Bump the dependencies group with 18 updates

[dependabot]

Bumps the dependencies group with 18 updates:

Package	From	To
@vitest/coverage-v8	4.1.4	4.1.5
npm-check-updates	21.0.2	22.0.1
typescript-eslint	8.58.2	8.59.0
vitest	4.1.4	4.1.5
dockerode	4.0.10	5.0.0
undici	7.24.7	8.1.0
@azure/cosmos	4.9.2	4.9.3
@azure/storage-blob	12.29.1	12.31.0
@azure/storage-queue	12.28.1	12.29.0
@clickhouse/client	1.18.2	1.18.3
msw	2.13.4	2.13.6
@kurrent/kurrentdb-client	1.1.1	1.1.2
@aws-sdk/client-s3	3.1032.0	3.1037.0
mariadb	3.4.5	3.5.2
mongoose	9.4.1	9.5.0
mssql	12.3.1	12.5.0
mysql2	3.22.1	3.22.2
toxiproxy-node-client	4.0.0	4.1.0

Updates @vitest/coverage-v8 from 4.1.4 to 4.1.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• e399846 chore: release v4.1.5
• See full diff in compare view

Updates npm-check-updates from 21.0.2 to 22.0.1

Release notes

Sourced from npm-check-updates's releases.

v22.0.1

What's Changed

• fix: suppress cooldown config log messages when JSON output is active by @​Copilot in raineorshine/npm-check-updates#1692

Full Changelog: raineorshine/npm-check-updates@v22.0.0...v22.0.1

v22.0.0

Breaking Changes

--cooldown now falls back to the greatest non-prerelease version rather than skipping the upgrade entirely when the latest version falls within the cooldown window.

• This only affects --cooldown (or inferred cooldown from min-release-age/minimumReleaseAge/npmMinimalAgeGate).
• This only affects --target latest (which is the default).

⚠️ WARNING

In rare circumstances, it is now possible for ncu --cooldown 10 to install a version that was never published to latest. This is because the npm registry does not store a history of versions published to the latest dist-tag. It is impossible to fall back to an earlier latest version, because there is no record of it. However, we do have a list of all published versions, and it's likely that a boring version like 1.0.1 was published to latest at some point. Versions like 1.0.1-pre.0, 1.0.1-beta, 1.0.1-build.58157394, etc will be ignored, as you would expect.

While npm-check-updates typically takes a conservative approach to version upgrades, following semver exactly and only upgrading to the latest version, falling back to the highest version outside the cooldown window is clearly the more intuitive behavior, and this outweighs the few cases where the results would be undesirable. The discussion in #1556 and the large amount of confusion since the initial release of --cooldown attest to this.

How to opt out of the new behavior

You can opt out of the new behavior by using --target "@latest". This forces a strict upgrade (or downgrade) to the latest tag only, without any fallback behavior.

For granular control, use a custom ncurc function to set the target or disable cooldown for a single package.

What's Changed

• Bump verdaccio from 6.5.1 to 6.5.2 by @​dependabot[bot] in raineorshine/npm-check-updates#1679
• Bump vite from 8.0.8 to 8.0.9 by @​dependabot[bot] in raineorshine/npm-check-updates#1680
• Bump @​typescript-eslint/parser from 8.58.2 to 8.59.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1681
• Bump @​typescript-eslint/eslint-plugin from 8.58.2 to 8.59.0 by @​dependabot[bot] in raineorshine/npm-check-updates#1682
• Update dependencies by @​onemen in raineorshine/npm-check-updates#1685
• build: stub cosmiconfig's typescript dependency to reduce bundle size by 8MB by @​onemen in raineorshine/npm-check-updates#1686
• feat(cooldown): fall back to greatest passing version when latest is within cooldown by @​marcosgilf in raineorshine/npm-check-updates#1688

New Contributors

• @​marcosgilf made their first contribution in raineorshine/npm-check-updates#1688

