Skip to content

build(deps): bump the prod-deps group with 5 updates#1710

Closed
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/prod-deps-e21b1f26ce
Closed

build(deps): bump the prod-deps group with 5 updates#1710
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/prod-deps-e21b1f26ce

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026
edited
Loading

Bumps the prod-deps group with 5 updates:

Package From To
@storyblok/react 5.4.21 5.4.22
axios 1.13.4 1.13.5
firebase 12.8.0 12.9.0
minimatch 10.1.1 10.1.2
newrelic 13.11.0 13.12.0

Updates @storyblok/react from 5.4.21 to 5.4.22

Release notes

Sourced from @​storyblok/react's releases.

@​storyblok/react@​5.4.22

5.4.22 (2026-02-05)

🧱 Updated Dependencies

  • Updated @​storyblok/js to 4.4.5
Commits

Updates axios from 1.13.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view

Updates firebase from 12.8.0 to 12.9.0

Release notes

Sourced from firebase's releases.

firebase@12.9.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.8.0

Minor Changes

  • 8123231 #9461 - AI Logic: Extend the LiveSession.receive() return types to include a LiveServiceGoingAwayNotice which signifies that the service will soon close the session.

  • f9254b6 #9475 - Remove "preview" tags from code execution and URL context documentation.

  • 2e74329 #9462 - Add params on UsageMetadata that provide cache-related usage data when the implicit caching feature is used.

Patch Changes

  • 691a506 #9469 - Internal: Add tag to log requests made to cloud while in hybrid mode.

firebase@12.9.0

Minor Changes

  • 8123231 #9461 - AI Logic: Extend the LiveSession.receive() return types to include a LiveServiceGoingAwayNotice which signifies that the service will soon close the session.

  • f9254b6 #9475 - Remove "preview" tags from code execution and URL context documentation.

  • 2e74329 #9462 - Add params on UsageMetadata that provide cache-related usage data when the implicit caching feature is used.

  • 08e3acd #9459 - Add support for regexFind and regexFindAll Pipeline expressions.

Patch Changes

@​firebase/firestore@​4.11.0

Minor Changes

  • 08e3acd #9459 - Add support for regexFind and regexFindAll Pipeline expressions.

Patch Changes

... (truncated)

Commits
  • 6f540dd Version Packages (#9481)
  • 988ff56 Merge main into release
  • f9254b6 feat(ai): Remove preview tags from code execution and URL context features (#...
  • 8123231 feat(ai) Live Service Going Away notifications (#9461)
  • 691a506 feat(ai): Add tag to log requests made to cloud models while in hybrid mode (...
  • 65a553b fix(firestore): log a warning when databaseId is not found (#9472)
  • 2e74329 feat(ai): implicit caching feature (#9462)
  • c4a3a56 test(firestore): silence stack trace output from run_tests.ts (#9454)
  • f9aaeca test(firestore): Accept grep as an argument to run_tests.ts (#9452)
  • 08e3acd feat(firestore): add support for regexFind and regexFindAll (#9459)
  • Additional commits viewable in compare view

Updates minimatch from 10.1.1 to 10.1.2

Commits

Updates newrelic from 13.11.0 to 13.12.0

Release notes

Sourced from newrelic's releases.

v13.12.0

Features

  • Added instrumentation support for @langchain/langgraph (#3645) (f339675)
  • Added timestamp to LlmChatCompletionSummary messages
    • Added timestamp to AWS Bedrock LlmChatCompletionSummary (#3702) (430d1dd)
    • Added timestamp to Google Gen AI LlmChatCompletionSummary (#3690) (7748e26)
    • Added timestamp to LangChain LlmChatCompletionSummary (#3701) (7472118)
  • Added compact mode for span links (#3681) (6ff6961)

Bug fixes

  • Updated langchain tool instrumentation to properly redefine the segment name on every call (#3691) (4df6068)

Documentation

Support statement:

We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date. (https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/update-new-relic-agent/)

See the New Relic Node.js agent EOL policy for information about agent releases and support dates. (https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/nodejs-agent-eol-policy/)

Changelog

Sourced from newrelic's changelog.

{ "repository": "newrelic/node-newrelic", "entries": [ { "version": "13.12.0", "changes": { "security": [], "bugfixes": [ "Updated langchain tool instrumentation to properly redefine the segment name on every call" ], "features": [ "Added instrumentation support for @langchain/langgraph", "Added compact mode for span links", "Added timestamp to AWS Bedrock LlmChatCompletionSummary", "Added timestamp to LangChain LlmChatCompletionSummary", "Added timestamp to Google Gen AI LlmChatCompletionSummary" ] } }, { "version": "13.11.0", "changes": { "security": [], "bugfixes": [ "Added defensive code in lib/subscribers/middleware-wrapper.js to prevent crash when attempting to associate an error on an incoming http request", "Updated pg instrumentation to properly capture the TraceSegment duration for promise based queries", "Updated Supportability/Nodejs/PartialGranularity/NrIds/Dropped metric to only keep track of spans that got dropped when nr.ids execeeded 63 spans." ], "features": [ "Added timestamp to OpenAI LlmChatCompletionSummary", "Added timestamp to LangChain input LlmChatCompletionMessage", "Added timestamp to Google Gen AI LlmChatCompletionMessage", "Added timestamp to AWS Bedrock LlmChatCompletionMessage", "Added essential tracing mode for span links" ] } }, { "version": "13.10.0", "changes": { "security": [], "bugfixes": [ "Updated OpenAI instrumentation to properly parse headers when a call fails" ], "features": [ "Add timestamp to OpenAI input LlmChatCompletionMessage", "Added reduced tracing mode for span links" ] } },

... (truncated)

Commits
  • 04f77ee chore: release v13.12.0 (#3704)
  • f339675 feat: Add instrumentation support for @langchain/langgraph (#3645)
  • 6ff6961 feat: Added compact mode for span links (#3681)
  • 430d1dd feat: Added timestamp to AWS Bedrock LlmChatCompletionSummarys (#3702)
  • 7472118 feat: Added timestamp to LangChain LlmChatCompletionSummary (#3701)
  • 7748e26 feat: Added timestamp to Google Gen AI LlmChatCompletionSummary (#3690)
  • 4df6068 fix: Updated langchain tool instrumentation to properly redefine the segment ...
  • 40b6b81 docs: Updated compatibility report (#3699)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the prod-deps group with 5 updates
0ca8d1b 
Bumps the prod-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@storyblok/react](https://github.com/storyblok/monoblok/tree/HEAD/packages/react) | `5.4.21` | `5.4.22` |
| [axios](https://github.com/axios/axios) | `1.13.4` | `1.13.5` |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `12.8.0` | `12.9.0` |
| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.1.2` |
| [newrelic](https://github.com/newrelic/node-newrelic) | `13.11.0` | `13.12.0` |


Updates `@storyblok/react` from 5.4.21 to 5.4.22
- [Release notes](https://github.com/storyblok/monoblok/releases)
- [Commits](https://github.com/storyblok/monoblok/commits/@storyblok/react@5.4.22/packages/react)

Updates `axios` from 1.13.4 to 1.13.5
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.4...v1.13.5)

Updates `firebase` from 12.8.0 to 12.9.0
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@12.8.0...firebase@12.9.0)

Updates `minimatch` from 10.1.1 to 10.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v10.1.1...v10.1.2)

Updates `newrelic` from 13.11.0 to 13.12.0
- [Release notes](https://github.com/newrelic/node-newrelic/releases)
- [Changelog](https://github.com/newrelic/node-newrelic/blob/main/changelog.json)
- [Commits](newrelic/node-newrelic@v13.11.0...v13.12.0)

---
updated-dependencies:
- dependency-name: "@storyblok/react"
  dependency-version: 5.4.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: firebase
  dependency-version: 12.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: minimatch
  dependency-version: 10.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: newrelic
  dependency-version: 13.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Updates a dependency file javascript Pull requests that update Javascript code labels Feb 9, 2026
@vercel
Copy link

vercel bot commented Feb 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
bloom-frontend Ready Ready Preview, Comment Feb 9, 2026 9:28am

Request Review

@cypress
Copy link

cypress bot commented Feb 9, 2026

Bloom frontend    Run #1508

Run Properties:  status check passed Passed #1508  •  git commit 0ca8d1bfa6: build(deps): bump the prod-deps group with 5 updates
Project Bloom frontend
Branch Review dependabot/npm_and_yarn/prod-deps-e21b1f26ce
Run status status check passed Passed #1508
Run duration 04m 16s
Commit git commit 0ca8d1bfa6: build(deps): bump the prod-deps group with 5 updates
Committer dependabot[bot]
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 12
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 102
⚠️ You've recorded test results over your free plan limit.
Upgrade your plan to view test results.
View all changes introduced in this branch ↗︎

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 16, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Feb 16, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/prod-deps-e21b1f26ce branch February 16, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@annarhughes annarhughes

Labels

dependencies Updates a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@annarhughes