chore(deps): update dependency axios to v1.7.4 [security]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	`1.4.0` -> `1.7.4`

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

### [`v1.7.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([#6543](https://redirect.github.com/axios/axios/issues/6543)) ([6b6b605](https://redirect.github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([07a661a](https://redirect.github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar

[Lev Pachmanov](https://redirect.github.com/levpachmanov "+47/-11 (#6543 )") - avatar

[Đỗ Trọng Hải](https://redirect.github.com/hainenber "+49/-4 (#6539 )") ### [`v1.7.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.2...v1.7.3) ##### Bug Fixes - **adapter:** fix progress event emitting; ([#6518](https://redirect.github.com/axios/axios/issues/6518)) ([e3c76fc](https://redirect.github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f)) - **fetch:** fix withCredentials request config ([#6505](https://redirect.github.com/axios/axios/issues/6505)) ([85d4d0e](https://redirect.github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787)) - **xhr:** return original config on errors from XHR adapter ([#6515](https://redirect.github.com/axios/axios/issues/6515)) ([8966ee7](https://redirect.github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+211/-159 (#6518 #6519 )") - avatar

[Valerii Sidorenko](https://redirect.github.com/ValeraS "+3/-3 (#6515 )") - avatar

[prianYu](https://redirect.github.com/prianyu "+2/-2 (#6505 )") ### [`v1.7.2`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#172-2024-05-21) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.1...v1.7.2) ##### Bug Fixes - **fetch:** enhance fetch API detection; ([#6413](https://redirect.github.com/axios/axios/issues/6413)) ([4f79aef](https://redirect.github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-3 (#6413 )") ### [`v1.7.1`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#171-2024-05-20) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.0...v1.7.1) ##### Bug Fixes - **fetch:** fixed ReferenceError issue when TextEncoder is not available in the environment; ([#6410](https://redirect.github.com/axios/axios/issues/6410)) ([733f15f](https://redirect.github.com/axios/axios/commit/733f15fe5bd2d67e1fadaee82e7913b70d45dc5e)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+14/-9 (#6410 )") ### [`v1.7.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#170-2024-05-19) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.8...v1.7.0) ##### Features - **adapter:** add fetch adapter; ([#6371](https://redirect.github.com/axios/axios/issues/6371)) ([a3ff99b](https://redirect.github.com/axios/axios/commit/a3ff99b59d8ec2ab5dd049e68c043617a4072e42)) ##### Bug Fixes - **core/axios:** handle un-writable error stack ([#6362](https://redirect.github.com/axios/axios/issues/6362)) ([81e0455](https://redirect.github.com/axios/axios/commit/81e0455b7b57fbaf2be16a73ebe0e6591cc6d8f9)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+1015/-127 (#6371 )") - avatar

[Jay](https://redirect.github.com/jasonsaayman "+30/-14 ()") - avatar

[Alexandre ABRIOUX](https://redirect.github.com/alexandre-abrioux "+56/-6 (#6362 )") ### [`v1.6.8`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#168-2024-03-15) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.7...v1.6.8) ##### Bug Fixes - **AxiosHeaders:** fix AxiosHeaders conversion to an object during config merging ([#6243](https://redirect.github.com/axios/axios/issues/6243)) ([2656612](https://redirect.github.com/axios/axios/commit/2656612bc10fe2757e9832b708ed773ab340b5cb)) - **import:** use named export for EventEmitter; ([7320430](https://redirect.github.com/axios/axios/commit/7320430aef2e1ba2b89488a0eaf42681165498b1)) - **vulnerability:** update follow-redirects to 1.15.6 ([#6300](https://redirect.github.com/axios/axios/issues/6300)) ([8786e0f](https://redirect.github.com/axios/axios/commit/8786e0ff55a8c68d4ca989801ad26df924042e27)) ##### Contributors to this release - avatar

[Jay](https://redirect.github.com/jasonsaayman "+4572/-3446 (#6238 )") - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-0 (#6231 )") - avatar

[Mitchell](https://redirect.github.com/Creaous "+9/-9 (#6300 )") - avatar

[Emmanuel](https://redirect.github.com/mannoeu "+2/-2 (#6196 )") - avatar

[Lucas Keller](https://redirect.github.com/ljkeller "+3/-0 (#6194 )") - avatar

[Aditya Mogili](https://redirect.github.com/ADITYA-176 "+1/-1 ()") - avatar

[Miroslav Petrov](https://redirect.github.com/petrovmiroslav "+1/-1 (#6243 )") ### [`v1.6.7`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#167-2024-01-25) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.6...v1.6.7) ##### Bug Fixes - capture async stack only for rejections with native error objects; ([#6203](https://redirect.github.com/axios/axios/issues/6203)) ([1a08f90](https://redirect.github.com/axios/axios/commit/1a08f90f402336e4d00e9ee82f211c6adb1640b0)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-26 (#6203 )") - avatar

