js/retest: rebuild dist for axios 1.15.0

[Copilot]

The Dependabot bump of axios 1.13.6 → 1.15.0 (fixing CVEs #650 and #653) updated package.json/package-lock.json but left dist/index.js bundling the old version.

• js/retest/dist/index.js: regenerated via npm ci && npm run build (@vercel/ncc) — bundle now includes axios 1.15.0

Original prompt

PR #3997 (#3997) bumps axios from 1.13.6 to 1.15.0 in js/retest. This update addresses two Dependabot security alerts:

• Axios Unrestricted Cloud Metadata Exfiltration via Header Injection Chain (pants: Bump version -> 2.14.1 #650)
• Axios NO_PROXY Hostname Normalization Bypass leading to SSRF ([TESTING/WIP] temp-disable-cache #653)

The PR's CI is failing because the bundled/compiled dist files in js/retest were not regenerated to match the updated axios dependency.

Task

Check out the branch dependabot/npm_and_yarn/js/retest/axios-1.15.0 and rebuild the dist output for the js/retest package so the committed dist files match the new axios 1.15.0 dependency. Commit the resulting dist changes to the same branch so PR #3997 passes CI.

Steps

1. Navigate to js/retest.
2. Confirm the axios bump is present in package.json / package-lock.json.
3. Install dependencies (prefer npm ci with the updated lockfile; fall back to npm install if needed).
4. Run the build script defined in js/retest/package.json (e.g. npm run build) to regenerate the dist files (typically under js/retest/dist/).
5. Verify the dist output reflects the new version of axios.
6. Run any tests/lint in js/retest to confirm nothing else is broken.
7. Commit the regenerated dist files (and any updated lockfile changes, if needed) to the PR branch.

Validation

• The CI checks that were failing on PR build(deps): bump axios from 1.13.6 to 1.15.0 in /js/retest #3997 due to stale dist files should pass after your commit.
• Do NOT modify unrelated files or other packages.
• Keep commits minimal and scoped to the regenerated build artifacts.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: this fails because the js dist files need to be rebuilt - please pr to resolve

Assistant: Waiting for your response to the confirmation dialog before proceeding with creating the PR to rebuild the js/retest dist files.

User: @copilot Accepted Confirmation: Confirm agent session

Assistant: I've started a coding agent task to rebuild the js/retest dist files on the dependabot branch so PR #4011 can pass CI.

data:
    - title: '[WIP] Update dist files for follow-redirects 1.16.0'
      repository: envoyproxy/toolshed
      url: https://github.com/copilot/tasks/pull/PR_kwDOF71pj87T_adr?session_id=56680d51-8c7b-4697-8b5e-a0ee3dcdded4
      state: queued

User: same with these 2 axios deps

Assistant: Both axios CVEs (#650 Header Injection, #653 NO_PROXY/SSRF) are fixed in the single Dependabot PR #3997 (axios 1.13.6 → 1.15.0 in /js/retest). Kicking off a coding agent to rebuild the dist for that branch.

Assistant: Both axios vulnerabilities (#650 header injection and #653 NO_PROXY SSRF) are fixed by a single Dependabot PR — #3997 bumps axios from 1.13.6 → 1.15.0 in /js/retest. I've started a coding agent task to rebuild the dist files on that branch.

data:
    - title: '[WIP] Rebuild js/retest dist files for axios 1.15.0 bump (#3997)'
      repository: envoyproxy/toolshed
      url: https://github.com/envoyproxy/toolshed/pull/3997
      state: queued

This pull request was created from Copilot chat.