[Snyk] Fix for 2 vulnerabilities

[schalla0791]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	703
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

[dryrunsecurity]

DryRun Security Summary

A dependency update PR for multiple packages introduces potential security considerations, including version upgrades for axios, shelljs, and new dependencies that require careful security review and input validation.

Expand for full summary

The PR updates package.json and package-lock.json with dependency version upgrades for axios, shelljs, and other packages, introducing potential security considerations.

Security Findings:

1. Axios Update (1.3.4 → 1.8.2): Potential security patches that require review of changelog
2. ShellJS Update (0.8.5 → 0.9.0): Potential command injection risks when executing shell commands
3. Newly added dependencies like cross-spawn, execa, and npm-run-path require input validation and careful usage to prevent potential security vulnerabilities

View PR in the DryRun Dashboard.