Full Changelog: raineorshine/npm-check-updates@v21.0.3...v22.0.0

v21.0.3

What's Changed

• fix: chmod build/cli.js executable after vite build by @​raineorshine in raineorshine/npm-check-updates#1678
• fix: migrate from rc-config-loader to cosmiconfig for ESM config support (closes #1674) by @​onemen in raineorshine/npm-check-updates#1676

Full Changelog: raineorshine/npm-check-updates@v21.0.2...v21.0.3

Commits

• 28b5fcb 22.0.1
• 127c552 fix: suppress cooldown config log messages when JSON output is active (#1692)
• 7c62657 CHANGELOG
• c94174d 22.0.0
• 36e1fd2 feat(cooldown): fall back to greatest passing version when latest is within c...
• 3641100 build: stub cosmiconfig's typescript dependency to reduce bundle size by 8MB ...
• b44ec68 Update dependencies (#1685)
• 2ceac56 Bump @​typescript-eslint/eslint-plugin from 8.58.2 to 8.59.0 (#1682)
• 9025296 Bump @​typescript-eslint/parser from 8.58.2 to 8.59.0 (#1681)
• 6803c3e Bump vite from 8.0.8 to 8.0.9 (#1680)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.58.2 to 8.59.0

Release notes

Sourced from typescript-eslint's releases.

v8.59.0

8.59.0 (2026-04-20)

🚀 Features

• eslint-plugin: [no-unnecessary-type-assertion] report more cases based on assignability (#11789)

❤️ Thank You

• Ulrich Stark

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.0 (2026-04-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• ea9ae4f chore(release): publish 8.59.0
• See full diff in compare view

Updates vitest from 4.1.4 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

• coverage: Istanbul to support instrumenter option  -  by @​BartWaardenburg and @​AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

• --project negation excludes browser instances  -  by @​felamaslen in vitest-dev/vitest#10131 (9423d)
• Project color label on html reporter  -  by @​hi-ogawa in vitest-dev/vitest#10142 (596f7)
• Fix vi.defineHelper called as object method  -  by @​hi-ogawa in vitest-dev/vitest#10163 (122c2)
• Alias agent reporter to minimal  -  by @​sheremet-va in vitest-dev/vitest#10157 (663b9)
• Respect diff config options in soft assertions  -  by @​Copilot, sheremet-va and @​sheremet-va in vitest-dev/vitest#8696 (9787d)
• Respect diff config options in soft assertions "  -  by @​sheremet-va in vitest-dev/vitest#8696 (7dc6d)
• ast-collect: Recognize _vi_import prefix in static test discovery  -  by @​Yejneshwar in vitest-dev/vitest#10129 (32546)
• coverage: Descriptive error message when reports directory is removed during test run  -  by @​DaveT1991 and @​AriPerkkio in vitest-dev/vitest#10117 (14133)
• snapshot: Increase default snapshot max output length  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)
• ui: Fix jsx/tsx syntax highlight  -  by @​hi-ogawa in vitest-dev/vitest#10152 (f1b1f)
• web-worker: Support MessagePort objects referenced inside postMessage data  -  by @​whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)
• api: Make test-specification options writable  -  by @​sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

Commits

• e399846 chore: release v4.1.5
• 7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
• 9787ded fix: respect diff config options in soft assertions (#8696)
• 325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
• 0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
• 663b99f fix: alias agent reporter to minimal (#10157)
• 122c25b fix: fix vi.defineHelper called as object method (#10163)
• 6abd557 feat(api): make test-specification options writable (#10154)
• 596f739 fix: project color label on html reporter (#10142)
• 9423dc0 fix: --project negation excludes browser instances (#10131)
• Additional commits viewable in compare view

Updates dockerode from 4.0.10 to 5.0.0

Release notes

Sourced from dockerode's releases.

v5.0.0

What's Changed

• Bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in apocas/dockerode#826
• Bump protobufjs from 7.3.2 to 7.5.5 by @​dependabot[bot] in apocas/dockerode#828
• Dropped uuid package, bumped minimum node version requirement.

