build(deps): bump the dependencies group with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates:

Package	From	To
axios	1.13.6	1.14.0
multer	1.4.5-lts.2	2.1.1
redis	4.7.1	5.11.0
uuid	9.0.1	13.0.0
jest	29.7.0	30.3.0

Updates axios from 1.13.6 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

• Runtime Features: No new end-user features were introduced in this release.
• Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

• Headers: Trim trailing CRLF in normalised header values. (#7456)
• HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
• Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
• Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
• CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

• Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
• Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
• Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
• Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​aviu16 (#7456)
• @​NETIZEN-11 (#7460)
• @​fedotov (#7457)
• @​nthbotast (#7478)
• @​veeceey (#7398)
• @​penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

Commits

• 46bee3d chore(release): prepare release 1.14.0 (#10563)
• 518aff5 chore: add AI Moderator workflow for spam detection (#10551)
• b7dfda3 chore(sponsor): update sponsor block (#10557)
• 9aa34d5 fix: updated release flow to match the current flows (#10562)
• e9e5ebe Update packages to latest version (#10556)
• 4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
• 3a6f5c1 chore(deps-dev): bump @​babel/preset-env (#7531)
• bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
• d6dcbfd fix: dependabot uses the correct labels (#7530)
• 5dd7ba7 chore: upgrade to latest ts (#7522)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates multer from 1.4.5-lts.2 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

• chore: add node version to 25.x in CI by @​imangas in expressjs/multer#1372
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @​dependabot[bot] in expressjs/multer#1378
• chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/multer#1377
• chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @​dependabot[bot] in expressjs/multer#1376
• chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @​dependabot[bot] in expressjs/multer#1375
• chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @​dependabot[bot] in expressjs/multer#1374
• fix error/abort handling by @​ctcpip in expressjs/multer#1373
• 2.1.1 by @​UlisesGascon in expressjs/multer#1380

New Contributors

• @​imangas made their first contribution in expressjs/multer#1372
• @​dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

v2.1.0

Important

• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

What's Changed

• chore: add funding to package.json by @​bjohansebas in expressjs/multer#1346
• chore: drop mkdirp dependency by @​wojtekmaj in expressjs/multer#1350
• chore: drop object-assign dependency by @​wojtekmaj in expressjs/multer#1351
• chore: drop xtend dependency by @​wojtekmaj in expressjs/multer#1352
• chore(gitignore): ignore .nyc_output directory by @​ShubhamOulkar in expressjs/multer#1332
• Fix typo in README-vi.md regarding file upload by @​Kunniii in expressjs/multer#1366
• Fix typo in README-pt-br.md for array method by @​matheushbm192 in expressjs/multer#1367
• headers-support-utf8 by @​Doc999tor in expressjs/multer#1210
• Add Turkish translation (README-tr.md) by @​Sabandogan in expressjs/multer#1360
• Release: 2.1.0 by @​UlisesGascon in expressjs/multer#1371

New Contributors

• @​wojtekmaj made their first contribution in expressjs/multer#1350
• @​ShubhamOulkar made their first contribution in expressjs/multer#1332
• @​Kunniii made their first contribution in expressjs/multer#1366
• @​matheushbm192 made their first contribution in expressjs/multer#1367
• @​Doc999tor made their first contribution in expressjs/multer#1210
• @​Sabandogan made their first contribution in expressjs/multer#1360

Full Changelog: expressjs/multer@v2.0.2...v2.1.0

... (truncated)

Changelog

Sourced from multer's changelog.

2.1.1

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)
• fix error/abort handling

2.1.0

• Add defParamCharset option for UTF-8 filename support (#1210)
• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

2.0.2

• Fix CVE-2025-7338 (GHSA-fjgf-rc76-4x9p)

2.0.1

• Fix CVE-2025-48997 (GHSA-g5hg-p3ph-g8qg)

2.0.0

• Breaking change: The minimum supported Node version is now 10.16.0
• Fix CVE-2025-47935 (GHSA-44fp-w29j-9vj5)
• Fix CVE-2025-47944 (GHSA-4pg4-qvpc-4q3h)

Commits

• 368c8a1 2.1.1 (#1380)
• 7e66481 🐛 fix recursion issue
• 643571e ✅ add explicit test for client able to send body without abrupt disconnect
• e86fa52 fix error/abort handling
• ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
• 13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
• bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
• c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
• fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
• 17d7f51 chore: add node version to 25.x in CI
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for multer since your current version.

Updates redis from 4.7.1 to 5.11.0

Release notes

Sourced from redis's releases.

[email protected]

5.11.0 Release Changelog

🌟 Highlights

Smart Client Handoffs for Enterprise OSS API (Pending a Redis Enterprise version release)

This release introduces support for Redis Enterprise Cluster maintenance notifications via SMIGRATING/SMIGRATED push notifications. The client now automatically handles slot migrations by:

• Relaxing timeouts during migration (SMIGRATING) to prevent false failures
• Automatic slot handoff when completed (SMIGRATED)
• Enabling seamless operations during Redis Enterprise maintenance windows

Redis 8.6 Support

This release adds support for Redis 8.6 features:

• XADD idempotency options (IDMPAUTO, IDMP, and policy) - Prevent duplicate entries by tracking producer and message IDs
• XCFGSET command - Configure per-stream idempotency parameters (IDMP_DURATION, IDMP_MAXSIZE)
• XINFO STREAM enhancements - New idempotency tracking fields (idmp-duration, idmp-maxsize, pids-tracked, iids-tracked, iids-added, iids-duplicates)
• HOTKEYS command family (START, STOP, GET, RESET) - Track and identify hot keys by CPU time and network bytes

