Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: next, axios, fast-xml-parser and @aws-sdk/credential-providers.

Updates next from 13.5.4 to 14.2.7

Release notes

Sourced from next's releases.

v14.2.7

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Revert "chore: externalize undici for bundling" (#65727)
• Refactor internal routing headers to use request meta (#66987)
• fix(next): add cross origin in react dom preload (#67423)
• build: upgrade edge-runtime (#67565)
• GTM dataLayer parameter should take an object, not an array of strings (#66339)
• fix: properly patch lockfile against swc bindings (#66515)
• Add deployment id header for rsc payload if present (#67255)
• Update font data (#68639)
• fix i18n data pathname resolving (#68947)
• pages router: ensure x-middleware-cache is respected (#67734)
• Fix bad modRequest in flight entry manifest #68888
• Reject next image urls in image optimizer #68628
• Fix hmr assetPrefix escaping and reuse logic from other files #67983

Credits

Huge thanks to @​kjugi, @​huozhi, @​ztanner, @​SukkaW, @​marlier, @​Kikobeats, @​syi0808, @​ijjk, and @​samcx for helping!

v14.2.6

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Ensure fetch cache TTL is updated properly (#69164)

v14.2.5

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• avoid merging global css in a way that leaks into other chunk groups (#67373)
• Fix server action edge redirect with middleware rewrite (#67148)
• fix(next): reject protocol-relative URLs in image optimization (#65752)
• fix(next-swc): correct path interop to filepath for wasm (#65633)
• Use addDependency to track metadata route file changes (#66714)
• Fix noindex is missing on static not-found page (#67135)
• perf: improve retrieving versionInfo on Turbo HMR (#67309)
• fix(next/image): handle invalid url (#67465)
• fix(next): initial prefetch cache not set properly with different search params (#65977)
• fix: Backport class properties fix (#67377)
• Upgrade acorn (#67592)

Misc

• Log stdio for pull-turbo-cache script (#66759)
• Ensure turbo is setup when building in docker (#66804)

... (truncated)

Commits

• a1c3a03 v14.2.7
• d46ab2c Fix hmr assetPrefix escaping and reuse logic from other files (#67983)
• d11cbc9 Reject next image urls in image optimizer (#68628)
• 575385e Fix bad modRequest in flight entry manifest (#68888)
• 9ecf2e8 update turbopack build manifest
• 325dc4b pages router: ensure x-middleware-cache is respected (#67734)
• d3021b6 update playwright interface
• 5e6f511 fix i18n data pathname resolving (#68947)
• dd32e0f Update font data (#68639)
• 2f7fa98 Add deployment id header for rsc payload if present (#67255)
• Additional commits viewable in compare view

Updates axios from 1.6.7 to 1.7.5

Release notes

Sourced from axios's releases.

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

... (truncated)

Commits

• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• 7004707 fix(adapter): fix undefined reference to hasBrowserEnv (#6572)
• fed1a4b fix(core): fix ReferenceError: navigator is not defined for custom environm...
• 550d885 fix(fetch): fix credentials handling in Cloudflare workers (#6533)
• bcd1c6d chore(actions): fix sponsor action; (#6566)
• c8b7be5 chore(action): exclude sponsors branch from CI tests; (#6564)
• 67aa1ef chore(sponsor): update sponsor block (#6559)
• ff254a5 chore(action): change sponsors uri origin; (#6563)
• 4f99675 chore(sponsor): update sponsor block (#6558)
• Additional commits viewable in compare view

Updates fast-xml-parser from 4.2.5 to 4.4.1

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.1 / 2024-07-28

• v5 fix: maximum length limit to currency value
• fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)
• fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

• fix #654: parse attribute list correctly for self closing stop node.
• fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
• fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

• Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

• code for v5 is added for experimental use

4.3.4 / 2024-01-10

• fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

• Remove unnecessary regex

4.3.2 / 2023-10-02

• fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

• revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

• Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))
• Fix #610 ignore properties set to Object.prototype
• Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

• Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
• Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

• Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

• change code implementation

4.2.4 / 2023-06-06

• fix security bug

4.2.3 / 2023-06-05

• fix security bug

... (truncated)

Commits

• d40e29c update package detail and browser bundles
• d0bfe8a fix maxlength for currency value
• 2c14fcf Update bug-report-or-unexpected-output.md
• acf610f fix #634: build attributes with oneListGroup and attributesGroupName (#653)
• 931e910 fix: get oneListGroup to work as expected for array of strings (#662)
• b8e40c8 Update ISSUE_TEMPLATE.md
• a6265ba chore: add trend image (#658)
• db1c548 redesign README.md
• 338a2c6 Rename 1.Getting Started.md to 1.GettingStarted.md
• c762537 Rename v5 docs filenames (#659)
• Additional commits viewable in compare view

Updates @aws-sdk/credential-providers from 3.410.0 to 3.637.0

Release notes

Sourced from @​aws-sdk/credential-providers's releases.

v3.637.0

3.637.0(2024-08-22)

Chores

• util-endpoints: update aws partitions.json (9d2511b8)
• endpoints: update endpoints model (f7ad4c17)
• models: update API models (842bde9e)
• client-codestar: deprecate CodeStar (#6402) (5327273d)

Documentation Changes

• client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)

New Features

• client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
• client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
• client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
• client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
• client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)

---

For list of updated packages, view updated-packages.md in assets-3.637.0.zip

v3.636.0

3.636.0(2024-08-21)

Chores

• turbo: simplify build scripts in package.json (#6366) (614d98e1)

Documentation Changes

• link to smithy/middleware-retry in Notable Changes (#6397) (31263194)

New Features

• clients: update client endpoints as of 2024-08-21 (f8aaf1df)
• client-ses: Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for "Deliver to S3 Action" (aafc6ebd)
• client-entityresolution: Increase the mapping attributes in Schema to 35. (d038be36)
• client-glue: Add optional field JobRunQueuingEnabled to CreateJob and UpdateJob APIs. (b3bbf579)
• client-securityhub: Security Hub documentation and definition updates (17db5f7e)
• client-lambda: Release FilterCriteria encryption for Lambda EventSourceMapping, enabling customers to encrypt their filter criteria using a customer-owned KMS key. (6fff3639)
• client-ec2: DescribeInstanceStatus now returns health information on EBS volumes attached to Nitro instances (1baa7ea8)

---

... (truncated)

Changelog

Sourced from @​aws-sdk/credential-providers's changelog.

3.637.0 (2024-08-22)

Note: Version bump only for package @​aws-sdk/credential-providers

3.635.0 (2024-08-20)

Note: Version bump only for package @​aws-sdk/credential-providers

3.632.0 (2024-08-15)

Note: Version bump only for package @​aws-sdk/credential-providers

3.631.0 (2024-08-14)

Note: Version bump only for package @​aws-sdk/credential-providers

3.630.0 (2024-08-13)

Features

• credential-providers: add custom credential chain helper (#6374) (1a479dc)

3.629.0 (2024-08-12)

Note: Version bump only for package @​aws-sdk/credential-providers

... (truncated)

Commits

• ee762fe Publish v3.637.0
• 2c0f590 Publish v3.635.0
• 704fc47 Publish v3.632.0
• 4825462 Publish v3.631.0
• e11e071 Publish v3.630.0
• 26788b9 docs(credential-providers): add longer explanation about credential function ...
• 1a479dc feat(credential-providers): add custom credential chain helper (#6374)
• 31e78b5 Publish v3.629.0
• 7b4b333 Publish v3.624.0
• 2acbcdb Publish v3.623.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #5.