From 91b3e670a205ef0b98e62b1c7a8c4ccd951e8da4 Mon Sep 17 00:00:00 2001
From: Ali Jaafer <93264687+i5d6@users.noreply.github.com>
Date: Fri, 10 Apr 2026 04:29:09 +0300
Subject: [PATCH] Update axios and proxy-from-env versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [axios](https://github.com/axios/axios) from 1.13.6 to 1.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p>
<blockquote>
<h2>v1.15.0</h2>
<p>This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Deprecation:</strong> <code>url.parse()</code> usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (<strong><a href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
</ul>
<h2>🔒 Security Fixes</h2>
<ul>
<li><strong>Proxy Handling:</strong> Fixed a <code>no_proxy</code> hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (<strong><a href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</li>
<li><strong>Header Injection:</strong> Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (<strong><a href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Support:</strong> Added compatibility checks and documentation for Deno and Bun environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10653">#10653</a></strong>)</li>
</ul>
<h2>🔧 Maintenance &amp; Chores</h2>
<ul>
<li><strong>CI Security:</strong> Hardened workflow permissions to least privilege, added the <code>zizmor</code> security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li>
<li><strong>Dependencies:</strong> Bumped <code>serialize-javascript</code>, <code>handlebars</code>, <code>picomatch</code>, <code>vite</code>, and <code>denoland/setup-deno</code> to latest versions. Added a 7-day Dependabot cooldown period. (<strong><a href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>)</li>
<li><strong>Documentation:</strong> Unified docs, improved <code>beforeRedirect</code> credential leakage example, clarified <code>withCredentials</code>/<code>withXSRFToken</code> behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10649">#10649</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7471">#7471</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong>Housekeeping:</strong> Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (<strong><a href="https://redirect.github.com/axios/axios/issues/10584">#10584</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10650">#10650</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10582">#10582</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10640">#10640</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10659">#10659</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10668">#10668</a></strong>)</li>
<li><strong>Tests:</strong> Added regression coverage for urlencoded <code>Content-Type</code> casing. (<strong><a href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
</ul>
<h2>🌟 New Contributors</h2>
<p>We are thrilled to welcome our new contributors. Thank you for helping improve Axios:</p>
<ul>
<li><strong><a href="https://github.com/raashish1601"><code>@​raashish1601</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li>
<li><strong><a href="https://github.com/Kilros0817"><code>@​Kilros0817</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li>
<li><strong><a href="https://github.com/ashstrc"><code>@​ashstrc</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</li>
<li><strong><a href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li>
<li><strong><a href="https://github.com/theamodhshetty"><code>@​theamodhshetty</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>)</li>
</ul>
<h2>v1.14.0</h2>
<p>This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.</p>
<h2>⚠️ Important Changes</h2>
<ul>
<li><strong>Breaking Changes:</strong> None identified in this release.</li>
<li><strong>Action Required:</strong> If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably <code>proxy-from-env</code> v2 alignment and <code>main</code> entry compatibility fix).</li>
</ul>
<h2>🚀 New Features</h2>
<ul>
<li><strong>Runtime Features:</strong> No new end-user features were introduced in this release.</li>
<li><strong>Test Coverage Expansion:</strong> Added broader smoke/module test coverage for CJS and ESM package usage. (<a href="https://redirect.github.com/axios/axios/pull/7510">#7510</a>)</li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li><strong>Headers:</strong> Trim trailing CRLF in normalised header values. (<a href="https://redirect.github.com/axios/axios/pull/7456">#7456</a>)</li>
<li><strong>HTTP/2:</strong> Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (<a href="https://redirect.github.com/axios/axios/pull/7457">#7457</a>)</li>
<li><strong>Fetch Adapter:</strong> Cancel <code>ReadableStream</code> created during request-stream capability probing to prevent async resource leaks. (<a href="https://redirect.github.com/axios/axios/pull/7515">#7515</a>)</li>
<li><strong>Proxy Handling:</strong> Fixed env proxy behavior with <code>proxy-from-env</code> v2 usage. (<a href="https://redirect.github.com/axios/axios/pull/7499">#7499</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3">1.13.3</a> (2026-01-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>http2:</strong> Use port 443 for HTTPS connections by default. (<a href="https://redirect.github.com/axios/axios/issues/7256">#7256</a>) (<a href="https://github.com/axios/axios/commit/d7e60653460480ffacecf85383012ca1baa6263e">d7e6065</a>)</li>
<li><strong>interceptor:</strong> handle the error in the same interceptor (<a href="https://redirect.github.com/axios/axios/issues/6269">#6269</a>) (<a href="https://github.com/axios/axios/commit/5945e40bb171d4ac4fc195df276cf952244f0f89">5945e40</a>)</li>
<li>main field in package.json should correspond to cjs artifacts (<a href="https://redirect.github.com/axios/axios/issues/5756">#5756</a>) (<a href="https://github.com/axios/axios/commit/7373fbff24cd92ce650d99ff6f7fe08c2e2a0a04">7373fbf</a>)</li>
<li><strong>package.json:</strong> add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (<a href="https://redirect.github.com/axios/axios/issues/5754">#5754</a>) (<a href="https://github.com/axios/axios/commit/b89217e3e91de17a3d55e2b8f39ceb0e9d8aeda8">b89217e</a>)</li>
<li>silentJSONParsing=false should throw on invalid JSON (<a href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>) (<a href="https://redirect.github.com/axios/axios/issues/7257">#7257</a>) (<a href="https://github.com/axios/axios/commit/7d19335e43d6754a1a9a66e424f7f7da259895bf">7d19335</a>)</li>
<li>turn AxiosError into a native error (<a href="https://redirect.github.com/axios/axios/issues/5394">#5394</a>) (<a href="https://redirect.github.com/axios/axios/issues/5558">#5558</a>) (<a href="https://github.com/axios/axios/commit/1c6a86dd2c0623ee1af043a8491dbc96d40e883b">1c6a86d</a>)</li>
<li><strong>types:</strong> add handlers to AxiosInterceptorManager interface (<a href="https://redirect.github.com/axios/axios/issues/5551">#5551</a>) (<a href="https://github.com/axios/axios/commit/8d1271b49fc226ed7defd07cd577bd69a55bb13a">8d1271b</a>)</li>
<li><strong>types:</strong> restore AxiosError.cause type from unknown to Error (<a href="https://redirect.github.com/axios/axios/issues/7327">#7327</a>) (<a href="https://github.com/axios/axios/commit/d8233d9e8e9a64bfba9bbe01d475ba417510b82b">d8233d9</a>)</li>
<li>unclear error message is thrown when specifying an empty proxy authorization (<a href="https://redirect.github.com/axios/axios/issues/6314">#6314</a>) (<a href="https://github.com/axios/axios/commit/6ef867e684adf7fb2343e3b29a79078a3c76dc29">6ef867e</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add <code>undefined</code> as a value in AxiosRequestConfig (<a href="https://redirect.github.com/axios/axios/issues/5560">#5560</a>) (<a href="https://github.com/axios/axios/commit/095033c626895ecdcda2288050b63dcf948db3bd">095033c</a>)</li>
<li>add automatic minor and patch upgrades to dependabot (<a href="https://redirect.github.com/axios/axios/issues/6053">#6053</a>) (<a href="https://github.com/axios/axios/commit/65a7584eda6164980ddb8cf5372f0afa2a04c1ed">65a7584</a>)</li>
<li>add Node.js coverage script using c8 (closes <a href="https://redirect.github.com/axios/axios/issues/7289">#7289</a>) (<a href="https://redirect.github.com/axios/axios/issues/7294">#7294</a>) (<a href="https://github.com/axios/axios/commit/ec9d94e9f88da13e9219acadf65061fb38ce080a">ec9d94e</a>)</li>
<li>added copilot instructions (<a href="https://github.com/axios/axios/commit/3f83143bfe617eec17f9d7dcf8bafafeeae74c26">3f83143</a>)</li>
<li>compatibility with frozen prototypes (<a href="https://redirect.github.com/axios/axios/issues/6265">#6265</a>) (<a href="https://github.com/axios/axios/commit/860e03396a536e9b926dacb6570732489c9d7012">860e033</a>)</li>
<li>enhance pipeFileToResponse with error handling (<a href="https://redirect.github.com/axios/axios/issues/7169">#7169</a>) (<a href="https://github.com/axios/axios/commit/88d78842541610692a04282233933d078a8a2552">88d7884</a>)</li>