[zhoulixiang](https://redirect.github.com/zh-lx "+0/-3 (#6186 )") ### [`v1.6.6`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#166-2024-01-24) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.5...v1.6.6) ##### Bug Fixes - fixed missed dispatchBeforeRedirect argument ([#5778](https://redirect.github.com/axios/axios/issues/5778)) ([a1938ff](https://redirect.github.com/axios/axios/commit/a1938ff073fcb0f89011f001dfbc1fa1dc995e39)) - wrap errors to improve async stack trace ([#5987](https://redirect.github.com/axios/axios/issues/5987)) ([123f354](https://redirect.github.com/axios/axios/commit/123f354b920f154a209ea99f76b7b2ef3d9ebbab)) ##### Contributors to this release - avatar

[Ilya Priven](https://redirect.github.com/ikonst "+91/-8 (#5987 )") - avatar

[Zao Soula](https://redirect.github.com/zaosoula "+6/-6 (#5778 )") ### [`v1.6.5`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#165-2024-01-05) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.4...v1.6.5) ##### Bug Fixes - **ci:** refactor notify action as a job of publish action; ([#6176](https://redirect.github.com/axios/axios/issues/6176)) ([0736f95](https://redirect.github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c)) - **dns:** fixed lookup error handling; ([#6175](https://redirect.github.com/axios/axios/issues/6175)) ([f4f2b03](https://redirect.github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+41/-6 (#6176 #6175 )") - avatar

[Jay](https://redirect.github.com/jasonsaayman "+6/-1 ()") ### [`v1.6.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#164-2024-01-03) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.3...v1.6.4) ##### Bug Fixes - **security:** fixed formToJSON prototype pollution vulnerability; ([#6167](https://redirect.github.com/axios/axios/issues/6167)) ([3c0c11c](https://redirect.github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e)) - **security:** fixed security vulnerability in follow-redirects ([#6163](https://redirect.github.com/axios/axios/issues/6163)) ([75af1cd](https://redirect.github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8)) ##### Contributors to this release - avatar

[Jay](https://redirect.github.com/jasonsaayman "+34/-6 ()") - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+34/-3 (#6172 #6167 )") - avatar

[Guy Nesher](https://redirect.github.com/gnesher "+10/-10 (#6163 )") ### [`v1.6.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#163-2023-12-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.2...v1.6.3) ##### Bug Fixes - Regular Expression Denial of Service (ReDoS) ([#6132](https://redirect.github.com/axios/axios/issues/6132)) ([5e7ad38](https://redirect.github.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d)) ##### Contributors to this release - avatar

[Jay](https://redirect.github.com/jasonsaayman "+15/-6 (#6145 )") - avatar

[Willian Agostini](https://redirect.github.com/WillianAgostini "+17/-2 (#6132 )") - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-0 (#6084 )") ### [`v1.6.2`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#162-2023-11-14) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.1...v1.6.2) ##### Features - **withXSRFToken:** added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ([#6046](https://redirect.github.com/axios/axios/issues/6046)) ([cff9967](https://redirect.github.com/axios/axios/commit/cff996779b272a5e94c2b52f5503ccf668bc42dc)) ##### PRs - feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old \`withCredentials\` behavior; ( [#6046](https://api.github.com/repos/axios/axios/pulls/6046) ) ``` 📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. You should now use withXSRFToken along with withCredential to get the old behavior. This functionality is considered as a fix. ``` ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+271/-146 (#6081 #6080 #6079 #6078 #6046 #6064 #6063 )") - avatar

[Ng Choon Khon (CK)](https://redirect.github.com/ckng0221 "+4/-4 (#6073 )") - avatar

[Muhammad Noman](https://redirect.github.com/mnomanmemon "+2/-2 (#6048 )") ### [`v1.6.1`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#161-2023-11-08) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.0...v1.6.1) ##### Bug Fixes - **formdata:** fixed content-type header normalization for non-standard browser environments; ([#6056](https://redirect.github.com/axios/axios/issues/6056)) ([dd465ab](https://redirect.github.com/axios/axios/commit/dd465ab22bbfa262c6567be6574bf46a057d5288)) - **platform:** fixed emulated browser detection in node.js environment; ([#6055](https://redirect.github.com/axios/axios/issues/6055)) ([3dc8369](https://redirect.github.com/axios/axios/commit/3dc8369e505e32a4e12c22f154c55fd63ac67fbb)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+432/-65 (#6059 #6056 #6055 )") - avatar

[Fabian Meyer](https://redirect.github.com/meyfa "+5/-2 (#5835 )") ### [`v1.6.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#160-2023-10-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.5.1...v1.6.0) ##### Bug Fixes - **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#6028](https://redirect.github.com/axios/axios/issues/6028)) ([96ee232](https://redirect.github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0)) - **dns:** fixed lookup function decorator to work properly in node v20; ([#6011](https://redirect.github.com/axios/axios/issues/6011)) ([5aaff53](https://redirect.github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8)) - **types:** fix AxiosHeaders types; ([#5931](https://redirect.github.com/axios/axios/issues/5931)) ([a1c8ad0](https://redirect.github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09)) ##### PRs - CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+449/-114 (#6032 #6021 #6011 #5932 #5931 )") - avatar

[Valentin Panov](https://redirect.github.com/valentin-panov "+4/-4 (#6028 )") - avatar

[Rinku Chaudhari](https://redirect.github.com/therealrinku "+1/-1 (#5889 )") #### [1.5.1](https://redirect.github.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#5919](https://redirect.github.com/axios/axios/issues/5919)) ([e410779](https://redirect.github.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#5917](https://redirect.github.com/axios/axios/issues/5917)) ([bc9af51](https://redirect.github.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#5890](https://redirect.github.com/axios/axios/issues/5890)) ([#5892](https://redirect.github.com/axios/axios/issues/5892)) ([4c89f25](https://redirect.github.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://redirect.github.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+89/-18 (#5919 #5917 )") - avatar

[David Dallas](https://redirect.github.com/DavidJDallas "+11/-5 ()") - avatar

[Sean Sattler](https://redirect.github.com/fb-sean "+2/-8 ()") - avatar

[Mustafa Ateş Uzun](https://redirect.github.com/0o001 "+4/-4 ()") - avatar

[Przemyslaw Motacki](https://redirect.github.com/sfc-gh-pmotacki "+2/-1 (#5892 )") - avatar

[Michael Di Prisco](https://redirect.github.com/Cadienvan "+1/-1 ()") ##### PRs - CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ### [`v1.5.1`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#151-2023-09-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.5.0...v1.5.1) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#5919](https://redirect.github.com/axios/axios/issues/5919)) ([e410779](https://redirect.github.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#5917](https://redirect.github.com/axios/axios/issues/5917)) ([bc9af51](https://redirect.github.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#5890](https://redirect.github.com/axios/axios/issues/5890)) ([#5892](https://redirect.github.com/axios/axios/issues/5892)) ([4c89f25](https://redirect.github.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://redirect.github.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+89/-18 (#5919 #5917 )") - avatar

[David Dallas](https://redirect.github.com/DavidJDallas "+11/-5 ()") - avatar

[Sean Sattler](https://redirect.github.com/fb-sean "+2/-8 ()") - avatar

[Mustafa Ateş Uzun](https://redirect.github.com/0o001 "+4/-4 ()") - avatar

[Przemyslaw Motacki](https://redirect.github.com/sfc-gh-pmotacki "+2/-1 (#5892 )") - avatar

[Michael Di Prisco](https://redirect.github.com/Cadienvan "+1/-1 ()") ### [`v1.5.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#150-2023-08-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.4.0...v1.5.0) ##### Bug Fixes - **adapter:** make adapter loading error more clear by using platform-specific adapters explicitly ([#5837](https://redirect.github.com/axios/axios/issues/5837)) ([9a414bb](https://redirect.github.com/axios/axios/commit/9a414bb6c81796a95c6c7fe668637825458e8b6d)) - **dns:** fixed `cacheable-lookup` integration; ([#5836](https://redirect.github.com/axios/axios/issues/5836)) ([b3e327d](https://redirect.github.com/axios/axios/commit/b3e327dcc9277bdce34c7ef57beedf644b00d628)) - **headers:** added support for setting header names that overlap with class methods; ([#5831](https://redirect.github.com/axios/axios/issues/5831)) ([d8b4ca0](https://redirect.github.com/axios/axios/commit/d8b4ca0ea5f2f05efa4edfe1e7684593f9f68273)) - **headers:** fixed common Content-Type header merging; ([#5832](https://redirect.github.com/axios/axios/issues/5832)) ([8fda276](https://redirect.github.com/axios/axios/commit/8fda2766b1e6bcb72c3fabc146223083ef13ce17)) ##### Features - export getAdapter function ([#5324](https://redirect.github.com/axios/axios/issues/5324)) ([ca73eb8](https://redirect.github.com/axios/axios/commit/ca73eb878df0ae2dace81fe3a7f1fb5986231bf1)) - **export:** export adapters without `unsafe` prefix ([#5839](https://redirect.github.com/axios/axios/issues/5839)) ([1601f4a](https://redirect.github.com/axios/axios/commit/1601f4a27a81ab47fea228f1e244b2c4e3ce28bf)) ##### Contributors to this release - avatar

[Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+66/-29 (#5839 #5837 #5836 #5832 #5831 )") - avatar

[夜葬](https://redirect.github.com/geekact "+42/-0 (#5324 )") - avatar

[Jonathan Budiman](https://redirect.github.com/JBudiman00 "+30/-0 (#5788 )") - avatar

[Michael Di Prisco](https://redirect.github.com/Cadienvan "+3/-5 (#5791 )")

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

y-young / f1music