fix(deps): update npm - - package.json

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
@aws-sdk/credential-providers (source)	^3.980.0 → ^3.985.0			dependencies	minor	3.988.0 (+2)
@babel/core (source)	^7.28.6 → ^7.29.0			devDependencies	patch
@esbuild/darwin-arm64	^0.27.2 → ^0.27.3			optionalDependencies	patch
@esbuild/darwin-x64	^0.27.2 → ^0.27.3			optionalDependencies	patch
@esbuild/linux-x64	0.27.2 → 0.27.3			optionalDependencies	patch
@esbuild/win32-x64	0.27.2 → 0.27.3			optionalDependencies	patch
@types/node (source)	^22.19.7 → ^22.19.10			devDependencies	patch	22.19.11
@vitejs/plugin-react (source)	^5.1.2 → ^5.1.3			devDependencies	patch	5.1.4
axios (source)	^1.13.4 → ^1.13.5			dependencies	patch
cypress (source)	^15.9.0 → ^15.10.0			devDependencies	minor
mongo	606f8e0 → 6159d78				digest
node	c028001 → 94a5714			final	digest
node	c028001 → 94a5714			stage	digest
openid-client	^6.8.1 → ^6.8.2			dependencies	patch

---

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/credential-providers)

v3.985.0

Compare Source

3.985.0(2026-02-06)

Chores

• codegen: generate caret versions for aws-sdk dependencies (#​7714) (5682d095)

New Features

• client-bedrock-data-automation-runtime: Add OutputConfiguration to InvokeDataAutomation input and output to support S3 output (72c126f0)
• client-deadline: Adds support for tagging jobs during job creation (444dcec9)
• client-sagemaker: Adding g7e instance support in Sagemaker Training (01f57c15)
• client-partnercentral-selling: Releasing AWS Opportunity Snapshots for SDK release. (9b27cd2b)
• client-iot-managed-integrations: Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors. (f683f7b9)

Bug Fixes

• core/protocols: nested Error objects in REST XML (#​7717) (2c0d671f)

Tests

• client-glacier: remove glacier features test (#​7716) (ae84a8cd)

---

For list of updated packages, view updated-packages.md in assets-3.985.0.zip

v3.984.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

v3.983.0

Compare Source

3.983.0(2026-02-04)

Chores

• dynamodb-codec: remove peer dependency on client (#​7711) (3116b7d1)

Documentation Changes

• client-eks: Update delete cluster description (f92e1d60)
• client-redshift: We have increased the maximum duration for a deferred maintenance window from 45 days to 60 days for Amazon Redshift provisioned clusters. This enhancement provides customers with greater flexibility in scheduling patching and maintenance activities while also maintaining security compliance. (78cd18f3)

New Features

• client-workspaces-web: Support for configuring and managing custom domain names for WorkSpaces Secure Browser portals. (afd41b46)
• client-connectcases: Amazon Connect Cases now supports larger, multi-line text fields with up to 4,100 characters. Administrators can use the Admin UI to select the appropriate configuration (single-line or multi-line) on a per-field basis, improving case documentation capabilities. (69bec694)
• client-medialive: AWS Elemental MediaLive now supports SRT listener mode for inputs and outputs, in addition to the existing SRT caller mode. (25287d4b)
• client-bedrock-runtime: Added support for structured outputs to Converse and ConverseStream APIs. (ff529d7e)

---

For list of updated packages, view updated-packages.md in assets-3.983.0.zip

v3.982.0

Compare Source

Note: Version bump only for package @​aws-sdk/credential-providers

evanw/esbuild (@​esbuild/darwin-arm64)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

cypress-io/cypress (cypress)

v15.10.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

panva/openid-client (openid-client)

v6.8.2

Compare Source

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	9bfc238
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/698d39a93d254500086a90f9

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.25%. Comparing base (2351fa2) to head (9bfc238).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1379   +/-   ##
=======================================
  Coverage   81.25%   81.25%           
=======================================
  Files          65       65           
  Lines        4657     4657           
  Branches      792      792           
=======================================
  Hits         3784     3784           
  Misses        858      858           
  Partials       15       15           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.