From e8f3b9c8f2fc756419e86e2ccc145a2a7fa6b97c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Feb 2026 11:12:10 -0800
Subject: [PATCH] chore(deps): bump axios from 1.13.4 to 1.13.5 in
/docs/en/samples/pre_post_processing/js/langchain (#2510)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [axios](https://github.com/axios/axios) from 1.13.4 to 1.13.5.
Release notes
Sourced from axios's
releases.
v1.13.5
Release 1.13.5
Highlights
- Security: Fixed a potential Denial of
Service issue involving the
__proto__ key in
mergeConfig. (PR #7369)
- Bug fix: Resolved an issue where
AxiosError could be missing the status field
on and after v1.13.3. (PR #7368)
Changes
Security
- Fix Denial of Service via
__proto__ key in
mergeConfig. (PR #7369)
Fixes
- Fix/5657. (PR #7313)
- Ensure
status is present in AxiosError on
and after v1.13.3. (PR #7368)
Features / Improvements
- Add input validation to
isAbsoluteURL. (PR #7326)
- Refactor: bump minor package versions. (PR #7356)
Documentation
- Clarify object-check comment. (PR #7323)
- Fix deprecated
Buffer constructor usage and README
formatting. (PR #7371)
CI / Maintenance
- Chore: fix issues with YAML. (PR #7355)
- CI: update workflow YAMLs. (PR #7372)
- CI: fix run condition. (PR #7373)
- Dev deps: bump
karma-sourcemap-loader from 0.3.8 to
0.4.0. (PR #7360)
- Chore(release): prepare release 1.13.5. (PR #7379)
New Contributors
Full Changelog: https://github.com/axios/axios/compare/v1.13.4...v1.13.5
Commits
29f7542
chore(release): prepare release 1.13.5 (#7379)431c3a3
ci: fix run condition (#7373)9ff3a78
ci: update ymls (#7372)265b712
docs: fix deprecated Buffer constructor and formatting issues in README
(#7371)475e75a
feat: add input validation to isAbsoluteURL (#7326)28c7215
fix: Denial of Service via proto Key in mergeConfig (#7369)04cf019
docs: clarify object check comment (#7323)696fa75
fix: status is missing in AxiosError on and after v1.13.3 (#7368)569f028
fix: added a option to choose between legacy and the new
request/response int...44b7c9f
chore(deps-dev): bump karma-sourcemap-loader (#7360)- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/googleapis/genai-toolbox/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.../js/langchain/package-lock.json | 21 +++++--------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/docs/en/samples/pre_post_processing/js/langchain/package-lock.json b/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
index 8eed2a79ea8..27ed1a7601e 100644
--- a/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
+++ b/docs/en/samples/pre_post_processing/js/langchain/package-lock.json
@@ -217,13 +217,13 @@
"license": "MIT"
},
"node_modules/axios": {
- "version": "1.13.4",
- "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.4.tgz",
- "integrity": "sha512-1wVkUaAO6WyaYtCkcYCOx12ZgpGf9Zif+qXa4n+oYzK558YryKqiL6UWwd5DqiH3VRW0GYhTZQ/vlgJrCoNQlg==",
+ "version": "1.13.5",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
+ "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
"license": "MIT",
"dependencies": {
- "follow-redirects": "^1.15.6",
- "form-data": "^4.0.4",
+ "follow-redirects": "^1.15.11",
+ "form-data": "^4.0.5",
"proxy-from-env": "^1.1.0"
}
},
@@ -1598,17 +1598,6 @@
"funding": {
"url": "https://github.com/sponsors/colinhacks"
}
- },
- "node_modules/zod-to-json-schema": {
- "version": "3.25.1",
- "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz",
- "integrity": "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==",
- "license": "ISC",
- "optional": true,
- "peer": true,
- "peerDependencies": {
- "zod": "^3.25 || ^4"
- }
}
}
}