chore(deps): bump the quotes-frontend-pnpm group in /quotes-frontend with 9 updates

[dependabot]

Bumps the quotes-frontend-pnpm group in /quotes-frontend with 9 updates:

Package	From	To
axios	1.13.2	1.13.5
next	16.0.10	16.1.6
pino	10.2.1	10.3.1
@eslint/eslintrc	3.3.3	3.3.4
@tailwindcss/postcss	4.1.18	4.2.1
@types/node	25.0.10	25.3.0
eslint	9.39.2	10.0.2
eslint-config-next	16.0.10	16.1.6
tailwindcss	4.1.18	4.2.1

Updates axios from 1.13.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates pino from 10.2.1 to 10.3.1

Release notes

Sourced from pino's releases.

v10.3.1

What's Changed

• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in pinojs/pino#2385
• build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 by @​dependabot[bot] in pinojs/pino#2386
• docs: clarify transport level filtering behavior by @​mcollina in pinojs/pino#2390
• fix(transport): sanitize invalid NODE_OPTIONS preloads for workers by @​mcollina in pinojs/pino#2391

Full Changelog: pinojs/pino@v10.3.0...v10.3.1

v10.3.0

What's Changed

• feat: improve the return type of multistream().clone() by @​mrazauskas in pinojs/pino#2377
• feat: set worker thread name for transport identification by @​mcollina in pinojs/pino#2380

Full Changelog: pinojs/pino@v10.2.1...v10.3.0

Commits

• 6b34498 Bumped v10.3.1
• f1203e6 fix(transport): sanitize invalid NODE_OPTIONS preloads for workers (#2391)
• 6a8e598 docs: clarify transport level filtering behavior (#2390)
• 49a4807 Merge branch 'main' of github.com:pinojs/pino
• 960bbbb build(deps-dev): bump eslint-plugin-n from 17.23.1 to 17.23.2 (#2386)
• e2a5b4a build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2385)
• 04859e2 chore: update gitignore for ai assistant files
• d6adf03 Bumped v10.3.0
• 06d55b1 feat: set worker thread name for transport identification (#2380)
• a728702 fix: fix multistream().clone() return type (#2377)
• See full diff in compare view

Updates @eslint/eslintrc from 3.3.3 to 3.3.4

Release notes

Sourced from @​eslint/eslintrc's releases.

eslintrc: v3.3.4

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Changelog

Sourced from @​eslint/eslintrc's changelog.

3.3.4 (2026-02-22)

Bug Fixes

• update ajv to 6.14.0 to address security vulnerabilities (#221) (9139140)
• update minimatch to 3.1.3 to address security vulnerabilities (#224) (30339d0)

Commits

• 4c45e24 chore: release 3.3.4 🚀 (#223)
• 30339d0 fix: update minimatch to 3.1.3 to address security vulnerabilities (#224)
• 9139140 fix: update ajv to 6.14.0 to address security vulnerabilities (#221)
• 245ada5 docs: Update README sponsors
• 78b1a0e docs: Update README sponsors
• df32fff docs: Update README sponsors
• a62f7f5 docs: Update README sponsors
• 84a32c5 docs: Update README sponsors
• 7ab5635 docs: Update README sponsors
• 5e8a153 docs: Update README sponsors
• Additional commits viewable in compare view

Updates @tailwindcss/postcss from 4.1.18 to 4.2.1

Release notes

Sourced from @​tailwindcss/postcss's releases.

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Changelog

Sourced from @​tailwindcss/postcss's changelog.

[4.2.1] - 2026-02-23

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

[4.2.0] - 2026-02-18

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (#19525)
• Align @utility name validation with Oxide scanner rules (#19524)
• Fix infinite loop when using @variant inside @custom-variant (#19633)
• Allow multiples of .25 in aspect-* fractions (e.g. aspect-8.5/11) (#19688)
• Ensure changes to external files listed via @source trigger a full page reload when using @tailwindcss/vite (#19670)
• Improve performance of Oxide scanner in bigger projects by reducing file system walks (#19632)
• Ensure import aliases in Astro v5 work without crashing when using @tailwindcss/vite (#19677)
• Allow escape characters in @utility names to improve support with formatters such as Biome (#19626)
• Fix incorrect canonicalization results when canonicalizing multiple times (#19675)
• Add .jj to default ignored content directories (#19687)

Deprecated

• Deprecate start-* and end-* utilities in favor of inset-s-* and inset-e-* utilities (#19613)

Commits

• 1dce64e 4.2.1 (#19714)
• 1b16411 4.2.0 (#19695)
• d9fff9f docs: update package README CI badge to main (#19692)
• 8ed67bf Fix Tailwind CSS package README GitHub links (#19644)
• 1638f35 Bump dependencies (#19608)
• bccf4bb Add @​tailwindcss/webpack loader for Tailwind CSS v4 (#19610)
• 8d5e955 Update dedent 1.7.0 → 1.7.1 (patch) (#19484)
• See full diff in compare view

Updates @types/node from 25.0.10 to 25.3.0

Commits

• See full diff in compare view

Updates eslint from 9.39.2 to 10.0.2

Release notes

Sourced from eslint's releases.

v10.0.2

Bug Fixes

• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537) (루밀LuMir)

Documentation

• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548) (Mike McCready)
• 98cbf6b docs: update migration guide per Program range change (#20534) (Huáng Jùnliàng)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533) (Abilash)

Chores

• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553) (renovate[bot])
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536) (Milos Djermanovic)

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: update error message for unused suppressions (#20496) (fnx)
• 38b089c fix: update dependency @​eslint/config-array to ^0.23.1 (#20484) (renovate[bot])

Documentation

• 5b3dbce docs: add AI acknowledgement section to templates (#20431) (루밀LuMir)
• 6f23076 docs: toggle nav in no-JS mode (#20476) (Tanuj Kanti)
• b69cfb3 docs: Update README (GitHub Actions Bot)

Chores

• e5c281f chore: updates for v9.39.3 release (Jenkins)
• 8c3832a chore: update @​typescript-eslint/parser to ^8.56.0 (#20514) (Milos Djermanovic)
• 8330d23 test: add tests for config-api (#20493) (Milos Djermanovic)
• 37d6e91 chore: remove eslint v10 prereleases from eslint-config-eslint deps (#20494) (Milos Djermanovic)
• da7cd0e refactor: cleanup error message templates (#20479) (Francesco Trotta)
• 84fb885 chore: package.json update for @​eslint/js release (Jenkins)
• 1f66734 chore: add eslint to peerDependencies of @eslint/js (#20467) (Milos Djermanovic)

v10.0.0

Breaking Changes

• f9e54f4 feat!: estimate rule-tester failure location (#20420) (ST-DDT)
• a176319 feat!: replace chalk with styleText and add color to ResultsMeta (#20227) (루밀LuMir)
• c7046e6 feat!: enable JSX reference tracking (#20152) (Pixel998)
• fa31a60 feat!: add name to configs (#20015) (Kirk Waiblinger)
• 3383e7e fix!: remove deprecated SourceCode methods (#20137) (Pixel998)
• 501abd0 feat!: update dependency minimatch to v10 (#20246) (renovate[bot])
• ca4d3b4 fix!: stricter rule tester assertions for valid test cases (#20125) (唯然)
• 96512a6 fix!: Remove deprecated rule context methods (#20086) (Nicholas C. Zakas)
• c69fdac feat!: remove eslintrc support (#20037) (Francesco Trotta)
• 208b5cc feat!: Use ScopeManager#addGlobals() (#20132) (Milos Djermanovic)
• a2ee188 fix!: add uniqueItems: true in no-invalid-regexp option (#20155) (Tanuj Kanti)
• a89059d feat!: Program range span entire source text (#20133) (Pixel998)
• 39a6424 fix!: assert 'text' is a string across all RuleFixer methods (#20082) (Pixel998)
• f28fbf8 fix!: Deprecate "always" and "as-needed" options of the radix rule (#20223) (Milos Djermanovic)

... (truncated)

Commits

• 55122d6 10.0.2
• 80f1e29 Build: changelog update for 10.0.2
• 951223b chore: update dependency @​eslint/eslintrc to ^3.3.4 (#20553)
• 13eeedb docs: link rule type explanation to CLI option --fix-type (#20548)
• 6aa1afe chore: update dependency eslint-plugin-jsdoc to ^62.7.0 (#20536)
• 2b72361 fix: update ajv to 6.14.0 to address security vulnerabilities (#20537)
• 98cbf6b docs: update migration guide per Program range change (#20534)
• 61a2405 docs: add missing semicolon in vars-on-top rule example (#20533)
• 0bd5497 10.0.1
• ddb80ef Build: changelog update for 10.0.1
• Additional commits viewable in compare view

Updates eslint-config-next from 16.0.10 to 16.1.6

Release notes

Sourced from eslint-config-next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• acba4a6 v16.1.5
• 60de6c2 v16.1.4
• f01cf07 v16.1.3
• cb436b3 v16.1.2
• 3aa5398 v16.1.1
• 3491676 v16.1.0
• 58e8f8c v16.1.0-canary.34
• 3284587 v16.1.0-canary.33
• 04290ab v16.1.0-canary.32
• Additional commits viewable in compare view

Updates tailwindcss from 4.1.18 to 4.2.1

Release notes

Sourced from tailwindcss's releases.

v4.2.1

Fixed

• Allow trailing dash in functional utility names for backwards compatibility (#19696)
• Properly detect classes containing . characters within curly braces in MDX files (#19711)

v4.2.0

Added

• Add mauve, olive, mist, and taupe color palettes to the default theme (#19627)
• Add @tailwindcss/webpack package to run Tailwind CSS as a webpack plugin (#19610)
• Add pbs-* and pbe-* utilities for padding-block-start and padding-block-end (#19601)
• Add mbs-* and mbe-* utilities for margin-block-start and margin-block-end (#19601)
• Add scroll-pbs-* and scroll-pbe-* utilities for scroll-padding-block-start and scroll-padding-block-end (#19601)
• Add scroll-mbs-* and scroll-mbe-* utilities for scroll-margin-block-start and scroll-margin-block-end (#19601)
• Add border-bs-* and border-be-* utilities for border-block-start and border-block-end (#19601)
• Add inline-*, min-inline-*, max-inline-* utilities for inline-size, min-inline-size, and max-inline-size (#19612)
• Add block-*, min-block-*, max-block-* utilities for block-size, min-block-size, and max-block-size (#19612)
• Add inset-s-*, inset-e-*, inset-bs-*, inset-be-* utilities for inset-inline-start, inset-inline-end, inset-block-start, and inset-block-end (#19613)
• Add font-features-* utility for font-feature-settings (#19623)

Fixed

• Prevent double @supports wrapper for color-mix values (#19450)
• Allow whitespace around @source inline() argument (#19461)
• Emit comment when source maps are saved to files when using @tailwindcss/cli (#19447)
• Detect utilities containing capital letters followed by numbers (#19465)
• Fix class extraction for Rails' strict locals (