chore(deps): bump the other-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the other-dependencies group with 4 updates in the / directory: @changesets/cli, @swc/core, cdk-nag and axios.

Updates @changesets/cli from 2.30.0 to 2.31.0

Release notes

Sourced from @​changesets/cli's releases.

@​changesets/cli@​2.31.0

Minor Changes

• #1889 96ca062 Thanks @​mixelburg! - Error on unsupported flags for individual CLI commands and print the matching command usage to make mistakes easier to spot.

• #1873 42943b7 Thanks @​mixelburg! - Respond to --help on all subcommands. Previously, --help was only handled when it was the sole argument; passing it alongside a subcommand (e.g. changeset version --help) would silently execute the command instead. Now --help always exits early and prints per-command usage when a known subcommand is provided, or the general help text otherwise.

Patch Changes

• d2121dc Thanks @​Andarist! - Fix npm auth for path-based registries during publish by preserving configured registry URLs instead of normalizing them.

• #1888 036fdd4 Thanks @​mixelburg! - Fix several changeset version issues with workspace protocol dependencies. Valid explicit workspace: ranges and aliases are no longer rewritten unnecessarily, and workspace path references are handled correctly during versioning.

• #1903 5c4731f Thanks @​Andarist! - Gracefully handle stale npm info data leading to duplicate publish attempts.

• #1867 f61e716 Thanks @​Andarist! - Improved detection for published state of prerelease-only packages without latest dist-tag on GitHub Packages registry.

• Updated dependencies [036fdd4, 036fdd4, 036fdd4]:

  • @​changesets/assemble-release-plan@​6.0.10
  • @​changesets/get-dependents-graph@​2.1.4
  • @​changesets/apply-release-plan@​7.1.1
  • @​changesets/get-release-plan@​4.0.16
  • @​changesets/config@​3.1.4

Commits

• 9cce6db Version Packages (#1897)
• d2121dc Fix npm auth for path-based registries during publish by preserving configure...
• 036fdd4 Fix several changeset version issues with workspace protocol dependencies (...
• 5c4731f Gracefully handle stale npm info data leading to duplicate publish attempts...
• 96ca062 Error on unsupported flags for individual CLI commands (#1889)
• 42943b7 fix(cli): respond to --help on all subcommands (#1873)
• f61e716 Improved detection for published state of prerelease-only packages without ...
• See full diff in compare view

Updates @swc/core from 1.15.24 to 1.15.30

Changelog

Sourced from @​swc/core's changelog.

[1.15.30] - 2026-04-19

Bug Fixes

• (deploy) Fix musl binding test workflow (#11804) (c30a522)

• (deploy) Build package ts before Linux GNU binding tests (#11806) (a3d3ef3)

• (es/jsx) Preserve quoted JSX attribute newlines (#11796) (9fe56c8)

• (es/minifier) Support full ES version parsing in minify (#11800) (af1f08f)

• (es/module) Add opt-in symlink-preserving resolver (#11801) (6028240)

• (es/parser) Allow return type annotation on Flow constructors (#11790) (d66b29c)

• (es/parser) Support Flow anonymous keyof indexers (#11792) (452c4e5)

• (es/parser) Add Flow strip RN and RNW regression corpus (#11799) (23a9109)

Documentation

• Require PR template for pull requests (#11793) (3a1084a)

Features

• (es/minify) Support extracting comments (#11798) (5986411)

[1.15.26] - 2026-04-14

Bug Fixes

• (es/decorators) Preserve super in moved static members (#11781) (778328e)

... (truncated)

Commits

• 502ad3e chore: Publish 1.15.30 with swc_core v64.0.0
• 99a4503 chore: Publish 1.15.30-nightly-20260418.1 with swc_core v64.0.0
• bf0146c chore: Publish 1.15.29-nightly-20260418.1 with swc_core v64.0.0
• 993744e chore: Publish 1.15.28-nightly-20260418.1 with swc_core v64.0.0
• d7e7d4a chore: Publish 1.15.27-nightly-20260418.1 with swc_core v64.0.0
• 6f07c6c chore: Publish crates with swc_core v64.0.0
• af1f08f fix(es/minifier): Support full ES version parsing in minify (#11800)
• 5986411 feat(es/minify): support extracting comments (#11798)
• fb92c49 chore: Publish 1.15.26 with swc_core v63.1.2
• 8f06928 chore: Publish 1.15.26-nightly-20260414.1 with swc_core v63.1.2
• Additional commits viewable in compare view

Updates cdk-nag from 2.37.55 to 2.38.1

Release notes

Sourced from cdk-nag's releases.

v2.38.1

2.38.1 (2026-04-21)

Bug Fixes

• remove unnecessary test for serverSideEncryptionConfiguration to not be undefined (#2227) (9436814), closes #2226

v2.38.0

2.38.0 (2026-04-21)

Features

• add rule MWAAAllLoggingInfo (#2239) (03ad81a), closes #2238

v2.37.56

2.37.56 (2026-04-20)

Bug Fixes

• APIGWStructuredLogging: no stage description for CfnDeployment throws an error (#2268) (ac6dcd3), closes #2267
• Cognito user pool advanced security mode (deprecated) updated to plus tier (#2155) (5a8b71d), closes #2139
• prefix report filename with stage name to prevent collisions (#2302) (54e6425)
• release: use 'release' GitHub environment for publish jobs (#2333) (9b66acd)

Commits

• 9436814 fix: remove unnecessary test for serverSideEncryptionConfiguration to not b...
• 03ad81a feat: add rule MWAAAllLoggingInfo (#2239)
• 2f5fcef chore(deps): upgrade dev dependencies (#2336)
• 017c10b chore: add tests for uncovered branches in sqs rules (#2231)
• a285bb5 chore: add tests for uncovered branches in sns rules (#2229)
• 585d5da chore: add tests for uncovered branches in stepfunctions rules (#2233)
• 9aef297 chore: migrate to CdklabsConstructLibrary (#2335)
• 9b66acd fix(release): use 'release' GitHub environment for publish jobs (#2333)
• d46bb44 chore(deps): upgrade dependencies (#2332)
• cd2e207 chore(deps): upgrade dependencies (#2331)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for cdk-nag since your current version.

Updates axios from 1.15.1 to 1.15.2

Release notes

Sourced from axios's releases.

v1.15.2

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

• Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
• SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
• Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

• allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

• Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

• Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

Changelog

Sourced from axios's changelog.

v1.15.2 - April 21, 2026

This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in allowedSocketPaths allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.

🔒 Security Fixes

• Prototype Pollution Hardening (HTTP Adapter): Hardened the Node HTTP adapter and resolveConfig/mergeConfig/validator paths to read only own properties and use null-prototype config objects, preventing polluted auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser from influencing requests. (#10779)
• SSRF via socketPath: Rejects non-string socketPath values and adds an opt-in allowedSocketPaths config option to restrict permitted Unix domain socket paths, returning AxiosError ERR_BAD_OPTION_VALUE on mismatch. (#10777)
• Supply-chain Hardening: Added .npmrc with ignore-scripts=true, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded SECURITY.md/THREATMODEL.md with provenance verification (npm audit signatures), 60-day resolution policy, and maintainer incident-response runbook. (#10776)

🚀 New Features

• allowedSocketPaths Config Option: New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (#10777)

🐛 Bug Fixes

• Keep-alive Socket Memory Leak: Installs a single per-socket error listener tracking the active request via kAxiosSocketListener/kAxiosCurrentReq, eliminating per-request listener accumulation, MaxListenersExceededWarning, and linear heap growth under concurrent or long-running keep-alive workloads (fixes #10780). (#10788)

🔧 Maintenance & Chores

• Changelog: Updated CHANGELOG.md with v1.15.1 release notes. (#10781)

Full Changelog

---

Commits

• 5829343 chore(release): prepare release 1.15.2 (#10789)
• 4709a48 fix: added fix for memory leak in sockets (#10788)
• be33360 chore: update changelog (#10781)
• 4791514 fix: more header pollutions (#10779)
• 6feafcf fix: socket issue (#10777)
• 302e273 docs: update docs, add a couple actions etc (#10776)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions