Update dependency axios to v1.6.0 [SECURITY]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	`1.3.4` -> `1.6.0`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Release Notes

axios/axios (axios)

### [`v1.6.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#160-2023-10-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.5.1...v1.6.0) ##### Bug Fixes - **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#6028](https://togithub.com/axios/axios/issues/6028)) ([96ee232](https://togithub.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0)) - **dns:** fixed lookup function decorator to work properly in node v20; ([#6011](https://togithub.com/axios/axios/issues/6011)) ([5aaff53](https://togithub.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8)) - **types:** fix AxiosHeaders types; ([#5931](https://togithub.com/axios/axios/issues/5931)) ([a1c8ad0](https://togithub.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09)) ##### PRs - CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+449/-114 (#6032 #6021 #6011 #5932 #5931 )") - avatar

[Valentin Panov](https://togithub.com/valentin-panov "+4/-4 (#6028 )") - avatar

[Rinku Chaudhari](https://togithub.com/therealrinku "+1/-1 (#5889 )") #### [1.5.1](https://togithub.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#5919](https://togithub.com/axios/axios/issues/5919)) ([e410779](https://togithub.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#5917](https://togithub.com/axios/axios/issues/5917)) ([bc9af51](https://togithub.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#5890](https://togithub.com/axios/axios/issues/5890)) ([#5892](https://togithub.com/axios/axios/issues/5892)) ([4c89f25](https://togithub.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://togithub.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+89/-18 (#5919 #5917 )") - avatar

[David Dallas](https://togithub.com/DavidJDallas "+11/-5 ()") - avatar

[Sean Sattler](https://togithub.com/fb-sean "+2/-8 ()") - avatar

[Mustafa Ateş Uzun](https://togithub.com/0o001 "+4/-4 ()") - avatar

[Przemyslaw Motacki](https://togithub.com/sfc-gh-pmotacki "+2/-1 (#5892 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+1/-1 ()") ##### PRs - CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ### [`v1.5.1`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#151-2023-09-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.5.0...v1.5.1) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#5919](https://togithub.com/axios/axios/issues/5919)) ([e410779](https://togithub.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#5917](https://togithub.com/axios/axios/issues/5917)) ([bc9af51](https://togithub.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#5890](https://togithub.com/axios/axios/issues/5890)) ([#5892](https://togithub.com/axios/axios/issues/5892)) ([4c89f25](https://togithub.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://togithub.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+89/-18 (#5919 #5917 )") - avatar

[David Dallas](https://togithub.com/DavidJDallas "+11/-5 ()") - avatar

[Sean Sattler](https://togithub.com/fb-sean "+2/-8 ()") - avatar

[Mustafa Ateş Uzun](https://togithub.com/0o001 "+4/-4 ()") - avatar

[Przemyslaw Motacki](https://togithub.com/sfc-gh-pmotacki "+2/-1 (#5892 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+1/-1 ()") ### [`v1.5.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#150-2023-08-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.4.0...v1.5.0) ##### Bug Fixes - **adapter:** make adapter loading error more clear by using platform-specific adapters explicitly ([#5837](https://togithub.com/axios/axios/issues/5837)) ([9a414bb](https://togithub.com/axios/axios/commit/9a414bb6c81796a95c6c7fe668637825458e8b6d)) - **dns:** fixed `cacheable-lookup` integration; ([#5836](https://togithub.com/axios/axios/issues/5836)) ([b3e327d](https://togithub.com/axios/axios/commit/b3e327dcc9277bdce34c7ef57beedf644b00d628)) - **headers:** added support for setting header names that overlap with class methods; ([#5831](https://togithub.com/axios/axios/issues/5831)) ([d8b4ca0](https://togithub.com/axios/axios/commit/d8b4ca0ea5f2f05efa4edfe1e7684593f9f68273)) - **headers:** fixed common Content-Type header merging; ([#5832](https://togithub.com/axios/axios/issues/5832)) ([8fda276](https://togithub.com/axios/axios/commit/8fda2766b1e6bcb72c3fabc146223083ef13ce17)) ##### Features - export getAdapter function ([#5324](https://togithub.com/axios/axios/issues/5324)) ([ca73eb8](https://togithub.com/axios/axios/commit/ca73eb878df0ae2dace81fe3a7f1fb5986231bf1)) - **export:** export adapters without `unsafe` prefix ([#5839](https://togithub.com/axios/axios/issues/5839)) ([1601f4a](https://togithub.com/axios/axios/commit/1601f4a27a81ab47fea228f1e244b2c4e3ce28bf)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+66/-29 (#5839 #5837 #5836 #5832 #5831 )") - avatar

[夜葬](https://togithub.com/geekact "+42/-0 (#5324 )") - avatar

[Jonathan Budiman](https://togithub.com/JBudiman00 "+30/-0 (#5788 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+3/-5 (#5791 )") ### [`v1.4.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#140-2023-04-27) [Compare Source](https://togithub.com/axios/axios/compare/v1.3.6...v1.4.0) ##### Bug Fixes - **formdata:** add `multipart/form-data` content type for FormData payload on custom client environments; ([#5678](https://togithub.com/axios/axios/issues/5678)) ([bbb61e7](https://togithub.com/axios/axios/commit/bbb61e70cb1185adfb1cbbb86eaf6652c48d89d1)) - **package:** export package internals with unsafe path prefix; ([#5677](https://togithub.com/axios/axios/issues/5677)) ([df38c94](https://togithub.com/axios/axios/commit/df38c949f26414d88ba29ec1e353c4d4f97eaf09)) ##### Features - **dns:** added support for a custom lookup function; ([#5339](https://togithub.com/axios/axios/issues/5339)) ([2701911](https://togithub.com/axios/axios/commit/2701911260a1faa5cc5e1afe437121b330a3b7bb)) - **types:** export `AxiosHeaderValue` type. ([#5525](https://togithub.com/axios/axios/issues/5525)) ([726f1c8](https://togithub.com/axios/axios/commit/726f1c8e00cffa0461a8813a9bdcb8f8b9d762cf)) ##### Performance Improvements - **merge-config:** optimize mergeConfig performance by avoiding duplicate key visits; ([#5679](https://togithub.com/axios/axios/issues/5679)) ([e6f7053](https://togithub.com/axios/axios/commit/e6f7053bf1a3e87cf1f9da8677e12e3fe829d68e)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+151/-16 (#5684 #5339 #5679 #5678 #5677 )") - avatar

[Arthur Fiorette](https://togithub.com/arthurfiorette "+19/-19 (#5525 )") - avatar

[PIYUSH NEGI](https://togithub.com/npiyush97 "+2/-18 (#5670 )") #### [1.3.6](https://togithub.com/axios/axios/compare/v1.3.5...v1.3.6) (2023-04-19) ##### Bug Fixes - **types:** added transport to RawAxiosRequestConfig ([#5445](https://togithub.com/axios/axios/issues/5445)) ([6f360a2](https://togithub.com/axios/axios/commit/6f360a2531d8d70363fd9becef6a45a323f170e2)) - **utils:** make isFormData detection logic stricter to avoid unnecessary calling of the `toString` method on the target; ([#5661](https://togithub.com/axios/axios/issues/5661)) ([aa372f7](https://togithub.com/axios/axios/commit/aa372f7306295dfd1100c1c2c77ce95c95808e76)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+48/-10 (#5665 #5661 #5663 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+2/-0 (#5445 )") #### [1.3.5](https://togithub.com/axios/axios/compare/v1.3.4...v1.3.5) (2023-04-05) ##### Bug Fixes - **headers:** fixed isValidHeaderName to support full list of allowed characters; ([#5584](https://togithub.com/axios/axios/issues/5584)) ([e7decef](https://togithub.com/axios/axios/commit/e7decef6a99f4627e27ed9ea5b00ce8e201c3841)) - **params:** re-added the ability to set the function as `paramsSerializer` config; ([#5633](https://togithub.com/axios/axios/issues/5633)) ([a56c866](https://togithub.com/axios/axios/commit/a56c8661209d5ce5a645a05f294a0e08a6c1f6b3)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+28/-10 (#5633 #5584 )") #### [1.3.4](https://togithub.com/axios/axios/compare/v1.3.3...v1.3.4) (2023-02-22) ##### Bug Fixes - **blob:** added a check to make sure the Blob class is available in the browser's global scope; ([#5548](https://togithub.com/axios/axios/issues/5548)) ([3772c8f](https://togithub.com/axios/axios/commit/3772c8fe74112a56e3e9551f894d899bc3a9443a)) - **http:** fixed regression bug when handling synchronous errors inside the adapter; ([#5564](https://togithub.com/axios/axios/issues/5564)) ([a3b246c](https://togithub.com/axios/axios/commit/a3b246c9de5c3bc4b5a742e15add55b375479451)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+38/-26 (#5564 )") - avatar

