build(YARN): upgrade axios (and dev deps) due to cve

[niall-byrne]

Hi Henrique,

This is just a patch to update axios due to a cve that was recently reported.

It includes a few minor updates for dev dependencies, no breaking changes I can see.

Thanks again for maintaining this package, it's super useful.

Regards,

Niall

[niall-byrne]

I have found a breaking change in axios (not sure specifically which version introduced it), but I don't think it affects this project. It seems there is a change in the handling of duplicate url params- I'm not sure if this is a bug or intended behaviour.

When using url params multiple times, we were previously able to use axios by supplying an object:

const params = { name: ["niall", "henrique"] };

Now this seems to be handled with URLSearchParams:

const params = new URLSearchParams([["name", "niall"], ["name", "henrique"]]);

i.e. axios will make malformed requests now if using a plain object.
I don't believe the last.fm API uses duplicate keywords this way for anything however.

I have put together a change set for this as well, but I'm not sure it's really required.
This change did break other projects I work on, but this one might be ok. However, it might be best if you had a look as well.

Anyways, you can take a look here if you are so inclined:
https://github.com/niall-byrne/lastfm/pull/new/feature_support_axios_changes