Fix axios version to 1.14.0

[MartinWheelerMT]

What

• Fix axios version to 1.14.0 for test-suite/server.
• Regenerate package-lock.json.
• Add cooldown to Gradle in dependabot.yml## Why

Please see below details on a compromise of the npm library - axios. Action is required from all owners of npm/node projects.

Compromised versions:
axios@1.14.1
axios@0.30.4
plain-crypto-js (any version)

Step 1: Check if your pipelines were exposed
Check your CI/CD run history for any npm install or npm ci jobs that ran between 00:21 and 03:15 UTC on 31 March 2026. This determines what you need to do next.

If no runs in that window - proceed to step 2 only.
If runs did occur in that window:

Do not run npm install on any affected repo
Search package.json, package-lock.json, and yarn.lock for the above versions
Check whether node_modules/plain-crypto-js/ exists — its presence confirms the dropper executed even if the contents look clean
Rotate all credentials accessible during that pipeline run: npm tokens, AWS access keys, SSH keys, cloud credentials, and any values in .env files
Check for malware persistence on any affected runner or developer machine:

macOS: /Library/Caches/com.apple.act.mond
Windows: %PROGRAMDATA%\wt.exe
Linux: /tmp/ld.py

If any persistence artifact is found, do not attempt to clean the system — rebuild from a known-good state and reply to this email immediately
Remove node_modules/plain-crypto-js and reinstall using npm ci --ignore-scripts

Step 2: Pin axios to a known safe version:
1.14.0
0.30.3

Step 3: If your lock files are not committed to git do that now (first ensuring safe versions as above)

Step 4: Enable cooldown settings on Dependabot:
cooldown:
default-days: 7

Everyone should do steps 4. It is in the latest Actions Guidance and does not block security fixes.

Thanks,
GitHub Admins.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Internal change (non-breaking change with no effect on the functionality affecting end users)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• I have performed a self-review of my code
• I have made corresponding changes to the documentation where required
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have updated the Changelog with details of my change in the UNRELEASED section if this change affects end users.

[github-actions]

Images built and published to ECR using a Build Id of PR-311-abc81a3