---

🚀 New Features

• feat(cluster): smart client handoffs OSS (hitless upgrades) by @​nkaradzhov in redis/node-redis#3142
• feat(client): add VRANGE command for vector sets by @​nkaradzhov in redis/node-redis#3158
• feat(client): add HOTKEYS command for hotkey tracking by @​nkaradzhov in redis/node-redis#3164
• feat(client): add XCFGSET command for stream idempotency configuration by @​nkaradzhov in redis/node-redis#3163
• feat(client): add XADD idempotency options (IDMPAUTO, IDMP) and policy by @​nkaradzhov in redis/node-redis#3161
• feat(client): add idempotency fields to XINFO STREAM response by @​nkaradzhov in redis/node-redis#3162
• feat(time-series): add NaN support and new aggregation types by @​PavelPashov in redis/node-redis#3167
• feat(client): add local digest helper for CAS/CAD operations by @​PavelPashov in redis/node-redis#3154
• feat(search): support indexing same field multiple times with different configurations by @​nkaradzhov in redis/node-redis#3157
• feat(sentinel): implement nodeAddressMap for sentinel by @​elimelt in redis/node-redis#3145
• feat(test-utils): add testAllAuto method for automatic cluster test generation by @​bobymicroby in redis/node-redis#3148
• Add socket.servname property to createClient configuration by @​itrich in redis/node-redis#3165

---

🐛 Bug Fixes

• fix(client): Support IPv6 literals in URL by @​TimWolla in redis/node-redis#3176
• fix(client): return Promise consistently in cluster functions by @​orgads in redis/node-redis#3159
• fix(search): improve FT.HYBRID command implementation by @​PavelPashov in redis/node-redis#3171
• fix(pool): cannot read private member by @​Eomm in redis/node-redis#3151
• fix: unwrap constructors to primitives in type mapping by @​watersRand in redis/node-redis#3174

---

📚 Documentation & Testing

• docs: correct CAS/CAD parameter name and update example by @​PavelPashov in redis/node-redis#3156
• docs(token-manager): Correct documentation for jitterPercentage by @​dubek in redis/node-redis#3153
• tests: fix flaky timeout assertion in maintenance notification test by @​kiryazovi-redis in redis/node-redis#3143
• tests: add TLS connection tests by @​PavelPashov in redis/node-redis#3166
• tests: add mocha multi-reporters and junit reporter support by @​bobymicroby in redis/node-redis#3138
• refactor(test-utils): use separate redis-tag and redis-version CLI arguments by @​nkaradzhov in redis/node-redis#3169
• Hotkeys Adjustments by @​nkaradzhov in redis/node-redis#3173

New Contributors

• @​kiryazovi-redis made their first contribution in redis/node-redis#3143
• @​elimelt made their first contribution in redis/node-redis#3145
• @​dubek made their first contribution in redis/node-redis#3153
• @​itrich made their first contribution in redis/node-redis#3165

... (truncated)

Commits

• b6ff05f Release [email protected]
• c1d1151 Release [email protected]
• b15ee1c Release [email protected]
• b6df398 Release [email protected]
• 410490f Release [email protected]
• f7f2139 Release [email protected]
• 27e49d7 Release [email protected]
• 09c2020 feat(cluster): smart client handoffs oss (hitless upgrades) (#3142)
• 7f256b0 fix: unwrap constructors to primitives in type mapping (#3174)
• 8d07299 tests: add mocha multi-reporters and junit reporter support (#3138)
• Additional commits viewable in compare view

Updates uuid from 9.0.1 to 13.0.0

Release notes

Sourced from uuid's releases.

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

v12.0.0

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to [email protected] (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to [email protected] (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

v11.1.0

11.1.0 (2025-02-19)

Features

• update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

v11.0.5

11.0.5 (2025-01-09)

Bug Fixes

• add TS unit test, pin to [email protected] (#860) (24ac2fd)

... (truncated)

Changelog

Sourced from uuid's changelog.

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to [email protected] (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to [email protected] (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

Features

• update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

11.0.5 (2025-01-09)

Bug Fixes

• add TS unit test, pin to [email protected] (#860) (24ac2fd)

11.0.4 (2025-01-05)

... (truncated)

Commits

• 24c1238 chore(main): release 13.0.0 (#902)
• bce9d72 fix!: make browser exports the default (#901)
• 7844bc2 chore(main): release 12.0.0 (#880)
• a2b4603 chore: npm run docs (#898)
• 744a4a8 docs: add motivation for dropping CJS support (#897)
• 3c9acd5 docs: fix CHANGELOG links. fixes #871 (#896)
• 5fd974c fix: improve v4() performance (#894)
• 330ee3b chore: minor example and benchmark cleanup (#893)
• caea889 chore: fix bug report form
• e1f42a3 fix: restore node: prefix (#889)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by broofa, a new releaser for uuid since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates jest from 29.7.0 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

... (truncated)

Changelog

Sourced from jest's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

... (truncated)

Commits

• efb59c2 v30.3.0
• 96c53d3 feat(jest-config): add defineConfig and mergeConfig functions (#15844)
• 855864e v30.2.0
• da9b532 v30.1.3
• ebfa31c v30.1.2
• d347c0f v30.1.1
• 4d5f41d v30.1.0
• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions