From 4fb5b34a5a7d84a6b3e02cb8494672ea1da7eba6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 10 Feb 2026 17:04:04 +0000
Subject: [PATCH] chore(deps): bump axios from 1.12.2 to 1.13.5 in
 /docs/en/getting-started/quickstart/js/genkit (#2442)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [axios](https://github.com/axios/axios) from 1.12.2 to 1.13.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.13.5</h2>
<h2>Release 1.13.5</h2>
<h3>Highlights</h3>
<ul>
<li><strong>Security:</strong> Fixed a potential <strong>Denial of
Service</strong> issue involving the <code>__proto__</code> key in
<code>mergeConfig</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7369">#7369</a>)</li>
<li><strong>Bug fix:</strong> Resolved an issue where
<code>AxiosError</code> could be missing the <code>status</code> field
on and after <strong>v1.13.3</strong>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7368">#7368</a>)</li>
</ul>
<h3>Changes</h3>
<h4>Security</h4>
<ul>
<li>Fix Denial of Service via <code>__proto__</code> key in
<code>mergeConfig</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7369">#7369</a>)</li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Fix/5657. (PR <a
href="https://redirect.github.com/axios/axios/pull/7313">#7313</a>)</li>
<li>Ensure <code>status</code> is present in <code>AxiosError</code> on
and after v1.13.3. (PR <a
href="https://redirect.github.com/axios/axios/pull/7368">#7368</a>)</li>
</ul>
<h4>Features / Improvements</h4>
<ul>
<li>Add input validation to <code>isAbsoluteURL</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7326">#7326</a>)</li>
<li>Refactor: bump minor package versions. (PR <a
href="https://redirect.github.com/axios/axios/pull/7356">#7356</a>)</li>
</ul>
<h4>Documentation</h4>
<ul>
<li>Clarify object-check comment. (PR <a
href="https://redirect.github.com/axios/axios/pull/7323">#7323</a>)</li>
<li>Fix deprecated <code>Buffer</code> constructor usage and README
formatting. (PR <a
href="https://redirect.github.com/axios/axios/pull/7371">#7371</a>)</li>
</ul>
<h4>CI / Maintenance</h4>
<ul>
<li>Chore: fix issues with YAML. (PR <a
href="https://redirect.github.com/axios/axios/pull/7355">#7355</a>)</li>
<li>CI: update workflow YAMLs. (PR <a
href="https://redirect.github.com/axios/axios/pull/7372">#7372</a>)</li>
<li>CI: fix run condition. (PR <a
href="https://redirect.github.com/axios/axios/pull/7373">#7373</a>)</li>
<li>Dev deps: bump <code>karma-sourcemap-loader</code> from 0.3.8 to
0.4.0. (PR <a
href="https://redirect.github.com/axios/axios/pull/7360">#7360</a>)</li>
<li>Chore(release): prepare release 1.13.5. (PR <a
href="https://redirect.github.com/axios/axios/pull/7379">#7379</a>)</li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/sachin11063"><code>@​sachin11063</code></a>
(first contribution — PR <a
href="https://redirect.github.com/axios/axios/pull/7323">#7323</a>)</li>
<li><a
href="https://github.com/asmitha-16"><code>@​asmitha-16</code></a>
(first contribution — PR <a
href="https://redirect.github.com/axios/axios/pull/7326">#7326</a>)</li>
</ul>
<p><strong>Full Changelog:</strong> <a
href="https://github.com/axios/axios/compare/v1.13.4...v1.13.5">https://github.com/axios/axios/compare/v1.13.4...v1.13.5</a></p>
<h2>v1.13.4</h2>
<h2>Overview</h2>
<p>The release addresses issues discovered in v1.13.3 and includes
significant CI/CD improvements.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/axios/axios/compare/v1.13.3...v1.13.4">v1.13.3...v1.13.4</a></p>
<h2>What's New in v1.13.4</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fix: issues with version 1.13.3</strong> (<a
href="https://redirect.github.com/axios/axios/issues/7352">#7352</a>)
(<a
href="https://github.com/axios/axios/commit/ee90dfc28abffbb61e24974b2bd3139a4a40ac76">ee90dfc</a>)
<ul>
<li>Fixed issues discovered in v1.13.3 release</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3">1.13.3</a>
(2026-01-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>http2:</strong> Use port 443 for HTTPS connections by
default. (<a
href="https://redirect.github.com/axios/axios/issues/7256">#7256</a>)
(<a
href="https://github.com/axios/axios/commit/d7e60653460480ffacecf85383012ca1baa6263e">d7e6065</a>)</li>
<li><strong>interceptor:</strong> handle the error in the same
interceptor (<a
href="https://redirect.github.com/axios/axios/issues/6269">#6269</a>)
(<a
href="https://github.com/axios/axios/commit/5945e40bb171d4ac4fc195df276cf952244f0f89">5945e40</a>)</li>
<li>main field in package.json should correspond to cjs artifacts (<a
href="https://redirect.github.com/axios/axios/issues/5756">#5756</a>)
(<a
href="https://github.com/axios/axios/commit/7373fbff24cd92ce650d99ff6f7fe08c2e2a0a04">7373fbf</a>)</li>
<li><strong>package.json:</strong> add 'bun' package.json 'exports'
condition. Load the Node.js build in Bun instead of the browser build
(<a
href="https://redirect.github.com/axios/axios/issues/5754">#5754</a>)
(<a
href="https://github.com/axios/axios/commit/b89217e3e91de17a3d55e2b8f39ceb0e9d8aeda8">b89217e</a>)</li>
<li>silentJSONParsing=false should throw on invalid JSON (<a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7257">#7257</a>)
(<a
href="https://github.com/axios/axios/commit/7d19335e43d6754a1a9a66e424f7f7da259895bf">7d19335</a>)</li>
<li>turn AxiosError into a native error (<a
href="https://redirect.github.com/axios/axios/issues/5394">#5394</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/5558">#5558</a>)
(<a
href="https://github.com/axios/axios/commit/1c6a86dd2c0623ee1af043a8491dbc96d40e883b">1c6a86d</a>)</li>
<li><strong>types:</strong> add handlers to AxiosInterceptorManager
interface (<a
href="https://redirect.github.com/axios/axios/issues/5551">#5551</a>)
(<a
href="https://github.com/axios/axios/commit/8d1271b49fc226ed7defd07cd577bd69a55bb13a">8d1271b</a>)</li>
<li><strong>types:</strong> restore AxiosError.cause type from unknown
to Error (<a
href="https://redirect.github.com/axios/axios/issues/7327">#7327</a>)
(<a
href="https://github.com/axios/axios/commit/d8233d9e8e9a64bfba9bbe01d475ba417510b82b">d8233d9</a>)</li>
<li>unclear error message is thrown when specifying an empty proxy
authorization (<a
href="https://redirect.github.com/axios/axios/issues/6314">#6314</a>)
(<a
href="https://github.com/axios/axios/commit/6ef867e684adf7fb2343e3b29a79078a3c76dc29">6ef867e</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add <code>undefined</code> as a value in AxiosRequestConfig (<a
href="https://redirect.github.com/axios/axios/issues/5560">#5560</a>)
(<a
href="https://github.com/axios/axios/commit/095033c626895ecdcda2288050b63dcf948db3bd">095033c</a>)</li>
<li>add automatic minor and patch upgrades to dependabot (<a
href="https://redirect.github.com/axios/axios/issues/6053">#6053</a>)
(<a
href="https://github.com/axios/axios/commit/65a7584eda6164980ddb8cf5372f0afa2a04c1ed">65a7584</a>)</li>
<li>add Node.js coverage script using c8 (closes <a
href="https://redirect.github.com/axios/axios/issues/7289">#7289</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7294">#7294</a>)
(<a
href="https://github.com/axios/axios/commit/ec9d94e9f88da13e9219acadf65061fb38ce080a">ec9d94e</a>)</li>
<li>added copilot instructions (<a
href="https://github.com/axios/axios/commit/3f83143bfe617eec17f9d7dcf8bafafeeae74c26">3f83143</a>)</li>
<li>compatibility with frozen prototypes (<a
href="https://redirect.github.com/axios/axios/issues/6265">#6265</a>)
(<a
href="https://github.com/axios/axios/commit/860e03396a536e9b926dacb6570732489c9d7012">860e033</a>)</li>
<li>enhance pipeFileToResponse with error handling (<a
href="https://redirect.github.com/axios/axios/issues/7169">#7169</a>)
(<a
href="https://github.com/axios/axios/commit/88d78842541610692a04282233933d078a8a2552">88d7884</a>)</li>
<li><strong>types:</strong> Intellisense for string literals in a
widened union (<a
href="https://redirect.github.com/axios/axios/issues/6134">#6134</a>)
(<a
href="https://github.com/axios/axios/commit/f73474d02c5aa957b2daeecee65508557fd3c6e5">f73474d</a>),
closes <a
href="https://redirect.github.com//redirect.github.com/microsoft/TypeScript/issues/33471/issues/issuecomment-1376364329">microsoft/TypeScript#33471</a></li>
</ul>
<h3>Reverts</h3>
<ul>
<li>Revert &quot;fix: silentJSONParsing=false should throw on invalid
JSON (<a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7">#7</a>…&quot;
(<a
href="https://redirect.github.com/axios/axios/issues/7298">#7298</a>)
(<a
href="https://github.com/axios/axios/commit/a4230f5581b3f58b6ff531b6dbac377a4fd7942a">a4230f5</a>),
closes <a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a> <a
href="https://redirect.github.com/axios/axios/issues/7">#7</a> <a
href="https://redirect.github.com/axios/axios/issues/7298">#7298</a></li>
<li><strong>deps:</strong> bump peter-evans/create-pull-request from 7
to 8 in the github-actions group (<a
href="https://redirect.github.com/axios/axios/issues/7334">#7334</a>)
(<a
href="https://github.com/axios/axios/commit/2d6ad5e48bd29b0b2b5e7e95fb473df98301543a">2d6ad5e</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/ashvin2005"
title="+1752/-4 ([#7218](https://github.com/axios/axios/issues/7218)
[#7218](https://github.com/axios/axios/issues/7218) )">Ashvin
Tiwari</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mochinikunj"
title="+940/-12 ([#7294](https://github.com/axios/axios/issues/7294)
[#7294](https://github.com/axios/axios/issues/7294) )">Nikunj
Mochi</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/imanchalsingh"
title="+544/-102 ([#7169](https://github.com/axios/axios/issues/7169)
[#7185](https://github.com/axios/axios/issues/7185) )">Anchal
Singh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+317/-73 ([#7334](https://github.com/axios/axios/issues/7334)
[#7298](https://github.com/axios/axios/issues/7298)
)">jasonsaayman</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/brodo"
title="+99/-120 ([#5558](https://github.com/axios/axios/issues/5558)
)">Julian Dax</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/AKASHDHARDUBEY" title="+167/-0
([#7287](https://github.com/axios/axios/issues/7287)
[#7288](https://github.com/axios/axios/issues/7288) )">Akash Dhar
Dubey</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/madhumitaaa"
title="+20/-68 ([#7198](https://github.com/axios/axios/issues/7198)
)">Madhumita</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Tackoil"
title="+80/-2 ([#6269](https://github.com/axios/axios/issues/6269)
)">Tackoil</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/justindhillon"
title="+41/-41 ([#6324](https://github.com/axios/axios/issues/6324)
[#6315](https://github.com/axios/axios/issues/6315) )">Justin
Dhillon</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Rudrxxx"
title="+71/-2 ([#7257](https://github.com/axios/axios/issues/7257)
)">Rudransh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/WuMingDao"
title="+36/-36 ([#7215](https://github.com/axios/axios/issues/7215)
)">WuMingDao</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/codenomnom"
title="+70/-0 ([#7201](https://github.com/axios/axios/issues/7201)
[#7201](https://github.com/axios/axios/issues/7201)
)">codenomnom</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Nandann018-ux"
title="+60/-10 ([#7272](https://github.com/axios/axios/issues/7272)
)">Nandan Acharya</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/KernelDeimos"
title="+22/-40 ([#7042](https://github.com/axios/axios/issues/7042)
)">Eric Dubé</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/tiborpilz"
title="+40/-4 ([#5551](https://github.com/axios/axios/issues/5551)
)">Tibor Pilz</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/joaoGabriel55"
title="+31/-4 ([#6314](https://github.com/axios/axios/issues/6314)
)">Gabriel Quaresma</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/turadg"
title="+23/-6 ([#6265](https://github.com/axios/axios/issues/6265)
)">Turadg Aleahmad</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/29f75425f0c9f73021f5eedc869c176e30e05fe7"><code>29f7542</code></a>
chore(release): prepare release 1.13.5 (<a
href="https://redirect.github.com/axios/axios/issues/7379">#7379</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/431c3a361490a2e3d5ac5d9e08d66d4bb5f3cd2a"><code>431c3a3</code></a>
ci: fix run condition (<a
href="https://redirect.github.com/axios/axios/issues/7373">#7373</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/9ff3a78ad72ecd665a4b673686f1517d824284bf"><code>9ff3a78</code></a>
ci: update ymls (<a
href="https://redirect.github.com/axios/axios/issues/7372">#7372</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/265b71234c20fabbd6d691858c65a7e9c978659f"><code>265b712</code></a>
docs: fix deprecated Buffer constructor and formatting issues in README
(<a
href="https://redirect.github.com/axios/axios/issues/7371">#7371</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/475e75a260668d227aec9f77735a49748c9041ff"><code>475e75a</code></a>
feat: add input validation to isAbsoluteURL (<a
href="https://redirect.github.com/axios/axios/issues/7326">#7326</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"><code>28c7215</code></a>
fix: Denial of Service via <strong>proto</strong> Key in mergeConfig (<a
href="https://redirect.github.com/axios/axios/issues/7369">#7369</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/04cf01969ed58f96920da032f340bfe4614aab90"><code>04cf019</code></a>
docs: clarify object check comment (<a
href="https://redirect.github.com/axios/axios/issues/7323">#7323</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/696fa753c5366afbd21859c294c64c9ff2b359ab"><code>696fa75</code></a>
fix: status is missing in AxiosError on and after v1.13.3 (<a
href="https://redirect.github.com/axios/axios/issues/7368">#7368</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/569f028a5878faaec8d7d138ba686aac407bda4c"><code>569f028</code></a>
fix: added a option to choose between legacy and the new
request/response int...</li>
<li><a
href="https://github.com/axios/axios/commit/44b7c9f0c4900fd8784f18e871199402f07fc69f"><code>44b7c9f</code></a>
chore(deps-dev): bump karma-sourcemap-loader (<a
href="https://redirect.github.com/axios/axios/issues/7360">#7360</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.12.2...v1.13.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for axios since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.12.2&new-version=1.13.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/genai-toolbox/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .../quickstart/js/genkit/package-lock.json      | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/docs/en/getting-started/quickstart/js/genkit/package-lock.json b/docs/en/getting-started/quickstart/js/genkit/package-lock.json
index 1b00f903e3..cdb5744245 100644
--- a/docs/en/getting-started/quickstart/js/genkit/package-lock.json
+++ b/docs/en/getting-started/quickstart/js/genkit/package-lock.json
@@ -3351,13 +3351,13 @@
       "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
     },
     "node_modules/axios": {
-      "version": "1.12.2",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
-      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
+      "version": "1.13.5",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
+      "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
       "license": "MIT",
       "dependencies": {
-        "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.4",
+        "follow-redirects": "^1.15.11",
+        "form-data": "^4.0.5",
         "proxy-from-env": "^1.1.0"
       }
     },
@@ -4248,9 +4248,10 @@
       }
     },
     "node_modules/form-data": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
-      "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+      "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
+      "license": "MIT",
       "dependencies": {
         "asynckit": "^0.4.0",
         "combined-stream": "^1.0.8",