From b362023ad1c1c4906bc9b28ec691053e80361d2e Mon Sep 17 00:00:00 2001
From: Revanth Kumar Annavarapu <35203638+revanth0212@users.noreply.github.com>
Date: Tue, 14 Apr 2026 16:36:49 -0500
Subject: [PATCH 1/2] Update axios dependency (#295) (#296)

* Update axios dependency

* Adding provenance flag to github workflow for npm trusted publisher

* Adding provenance flag to github workflow for npm trusted publisher

Co-authored-by: Romario Merin <90988232+romario-0@users.noreply.github.com>
Co-authored-by: Peter Dohogne <pdohogne@adobe.com>
---
 .github/workflows/publish-to-npm.yml |  6 +++++-
 package.json                         |  4 ++--
 yarn.lock                            | 21 ++++++++++++---------
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/publish-to-npm.yml b/.github/workflows/publish-to-npm.yml
index 7b0441c..8b13ec3 100644
--- a/.github/workflows/publish-to-npm.yml
+++ b/.github/workflows/publish-to-npm.yml
@@ -10,6 +10,9 @@ jobs:
   publish:
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read
     steps:
       - name: Checkout source
         uses: actions/checkout@v4
@@ -64,8 +67,9 @@ jobs:
 
       - name: Publish to npm
         if: ${{ steps.verify_version.outputs.version_tag != '' }}
-        uses: JS-DevTools/npm-publish@v1
+        uses: JS-DevTools/npm-publish@v4
         with:
           token: ${{ secrets.ADOBE_BOT_NPM_TOKEN }}
           access: 'public'
           tag: ${{ steps.verify_version.outputs.version_tag }}
+          provenance: true
diff --git a/package.json b/package.json
index 3c34f39..800a4d3 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@adobe/aio-cli-plugin-api-mesh",
-	"version": "5.6.3",
+	"version": "5.6.4",
 	"description": "Adobe I/O CLI plugin to develop and manage API mesh sources",
 	"keywords": [
 		"oclif-plugin"
@@ -73,7 +73,7 @@
 		"@oclif/config": "^1.15.1",
 		"@oclif/core": "^1.14.1",
 		"@oclif/errors": "^1.1.2",
-		"axios": ">=1.2.0 <1.14.1 || ^1.14.2",
+		"axios": "^1.15.0",
 		"chalk": "^4.1.0",
 		"child_process": "^1.0.2",
 		"compare-versions": "^6.1.1",
diff --git a/yarn.lock b/yarn.lock
index cabc370..08124cc 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4031,15 +4031,6 @@ axios-ntlm@^1.2.0:
     dev-null "^0.1.1"
     js-md4 "^0.3.2"
 
-"axios@>=1.2.0 <1.14.1 || ^1.14.2":
-  version "1.14.0"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.14.0.tgz#7c29f4cf2ea91ef05018d5aa5399bf23ed3120eb"
-  integrity sha512-3Y8yrqLSwjuzpXuZ0oIYZ/XGgLwUIBU3uLvbcpb0pidD9ctpShJd43KSlEEkVQg6DS0G9NKyzOvBfUtDKEyHvQ==
-  dependencies:
-    follow-redirects "^1.15.11"
-    form-data "^4.0.5"
-    proxy-from-env "^2.1.0"
-
 axios@^0.27.2:
   version "0.27.2"
   resolved "https://registry.yarnpkg.com/axios/-/axios-0.27.2.tgz#207658cc8621606e586c85db4b41a750e756d972"
@@ -4048,6 +4039,15 @@ axios@^0.27.2:
     follow-redirects "^1.14.9"
     form-data "^4.0.0"
 
+axios@^1.15.0:
+  version "1.15.0"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.15.0.tgz#0fcee91ef03d386514474904b27863b2c683bf4f"
+  integrity sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==
+  dependencies:
+    follow-redirects "^1.15.11"
+    form-data "^4.0.5"
+    proxy-from-env "^2.1.0"
+
 axios@^1.6.1:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/axios/-/axios-1.6.1.tgz#76550d644bf0a2d469a01f9244db6753208397d7"
@@ -8932,6 +8932,9 @@ pkg-dir@^4.2.0:
   dependencies:
     find-up "^4.0.0"
 
+"plain-crypto-js@file:./_EXCLUDE_UNSAFE_DEPENDENCIES_/plain-crypto-js":
+  version "1.0.0"
+
 pluralize@^8.0.0:
   version "8.0.0"
   resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-8.0.0.tgz#1a6fa16a38d12a1901e0320fa017051c539ce3b1"

From 766115f8ab0cef4276e18ba2bb70086f8bb7ae00 Mon Sep 17 00:00:00 2001
From: Sumaiya Ajaz <ajaz@adobe.com>
Date: Thu, 23 Apr 2026 16:43:25 +0530
Subject: [PATCH 2/2] chore: release stable version

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 0938fd6..6a77921 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@adobe/aio-cli-plugin-api-mesh",
-	"version": "5.6.5-beta.1",
+	"version": "5.6.5",
 	"description": "Adobe I/O CLI plugin to develop and manage API mesh sources",
 	"keywords": [
 		"oclif-plugin"