Bump axios, govuk-prototype-kit and notifications-node-client

[dependabot]

Bumps axios to 1.13.5 and updates ancestor dependencies axios, govuk-prototype-kit and notifications-node-client. These dependencies need to be updated together.

Updates axios from 0.21.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates govuk-prototype-kit from 13.12.1 to 13.18.1

Updates notifications-node-client from 5.2.3 to 8.2.1

Changelog

Sourced from notifications-node-client's changelog.

8.2.1 - 2024-07-03

• Fix a bug where an internal API client function isn't being exposed in the library.

8.2.0 - 2024-05-17

• Add support for providing a custom underlying Axios client via setClient.

8.1.0 - 2024-05-09

• The sendEmail function can now be passed oneClickUnsubscribeURL as an optional argument.

8.0.0 - 2023-12-27

• Remove the default is_csv boolean parameter from prepareUpload. This method now accepts a file and an options map with the following options. For more specific information please read the documentation.
  • filename (string) - specify the document's filename upon download
  • confirm_email_before_download (boolean) - require the user to enter their email address before the file can be downloaded.
  • retention_period (string) - how long Notify should make the file available to the user for.

7.0.6 - 2023-11-13

• Bump axios from 1.2.6 to 1.6.1

7.0.5 - 2023-11-13

• Fix a few cases of assignment to undeclared (global) variables

7.0.4 - 2023-11-10

• Bump axios to the 1.x branch to address CVE-2023-45857. Due to underlying changes in Axios you may have to explicitly set the protocol property when constructing your proxyConfig object, if using a proxy.

7.0.3 - 2023-07-21

• Bump word-wrap from 1.2.3 to 1.2.4 to address CVE-2023-26115.

7.0.2 - 2023-07-13

• Bump semver from 5.7.1 to 5.7.2

7.0.1 - 2023-07-13

• Fix a bug with default behaviour for confirmEmailBeforeDownload, which coalesced false to null.

7.0.0 - 2023-01-12

• Remove support for node versions below v14.17.3.

6.0.0 - 2022-12-22

• Bump jsonwebtokens from 8.5.1 to 9.0.0 to mitigate CVE-2022-23529. We don't believe this CVE affects any use-cases of notifications-node-client; this update is out of best-practice rather than any direct concern.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.