Full Changelog: apocas/dockerode@v4.0.10...v5.0.0

Commits

• d8968eb chore: update chai to version 4.5.0 in package.json and package-lock.json
• 62ded54 fix: downgrade chai to 6.2.0 and mocha to 11.7.0
• 3f6f9c4 Update devDependencies: Upgrade chai to 6.2.2 and mocha to 11.7.5
• c37ff26 Merge pull request #828 from apocas/dependabot/npm_and_yarn/protobufjs-7.5.5
• 0f1a049 Bump protobufjs from 7.3.2 to 7.5.5
• c073e27 fix: update version to 5.0.0 and remove uuid dependency
• 8c4b4cd fix: update version to 4.0.12 and downgrade uuid dependency to 10.0.0
• 7e6f694 fix: update version to 4.0.12 and downgrade uuid dependency to 10.0.0
• 8124962 fix: update version to 4.0.11 and bump uuid dependency to 14.0.0
• 7118249 Merge pull request #826 from apocas/dependabot/npm_and_yarn/picomatch-2.3.2
• Additional commits viewable in compare view

Updates undici from 7.24.7 to 8.1.0

Release notes

Sourced from undici's releases.

v8.1.0

What's Changed

• feat: add configurable maxPayloadSize for WebSocket by @​mcollina in nodejs/undici#4955

Full Changelog: nodejs/undici@v8.0.3...v8.1.0

v8.0.3

What's Changed

• docs: add an Undici 7 to 8 migration guide by @​mcollina in nodejs/undici#4963
• chore: switch deferred promise with Promise.withResolvers() by @​trivikr in nodejs/undici#4972
• chore: remove zstd and markAsUncloneable feature probes by @​trivikr in nodejs/undici#4968
• test: remove obsolete nodeMajor/nodeMinor util exports by @​trivikr in nodejs/undici#4976
• chore: use Promise.withResolvers in SOCKS5 proxy agent by @​trivikr in nodejs/undici#4978
• build(deps-dev): bump esbuild from 0.27.7 to 0.28.0 by @​dependabot[bot] in nodejs/undici#4985
• build(deps-dev): bump proxy from 2.2.0 to 4.0.0 by @​dependabot[bot] in nodejs/undici#4987
• build(deps): bump got from 14.6.6 to 15.0.0 in /benchmarks by @​dependabot[bot] in nodejs/undici#4988
• chore: use Object.hasOwn for iterator checks by @​trivikr in nodejs/undici#4979
• doc: Update dump({ limit: Integer }) default value by @​samuel871211 in nodejs/undici#4981
• fix: avoid 401 failures for stream-backed request bodies by @​mcollina in nodejs/undici#4941
• test: remove unsupported Node version checks from fetch tests by @​trivikr in nodejs/undici#4977
• types: remove legacy AbortSignal alias now provided by @​types/node by @​trivikr in nodejs/undici#4995
• fix: remove stale constructor interceptors from types and pool options by @​trivikr in nodejs/undici#4994
• doc: update incorrect description of dump.maxSize by @​samuel871211 in nodejs/undici#4982
• ci: enable coverage for node.js 25 by @​shivarm in nodejs/undici#4980
• refactor: reuse wrapRequestBody in RedirectHandler by @​trivikr in nodejs/undici#4992
• fix: preserve connect option in H2CClient by @​trivikr in nodejs/undici#5000
• types: document Client and H2CClient option declarations by @​trivikr in nodejs/undici#4998
• fix: native WebSocket over H2 server after undici import by @​mcollina in nodejs/undici#4990
• chore(test): issue 3969 by @​rozzilla in nodejs/undici#5005
• fix(1270): throw descriptive error when opts.dispatcher–passed instance methods by @​rozzilla in nodejs/undici#5007
• docs: Change the default value of allowH2 in JSDoc by @​7hokerz in nodejs/undici#5009
• chore(test): cover issue 5014 by @​rozzilla in nodejs/undici#5015
• fix: prevent cache dedup key collision via unescaped delimiters by @​eddieran in nodejs/undici#5013
• fix(proxy agent): respect connectTimeout by @​rozzilla in nodejs/undici#5011

