dependabot[bot] opened a new pull request, #61694: URL: https://github.com/apache/airflow/pull/61694
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases";>axios's releases</a>.</em></p> <blockquote> <h2>v1.13.5</h2> <h2>Release 1.13.5</h2> <h3>Highlights</h3> <ul> <li><strong>Security:</strong> Fixed a potential <strong>Denial of Service</strong> issue involving the <code>__proto__</code> key in <code>mergeConfig</code>. (PR <a href="https://redirect.github.com/axios/axios/pull/7369";>#7369</a>)</li> <li><strong>Bug fix:</strong> Resolved an issue where <code>AxiosError</code> could be missing the <code>status</code> field on and after <strong>v1.13.3</strong>. (PR <a href="https://redirect.github.com/axios/axios/pull/7368";>#7368</a>)</li> </ul> <h3>Changes</h3> <h4>Security</h4> <ul> <li>Fix Denial of Service via <code>__proto__</code> key in <code>mergeConfig</code>. (PR <a href="https://redirect.github.com/axios/axios/pull/7369";>#7369</a>)</li> </ul> <h4>Fixes</h4> <ul> <li>Fix/5657. (PR <a href="https://redirect.github.com/axios/axios/pull/7313";>#7313</a>)</li> <li>Ensure <code>status</code> is present in <code>AxiosError</code> on and after v1.13.3. (PR <a href="https://redirect.github.com/axios/axios/pull/7368";>#7368</a>)</li> </ul> <h4>Features / Improvements</h4> <ul> <li>Add input validation to <code>isAbsoluteURL</code>. (PR <a href="https://redirect.github.com/axios/axios/pull/7326";>#7326</a>)</li> <li>Refactor: bump minor package versions. (PR <a href="https://redirect.github.com/axios/axios/pull/7356";>#7356</a>)</li> </ul> <h4>Documentation</h4> <ul> <li>Clarify object-check comment. (PR <a href="https://redirect.github.com/axios/axios/pull/7323";>#7323</a>)</li> <li>Fix deprecated <code>Buffer</code> constructor usage and README formatting. (PR <a href="https://redirect.github.com/axios/axios/pull/7371";>#7371</a>)</li> </ul> <h4>CI / Maintenance</h4> <ul> <li>Chore: fix issues with YAML. (PR <a href="https://redirect.github.com/axios/axios/pull/7355";>#7355</a>)</li> <li>CI: update workflow YAMLs. (PR <a href="https://redirect.github.com/axios/axios/pull/7372";>#7372</a>)</li> <li>CI: fix run condition. (PR <a href="https://redirect.github.com/axios/axios/pull/7373";>#7373</a>)</li> <li>Dev deps: bump <code>karma-sourcemap-loader</code> from 0.3.8 to 0.4.0. (PR <a href="https://redirect.github.com/axios/axios/pull/7360";>#7360</a>)</li> <li>Chore(release): prepare release 1.13.5. (PR <a href="https://redirect.github.com/axios/axios/pull/7379";>#7379</a>)</li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/sachin11063";><code>@sachin11063</code></a> (first contribution — PR <a href="https://redirect.github.com/axios/axios/pull/7323";>#7323</a>)</li> <li><a href="https://github.com/asmitha-16";><code>@asmitha-16</code></a> (first contribution — PR <a href="https://redirect.github.com/axios/axios/pull/7326";>#7326</a>)</li> </ul> <p><strong>Full Changelog:</strong> <a href="https://github.com/axios/axios/compare/v1.13.4...v1.13.5";>https://github.com/axios/axios/compare/v1.13.4...v1.13.5</a></p> <h2>v1.13.4</h2> <h2>Overview</h2> <p>The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/axios/axios/compare/v1.13.3...v1.13.4";>v1.13.3...v1.13.4</a></p> <h2>What's New in v1.13.4</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fix: issues with version 1.13.3</strong> (<a href="https://redirect.github.com/axios/axios/issues/7352";>#7352</a>) (<a href="https://github.com/axios/axios/commit/ee90dfc28abffbb61e24974b2bd3139a4a40ac76";>ee90dfc</a>) <ul> <li>Fixed issues discovered in v1.13.3 release</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md";>axios's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3";>1.13.3</a> (2026-01-20)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>http2:</strong> Use port 443 for HTTPS connections by default. (<a href="https://redirect.github.com/axios/axios/issues/7256";>#7256</a>) (<a href="https://github.com/axios/axios/commit/d7e60653460480ffacecf85383012ca1baa6263e";>d7e6065</a>)</li> <li><strong>interceptor:</strong> handle the error in the same interceptor (<a href="https://redirect.github.com/axios/axios/issues/6269";>#6269</a>) (<a href="https://github.com/axios/axios/commit/5945e40bb171d4ac4fc195df276cf952244f0f89";>5945e40</a>)</li> <li>main field in package.json should correspond to cjs artifacts (<a href="https://redirect.github.com/axios/axios/issues/5756";>#5756</a>) (<a href="https://github.com/axios/axios/commit/7373fbff24cd92ce650d99ff6f7fe08c2e2a0a04";>7373fbf</a>)</li> <li><strong>package.json:</strong> add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (<a href="https://redirect.github.com/axios/axios/issues/5754";>#5754</a>) (<a href="https://github.com/axios/axios/commit/b89217e3e91de17a3d55e2b8f39ceb0e9d8aeda8";>b89217e</a>)</li> <li>silentJSONParsing=false should throw on invalid JSON (<a href="https://redirect.github.com/axios/axios/issues/7253";>#7253</a>) (<a href="https://redirect.github.com/axios/axios/issues/7257";>#7257</a>) (<a href="https://github.com/axios/axios/commit/7d19335e43d6754a1a9a66e424f7f7da259895bf";>7d19335</a>)</li> <li>turn AxiosError into a native error (<a href="https://redirect.github.com/axios/axios/issues/5394";>#5394</a>) (<a href="https://redirect.github.com/axios/axios/issues/5558";>#5558</a>) (<a href="https://github.com/axios/axios/commit/1c6a86dd2c0623ee1af043a8491dbc96d40e883b";>1c6a86d</a>)</li> <li><strong>types:</strong> add handlers to AxiosInterceptorManager interface (<a href="https://redirect.github.com/axios/axios/issues/5551";>#5551</a>) (<a href="https://github.com/axios/axios/commit/8d1271b49fc226ed7defd07cd577bd69a55bb13a";>8d1271b</a>)</li> <li><strong>types:</strong> restore AxiosError.cause type from unknown to Error (<a href="https://redirect.github.com/axios/axios/issues/7327";>#7327</a>) (<a href="https://github.com/axios/axios/commit/d8233d9e8e9a64bfba9bbe01d475ba417510b82b";>d8233d9</a>)</li> <li>unclear error message is thrown when specifying an empty proxy authorization (<a href="https://redirect.github.com/axios/axios/issues/6314";>#6314</a>) (<a href="https://github.com/axios/axios/commit/6ef867e684adf7fb2343e3b29a79078a3c76dc29";>6ef867e</a>)</li> </ul> <h3>Features</h3> <ul> <li>add <code>undefined</code> as a value in AxiosRequestConfig (<a href="https://redirect.github.com/axios/axios/issues/5560";>#5560</a>) (<a href="https://github.com/axios/axios/commit/095033c626895ecdcda2288050b63dcf948db3bd";>095033c</a>)</li> <li>add automatic minor and patch upgrades to dependabot (<a href="https://redirect.github.com/axios/axios/issues/6053";>#6053</a>) (<a href="https://github.com/axios/axios/commit/65a7584eda6164980ddb8cf5372f0afa2a04c1ed";>65a7584</a>)</li> <li>add Node.js coverage script using c8 (closes <a href="https://redirect.github.com/axios/axios/issues/7289";>#7289</a>) (<a href="https://redirect.github.com/axios/axios/issues/7294";>#7294</a>) (<a href="https://github.com/axios/axios/commit/ec9d94e9f88da13e9219acadf65061fb38ce080a";>ec9d94e</a>)</li> <li>added copilot instructions (<a href="https://github.com/axios/axios/commit/3f83143bfe617eec17f9d7dcf8bafafeeae74c26";>3f83143</a>)</li> <li>compatibility with frozen prototypes (<a href="https://redirect.github.com/axios/axios/issues/6265";>#6265</a>) (<a href="https://github.com/axios/axios/commit/860e03396a536e9b926dacb6570732489c9d7012";>860e033</a>)</li> <li>enhance pipeFileToResponse with error handling (<a href="https://redirect.github.com/axios/axios/issues/7169";>#7169</a>) (<a href="https://github.com/axios/axios/commit/88d78842541610692a04282233933d078a8a2552";>88d7884</a>)</li> <li><strong>types:</strong> Intellisense for string literals in a widened union (<a href="https://redirect.github.com/axios/axios/issues/6134";>#6134</a>) (<a href="https://github.com/axios/axios/commit/f73474d02c5aa957b2daeecee65508557fd3c6e5";>f73474d</a>), closes <a href="https://redirect.github.com//redirect.github.com/microsoft/TypeScript/issues/33471/issues/issuecomment-1376364329";>microsoft/TypeScript#33471</a></li> </ul> <h3>Reverts</h3> <ul> <li>Revert "fix: silentJSONParsing=false should throw on invalid JSON (<a href="https://redirect.github.com/axios/axios/issues/7253";>#7253</a>) (<a href="https://redirect.github.com/axios/axios/issues/7";>#7</a>…" (<a href="https://redirect.github.com/axios/axios/issues/7298";>#7298</a>) (<a href="https://github.com/axios/axios/commit/a4230f5581b3f58b6ff531b6dbac377a4fd7942a";>a4230f5</a>), closes <a href="https://redirect.github.com/axios/axios/issues/7253";>#7253</a> <a href="https://redirect.github.com/axios/axios/issues/7";>#7</a> <a href="https://redirect.github.com/axios/axios/issues/7298";>#7298</a></li> <li><strong>deps:</strong> bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (<a href="https://redirect.github.com/axios/axios/issues/7334";>#7334</a>) (<a href="https://github.com/axios/axios/commit/2d6ad5e48bd29b0b2b5e7e95fb473df98301543a";>2d6ad5e</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/ashvin2005"; title="+1752/-4 ([#7218](https://github.com/axios/axios/issues/7218) [#7218](https://github.com/axios/axios/issues/7218) )">Ashvin Tiwari</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/mochinikunj"; title="+940/-12 ([#7294](https://github.com/axios/axios/issues/7294) [#7294](https://github.com/axios/axios/issues/7294) )">Nikunj Mochi</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/imanchalsingh"; title="+544/-102 ([#7169](https://github.com/axios/axios/issues/7169) [#7185](https://github.com/axios/axios/issues/7185) )">Anchal Singh</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"; title="+317/-73 ([#7334](https://github.com/axios/axios/issues/7334) [#7298](https://github.com/axios/axios/issues/7298) )">jasonsaayman</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/brodo"; title="+99/-120 ([#5558](https://github.com/axios/axios/issues/5558) )">Julian Dax</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/AKASHDHARDUBEY"; title="+167/-0 ([#7287](https://github.com/axios/axios/issues/7287) [#7288](https://github.com/axios/axios/issues/7288) )">Akash Dhar Dubey</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/madhumitaaa"; title="+20/-68 ([#7198](https://github.com/axios/axios/issues/7198) )">Madhumita</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/Tackoil"; title="+80/-2 ([#6269](https://github.com/axios/axios/issues/6269) )">Tackoil</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/justindhillon"; title="+41/-41 ([#6324](https://github.com/axios/axios/issues/6324) [#6315](https://github.com/axios/axios/issues/6315) )">Justin Dhillon</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/Rudrxxx"; title="+71/-2 ([#7257](https://github.com/axios/axios/issues/7257) )">Rudransh</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/WuMingDao"; title="+36/-36 ([#7215](https://github.com/axios/axios/issues/7215) )">WuMingDao</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/codenomnom"; title="+70/-0 ([#7201](https://github.com/axios/axios/issues/7201) [#7201](https://github.com/axios/axios/issues/7201) )">codenomnom</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/Nandann018-ux"; title="+60/-10 ([#7272](https://github.com/axios/axios/issues/7272) )">Nandan Acharya</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/KernelDeimos"; title="+22/-40 ([#7042](https://github.com/axios/axios/issues/7042) )">Eric Dubé</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/tiborpilz"; title="+40/-4 ([#5551](https://github.com/axios/axios/issues/5551) )">Tibor Pilz</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/joaoGabriel55"; title="+31/-4 ([#6314](https://github.com/axios/axios/issues/6314) )">Gabriel Quaresma</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/turadg"; title="+23/-6 ([#6265](https://github.com/axios/axios/issues/6265) )">Turadg Aleahmad</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/29f75425f0c9f73021f5eedc869c176e30e05fe7";><code>29f7542</code></a> chore(release): prepare release 1.13.5 (<a href="https://redirect.github.com/axios/axios/issues/7379";>#7379</a>)</li> <li><a href="https://github.com/axios/axios/commit/431c3a361490a2e3d5ac5d9e08d66d4bb5f3cd2a";><code>431c3a3</code></a> ci: fix run condition (<a href="https://redirect.github.com/axios/axios/issues/7373";>#7373</a>)</li> <li><a href="https://github.com/axios/axios/commit/9ff3a78ad72ecd665a4b673686f1517d824284bf";><code>9ff3a78</code></a> ci: update ymls (<a href="https://redirect.github.com/axios/axios/issues/7372";>#7372</a>)</li> <li><a href="https://github.com/axios/axios/commit/265b71234c20fabbd6d691858c65a7e9c978659f";><code>265b712</code></a> docs: fix deprecated Buffer constructor and formatting issues in README (<a href="https://redirect.github.com/axios/axios/issues/7371";>#7371</a>)</li> <li><a href="https://github.com/axios/axios/commit/475e75a260668d227aec9f77735a49748c9041ff";><code>475e75a</code></a> feat: add input validation to isAbsoluteURL (<a href="https://redirect.github.com/axios/axios/issues/7326";>#7326</a>)</li> <li><a href="https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57";><code>28c7215</code></a> fix: Denial of Service via <strong>proto</strong> Key in mergeConfig (<a href="https://redirect.github.com/axios/axios/issues/7369";>#7369</a>)</li> <li><a href="https://github.com/axios/axios/commit/04cf01969ed58f96920da032f340bfe4614aab90";><code>04cf019</code></a> docs: clarify object check comment (<a href="https://redirect.github.com/axios/axios/issues/7323";>#7323</a>)</li> <li><a href="https://github.com/axios/axios/commit/696fa753c5366afbd21859c294c64c9ff2b359ab";><code>696fa75</code></a> fix: status is missing in AxiosError on and after v1.13.3 (<a href="https://redirect.github.com/axios/axios/issues/7368";>#7368</a>)</li> <li><a href="https://github.com/axios/axios/commit/569f028a5878faaec8d7d138ba686aac407bda4c";><code>569f028</code></a> fix: added a option to choose between legacy and the new request/response int...</li> <li><a href="https://github.com/axios/axios/commit/44b7c9f0c4900fd8784f18e871199402f07fc69f";><code>44b7c9f</code></a> chore(deps-dev): bump karma-sourcemap-loader (<a href="https://redirect.github.com/axios/axios/issues/7360";>#7360</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.13.2...v1.13.5";>compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub";>https://www.npmjs.com/~GitHub</a> Actions), a new releaser for axios since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/airflow/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
