Skip to content

chore: batch dependabot updates 2026-05-15#1028

Merged
svidgen merged 23 commits into
mainfrom
chore/dependabot-batch-2026-05-15
May 20, 2026
Merged

chore: batch dependabot updates 2026-05-15#1028
svidgen merged 23 commits into
mainfrom
chore/dependabot-batch-2026-05-15

Conversation

@svidgen

@svidgen svidgen commented May 16, 2026

Copy link
Copy Markdown
Member

Batch Dependabot Updates

This PR consolidates the following dependabot dependency updates:

  • ✅ axios 1.16.0
  • ✅ uuid 14.0.0 (packages/amplify-codegen-e2e-core)
  • ✅ uuid 14.0.0 (root)
  • ✅ follow-redirects 1.16.0
  • ✅ brace-expansion 1.1.14
  • ✅ basic-ftp 5.2.2
  • ✅ lodash 4.18.1
  • ✅ lodash-es 4.18.1
  • ✅ flatted 3.4.2
  • ✅ yauzl 3.2.1
  • ✅ tar 7.5.11

All 11 branches merged successfully. Lock file conflicts (yarn.lock) were resolved by accepting the incoming version.

Skipped (non-trivial conflicts)

None

dependabot Bot and others added 21 commits March 11, 2026 21:29
@dependabot
build(deps): bump tar from 7.5.10 to 7.5.11
9273847 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.10 to 7.5.11.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.10...v7.5.11)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump yauzl from 3.2.0 to 3.2.1
764195e 
Bumps [yauzl](https://github.com/thejoshwolfe/yauzl) from 3.2.0 to 3.2.1.
- [Commits](thejoshwolfe/yauzl@3.2.0...3.2.1)

---
updated-dependencies:
- dependency-name: yauzl
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump flatted from 3.3.2 to 3.4.2
f74f7f2 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.2 to 3.4.2.
- [Commits](WebReflection/flatted@v3.3.2...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump lodash-es from 4.17.23 to 4.18.1
38b1ebd 
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash-es
  dependency-version: 4.18.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump basic-ftp from 5.2.0 to 5.2.2
efdc476 
Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.2.2.
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.2.0...v5.2.2)

---
updated-dependencies:
- dependency-name: basic-ftp
  dependency-version: 5.2.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump lodash from 4.17.23 to 4.18.1
29e807d 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 4.18.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump brace-expansion from 1.1.12 to 1.1.14
2016880 
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.14.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@v1.1.12...v1.1.14)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump follow-redirects from 1.15.11 to 1.16.0
38e7961 
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump uuid from 7.0.1 to 14.0.0
997a24a 
Bumps [uuid](https://github.com/uuidjs/uuid) from 7.0.1 to 14.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v7.0.1...v14.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump uuid in /packages/amplify-codegen-e2e-core
9949a18 
Bumps [uuid](https://github.com/uuidjs/uuid) from 7.0.1 to 14.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v7.0.1...v14.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
build(deps): bump axios from 1.15.0 to 1.16.0
1a4f256 
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/packages…
d25391d 
…/amplify-codegen-e2e-core/uuid-14.0.0' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/uuid-14.…
c1ead2b 
…0.0' into chore/dependabot-batch-2026-05-15

# Conflicts:
#	yarn.lock
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/follow-r…
ac5c199 
…edirects-1.16.0' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/brace-ex…
2c75543 
…pansion-1.1.14' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/basic-ft…
313e177 
…p-5.2.2' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-4…
9b9dfb1 
….18.1' into chore/dependabot-batch-2026-05-15

# Conflicts:
#	yarn.lock
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/lodash-e…
41354b3 
…s-4.18.1' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/flatted-…
acb8523 
…3.4.2' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/yauzl-3.…
ed25503 
…2.1' into chore/dependabot-batch-2026-05-15
@svidgen
Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/tar-7.5.…
db78507 
…11' into chore/dependabot-batch-2026-05-15
@svidgen svidgen requested a review from a team as a code owner May 16, 2026 00:52
@svidgen svidgen requested a review from a team as a code owner May 16, 2026 02:23
@svidgen svidgen merged commit 6783a08 into main May 20, 2026
4 checks passed
@svidgen svidgen deleted the chore/dependabot-batch-2026-05-15 branch May 20, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarayev sarayev sarayev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@svidgen @sarayev