New Contributors

• @​7hokerz made their first contribution in nodejs/undici#5009
• @​eddieran made their first contribution in nodejs/undici#5013

Full Changelog: nodejs/undici@v8.0.2...v8.0.3

v8.0.2

What's Changed

• fix(websocket): fallback to HTTP/1.1 when H2 CONNECT is unavailable by @​mcollina in nodejs/undici#4966
• fix: release ref by @​mcollina in nodejs/undici#4965
• ci: reenable shared builtin CI tests by @​mcollina in nodejs/undici#4967

Full Changelog: nodejs/undici@v8.0.1...v8.0.2

... (truncated)

Commits

• d64e7bb Bumped v8.1.0 (#5023)
• bd91f86 feat: add configurable maxPayloadSize for WebSocket (#4955)
• 8cfb762 Bumped v8.0.3 (#5019)
• 7ca6bb3 fix(proxy agent): respect connectTimeout (#5011)
• 30e9f98 fix: prevent cache dedup key collision via unescaped delimiters (#5012) (#5013)
• 85d8368 chore(test): cover issue 5014 (#5015)
• 4e4c2a3 docs: Change the default value of allowH2 in JSDoc (#5009)
• 0143e1b fix(1270): throw descriptive error when opts dispatcher passed instance metho...
• 51a27b7 chore(test): issue 3969 (#5005)
• a434502 fix: native WebSocket over H2 server after undici import (#4990)
• Additional commits viewable in compare view

Updates @azure/cosmos from 4.9.2 to 4.9.3

Commits

• 5c4a90e fix(cosmos): Escape backslashes and quotes in ORDER BY continuation token SQL...
• e46873b [AutoPR @​azure-arm-relationships]-generated-from-SDK Generation - JS-6103938 ...
• 03874c0 [AutoPR @​azure-arm-computelimit]-generated-from-SDK Generation - JS-6087534 (...
• 24612df Sync eng/common directory with azure-sdk-tools for PR 15192 (#38196)
• 8edb91b chore(core): remove dead code, unnecessary casts, and redundant async (#38149)
• 1df9652 Use publlic devOps registry since we publish packages to both public … (#38107)
• 9e805d6 Pass config directly to command so it is more stable accross agents (#38168)
• 7e15788 Sync .github directory with azure-sdk-tools for PR 15134 (#38155)
• 1198906 Improve test coverage to ~100% for @​azure/core-paging (#38179)
• 64482d8 Improve test coverage to ~100% for @​azure/core-tracing (#38181)
• Additional commits viewable in compare view

Updates @azure/storage-blob from 12.29.1 to 12.31.0

Commits

• c95f5d9 Post release automated changes for appconfiguration releases (#37234)
• 19253d6 [EngSys] automatic pnpm update (#37266)
• 9ba0f8a chore(instrumentation): bump @​opentelemetry/instrumentation (#37250)
• 4eed3b9 Add invoke support for web pubsub client (#36750)
• af673f5 Parse azd JSON output for cleaner AzureDeveloperCliCredential error messages ...
• 2cf94a9 Simplify client authentication section in README (#37257)
• 184e2b9 [Search] Separate Stable & Preview Test Structure (#37238)
• 0ea4456 [Monitor-OpenTelemetry] Implement Fix for Mismatched API Versions (#37258)
• 84c473e Update @​azure/storage-blob storage-common dependency to ^12.3.0 (#37259)
• ad1b88f [Identity] Remove samples (#37242)
• Additional commits viewable in compare view

Updates @azure/storage-queue from 12.28.1 to 12.29.0

Commits

• 6e2a1d0 Update version for STG00 Release (#37038)
• d33c492 [docs] teach AI agents about special snippets.spec.ts (#36481)
• 0d11eb6 Sync eng/common directory with azure-sdk-tools for PR 13560 (#37033)
• 348d979 Sync eng/common directory with azure-sdk-tools for PR 13556 (#37028)
• aa58f75 add webSearchStream and fix imageGeneration (#37023)
• a692f5f [Identity] Restarted Identity MI Test in Weekly Pipeline (#36097)
• 4c12684 Sync eng/common directory with azure-sdk-tools for PR 13555 (#37032)
• 7d814b6 [EngSys] upgrade dependency openai to 6.16.0 (#37027)
• 7510363 [azure monitor opentelemetry exporter] Update autogenerated client to use lat...
• 64d4796 Reference Azure SDK MCP in AGENTS.md (#37026)
• Additional commits viewable in compare view

Updates @clickhouse/client from 1.18.2 to 1.18.3

Changelog

Sourced from @​clickhouse/client's changelog.

1.18.3

Improvements

• Added keep_alive.eagerly_destroy_stale_sockets option (Node.js only, default: false). When enabled, sockets that have been idle for longer than idle_socket_ttl are destroyed immediately before each request, rather than waiting for the idle timeout to fire. This helps reclaim stale sockets during event loop delays, where the timeout callback may not run on time.

const client = createClient({
  keep_alive: {
    enabled: true,
    idle_socket_ttl: 2500,
    eagerly_destroy_stale_sockets: true,
  },
})

• Added auto-detection and warning when request_timeout is high (> 60 seconds) but progress headers are not configured. Long-running queries may fail with socket hang-up errors if they exceed the load balancer idle timeout. The client now warns users to enable send_progress_in_http_headers and http_headers_progress_interval_ms settings to prevent such issues.

// This will now trigger a warning
const client = createClient({
  request_timeout: 120_000, // 120 seconds
  // send_progress_in_http_headers is not configured
})
// ✓ Properly configured to avoid load balancer timeouts
const client = createClient({
request_timeout: 400_000,
clickhouse_settings: {
send_progress_in_http_headers: 1,
http_headers_progress_interval_ms: '110000', // ~10s below LB timeout
},
})

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​clickhouse/client since your current version.

Updates msw from 2.13.4 to 2.13.6

Release notes

Sourced from msw's releases.

v2.13.6 (2026-04-24)

Bug Fixes

• WebSocketHandler: add public test() method (#2727) (3da7048e05fae80fe3410e3af86f6c3dd3cfaead) @​kettanaito

v2.13.5 (2026-04-23)

Bug Fixes

• reset generator state on .resetHandlers()/.restoreHandlers() (#2725) (8d16801cacd89e5aff336c43e888df19fad04417) @​kettanaito

Commits

• a680221 chore(release): v2.13.6
• 3da7048 fix(WebSocketHandler): add public test() method (#2727)
• d814fc8 chore(release): v2.13.5
• 8d16801 fix: reset generator state on .resetHandlers()/.restoreHandlers() (#2725)
• edeb058 chore: replace missing ServiceWorkerIncomingRequest with `IncomingWorkerReq...
• See full diff in compare view

Updates @kurrent/kurrentdb-client from 1.1.1 to 1.1.2

Release notes

Sourced from @​kurrent/kurrentdb-client's releases.

v1.1.2

What's Changed

• [release/v1.1] fix: improve leader failover reconnection and error mapping by @​github-actions[bot] in kurrent-io/KurrentDB-Client-NodeJS#481
• [release/v1.1] Fix connection string and gossip timeout documentation by @​github-actions[bot] in kurrent-io/KurrentDB-Client-NodeJS#485

Full Changelog: kurrent-io/KurrentDB-Client-NodeJS@v1.1.1...v1.1.2

Commits

• 8cb9d89 chore: prepare relase v1.1.2
• 244ce0f [release/v1.1] Fix connection string and gossip timeout documentation (#485)
• 78136f5 [release/v1.1] fix: improve leader failover reconnection and error mapping (#...
• fe8c18e add leader failover reconnection tests (#477)
• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1032.0 to 3.1037.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1037.0

3.1037.0(2026-04-24)

New Features

• clients: update client endpoints as of 2026-04-24 (ca3df2be)
• client-evs: EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. (fd92ee48)
• client-cloudwatch-logs: Adding nextToken and maxItems to the GetQueryResults API. (1a5ef619)
• client-transfer: AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. (f2a72a85)
• client-bedrock-agentcore-control: Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access (a0bf24cd)
• client-connect: Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. (7e987e88)
• client-connecthealth: Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. (c21882c4)

Bug Fixes

• client-kinesis: tolerance for flaky H2 session ordering assertion in E2E test (#7959) (58734960)

---

For list of updated packages, view updated-packages.md in assets-3.1037.0.zip

v3.1036.0

3.1036.0(2026-04-23)

Chores

• codegen: sync for http2 session closure, retry longpoll backoff, and fast-xml-parser version bump (#7958) (107aefc4)
• xml-builder: up fast-xml-parser to 5.7.1 (#7957) (110b1c01)

Documentation Changes

• client-pcs: This release adds support for Slurm 25.11 with expedited requeue enabled by default for jobs failing due to node issues, configurable requeue delay, health checks at node startup only, and unauthenticated HTTP endpoints disabled by default for improved security. (1110500a)

New Features

• client-datazone: Releasing For LakehouseProperties attributes in the Connections API's (d0c03722)
• client-iot-managed-integrations: Adds "Status" field to provisioning profile operation response types, giving users visibility into the readiness of a provisioning profile to be used for device provisioning. (72d6968c)
• client-opensearch: Amazon OpenSearch UI applications now support cross-Region domain association, enabling you to connect OpenSearch Dashboards in one AWS Region to OpenSearch domains in other Regions within the same partition for centralized data visualization. (600311b9)

Tests

• client-transcribe-streaming: add concurrency to startStreamTranscription test (#7948) (e2cf194b)

---

For list of updated packages, view updated-packages.md in assets-3.1036.0.zip

v3.1035.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-s3

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.1035.0 (2026-04-22)

Bug Fixes

• client-s3: retry errors with 200 status code (#7945) (7d9d8d1)

Features

• client-s3: This release adds five additional checksum algorithms for S3 data integrity (MD5, SHA-512, XXHash3, XXHash64, XXHash128) and support for S3 Inventory on directory buckets (S3 Express One Zone). (41a6a59)

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-s3

3.1033.0 (2026-04-20)

Features

• clients: use binary decision diagrams for endpoint resolution (#7931) (ff1b2ba)

Commits

• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0

[netlify]

✅ Deploy Preview for testcontainers-node ready!

Name	Link
🔨 Latest commit	00b8400
🔍 Latest deploy log	https://app.netlify.com/projects/testcontainers-node/deploys/69eeb2764d70a5000999428e
😎 Deploy Preview	https://deploy-preview-1309--testcontainers-node.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[manuel-rw]

@apocas can this be merged? See GHSA-xq3m-2v4x-88gg
We are currently relying on this vulnerable version.

[apocas]

? If you are talking about dockerode, this was already fixed some days ago.
https://github.com/apocas/dockerode/releases/tag/v5.0.0

[manuel-rw]

Yes, but this package has a dependency to it, correct? :)

[ihsw]

@manuel-rw just wanted to note that toxiproxy-node-client@4.1.0 removes the axios dependency, instead opting for fetch, mitigating related CVEs

[apocas]

Yes, but this package has a dependency to it, correct? :)

Yaup. There was no breaking changes introduced.
I only major bumped it because I dropped support for very old EOLed versions of node. Now its node >= 14.17.

So regarding dockerode its safe to merge :)