chore(deps): bump axios from 1.13.5 to 1.16.1 (#636)

Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.16.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.1 — May 13, 2026</h2>
<p>This release ships a defence-in-depth fix for prototype pollution in
<code>formDataToJSON</code>, hardens proxy and CI workflows, restores
Webpack 4 compatibility for the fetch adapter, and includes several
small bug fixes and maintenance improvements.</p>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened
<code>formDataToJSON</code> against already-polluted
<code>Object.prototype</code> by walking own properties only, so
attacker-controlled keys inherited from a poisoned prototype cannot
propagate through deserialization. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS
request data could be transmitted in cleartext to an HTTP proxy under
certain configurations. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10858">#10858</a></strong>)</li>
<li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches
as a defence-in-depth measure against cache poisoning vectors in the
build pipeline. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10882">#10882</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Data URI Parsing:</strong> Updated the
<code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing
edge cases in <code>data:</code> URL handling. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong>Unicode Headers:</strong> Preserved Unicode header values
when running through request interceptors, so non-ASCII header content
is no longer corrupted before dispatch. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10850">#10850</a></strong>)</li>
<li><strong>XHR Upload Progress:</strong> Guarded against malformed
<code>ProgressEvent</code> payloads emitted by some environments during
XHR upload, preventing crashes when <code>loaded</code> /
<code>total</code> are missing or invalid. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an &quot;unexpected
token&quot; error caused by syntax in the fetch adapter that Webpack 4
could not parse, restoring compatibility for legacy bundler users.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10864">#10864</a></strong>)</li>
<li><strong>Type Definitions:</strong> Made <code>parseReviver</code>
<code>context.source</code> optional in the type definitions to align
with the ES2023 specification. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10837">#10837</a></strong>)</li>
<li><strong>URL Object Support Reverted:</strong> Reverted the change
that allowed passing a <code>URL</code> object as
<code>config.url</code> (originally <strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)
due to regressions; this support will be reintroduced in a later release
once the underlying issues are addressed. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10874">#10874</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Cycle Detection Refactor:</strong> Replaced the array-based
cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>,
improving performance and memory behaviour on large nested structures.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10832">#10832</a></strong>)</li>
<li><strong>composeSignals Cleanup:</strong> Refactored
<code>composeSignals</code> to use a clearer early-return structure,
simplifying the cancellation/abort composition path. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10844">#10844</a></strong>)</li>
<li><strong>AI Readiness &amp; Repo Docs:</strong> Added
<code>AGENTS.md</code> and related contributor-guide updates for both
human and AI agents, plus post-release documentation improvements.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10835">#10835</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10841">#10841</a></strong>)</li>
<li><strong>Docs Improvements:</strong> Clarified the GET request
example, fixed the interceptor <code>eject</code> example to reference
the correct instance, and corrected the Buzzoid sponsor description in
the README. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in
the sponsor processing script, added the ability to inject additional
sponsors, updated the sponsorship link, and added a Twicsy advertisement
entry. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10843">#10843</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10859">#10859</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10869">#10869</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code>
from 20.5.0 to 20.5.2. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10846">#10846</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/hpinmetaverse"><code>@​hpinmetaverse</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>)</li>
<li><strong><a
href="https://github.com/tommyhgunz14"><code>@​tommyhgunz14</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li>
<li><strong><a
href="https://github.com/abhu85"><code>@​abhu85</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li>
<li><strong><a
href="https://github.com/divyanshuraj1095"><code>@​divyanshuraj1095</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>)</li>
<li><strong><a
href="https://github.com/sagodi97"><code>@​sagodi97</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li>
<li><strong><a
href="https://github.com/rkdfx"><code>@​rkdfx</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li>
<li><strong><a
href="https://github.com/Liuwei1125"><code>@​Liuwei1125</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)</li>
</ul>
<p><a
href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">Full
Changelog</a></p>
<h2>v1.16.0 — May 2, 2026</h2>
<p>This release adds support for the QUERY HTTP method and a new
<code>ECONNREFUSED</code> error constant, lands a substantial wave of
HTTP, fetch, and XHR adapter bug fixes around redirects, aborts,
headers, and timeouts, and welcomes 23 new contributors.</p>
<h2>⚠️ Notable Changes</h2>
<p>A handful of fixes in this release are either security-adjacent or
change observable behaviour. Please review before upgrading:</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v1.16.0 — May 2, 2026</h2>
<p>This release adds support for the QUERY HTTP method and a new
<code>ECONNREFUSED</code> error constant, lands a substantial wave of
HTTP, fetch, and XHR adapter bug fixes around redirects, aborts,
headers, and timeouts, and welcomes 23 new contributors.</p>
<h2>⚠️ Notable Changes</h2>
<p>A handful of fixes in this release are either security-adjacent or
change observable behaviour. Please review before upgrading:</p>
<ul>
<li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and
<code>maxContentLength</code>.</strong> These limits were silently
ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as
a safety net (DoS protection, accidental large uploads) had no
protection. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li>
<li><strong>Proxy requests now preserve user-supplied <code>Host</code>
headers.</strong> Previously, the proxy path could overwrite a custom
<code>Host</code>. Virtual-host-style routing through a proxy will now
behave correctly. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li>
<li><strong>Basic auth credentials embedded in URLs are now
URL-decoded.</strong> If you have percent-encoded credentials in a URL
(e.g. <code>https://user:p%40ss@host</code>), the decoded value is what
now goes on the wire. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong><code>parseProtocol</code> now strictly requires a colon in
the protocol separator.</strong> Strings that loosely parsed as
protocols before may no longer match. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Deprecated <code>unescape()</code> replaced with modern
UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct;
consumers depending on legacy <code>unescape()</code> quirks may see
different output bytes. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong><code>transformRequest</code> input typing change was
reverted.</strong> The typing change introduced in <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
was reverted in <a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a>
after follow-up review — net behavior is unchanged from 1.15.2.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP
method across adapters and type definitions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li>
<li><strong>ECONNREFUSED Error Constant:</strong> Exposed
<code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so
callers can match connection-refused failures without comparing string
literals (closes <a
href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>).
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li>
<li><strong>Encode Helper Export:</strong> Exported the internal
<code>encode</code> helper from <code>buildURL</code> so userland param
serializers can reuse the same encoding logic that axios uses
internally. (<strong><a
href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>HTTP Adapter — Redirects &amp; Headers:</strong> Cleared
stale headers when a redirect targets a no-proxy host, fixed the
redirect listener chain so listeners no longer stack across hops,
restored the missing <code>requestDetails</code> argument on
<code>beforeRedirect</code>, preserved user-supplied <code>Host</code>
headers when forwarding through a proxy, and properly URL-decoded basic
auth credentials. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li>
<li><strong>HTTP Adapter — Streams &amp; Timeouts:</strong> Preserved
the partial response object on <code>AxiosError</code> when a stream is
aborted after headers arrive, honoured the <code>timeout</code> option
during the connect phase when redirects are disabled, and resolved an
unsettled-promise hang when an aborted request was combined with
compression and <code>maxRedirects: 0</code>. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li>
<li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code>
/ <code>maxContentLength</code> in the fetch adapter, set the
<code>User-Agent</code> header to match the HTTP adapter, preserved the
original abort reason instead of replacing it with a generic error, and
deferred global access so importing the module no longer throws a
<code>TypeError</code> in restricted environments. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li>
<li><strong>XHR Adapter:</strong> Unsubscribed the
<code>cancelToken</code> and <code>AbortSignal</code> listeners on the
error, timeout, and abort code paths to prevent leaked subscriptions.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
<li><strong>Error Handling:</strong> Attached the parsed response to
<code>AxiosError</code> when <code>JSON.parse</code> fails inside
<code>dispatchRequest</code>, prevented <code>settle</code> from
emitting <code>undefined</code> error codes, and tightened the
<code>parseProtocol</code> regex to require a colon in the protocol
separator. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li>
<li><strong>Types &amp; Exports:</strong> Aligned the CommonJS
<code>CancelToken</code> typings with the ESM build, fixed a compiler
error caused by <code>RawAxiosHeaders</code>, and re-exported
<code>create</code> from the package index. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li>
<li><strong>UTF-8 Encoding:</strong> Replaced the deprecated
<code>unescape()</code> call with a modern UTF-8 encoding
implementation. (<strong><a
href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li>
<li><strong>Misc Cleanup:</strong> Resolved a batch of small
inconsistencies and gadget-level issues across the codebase. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>Refactor — ES6 Modernisation:</strong> Modernised the
<code>utils</code> module and XHR adapter to use ES6 features, and
tidied the multipart boundary error message. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to
fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform
support for the pipe tests, and corrected an incorrect test assumption.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li>
<li><strong>Docs:</strong> Documented
<code>paramsSerializer.encode</code> for strict RFC 3986 query encoding,
updated the <code>parseReviver</code> TypeScript definitions and
configuration docs for ES2023, added timeout guidance to the README's
first async example, and expanded notes around the recent type changes.
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li>
<li><strong>Reverted:</strong> Reverted the
<code>transformRequest</code> input typing change from <a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a>
after follow-up review. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped
<code>actions/setup-node</code>, the <code>github-actions</code> group,
and <code>postcss</code> (in <code>/docs</code>) to their latest
versions. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li>
<li><strong>Release:</strong> Updated changelog and packages, and
prepared the 1.16.0 release. (<strong><a
href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>,
<strong><a
href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for
helping improve axios:</p>
<ul>
<li><strong><a
href="https://github.com/singhankit001"><code>@​singhankit001</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li>
<li><strong><a
href="https://github.com/cuiweixie"><code>@​cuiweixie</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li>
<li><strong><a
href="https://github.com/iruizsalinas"><code>@​iruizsalinas</code></a></strong>
(<strong><a
href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197"><code>1337d6b</code></a>
chore(release): prepare release 1.16.1 (<a
href="https://redirect.github.com/axios/axios/issues/10877">#10877</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e"><code>858a790</code></a>
fix: remove all caches (<a
href="https://redirect.github.com/axios/axios/issues/10882">#10882</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa"><code>34adfd9</code></a>
revert: &quot;fix: support URL object as config.url input (<a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)&quot;
(<a
href="https://redirect.github.com/axios/axios/issues/10874">#10874</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f"><code>847d89b</code></a>
fix: support URL object as config.url input (<a
href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212"><code>4094886</code></a>
fix(progress): guard malformed XHR upload events (<a
href="https://redirect.github.com/axios/axios/issues/10868">#10868</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7"><code>44f0c5b</code></a>
chore: change sponsorship link and add Twicsy advertisement (<a
href="https://redirect.github.com/axios/axios/issues/10869">#10869</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6"><code>64e1095</code></a>
chore: update PR and issue template to use h2 (<a
href="https://redirect.github.com/axios/axios/issues/10865">#10865</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280"><code>3e6b4e1</code></a>
fix: error unexpected token in fetch JS compatibility issue with Webpack
4 (#...</li>
<li><a
href="https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129"><code>c4453ba</code></a>
fix: add the ability to add additional sponsors to the process sponsors
scrip...</li>
<li><a
href="https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793"><code>caa00a9</code></a>
fix: https data in cleartext to proxy (<a
href="https://redirect.github.com/axios/axios/issues/10858">#10858</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.13.5...v1.16.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.13.5&new-version=1.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/reflagcom/javascript/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

yarn.lock

@@ -10453,13 +10453,14 @@ __metadata:
   linkType: hard
 
 "axios@npm:^1.6.0":
-  version: 1.8.4
-  resolution: "axios@npm:1.8.4"
+  version: 1.16.1
+  resolution: "axios@npm:1.16.1"
   dependencies:
-    follow-redirects: "npm:^1.15.6"
-    form-data: "npm:^4.0.0"
-    proxy-from-env: "npm:^1.1.0"
-  checksum: 10c0/450993c2ba975ffccaf0d480b68839a3b2435a5469a71fa2fb0b8a55cdb2c2ae47e609360b9c1e2b2534b73dfd69e2733a1cf9f8215bee0bcd729b72f801b0ce
+    follow-redirects: "npm:^1.16.0"
+    form-data: "npm:^4.0.5"
+    https-proxy-agent: "npm:^5.0.1"
+    proxy-from-env: "npm:^2.1.0"
+  checksum: 10c0/2f77e37e6552bbff8a772d058fb09500198e9188c6b20dc799d82dbe12a8cb506f6eed4e4e62a9ba612a35cbab496faa26d68f9bff14a53af6d15c3e136391a7
   languageName: node
   linkType: hard
 
@@ -14093,7 +14094,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11, follow-redirects@npm:^1.15.6":
+"follow-redirects@npm:^1.0.0, follow-redirects@npm:^1.15.11, follow-redirects@npm:^1.16.0":
   version: 1.16.0
   resolution: "follow-redirects@npm:1.16.0"
   peerDependenciesMeta:
@@ -15170,7 +15171,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"https-proxy-agent@npm:^5.0.0":
+"https-proxy-agent@npm:^5.0.0, https-proxy-agent@npm:^5.0.1":
   version: 5.0.1
   resolution: "https-proxy-agent@npm:5.0.1"
   dependencies:
@@ -20583,6 +20584,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"proxy-from-env@npm:^2.1.0":
+  version: 2.1.0
+  resolution: "proxy-from-env@npm:2.1.0"
+  checksum: 10c0/ed01729fd4d094eab619cd7e17ce3698b3413b31eb102c4904f9875e677cd207392795d5b4adee9cec359dfd31c44d5ad7595a3a3ad51c40250e141512281c58
+  languageName: node
+  linkType: hard
+
 "psl@npm:^1.1.33":
   version: 1.9.0
   resolution: "psl@npm:1.9.0"