upgrade axios to 1.x

[tjx666]

Describe the feature

current axios version is 0.24.0, latest version is 1.4.0. please upgrade to latest.

Use Case

My app use latest axios version 1.x, but this package use 0.x, cause bundle axios repeatly.

Acknowledgements

• [X] I may be able to implement this feature request
• [X] This feature might incur a breaking change

[bretambrose]

There isn't a clear upgrade path for axios given our node baseline (10.16); there are complexities with CommonJS vs. ES modules that seem to complicate the task.

We could consider a PR that updated the version such that all CI passes.

Another alternative is to move off of axios altogether but that would require a stronger external impetus.

[tjx666]

there are complexities with CommonJS vs. ES modules that seem to complicate the task.

axios 1.x support both cjs and esm

[bretambrose]

That may be the case, but I did not have any luck getting an upgrade-to-latest working across our node 10 and 12 CI. The best way forward is likely to bump our minimum node version to 14, freeing up our ability to update both cmake-js and axios.

https://github.com/awslabs/aws-crt-nodejs/discussions/468

[Nevon]

There are now CVEs for that version of axios: https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Node 10 and 12 haven't had security support for at least a year and a half. Even 14 stopped receiving security updates half a year ago. Node 18 is the oldest still supported version of node at the moment.

[bretambrose]

My personal view is that middleware libraries shouldn't dictate minimum versions (especially of the runtime itself) beyond what's absolutely necessary. That being said, I will try and do the bump to 14 (with updates to axios and cmake-js) sometime this next week.

[bretambrose]

This is complete as of v1.19.0