chore(deps): bump axios and openclaw

[dependabot]

Removes axios. It's no longer used after updating ancestor dependency openclaw. These dependencies need to be updated together.

Removes axios

Updates openclaw from 2026.3.11 to 2026.5.12

Release notes

Sourced from openclaw's releases.

openclaw 2026.5.12

Highlights

• Leaner installs: WhatsApp, Slack, Amazon Bedrock, Anthropic Vertex, and related provider/plugin dependency cones moved out of the core runtime so installs only pull what you use.
• Telegram got much more resilient: isolated polling, durable local spooling, safer group-media handling, and preserved HTML/Markdown formatting in streamed and scheduled replies.
• Codex/OpenAI paths are smoother: auth-profile-backed media tools, MCP server projection, context-engine thread rotation, and better app-server/runtime fallback behavior.
• Plugin installs and updates are harder to wedge, with pnpm 11 support, peer-dependency preservation, safer runtime scans, and source/git install fixes.
• Gateway, browser, Slack, node pairing, sandbox, and transcript paths picked up a broad security/provenance hardening pass.
• UI and reply delivery improved across Control UI, WebChat, TUI, rich-only replies, session history, and streaming auto-scroll.

Changes

• Amazon Bedrock: externalize the Bedrock and Bedrock Mantle provider packages so core installs no longer pull AWS SDK dependencies unless those providers are installed.
• Plugins: externalize Slack, OpenShell sandbox, and Anthropic Vertex so their runtime dependency cones install only when those plugins are installed.
• Control UI/WebChat: add a persisted auto-scroll mode selector so users can keep the current near-bottom behavior, always follow streaming output, or turn automatic streaming scroll off and use the New messages button manually. Fixes #7648 and #81287. Thanks @​BunsDev.
• ACP: add acp.fallbacks so ACP turns can try configured backup runtime backends when the primary backend is unavailable before any output is emitted. (#69542) Thanks @​kaseonedge.

Fixes

• Doctor/Codex: stop warning that the message tool is unavailable for source-reply paths where OpenClaw grants message at runtime, keeping update and doctor output aligned with the OpenAI happy path. Thanks @​pashpashpash.
• Channels/Weixin: bump the external Weixin catalog entry to @tencent-weixin/openclaw-weixin@2.4.3 with the matching package integrity. (#81730) Thanks @​scotthuang.
• Agents/subagents: apply agents.defaults.subagents.model before target agent primary models during sessions_spawn, so model-scoped runtimes such as claude-cli stay attached to default child runs. Fixes #81395. (#81783) Thanks @​joshavant.
• Telegram: keep Bot API polling alive during main event-loop stalls by moving ingress to an isolated worker with a durable local spool. Fixes #81132. (#81746) Thanks @​joshavant.
• Telegram: preserve rendered HTML formatting through lazy cron announce delivery so Markdown links stay clickable instead of falling back to literal anchor tags. Fixes #81742. (#81758)
• Telegram: skip unmentioned group media before download when requireMention is active, avoiding failed media-download replies for messages that should be ignored. Fixes #81181. (#81785) Thanks @​joshavant.
• CLI/plugins: keep bare plugin and parent-command help on the lightweight path, avoiding plugin registry discovery before rendering help.
• Gateway/session history: carry monotonic transcript message sequence through live updates and refresh SSE history when stale sequence input would otherwise append bad incremental state. (#81474) Thanks @​samzong.
• Security/sandbox: include Windows USERPROFILE in the sandbox blocked home roots so credential-bearing binds (such as .codex, .openclaw, or .ssh under the Windows user profile) are denied even when HOME points at a different shell home. (#63074) Thanks @​luoyanglang.
• Models config/auth: stop inferring provider env-var markers from broad ^[A-Z_][A-Z0-9_]*$ strings, and resolve config-backed provider apiKey values only through structured env SecretRefs (secrets.providers[id] / secrets.defaults), so unrelated env vars cannot accidentally become provider credentials. Thanks @​sallyom.
• Media fetch: skip allocating and buffering the response body for bodyless media responses (HEAD probes and 204-style empty bodies), avoiding wasted heap on streams that carry no payload. Thanks @​shakkernerd.
• CLI/onboarding: forward provider-specific auth flags (e.g. --openai-api-key) through the onboarding wizard so they reach provider auth methods via ctx.opts, letting --openai-api-key "$OPENAI_API_KEY" skip the redundant "use existing env var?" prompt in non-interactive harnesses. (#81669) Thanks @​sjf.
• CLI/migrate: drop trailing periods from Codex migrate item messages and REASON_CODE_MESSAGES strings so plan/result rows read as labels instead of sentence fragments. (#81705) Thanks @​sjf.
• Slack: treat malformed private-file redirect Location headers as unfollowable redirects instead of failing Slack media downloads.
• Plugins: discover provider plugins from setup.providers[].envVars credentials during provider discovery while keeping the deprecated providerAuthEnvVars fallback. (#81542) Thanks @​JARVIS-Glasses.
• Docs/Codex harness: clarify that per-agent CODEX_HOME isolates ~/.codex while inherited HOME intentionally keeps .agents discovery and subprocess user-home state available.
• Auth: reclaim dead-owner stale file locks before retrying locked writes, so crashed OAuth refreshes no longer wedge auth-profiles.json until manual cleanup.
• CLI tables: preserve muted/color styling on wrapped continuation lines after multiline cells, keeping openclaw plugins list descriptions readable.
• Process execution: collapse case-insensitive duplicate child environment keys on Windows so caller-provided overrides such as PATH cannot be shadowed by host Path.
• Gateway/diagnostics: suppress cold-start liveness warnings during the startup grace window while still sampling liveness metrics. Fixes #79915. (#81699) Thanks @​joshavant.
• Codex harness: keep oauthRef-backed Codex OAuth profiles usable and stop high-confidence app-server OAuth refresh invalidation from retry-spamming raw token-refresh errors without turning entitlement or usage-limit payloads into re-auth prompts.
• Browser CLI: request the existing operator.admin gateway scope explicitly for browser control commands, avoiding unnecessary scope-upgrade approval loops. Fixes #81555. (#81716) Thanks @​joshavant.
• Gateway/diagnostics: suppress cold-start liveness warnings during the startup grace window while still sampling liveness metrics. Fixes #79915. (#81699) Thanks @​joshavant.
• Plugin SDK: restore the deprecated openclaw/plugin-sdk/memory-core package subpath as an alias of memory-host-core, so published memory companion plugins that still import it resolve on current hosts.
• Control UI/i18n: use the installed workspace pi runtime for locale refreshes, update the fallback package pin, prefer the Anthropic CI provider when available, and skip invalid provider credentials instead of failing main.
• Codex harness: classify native app-server token-refresh logout and relogin failures as authentication refresh errors, so users get re-authentication guidance instead of a raw runtime failure.
• Codex startup: treat selectable configured OpenAI agent models as Codex runtime requirements during plugin auto-enable, startup planning, and doctor install repair, so Anthropic-primary configs can still switch to OpenAI/Codex cleanly.
• Agents: preserve source-reply delivery metadata when merging tool-returned media into the final reply, keeping message-tool-only replies deliverable and mirrored. Thanks @​pashpashpash and @​vincentkoc.
• Replies: treat rich presentation, interactive controls, and channel-native payload data as outbound content across follow-up, heartbeat, cron, ACP, and block-streaming delivery paths, preventing card/button-only replies from being dropped as empty.
• WebChat/TUI: route Codex tools.message source replies to the active internal UI turn and mirror them to session history, so message-tool-only harness replies, including rich presentation and button-only replies, no longer disappear while WebChat and TUI remain non-targetable outbound channels. (#81586) Thanks @​pashpashpash.
• Replies: deliver rich-only block replies even when block-streaming coalescing is enabled, keeping card and button payloads from being dropped by the text coalescer. Thanks @​pashpashpash.

... (truncated)

Commits

• f066dd2 chore(release): prepare 2026.5.12
• 2f27dcb fix(config): stabilize heartbeat target help
• 7a0548e docs(changelog): mention Weixin catalog bump
• 31f0c9b Fix/weixin catalog update 2.4.3 (#81730)
• cfab222 fix(doctor): respect runtime message tool grants
• c230b08 fix(telegram): avoid worker postMessage lint suppression
• df70248 ci(release): retry ClawHub publish verification errors
• 097daf9 chore(release): bump beta 8 versions
• 9798e95 fix: reconcile managed plugin peers
• 7d6ba4c fix: honor git no-update installs
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openclaw since your current version.

Install script changes

This version adds preinstall, postinstall scripts that run during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.