Skip to content

chore(deps): bump axios and stellar-sdk in /react-web#37

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/react-web/multi-3397e246cf
Open

chore(deps): bump axios and stellar-sdk in /react-web#37
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/react-web/multi-3397e246cf

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Feb 10, 2026

Bumps axios and stellar-sdk. These dependencies needed to be updated together.
Updates axios from 0.27.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release

... (truncated)

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates stellar-sdk from 10.3.0 to 13.3.0

Release notes

Sourced from stellar-sdk's releases.

v13.3.0

Added

  • Add includeFailed to PaymentCallBuilder for including failed transactions in calls (#1168).

Fixed

  • Ensure that rpc.Api.GetTransactionsResponse.transactions is always a valid array (#1162).

Contributors

@​fnando @​overcat

Full Changelog: stellar/js-stellar-sdk@v13.2.0...v13.3.1

v13.2.0

v13.2.0

Added

  • Support passing in an optional options.address to the contract.Client.deploy method (#1158).

Fixed

  • Extend support for parsing contract specifications in environments that don't have WebAssembly compilers (#1157).
  • Add missing to_muxed and to_muxed_id to Horizon’s PaymentOperationResponse (#1149).
  • Upgrade @stellar/stellar-base dependency to latest version (#1159).

Contributors

@​chadoh @​kknownymouss @​jeesunikim @​kalepail @​Shaptic

Full Changelog: stellar/js-stellar-sdk@v13.1.0...v13.2.0

v13.1.0

v13.1.0

Added

  • Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

  • When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).
  • rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

Contributors

Full Changelog: stellar/js-stellar-sdk@v13.0.0...v13.1.0

v13.0.0

v13.0.0: Protocol 22

This is a direct re-tag of rc.2 with the only change being an upgrade to the stellar-base library to incorporate a patch release. Nonetheless, the entire changelog from the prior major version here is replicated for a comprehensive view on what's broken, added, and fixed.

Breaking Changes

... (truncated)

Changelog

Sourced from stellar-sdk's changelog.

v13.3.0

Added

  • Add includeFailed to PaymentCallBuilder for including failed transactions in calls (#1168).

Fixed

  • Ensure that rpc.Api.GetTransactionsResponse.transactions is always a valid array (#1162).

v13.2.0

Added

  • Support passing in an optional options.address to the contract.Client.deploy method (#1158).

Fixed

  • Extend support for parsing contract specifications in environments that don't have WebAssembly compilers (#1157).
  • Upgraded @stellar/stellar-base dependency to latest version (#1159).

v13.1.0

Added

  • Added Horizon.Server.root to obtain information from the Horizon root endpoint (#1122).

Fixed

  • When using a friendbot that points to a Horizon instance that has ledger metadata disabled, you can no longer extract the account sequence from the response. Instead, we hit RPC directly (#1107).
  • rpc.Server.getEvents() now correctly returns the cursor field at the top-level response (#1124).

v13.0.0

This is a direct re-tag of rc.2 with the only change being an upgrade to the stellar-base library to incorporate a patch release. Nonetheless, the entire changelog from the prior major version here is replicated for a comprehensive view on what's broken, added, and fixed.

Breaking Changes

  • We stopped supporting Node 18 explicitly a while ago, but now the Babelification of the codebase will transform to Node 18 instead of 16.

TypeScript Bindings: the contract module.

  • contract.AssembledTransaction#signAuthEntries now takes an address instead of a publicKey. This brings the API more inline with its actual functionality: It can be used to sign all the auth entries for a particular address, whether that is the address of an account (public key) or a contract. (#1044).
  • The ClientOptions.signTransaction type has been updated to reflect the latest SEP-43 protocol, which matches the latest major version of Freighter and other wallets. It now accepts address, submit, and submitUrl options, and it returns a promise containing the signedTxXdr and the signerAddress. It now also returns an Error type if an error occurs during signing.
    • basicNodeSigner has been updated to reflect this new type.
  • ClientOptions.signAuthEntry type has been updated to reflect the SEP-43 protocol, which returns a promise containing the signerAddress in addition to the signAuthEntry that was returned previously. It also can return an Error type.
  • SentTransaction.init and new SentTransaction now take one (1) argument instead of two (2). The first argument had previously been deprecated and ignored. To update:
-SentTransaction(nonsense, realStuff)
+SentTransaction(realStuff)
-new SentTransaction(nonsense, realStuff)
+new SentTransaction(realStuff)

Server APIs: the rpc and Horizon modules.

  • Deprecated RPC APIs have been removed (#1084):

... (truncated)

Commits
  • b18004c Release v13.3.0 (#1169)
  • 448c27e Add PaymentCallBuilder.includeFailed(boolean) for including failed transact...
  • be5efd9 Coalesce transactions: null into an empty array for getTransactions. (#1162)
  • df4d572 Release v13.2.0 (#1159)
  • 83a3400 Parse Wasm contract spec manually when lacking WebAssembly support (#1157)
  • e211e3d support passing in an optional address to the deploy method (#1158)
  • bb6a32e Bump Node tests to v22, upgrade deps, fix minor Node version breakage (#1151)
  • 20ef5ea update ScSymbol description from spec (#1150)
  • c525195 Add muxed payments support for PaymentOperationResponse type (#1149)
  • 38115a1 chore: use requestAirdrop to fund e2e accounts (#1125)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump axios and stellar-sdk in /react-web
ecfe1bd 
Bumps [axios](https://github.com/axios/axios) and [stellar-sdk](https://github.com/stellar/js-stellar-sdk). These dependencies needed to be updated together.

Updates `axios` from 0.27.2 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.27.2...v1.13.5)

Updates `stellar-sdk` from 10.3.0 to 13.3.0
- [Release notes](https://github.com/stellar/js-stellar-sdk/releases)
- [Changelog](https://github.com/stellar/js-stellar-sdk/blob/master/CHANGELOG.md)
- [Commits](stellar/js-stellar-sdk@v10.3.0...v13.3.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
- dependency-name: stellar-sdk
  dependency-version: 13.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 10, 2026
@dependabot dependabot Bot mentioned this pull request Feb 10, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants