Bump axios and bump-cli

[dependabot]

Bumps axios to 1.13.5 and updates ancestor dependency bump-cli. These dependencies need to be updated together.

Updates axios from 0.27.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates bump-cli from 2.5.0 to 2.9.11

Release notes

Sourced from bump-cli's releases.

v2.9.11 (2026-01-30) Overlay JSON Path compliance with RFC 9535

🐛 The overlay command has a better support of JSON path

Thanks to @​atamano's new release of jsonpathly (the node library we use to parse JSON paths), the overlay command now supports JSON path functions described by RFC 9535 and fixes an issue in JSON path filtering. See the list of changes for JSON path here. And big thanks to @​jeremyfiel and @​jamietanna too for reporting those issues and fixing them all!

Internal

• Use the new API token authentication mechanism instead of basic auth when interacting with the Bump.sh API
• dependencies upgrade

Have fun designing APIs ✨ !

v2.9.10 (2026-01-13) Dependencies update and core signature update

This release has no user facing impact. It contains

• dependencies update
• a change in the code/diff library which now accepts two lists of overlay files if necessary

v2.9.8 (2025-07-29) Fix overlays during directory deployments

🐛 Overlays with bump deploy directory/

This release is a tiny bug fix to be able to use the --overlay flags during a deployment of a directory.

E.g.

bump deploy --hub my-hub --overlay my-overlay.yml directory/ 

Will deploy all specification files of the format <api_name>-api.[format] inside the directory/ directory while applying the my-overlay.yml overlay on each deployed documentation.

v2.9.7 (2025-07-22) Fix authenticated diffs with overlays

This release is a direct follow-up to the latest 2.9.6 release where the “authenticated diffs” were forgotten in the new possibility to apply overlays to a diff command.

From now on, all diffs support the --overlay flags (both public & authenticated diffs)

v2.9.6 (2025-07-21) Fixes and extended support for overlays

🐛 Two bug fixes around overlays

• The overlay output will not output yaml anchors anymore. Cf bump-sh/cli#709 for details.
• Using $refs inside an overlay file will now work as expected during a bump deploy my-openapi.yml --overlay my-overlay.yml command. Meaning we now send external refs from the overlay file correctly during deployments. More details inin bump-sh/cli#722

🆕 New feature on overlays: they can now be applied within the diff command

• The diff command now supports --overlay flag. Aligning with the existing behavior of the bump deploy command, you can now call the bump diff command with overlays. This will apply the given overlay(s) to the previous and next versions being compared. All details in bump-sh/cli#710

Dependencies upgrade

As usual, we've updated some external JS dependencies.

---

... (truncated)

Commits

• 90ee7d5 2.9.11
• f9d9202 Merge pull request #786 from paulRbr/use-new-token-based-auth
• a71a854 api: use token based authorization method
• 37f4b20 deps: upgrade dev dependencies
• 13c8fb0 Merge pull request #784 from bump-sh/dependabot/npm_and_yarn/types/chai-5.2.3
• abd7136 Merge pull request #785 from bump-sh/dependabot/npm_and_yarn/axios-1.13.4
• 42eda51 build(deps): bump axios from 1.13.2 to 1.13.4
• 7a0fa61 build(deps-dev): bump @​types/chai from 5.2.2 to 5.2.3
• 31ffe46 Merge pull request #777 from bump-sh/dependabot/npm_and_yarn/oclif/core-4.8.0
• 6056b9a build(deps): bump @​oclif/core from 4.5.1 to 4.8.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #25.