack/query-devtools@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-next-experimental@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query-persist-client@​5.100.9

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.9
  • @​tanstack/react-query@​5.100.9

@​tanstack/react-query@​5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

@​tanstack/react-query-devtools@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-next-experimental@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query-persist-client@​5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.100.8
  • @​tanstack/react-query@​5.100.8

@​tanstack/react-query@​5.100.8

Patch Changes

• Updated dependencies []:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.100.10

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.10

5.100.9

Patch Changes

• Updated dependencies [fcee7bd]:
  • @​tanstack/query-core@​5.100.9

5.100.8

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.8

5.100.7

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.7

5.100.6

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.6

5.100.5

Patch Changes

• Updated dependencies [a53ef97]:
  • @​tanstack/query-core@​5.100.5

5.100.4

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.4

5.100.3

... (truncated)

Commits

• See full diff in compare view

Updates @vanilla-extract/css from 1.20.0 to 1.20.1

Release notes

Sourced from @​vanilla-extract/css's releases.

@​vanilla-extract/css@​1.20.1

Patch Changes

• #1710 1677593 Thanks @​askoufis! - Replace cssesc dependency with vendored version

Changelog

Sourced from @​vanilla-extract/css's changelog.

1.20.1

Patch Changes

• #1710 1677593 Thanks @​askoufis! - Replace cssesc dependency with vendored version

Commits

• 5f3faae Version Packages (#1711)
• 1677593 Vendor cssesc dependency (#1710)
• See full diff in compare view

Updates axios from 1.15.2 to 1.16.0

Release notes

Sourced from axios's releases.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

• Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (#10795)
• Proxy requests now preserve user-supplied Host headers. Previously, the proxy path could overwrite a custom Host. Virtual-host-style routing through a proxy will now behave correctly. (#10822)
• Basic auth credentials embedded in URLs are now URL-decoded. If you have percent-encoded credentials in a URL (e.g. https://user:p%40ss@host), the decoded value is what now goes on the wire. (#10825)
• parseProtocol now strictly requires a colon in the protocol separator. Strings that loosely parsed as protocols before may no longer match. (#10729)
• Deprecated unescape() replaced with modern UTF-8 encoding. Non-ASCII URL handling is now spec-correct; consumers depending on legacy unescape() quirks may see different output bytes. (#7378)
• transformRequest input typing change was reverted. The typing change introduced in #10745 was reverted in #10810 after follow-up review — net behavior is unchanged from 1.15.2. (#10745, #10810)

🚀 New Features

• QUERY HTTP Method: Added support for the QUERY HTTP method across adapters and type definitions. (#10802)
• ECONNREFUSED Error Constant: Exposed ECONNREFUSED as a constant on AxiosError so callers can match connection-refused failures without comparing string literals (closes #6485). (#10680)
• Encode Helper Export: Exported the internal encode helper from buildURL so userland param serializers can reuse the same encoding logic that axios uses internally. (#6897)

🐛 Bug Fixes

• HTTP Adapter — Redirects & Headers: Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing requestDetails argument on beforeRedirect, preserved user-supplied Host headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (#10794, #10800, #6241, #10822, #10825)
• HTTP Adapter — Streams & Timeouts: Preserved the partial response object on AxiosError when a stream is aborted after headers arrive, honoured the timeout option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and maxRedirects: 0. (#10708, #10819, #7149)
• Fetch Adapter: Enforced maxBodyLength / maxContentLength in the fetch adapter, set the User-Agent header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a TypeError in restricted environments. (#10795, #10772, #10806, #7260)
• XHR Adapter: Unsubscribed the cancelToken and AbortSignal listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (#10787)
• Error Handling: Attached the parsed response to AxiosError when JSON.parse fails inside dispatchRequest, prevented settle from emitting undefined error codes, and tightened the parseProtocol regex to require a colon in the protocol separator. (#10724, #7276, #10729)
• Types & Exports: Aligned the CommonJS CancelToken typings with the ESM build, fixed a compiler error caused by RawAxiosHeaders, and re-exported create from the package index. (#7414, #6389, #6460)
• UTF-8 Encoding: Replaced the deprecated unescape() call with a modern UTF-8 encoding implementation. (#7378)
• Misc Cleanup: Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (#10833)

🔧 Maintenance & Chores

• Refactor — ES6 Modernisation: Modernised the utils module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (#10588, #7419)
• Tests: Hardened the HTTP test server lifecycle to fix flaky FormData EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (#10820, #10791, #10796)
• Docs: Documented paramsSerializer.encode for strict RFC 3986 query encoding, updated the parseReviver TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (#10821, #10782, #10759, #10804)
• Reverted: Reverted the transformRequest input typing change from #10745 after follow-up review. (#10745, #10810)
• Dependencies: Bumped actions/setup-node, the github-actions group, and postcss (in /docs) to their latest versions. (#10785, #10813, #10814)
• Release: Updated changelog and packages, and prepared the 1.16.0 release. (#10790, #10834)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​singhankit001 (#10588)
• @​cuiweixie (#7419)
• @​iruizsalinas (#10787)
• @​MarcosNocetti (#10680)
• @​deepview-autofix (#10729)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.16.0 — May 2, 2026

This release adds support for the QUERY HTTP method and a new ECONNREFUSED error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.

⚠️ Notable Changes

A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:

• Fetch adapter now enforces maxBodyLength and maxContentLength. These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS pro...

  Description has been truncated

[netlify]

❌ Deploy Preview for inventree-web-pui-preview failed.

Name	Link
🔨 Latest commit	dbe4a99
🔍 Latest deploy log	https://app.netlify.com/projects/inventree-web-pui-preview/deploys/6a0bdfcf5962b70008e51da7