Bump axios and twilio

[dependabot]

Bumps axios to 1.17.0 and updates ancestor dependency twilio. These dependencies need to be updated together.

Updates axios from 0.26.1 to 1.17.0

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

• Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
• Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

• HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

• Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
• Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
• React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
• Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
• Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
• Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
• Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
• Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

• HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
• Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
• CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
• Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
• Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
• Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

• @​BasixKOR (#6792)
• @​carladams1299-lab (#10861)
• @​LaplaceYoung (#10812)
• @​JamieMagee (#10939)
• @​RonGamzu (#10905)
• @​sapirbaruch (#10891)
• @​nezukoagent (#10901)
• @​devareddy05 (#10929)
• @​Mohammad-Faiz-Cloud-Engineer (#10922)
• @​azandabot (#10931)
• @​niksy (#10896)

Full Changelog

... (truncated)

Commits

• 4306df2 chore: add fun 88 sponsorship
• 931cc8f chore(release): prepare release 1.17.0 (#10983)
• 38ba1b3 fix(fetch): support basic auth from URL (#10896)
• 32e2515 fix: replace ternary side effect in script (#10931)
• 030e722 chore(deps): bump axios from 1.15.2 to 1.16.1 in /docs (#10960)
• ec63164 chore: remove openspec (#10958)
• 3dec28f fix(http): preserve TLS options for proxy tunnels (#10957)
• a2390a5 fix: correct isCancel type to narrow to CanceledError<T> (#10952)
• fa01b92 chore(deps-dev): bump tmp from 0.2.5 to 0.2.7 in /docs (#10954)
• 2d2314a fix: AxiosHeaders toJSON() return types (#10956)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates twilio from 3.84.1 to 6.0.2

Release notes

Sourced from twilio's releases.

6.0.2

Release Notes

Conversations

• update actions api visibility

Memory

• 2026-05-07

• Content updates:
• include store api

Docs

6.0.1

Release Notes

Twiml

• Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

• Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

• Changelog

• v1

• Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

• 2026-04-21

• Content updates:
• Updated description for CreateDataSync
• Updated description for DeleteCloudAppDataset
• Updated description for DeleteWarehouseDataset

• 2026-04-20

• Minor updates (formatting, metadata)

• 2026-04-17

• updated operationId for dataplane APIs,Minor updates (formatting, metadata)

• 2026-04-15

• libraryVisibility to private

• 2026-04-14

• Added 1 new path(s):
• /v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

• 2026-04-21

• Content updates:
• Remove Prefer/Async-Operation headers

• 2026-04-21

• Content updates:

... (truncated)

Changelog

Sourced from twilio's changelog.

[2026-05-07] Version 6.0.2

Conversations

• update actions api visibility

Memory

• 2026-05-07

• Content updates:
• include store api

[2026-05-06] Version 6.0.1

Twiml

• Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

• Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

• Changelog

• v1

• Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

• 2026-04-21

• Content updates:
• Updated description for CreateDataSync
• Updated description for DeleteCloudAppDataset
• Updated description for DeleteWarehouseDataset

• 2026-04-20

• Minor updates (formatting, metadata)

• 2026-04-17

• updated operationId for dataplane APIs,Minor updates (formatting, metadata)

• 2026-04-15

• libraryVisibility to private

• 2026-04-14

• Added 1 new path(s):
• /v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

• 2026-04-21

• Content updates:
• Remove Prefer/Async-Operation headers

• 2026-04-21

• Content updates:
• Added 301 response for ListIdentifiers and GetIdentifier
• Added 308 response for DeleteProfile, CreateIdentifier, PatchIdentifier, and DeleteIdentifier

• 2026-04-14

• Modified 1 path(s):

... (truncated)

Upgrade guide

Sourced from twilio's upgrade guide.

Upgrade Guide

All MAJOR version bumps will have upgrade notes posted here.

[2026-04-20] 5.x.x to 6.x.x

---

Overview

Twilio Node Helper Library’s major version 6.0.0 is now available. We ensured that you can upgrade to Node Helper Library 6.0.0 version without any breaking changes to existing APIs.

Breaking Changes

• Minimum Node.js version raised to 20
  • Dropped support for Node.js versions below 20
  • Upgrade to Node.js >= 20 before updating to twilio 6.x.x

[2024-03-07] 4.x.x to 5.x.x

---

Overview

Twilio Node Helper Library’s major version 5.0.0 is now available. We ensured that you can upgrade to Node helper Library 5.0.0 version without any breaking changes of existing apis

Behind the scenes Node Helper is now auto-generated via OpenAPI with this release. This enables us to rapidly add new features and enhance consistency across versions and languages. We're pleased to inform you that version 5.0.0 adds support for the application/json content type in the request body.

[2023-01-25] 3.x.x to 4.x.x

---

• Supported Node.js versions updated
  • Upgrade to Node.js >= 14
  • Dropped support for Node.js < 14 (#791)
  • Added support for Node.js 18 (#794)
• Lazy loading enabled by default (#752)
  • Required Twilio modules now lazy load by default
  • See the README for how to disable lazy loading
• Type changes from object to Record (#873)
  • Certain response properties now use the Record type with string keys
  • Including the subresourceUris property for v2010 APIs and the links properties for non-v2010 APIs
• Access Tokens
  • Creating an AccessToken requires an identity in the options (#875)
  • ConversationsGrant has been deprecated in favor of VoiceGrant (#783)
  • IpMessagingGrant has been removed (#784)
• TwiML function deprecations (#788)
  • <Refer>
    • Refer.referSip() replaced by Refer.sip()
  • <Say>
    • Say.ssmlBreak() and Say.break_() replaced by Say.break()
    • Say.ssmlEmphasis() replaced by Say.emphasis()

... (truncated)

Commits

• e9e5469 Release 6.0.2
• fd93dfa [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 18d7938080...
• c4d7168 Release 6.0.1
• 04a89ce [Librarian] Regenerated @ d39d243cf0f072a87b06d80cfd5d04f77cde8481 e2fda0239d...
• d6b406f [Librarian] Regenerated @ 40ca64a22aef42a337cb49d1d4e4c4f48ae3b6e4 21ed5806ef...
• 3e96b64 chore: mvr 6.0.0 release prep (#1186)
• 447a23d Release 5.13.2
• 6267242 [Librarian] Regenerated @ 40ca64a22aef42a337cb49d1d4e4c4f48ae3b6e4 21ed5806ef...
• 462c49d Release 5.13.1
• 764868e [Librarian] Regenerated @ 6e3b90a45885c596ade6b11ff7100254b15c9403 c02f66cc96...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for twilio since your current version.

Install script changes

This version adds prepublish script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.