chore(deps): update dependency axios to v1.11.0 [security] (#47)

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [axios](https://axios-http.com)
([source](https://redirect.github.com/axios/axios)) | [`1.10.0` ->
`1.11.0`](https://renovatebot.com/diffs/npm/axios/1.10.0/1.11.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/axios/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/1.10.0/1.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[GHSA-rm8p-cx58-hcvx](https://redirect.github.com/axios/axios/security/advisories/GHSA-rm8p-cx58-hcvx)

### Summary
A critical vulnerability exists in the form-data package used by
`[email protected]`. The issue allows an attacker to predict multipart
boundary values generated using `Math.random()`, opening the door to
HTTP parameter pollution or injection attacks.

This was submitted in [issue
#​6969](https://redirect.github.com/axios/axios/issues/6969) and
addressed in [pull request
#​6970](https://redirect.github.com/axios/axios/pull/6970).

### Details
The vulnerable package `[email protected]` is used by `[email protected]` as a
transitive dependency. It uses non-secure, deterministic randomness
(`Math.random()`) to generate multipart boundary strings.

This flaw is tracked under [Snyk Advisory
SNYK-JS-FORMDATA-10841150](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150)
and
[CVE-2025-7783](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150).

Affected `form-data` versions:
- <2.5.4
- >=3.0.0 <3.0.4
- >=4.0.0 <4.0.4

Since `[email protected]` pulls in `[email protected]`, it is exposed to this
issue.

### PoC
1. Install Axios: - `npm install [email protected]`
2.Run `snyk test`:
```
Tested 104 dependencies for known issues, found 1 issue, 1 vulnerable path.

✗ Predictable Value Range from Previous Values [Critical Severity]
in [email protected] via [email protected] > [email protected]

```
3. Trigger a multipart/form-data request. Observe the boundary header
uses predictable random values, which could be exploited in a targeted
environment.

### Impact

- **Vulnerability Type**: Predictable Value / HTTP Parameter Pollution
- **Risk**: Critical (CVSS 9.4)
- **Impacted Users**: Any application using [email protected] to submit
multipart form-data

This could potentially allow attackers to:
- Interfere with multipart request parsing
- Inject unintended parameters
- Exploit backend deserialization logic depending on content boundaries

### Related Links
[GitHub Issue
#&#8203;6969](https://redirect.github.com/axios/axios/issues/6969)

[Pull Request #xxxx](https://redirect.github.com/axios/axios/pull/xxxx)
(replace with actual link)

[Snyk Advisory](https://security.snyk.io/vuln/SNYK-JS-FORMDATA-10841150)

[form-data on npm](https://www.npmjs.com/package/form-data)

---

### Release Notes

<details>
<summary>axios/axios (axios)</summary>

###
[`v1.11.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#1110-2025-07-22)

[Compare
Source](https://redirect.github.com/axios/axios/compare/v1.10.0...v1.11.0)

##### Bug Fixes

- form-data npm pakcage
([#&#8203;6970](https://redirect.github.com/axios/axios/issues/6970))
([e72c193](https://redirect.github.com/axios/axios/commit/e72c193722530db538b19e5ddaaa4544d226b253))
- prevent RangeError when using large Buffers
([#&#8203;6961](https://redirect.github.com/axios/axios/issues/6961))
([a2214ca](https://redirect.github.com/axios/axios/commit/a2214ca1bc60540baf2c80573cea3a0ff91ba9d1))
- **types:** resolve type discrepancies between ESM and CJS TypeScript
declaration files
([#&#8203;6956](https://redirect.github.com/axios/axios/issues/6956))
([8517aa1](https://redirect.github.com/axios/axios/commit/8517aa16f8d082fc1d5309c642220fa736159110))

##### Contributors to this release

- <img
src="https://avatars.githubusercontent.com/u/12534341?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [izzy
goldman](https://redirect.github.com/izzygld "+186/-93 (#&#8203;6970 )")
- <img
src="https://avatars.githubusercontent.com/u/142807367?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Manish
Sahani](https://redirect.github.com/manishsahanidev "+70/-0
(#&#8203;6961 )")
- <img
src="https://avatars.githubusercontent.com/u/189505037?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Noritaka
Kobayashi](https://redirect.github.com/noritaka1166 "+12/-10
(#&#8203;6938 #&#8203;6939 )")
- <img
src="https://avatars.githubusercontent.com/u/392612?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [James
Nail](https://redirect.github.com/jrnail23 "+13/-2 (#&#8203;6956 )")
- <img
src="https://avatars.githubusercontent.com/u/163745239?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/>
[Tejaswi1305](https://redirect.github.com/Tejaswi1305 "+1/-1
(#&#8203;6894 )")

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/emartech/json-logger-js).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40MC4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDAuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

package-lock.json

@@ -50,7 +50,7 @@
     "@types/sinon-chai": "3.2.12",
     "@typescript-eslint/eslint-plugin": "5.62.0",
     "@typescript-eslint/parser": "5.62.0",
-    "axios": "1.10.0",
+    "axios": "1.11.0",
     "chai": "4.5.0",
     "eslint": "8.57.1",
     "eslint-config-emarsys": "5.1.0",