[Snyk] Upgrade axios from 0.24.0 to 1.6.8

[cs-sagarmalve]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.24.0 to 1.6.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 41 versions ahead of your current version.

• The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	676	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	676	Proof of Concept

Release notes

Package name: axios

• 1.6.8 - 2024-03-15
  

  Release notes:

  Bug Fixes

  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Mitchell
  • Emmanuel
  • Lucas Keller
  • Aditya Mogili
  • Miroslav Petrov
• 1.6.7 - 2024-01-25
  

  Release notes:

  Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

  Contributors to this release

  • Dmitriy Mozgovoy
  • zhoulixiang
• 1.6.6 - 2024-01-24
  

  Release notes:

  Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

  Contributors to this release

  • Ilya Priven
  • Zao Soula
• 1.6.5 - 2024-01-05
  

  Release notes:

  Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
• 1.6.4 - 2024-01-03
  

  Release notes:

  Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Guy Nesher
• 1.6.3 - 2023-12-26
  

  Release notes:

  Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

  Contributors to this release

  • Jay
  • Willian Agostini
  • Dmitriy Mozgovoy
• 1.6.2 - 2023-11-14
  

  Release notes:

  Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

  PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

  
  📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
  You should now use withXSRFToken along with withCredential to get the old behavior.
  This functionality is considered as a fix.
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Ng Choon Khon (CK)
  • Muhammad Noman
• 1.6.1 - 2023-11-08
  

  Release notes:

  Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Fabian Meyer
• 1.6.0 - 2023-10-26
  

  Release notes:

  Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

  PRs

  • CVE 2023 45857 ( #6028 )

  
  ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Valentin Panov
  • Rinku Chaudhari
• 1.5.1 - 2023-09-26
• 1.5.0 - 2023-08-26
• 1.4.0 - 2023-04-27
• 1.3.6 - 2023-04-19
• 1.3.5 - 2023-04-05
• 1.3.4 - 2023-02-22
• 1.3.3 - 2023-02-13
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17
• 1.2.2 - 2022-12-29
• 1.2.1 - 2022-12-05
• 1.2.0 - 2022-11-22
• 1.2.0-alpha.1 - 2022-11-10
• 1.1.3 - 2022-10-15
• 1.1.2 - 2022-10-07
• 1.1.1 - 2022-10-07
• 1.1.0 - 2022-10-06
• 1.0.0 - 2022-10-04
• 1.0.0-alpha.1 - 2022-05-31
• 0.28.1 - 2024-03-28
• 0.28.0 - 2024-02-12
  

  Release notes:

  Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

  Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18
• 0.24.0 - 2021-10-25

from axios GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs