Bump axios and prettier-plugin-apex in /redwoods-insurance-salesforce

[dependabot]

Bumps axios to 1.17.0 and updates ancestor dependency prettier-plugin-apex. These dependencies need to be updated together.

Updates axios from 0.21.4 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Commits

• 4306df2 chore: add fun 88 sponsorship
• 931cc8f chore(release): prepare release 1.17.0 (#10983)
• 38ba1b3 fix(fetch): support basic auth from URL (#10896)
• 32e2515 fix: replace ternary side effect in script (#10931)
• 030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
• ec63164 chore: remove openspec (#10958)
• 3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
• a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
• fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
• 2d2314a fix: AxiosHeaders toJSON() return types (#10956)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates prettier-plugin-apex from 1.10.0 to 1.13.0

Release notes

Sourced from prettier-plugin-apex's releases.

v1.13.0

Formatting Changes

• Add support for User Mode in Database Operations (issue).

Internal Changes

• start-apex-server takes optional -c flag, which will be passed on to apex-ast-serializer as a comma-delimited list of allowed origins that will be added to the CORS headers returned by the parsing server.
• start-apex-server pipes internal logs to console, so that errors can be caught more quickly by users.

v1.12.0

Formatting Changes

• Fix binaryish expressions having wrong indentation inside parentheses (issue).
• Keep original position for comments in between If-Else blocks and Try-Catch blocks, accordingly fix issue with unprinted comment (issue).

Internal Changes

• Use yarn for internal dependency management instead of npm. If you forked this repository before this change, make sure to follow https://github.com/dangmai/prettier-plugin-apex/blob/HEAD/CONTRIBUTING.md to set up your environment again.
• start-apex-server and stop-apex-server no longer exports any methods. This should not affect any user functionality, but if you are a developer who's relying on those methods, please import start and stop from http-server instead.

v1.11.0

Dependency Changes

• Drop support for NodeJS < 14

Internal Changes

• Prettier Apex has been converted to Typescript, enabling faster response time to internal jorje changes from Salesforce.

CLI Changes

• Breaking: Locations for start-apex-server.js and stop-apex-server.js are changed - they are now in the dist directory.
• Add ability to specify host and port options for built-in parsing server (issue).

Formatting Changes

• Add support for SOQL Geolocation Expression (issue).
• Fix SOQL Time literals always getting printed in UTC timezone.
• Fix wrong indentations inside long SELECT functions (issue).
• Remove extraneous newline at the end of long GROUP BY and WITH DATA CATEGORY clauses (issue).
• Fix unstable leading comment formatting for ternary expressions (issue).
• Add support for prettier-ignore comments in the middle of IfElseBlock (issue).
• Use user input to improve line break heuristics in short SOQL/SOSL queries (issue).
• Fix unstable leading comments before Block Statement.
• Support trailing prettier-ignore comments (issue).
• Fix failure to call apex-ast-serializer because of excessively long CLASSPATH on Windows (issue).
• Fix unstable end of line comments in binaryish expressions.

Changelog

Sourced from prettier-plugin-apex's changelog.

1.13.0

Formatting Changes

• Add support for User Mode in Database Operations (issue).

Internal Changes

• start-apex-server takes optional -c flag, which will be passed on to apex-ast-serializer as a comma-delimited list of allowed origins that will be added to the CORS headers returned by the parsing server.
• start-apex-server pipes internal logs to console, so that errors can be caught more quickly by users.

1.12.0

Formatting Changes

• Fix binaryish expressions having wrong indentation inside parentheses (issue).
• Keep original position for comments in between If-Else blocks and Try-Catch blocks, accordingly fix issue with unprinted comment (issue).

Internal Changes

• Use yarn for internal dependency management instead of npm. If you forked this repository before this change, make sure to follow https://github.com/dangmai/prettier-plugin-apex/blob/main/CONTRIBUTING.md to set up your environment again.
• start-apex-server and stop-apex-server no longer exports any methods. This should not affect any user functionality, but if you are a developer who's relying on those methods, please import start and stop from http-server instead.

1.11.0

Dependency Changes

• Drop support for NodeJS < 14.

Internal Changes

• Prettier Apex has been converted to Typescript, enabling faster response time to internal jorje changes from Salesforce.

CLI Changes

• Breaking: Locations for start-apex-server.js and stop-apex-server.js are changed - they are now in the dist directory.
• Add ability to specify host and port options for built-in parsing server (issue).

Formatting Changes

• Add support for SOQL Geolocation Expression (issue).
• Fix SOQL Time literals always getting printed in UTC timezone.
• Fix wrong indentations inside long SELECT functions (issue).
• Remove extraneous newline at the end of long GROUP BY and WITH DATA CATEGORY clauses (issue).
• Fix unstable leading comment formatting for ternary expressions (issue).
• Add support for prettier-ignore comments in the middle of IfElseBlock (issue).
• Use user input to improve line break heuristics in short SOQL/SOSL queries (issue).
• Fix unstable leading comments before Block Statement.
• Support trailing prettier-ignore comments (issue).
• Fix failure to call apex-ast-serializer because of excessively long CLASSPATH on Windows (issue).

... (truncated)

Commits

• bdcada9 1.13.0
• b45f935 Finalize CHANGELOG for 1.13.0
• 9fff0d7 chore - remove workaround for npm-publish action
• 8143cb3 Update JS-DevTools/npm-publish action to v2
• b522dfb chore - remove husky files
• f1ff74b Fix #738 - Add support for User Mode in Database Operations
• 29e159b chore - remove husky and yarnhook
• 4b11d4e Updated jorje
• 3b9c51d Update dependency prettier to v2.8.8
• 869f1ab Update dependency @​types/node to v18.16.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.