[lcysgsg](https://togithub.com/lcysgsg "+4/-0 (#5548 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+3/-0 (#5444 )") #### [1.3.3](https://togithub.com/axios/axios/compare/v1.3.2...v1.3.3) (2023-02-13) ##### Bug Fixes - **formdata:** added a check to make sure the FormData class is available in the browser's global scope; ([#5545](https://togithub.com/axios/axios/issues/5545)) ([a6dfa72](https://togithub.com/axios/axios/commit/a6dfa72010db5ad52db8bd13c0f98e537e8fd05d)) - **formdata:** fixed setting NaN as Content-Length for form payload in some cases; ([#5535](https://togithub.com/axios/axios/issues/5535)) ([c19f7bf](https://togithub.com/axios/axios/commit/c19f7bf770f90ae8307f4ea3104f227056912da1)) - **headers:** fixed the filtering logic of the clear method; ([#5542](https://togithub.com/axios/axios/issues/5542)) ([ea87ebf](https://togithub.com/axios/axios/commit/ea87ebfe6d1699af072b9e7cd40faf8f14b0ab93)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+11/-7 (#5545 #5535 #5542 )") - avatar

[陈若枫](https://togithub.com/ruofee "+2/-2 (#5467 )") #### [1.3.2](https://togithub.com/axios/axios/compare/v1.3.1...v1.3.2) (2023-02-03) ##### Bug Fixes - **http:** treat http://localhost as base URL for relative paths to avoid `ERR_INVALID_URL` error; ([#5528](https://togithub.com/axios/axios/issues/5528)) ([128d56f](https://togithub.com/axios/axios/commit/128d56f4a0fb8f5f2ed6e0dd80bc9225fee9538c)) - **http:** use explicit import instead of TextEncoder global; ([#5530](https://togithub.com/axios/axios/issues/5530)) ([6b3c305](https://togithub.com/axios/axios/commit/6b3c305fc40c56428e0afabedc6f4d29c2830f6f)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+2/-1 (#5530 #5528 )") #### [1.3.1](https://togithub.com/axios/axios/compare/v1.3.0...v1.3.1) (2023-02-01) ##### Bug Fixes - **formdata:** add hotfix to use the asynchronous API to compute the content-length header value; ([#5521](https://togithub.com/axios/axios/issues/5521)) ([96d336f](https://togithub.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120)) - **serializer:** fixed serialization of array-like objects; ([#5518](https://togithub.com/axios/axios/issues/5518)) ([08104c0](https://togithub.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+27/-8 (#5521 #5518 )") ### [`v1.3.6`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#136-2023-04-19) [Compare Source](https://togithub.com/axios/axios/compare/v1.3.5...v1.3.6) ##### Bug Fixes - **types:** added transport to RawAxiosRequestConfig ([#5445](https://togithub.com/axios/axios/issues/5445)) ([6f360a2](https://togithub.com/axios/axios/commit/6f360a2531d8d70363fd9becef6a45a323f170e2)) - **utils:** make isFormData detection logic stricter to avoid unnecessary calling of the `toString` method on the target; ([#5661](https://togithub.com/axios/axios/issues/5661)) ([aa372f7](https://togithub.com/axios/axios/commit/aa372f7306295dfd1100c1c2c77ce95c95808e76)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+48/-10 (#5665 #5661 #5663 )") - avatar

[Michael Di Prisco](https://togithub.com/Cadienvan "+2/-0 (#5445 )") ### [`v1.3.5`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#135-2023-04-05) [Compare Source](https://togithub.com/axios/axios/compare/v1.3.4...v1.3.5) ##### Bug Fixes - **headers:** fixed isValidHeaderName to support full list of allowed characters; ([#5584](https://togithub.com/axios/axios/issues/5584)) ([e7decef](https://togithub.com/axios/axios/commit/e7decef6a99f4627e27ed9ea5b00ce8e201c3841)) - **params:** re-added the ability to set the function as `paramsSerializer` config; ([#5633](https://togithub.com/axios/axios/issues/5633)) ([a56c866](https://togithub.com/axios/axios/commit/a56c8661209d5ce5a645a05f294a0e08a6c1f6b3)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+28/-10 (#5633 #5584 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

cashapp / misk-web