chore(deps): update dependency axios to v1.13.6 (master)

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
axios (source)	dependencies	minor	1.11.0 → 1.13.6

This PR resolves the vulnerabilities described in Issue #38

---

Version 1.11.0

Risk Change	Critical	High	Medium	Low
N/A	0	2	0	0

Version 1.13.6

Risk Change	Critical	High	Medium	Low
-100%	0 (--)	0 (-2 )	0 (--)	0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

---

Release Notes

axios/axios (axios)

v1.13.6

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#​5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#​7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#​7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#​7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#​7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#​7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#​7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#​7424)
• Documentation: Added missing JSDoc comments to utilities. (#​7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#​7386)
• @​ybbus (#​7392)
• @​Shiwaangee (#​7324)
• @​skrtheboss (#​7403)
• @​Janaka66 (#​7427)
• @​moh3n9595 (#​5764)
• @​digital-wizard48 (#​7424)

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#​7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#​7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

v1.13.2

Compare Source

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#​7206) (8d37233)
• http: use default export for http2 module to support stubs; (#​7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#​7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

v1.13.1

Compare Source

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#​7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

v1.13.0

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.2

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.1

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.0

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

---

• If you want to rebase/retry this PR, check this box