<li><strong>types:</strong> Intellisense for string literals in a widened union (<a href="https://redirect.github.com/axios/axios/issues/6134">#6134</a>) (<a href="https://github.com/axios/axios/commit/f73474d02c5aa957b2daeecee65508557fd3c6e5">f73474d</a>), closes <a href="https://redirect.github.com//redirect.github.com/microsoft/TypeScript/issues/33471/issues/issuecomment-1376364329">microsoft/TypeScript#33471</a></li>
</ul>
<h3>Reverts</h3>
<ul>
<li>Revert &quot;fix: silentJSONParsing=false should throw on invalid JSON (<a href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>) (<a href="https://redirect.github.com/axios/axios/issues/7">#7</a>…&quot; (<a href="https://redirect.github.com/axios/axios/issues/7298">#7298</a>) (<a href="https://github.com/axios/axios/commit/a4230f5581b3f58b6ff531b6dbac377a4fd7942a">a4230f5</a>), closes <a href="https://redirect.github.com/axios/axios/issues/7253">#7253</a> <a href="https://redirect.github.com/axios/axios/issues/7">#7</a> <a href="https://redirect.github.com/axios/axios/issues/7298">#7298</a></li>
<li><strong>deps:</strong> bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (<a href="https://redirect.github.com/axios/axios/issues/7334">#7334</a>) (<a href="https://github.com/axios/axios/commit/2d6ad5e48bd29b0b2b5e7e95fb473df98301543a">2d6ad5e</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/ashvin2005" title="+1752/-4 ([#7218](https://github.com/axios/axios/issues/7218) [#7218](https://github.com/axios/axios/issues/7218) )">Ashvin Tiwari</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mochinikunj" title="+940/-12 ([#7294](https://github.com/axios/axios/issues/7294) [#7294](https://github.com/axios/axios/issues/7294) )">Nikunj Mochi</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/imanchalsingh" title="+544/-102 ([#7169](https://github.com/axios/axios/issues/7169) [#7185](https://github.com/axios/axios/issues/7185) )">Anchal Singh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman" title="+317/-73 ([#7334](https://github.com/axios/axios/issues/7334) [#7298](https://github.com/axios/axios/issues/7298) )">jasonsaayman</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/brodo" title="+99/-120 ([#5558](https://github.com/axios/axios/issues/5558) )">Julian Dax</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/AKASHDHARDUBEY" title="+167/-0 ([#7287](https://github.com/axios/axios/issues/7287) [#7288](https://github.com/axios/axios/issues/7288) )">Akash Dhar Dubey</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/madhumitaaa" title="+20/-68 ([#7198](https://github.com/axios/axios/issues/7198) )">Madhumita</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Tackoil" title="+80/-2 ([#6269](https://github.com/axios/axios/issues/6269) )">Tackoil</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/justindhillon" title="+41/-41 ([#6324](https://github.com/axios/axios/issues/6324) [#6315](https://github.com/axios/axios/issues/6315) )">Justin Dhillon</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Rudrxxx" title="+71/-2 ([#7257](https://github.com/axios/axios/issues/7257) )">Rudransh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/WuMingDao" title="+36/-36 ([#7215](https://github.com/axios/axios/issues/7215) )">WuMingDao</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/codenomnom" title="+70/-0 ([#7201](https://github.com/axios/axios/issues/7201) [#7201](https://github.com/axios/axios/issues/7201) )">codenomnom</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Nandann018-ux" title="+60/-10 ([#7272](https://github.com/axios/axios/issues/7272) )">Nandan Acharya</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/KernelDeimos" title="+22/-40 ([#7042](https://github.com/axios/axios/issues/7042) )">Eric Dubé</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/tiborpilz" title="+40/-4 ([#5551](https://github.com/axios/axios/issues/5551) )">Tibor Pilz</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/joaoGabriel55" title="+31/-4 ([#6314](https://github.com/axios/axios/issues/6314) )">Gabriel Quaresma</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/turadg" title="+23/-6 ([#6265](https://github.com/axios/axios/issues/6265) )">Turadg Aleahmad</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7"><code>772a4e5</code></a> chore(release): prepare release 1.15.0 (<a href="https://redirect.github.com/axios/axios/issues/10671">#10671</a>)</li>
<li><a href="https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22"><code>4b07137</code></a> chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (<a href="https://redirect.github.com/axios/axios/issues/10663">#10663</a>)</li>
<li><a href="https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6"><code>51e57b3</code></a> chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (<a href="https://redirect.github.com/axios/axios/issues/10664">#10664</a>)</li>
<li><a href="https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa"><code>fba1a77</code></a> chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (<a href="https://redirect.github.com/axios/axios/issues/10665">#10665</a>)</li>
<li><a href="https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e"><code>0bf6e28</code></a> chore(deps): bump denoland/setup-deno in the github-actions group (<a href="https://redirect.github.com/axios/axios/issues/10669">#10669</a>)</li>
<li><a href="https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661"><code>8107157</code></a> chore(deps-dev): bump the development_dependencies group with 4 updates (<a href="https://redirect.github.com/axios/axios/issues/10670">#10670</a>)</li>
<li><a href="https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542"><code>e66530e</code></a> ci: require npm-publish environment for releases (<a href="https://redirect.github.com/axios/axios/issues/10666">#10666</a>)</li>
<li><a href="https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2"><code>49f23cb</code></a> chore(sponsor): update sponsor block (<a href="https://redirect.github.com/axios/axios/issues/10668">#10668</a>)</li>
<li><a href="https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"><code>3631854</code></a> fix: unrestricted cloud metadata exfiltration via header injection chain (<a href="https://redirect.github.com/axios/axios/issues/10">#10</a>...</li>
<li><a href="https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"><code>fb3befb</code></a> fix: no_proxy hostname normalization bypass leads to ssrf (<a href="https://redirect.github.com/axios/axios/issues/10661">#10661</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.13.6...v1.15.0">compare view</a></li>
</ul>
</details>
<details>
<summary>Install script changes</summary>
<p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.13.6&new-version=1.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />
---
 package-lock.json | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a1f5e84..2b5e02c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2488,16 +2488,15 @@
       }
     },
     "node_modules/axios": {
-      "version": "1.13.6",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz",
-      "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==",
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz",
+      "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==",
       "dev": true,
-      "license": "MIT",
       "peer": true,
       "dependencies": {
         "follow-redirects": "^1.15.11",
         "form-data": "^4.0.5",
-        "proxy-from-env": "^1.1.0"
+        "proxy-from-env": "^2.1.0"
       }
     },
     "node_modules/balanced-match": {
@@ -6485,12 +6484,14 @@
       }
     },
     "node_modules/proxy-from-env": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
+      "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
       "dev": true,
-      "license": "MIT",
-      "peer": true
+      "peer": true,
+      "engines": {
+        "node": ">=10"
+      }
     },
     "node_modules/punycode": {
       "version": "2.3.1",
@@ -10036,15 +10037,15 @@
       }
     },
     "axios": {
-      "version": "1.13.6",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.6.tgz",
-      "integrity": "sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==",
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz",
+      "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==",
       "dev": true,
       "peer": true,
       "requires": {
         "follow-redirects": "^1.15.11",
         "form-data": "^4.0.5",
-        "proxy-from-env": "^1.1.0"
+        "proxy-from-env": "^2.1.0"
       }
     },
     "balanced-match": {
@@ -12860,9 +12861,9 @@
       }
     },
     "proxy-from-env": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
+      "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
       "dev": true,
       "peer": true
     },