[Snyk] Upgrade axios from 0.25.0 to 1.7.0

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.25.0 to 1.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 44 versions ahead of your current version.

• The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	292	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	292	Proof of Concept
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	292	Proof of Concept
	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	292	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	292	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	292	No Known Exploit
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	292	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	292	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	292	Proof of Concept
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	292	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	292	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	292	Proof of Concept
	Resource Exhaustion SNYK-JS-JOSE-6419224	292	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	292	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	292	Proof of Concept

Release notes

Package name: axios

• 1.7.0 - 2024-05-19
  

  Release notes:

  Features

  • adapter: add fetch adapter; (#6371) (a3ff99b)

  Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
  • Alexandre ABRIOUX
• 1.7.0-beta.2 - 2024-05-19
  

  Release notes:

  Bug Fixes

  • fetch: capitalize HTTP method names; (#6395) (ad3174a)
  • fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
  • fetch: fix headers getting from a stream response; (#6401) (870e0a7)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.0-beta.1 - 2024-05-07
  

  Release notes:

  Bug Fixes

  • core/axios: handle un-writable error stack (#6362) (81e0455)
  • fetch: fix cases when ReadableStream or Response.body are not available; (#6377) (d1d359d)
  • fetch: treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; (#6380) (bb5f9a5)

  Contributors to this release

  • Alexandre ABRIOUX
  • Dmitriy Mozgovoy

  Install

  npm i axios@next
  

• 1.7.0-beta.0 - 2024-04-28
  

  Release notes:

  Features

  • adapter: add fetch adapter; (#6371) (a3ff99b)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay

  Install

  npm i axios@next
  

• 1.6.8 - 2024-03-15
  

  Release notes:

  Bug Fixes

  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Mitchell
  • Emmanuel
  • Lucas Keller
  • Aditya Mogili
  • Miroslav Petrov
• 1.6.7 - 2024-01-25
  

  Release notes:

  Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

  Contributors to this release

  • Dmitriy Mozgovoy
  • zhoulixiang
• 1.6.6 - 2024-01-24
  

  Release notes:

  Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

  Contributors to this release

  • Ilya Priven
  • Zao Soula
• 1.6.5 - 2024-01-05
  

  Release notes:

  Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
• 1.6.4 - 2024-01-03
• 1.6.3 - 2023-12-26
• 1.6.2 - 2023-11-14
• 1.6.1 - 2023-11-08
• 1.6.0 - 2023-10-26
• 1.5.1 - 2023-09-26
• 1.5.0 - 2023-08-26
• 1.4.0 - 2023-04-27
• 1.3.6 - 2023-04-19
• 1.3.5 - 2023-04-05
• 1.3.4 - 2023-02-22
• 1.3.3 - 2023-02-13
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17
• 1.2.2 - 2022-12-29
• 1.2.1 - 2022-12-05
• 1.2.0 - 2022-11-22
• 1.2.0-alpha.1 - 2022-11-10
• 1.1.3 - 2022-10-15
• 1.1.2 - 2022-10-07
• 1.1.1 - 2022-10-07
• 1.1.0 - 2022-10-06
• 1.0.0 - 2022-10-04
• 1.0.0-alpha.1 - 2022-05-31
• 0.28.1 - 2024-03-28
  

  Release notes:

  Release notes:

  Bug Fixes

  • fix(backport): custom params serializer support (#6263)
  • fix(backport): uncaught ReferenceError req is not defined (#6307)
• 0.28.0 - 2024-02-12
  

  Release notes:

  Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

  Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18

from axios GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 78d7c9d path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 78d7c9d result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[stale]

Automatically closed due to lack of recent activity. Tag @aravindvnair99 to reopen. Thank you for your contributions.