patch: bump vulnerable dependencies

[raulkele]

What type of PR is this?
dependency update

Which issue does this PR fix:

What does this PR do / Why do we need it:

• Update axios dependency
• fix tag with dependencies integration test flakyness
• updated node js target for build and test workflows to 18.x
  If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:

Testing done on this change:

Automation added to e2e:

Will this break upgrades or downgrades. Has updating a running cluster been tested?:

Does this change require updates to the CNI daemonset config files to work?:

Does this PR introduce any user-facing change?:

Issue with the test was unrelated to axios upgrade, it was caused by some flakiness introduced in our manifest select feature. Not sure why it didn't bother the test until now, but the exact same issue was affecting the tag with dependents test a while back, so I implemented a similar fix here.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[andaaron]

@raulkele can you also update https://github.com/project-zot/zui/blob/main/.github/workflows/coverage.yml#L12? I am not sure the test/coverage failure is because of the node version or something in the libraries themselves

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.24%. Comparing base (c78b303) to head (e08c868).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #442      +/-   ##
==========================================
- Coverage   85.00%   84.24%   -0.77%     
==========================================
  Files          63       63              
  Lines        1961     1961              
  Branches      532      532              
==========================================
- Hits         1667     1652      -15     
- Misses        284      296      +12     
- Partials       10       13       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[raulkele]

After much tinkering managed to get it working it seems to be a known issue with older versions of node with jest specifically when generating coverage. Updated our targets for 20.x

I'm not sure what the reported licensing issue is about and I don't seem to have required permissions to check.

[andaaron]

I'm not sure what the reported licensing issue is about and I don't seem to have required permissions to check.

In short the tooling detected a GPL2 license for one of the 3rd party packages. But in the source code the original devs mention you can choose between BSD3 and GPL2, so we are fine.