Skip to content

Bump axios from 1.13.2 to 1.13.5#1714

Merged
isc-bsaviano merged 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-1.13.5
Feb 11, 2026
Merged

Bump axios from 1.13.2 to 1.13.5#1714
isc-bsaviano merged 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-1.13.5

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 11, 2026

Bumps axios from 1.13.2 to 1.13.5.

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

  • Fix/5657. (PR #7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

  • Add input validation to isAbsoluteURL. (PR #7326)
  • Refactor: bump minor package versions. (PR #7356)

Documentation

  • Clarify object-check comment. (PR #7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

  • Chore: fix issues with YAML. (PR #7355)
  • CI: update workflow YAMLs. (PR #7372)
  • CI: fix run condition. (PR #7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
  • Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

  • fix: issues with version 1.13.3 (#7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 29f7542 chore(release): prepare release 1.13.5 (#7379)
  • 431c3a3 ci: fix run condition (#7373)
  • 9ff3a78 ci: update ymls (#7372)
  • 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
  • 475e75a feat: add input validation to isAbsoluteURL (#7326)
  • 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
  • 04cf019 docs: clarify object check comment (#7323)
  • 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
  • 569f028 fix: added a option to choose between legacy and the new request/response int...
  • 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump axios from 1.13.2 to 1.13.5
564b5da 
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 11, 2026
@dependabot dependabot bot requested a review from isc-bsaviano as a code owner February 11, 2026 12:51
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 11, 2026
@isc-bsaviano isc-bsaviano merged commit 9dd222a into master Feb 11, 2026
3 checks passed
@isc-bsaviano isc-bsaviano deleted the dependabot/npm_and_yarn/axios-1.13.5 branch February 11, 2026 12:53
LeoAnders added a commit to consistem/vscode-objectscript that referenced this pull request Feb 17, 2026
@LeoAnders @isc-bsaviano
@dependabot @gjsjohnmurray @bot @isc-klu
Merge remote-tracking branch 'upstream/master' into chore/sync-upstre…
1e6a750 
…am (#94)

* Prevent users from accidentally opening multiple copies of the same class or routine (intersystems-community#1666)

* Fix opening server-side generated INT routines (intersystems-community#1668)

* Fix running unit tests from a root test item (intersystems-community#1669)

* Bump js-yaml from 4.1.0 to 4.1.1 (intersystems-community#1670)

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump glob from 11.0.1 to 11.1.0 (intersystems-community#1673)

Bumps [glob](https://github.com/isaacs/node-glob) from 11.0.1 to 11.1.0.
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](isaacs/node-glob@v11.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix automatic refresh of server-side documents after save and compile (intersystems-community#1678)

* Fix `Show Plan` for IRIS 2026.1+ (intersystems-community#1679)

* Insert file stub snippet when creating a new class or routine using client-side editing (intersystems-community#1681)

* chore: `npm audit fix` (intersystems-community#1682)

* Trigger server-side source control `OpenedDocument` UserAction after a project is modified (intersystems-community#1685)

* Remove barely used configuration settings (intersystems-community#1683)

* Prepare 3.4.0 release (intersystems-community#1692)

* auto bump version with release

* Add `Func` suffix to `Copy Invocation` result for Queries (intersystems-community#1695)

* Fix extension activation when clicking on InterSystems view container in an empty workspace folder (intersystems-community#1694)

* Update contributing guidelines (intersystems-community#1700)

* Remove UI component dependency from REST debugging Webview (intersystems-community#1702)

* Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 (intersystems-community#1708)

Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.

---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Integrate new BPL Editor (intersystems-community#1699)

* Adopt new VS Code APIs to improve QuickPicks (intersystems-community#1709)

* Support deleting folders (intersystems-community#1705)

Fix intersystems-community#1638 and improve maintainability

---------

Co-authored-by: klu <kc.lu@intersystems.com>

* Fix mapping of client-side DFI file to its document name (intersystems-community#1711)

* Move command to export Project contents to Command Palette (intersystems-community#1707)

* Bump webpack from 5.98.0 to 5.105.0 (intersystems-community#1712)

Bumps [webpack](https://github.com/webpack/webpack) from 5.98.0 to 5.105.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack@v5.98.0...v5.105.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.105.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove barely used commands (intersystems-community#1710)

* Bump axios from 1.13.2 to 1.13.5 (intersystems-community#1714)

Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Open all web links in Integrated Browser (intersystems-community#1713)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Brett Saviano <bsaviano@intersystems.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: John Murray <johnm@georgejames.com>
Co-authored-by: ProjectBot <bot@users.noreply.github.com>
Co-authored-by: Kuang-Chen (KC) Lu <klu@intersystems.com>
Co-authored-by: klu <kc.lu@intersystems.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isc-bsaviano isc-bsaviano isc-bsaviano approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@isc-bsaviano

Comments