Skip to content

Bump axios and nano #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump axios and nano #127

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Removes axios. It's no longer used after updating ancestor dependency nano. These dependencies need to be updated together.

Removes axios

Updates nano from 9.0.5 to 11.0.3

Release notes

Sourced from nano's releases.

11.0.3

  • add missing TypeScript definition for findAsStream

11.0.2

Added headers to TypeScript definition of the object that can be supplied when instantiating Nano.

11.0.1

Fix up response object so that Bun (and Node) users get sensible error messages. Thanks @​digitalextremist

11.0.0

  • Replaces axios with the Node.js's built-in fetch for HTTP requests. 🕸️
  • Replaces nock and jest with Node.js's build in testing framework. 🧪
  • Removes support for callbacks. 📞
  • Nano becomes a zero-dependency library. 👏
  • Desiged for Node.js 20 and above (if you are still running older versions of Node then stick with Nano 10)

The vast majority of the API stays the same but there are some breaking changes. See Nano v10 to v11 Migration Guide.

Some background.

fetch

Originally Nano was built on top of the request library which was later deprecated. At this point I reworked it to use axios instead. This PR eliminates axios and other axios-related dependencies and instead uses the new kid on the block: the fetch API.

The fetch feature has found widespread adoption in web browsers as a means of handling outbound HTTP requests. It has found its way into Node.js as a global function and is marked as an experimental feature in Node 18/19 and is mainstream in Node 20 and beyond.

Node.js's fetch capability is powered by the undici package which is bundled with Node.js and in turn uses Node's low-level network libraries instead of being based on the higher-level http/https built-in modules. It purports to be significantly faster (according to its own benchmarks) than traffic routed through http/https modules, as is the case with other HTTP libraries like axios & request.

10.1.4

10.1.3

Maintenance release to update axios

10.1.2

  • Bug fix for cookie refresh handling

10.1.1

  • bug fix for session persistence when using nano.auth

10.1.0

  • update dependencies, including using the latest, post v1, Axios
  • aborting in-flight HTTP requests initiated by ChangesReader when stop is called. cc @​insidewhy
  • remove axios-cookiejar-support dependency which causes some users problems
  • ensure callbacks are called with Error objects cc @​revington
  • various small typos and Typescript fixes from @​lukashass @​insidewhy @​DougReeder

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@dependabot
Bump axios and nano
ba63947 
Removes [axios](https://github.com/axios/axios). It's no longer used after updating ancestor dependency [nano](https://github.com/apache/couchdb-nano). These dependencies need to be updated together.


Removes `axios`

Updates `nano` from 9.0.5 to 11.0.3
- [Release notes](https://github.com/apache/couchdb-nano/releases)
- [Commits](apache/couchdb-nano@v9.0.5...v11.0.3)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 
  dependency-type: indirect
- dependency-name: nano
  dependency-version: 11.0.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-307ceb5181 branch from 42d4f15 to ba63947 Compare December 8, 2025 19:21
@github-actions github-actions bot enabled auto-merge December 8, 2025 19:21
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2025

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Dec 8, 2025
auto-merge was automatically disabled December 8, 2025 19:33

Pull request was closed

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/multi-307ceb5181 branch December 8, 2025 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant