Bump follow-redirects from 1.15.11 to 1.16.0 in /website#1705
Merged
badrishc merged 2 commits intoApr 17, 2026
Conversation
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) --- updated-dependencies: - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
badrishc
approved these changes
Apr 16, 2026
badrishc
deleted the
dependabot/npm_and_yarn/website/follow-redirects-1.16.0
branch
badrishc
added a commit
that referenced
this pull request
Apr 24, 2026
* Bump the nuget-deps group with 14 updates (#1659) * Bump the nuget-deps group with 14 updates Bumps diskann-garnet from 1.0.23 to 1.0.25 Bumps Microsoft.CodeAnalysis from 5.0.0 to 5.3.0 Bumps Microsoft.Extensions.Configuration.Binder from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Configuration.Json from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Logging from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Logging.Configuration from 10.0.3 to 10.0.5 Bumps Microsoft.Extensions.Logging.Console from 10.0.3 to 10.0.5 Bumps Microsoft.IdentityModel.Protocols.OpenIdConnect from 8.16.0 to 8.17.0 Bumps Microsoft.IdentityModel.Validators from 8.16.0 to 8.17.0 Bumps NUnit from 4.5.0 to 4.5.1 Bumps NUnit3TestAdapter from 6.1.0 to 6.2.0 Bumps StackExchange.Redis from 2.11.8 to 2.12.8 Bumps System.IdentityModel.Tokens.Jwt from 8.16.0 to 8.17.0 Bumps System.Numerics.Tensors from 10.0.3 to 10.0.5 --- updated-dependencies: - dependency-name: diskann-garnet dependency-version: 1.0.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.CodeAnalysis dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: Microsoft.Extensions.Configuration.Binder dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.Extensions.Configuration.Json dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.Extensions.Logging dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.Extensions.Logging.Configuration dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.Extensions.Logging.Console dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: Microsoft.IdentityModel.Protocols.OpenIdConnect dependency-version: 8.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: System.IdentityModel.Tokens.Jwt dependency-version: 8.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: Microsoft.IdentityModel.Validators dependency-version: 8.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: NUnit dependency-version: 4.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: NUnit3TestAdapter dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: StackExchange.Redis dependency-version: 2.12.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: System.Numerics.Tensors dependency-version: 10.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> * Update other required dependencies Signed-off-by: Tiago Napoli <tiagonapoli@microsoft.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Tiago Napoli <tiagonapoli@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tiago Napoli <tiagonapoli@microsoft.com> * Bump follow-redirects from 1.15.11 to 1.16.0 in /website (#1705) Cherry-pick of dependabot security update from main. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix 5 open Dependabot npm alerts in website dependencies (#1733) Bump dompurify resolution 3.3.3 → 3.4.0 to fix: - CVE-2026-41239: SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode - CVE-2026-41240: FORBID_TAGS bypassed by function-based ADD_TAGS - CVE-2026-41238: Prototype Pollution to XSS Bypass - GHSA: ADD_TAGS function form bypasses FORBID_TAGS Add uuid resolution → 14.0.0 to fix: - GHSA: Missing buffer bounds check in v3/v5/v6 when buf is provided uuid 14.0.0 is ESM-only but Node.js 22+ (required by engines) supports require() of ESM modules, so CJS consumers like sockjs work correctly. Verified: yarn build succeeds and docusaurus start launches cleanly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Tiago Napoli <tiagonapoli@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tiago Napoli <tiagonapoli@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps follow-redirects from 1.15.11 to 1.16.0.
Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.