[Snyk] Upgrade axios from 0.25.0 to 1.7.9

[aravindvnair99]

Snyk has created this PR to upgrade axios from 0.25.0 to 1.7.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 54 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	686	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	686	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	686	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	686	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-AXIOS-6671926	686	No Known Exploit

Release notes

Package name: axios

• 1.7.9 - 2024-12-04
  

  Release notes:

  Reverts

  • Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

  Contributors to this release

  • Jay
• 1.7.8 - 2024-11-25
  

  Release notes:

  Bug Fixes

  • allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
  • core: fixed config merging bug (#6668) (5d99fe4)
  • fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
  • http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
  • http: fixed proxy-from-env module import (#5222) (12b3295)
  • http: use globalThis.TextEncoder when available (#6634) (df956d1)
  • ios11 breaks when build (#6608) (7638952)
  • types: add missing types for mergeConfig function (#6590) (00de614)
  • types: export CJS types from ESM (#6218) (c71811b)
  • updated stream aborted error message to be more clear (#6615) (cc3217a)
  • use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

  Contributors to this release

  • Remco Haszing
  • Jay
  • Aayush Yadav
  • Dmitriy Mozgovoy
  • Ell Bradshaw
  • Amit Saini
  • Tommaso Paulon
  • Akki
  • Sampo Silvennoinen
  • Kasper Isager Dalsgarð
  • Christian Clauss
  • Pavan Welihinda
  • Taylor Flatt
  • Kenzo Wada
  • Ngole Lawson
  • Haven
  • Shrivali Dutt
  • Henco Appel
• 1.7.7 - 2024-08-31
  

  Release notes:

  Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

  Contributors to this release

  • Rishi556
  • Dmitriy Mozgovoy
• 1.7.6 - 2024-08-30
  

  Release notes:

  Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jacques Germishuys
  • kuroino721
• 1.7.5 - 2024-08-23
  

  Release notes:

  Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Antonin Bas
  • Hans Otto Wirtz
• 1.7.4 - 2024-08-13
  

  Release notes:

  Bug Fixes

  • sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
  • sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

  Contributors to this release

  • Lev Pachmanov
  • Đỗ Trọng Hải
• 1.7.3 - 2024-08-01
  

  Release notes:

  Bug Fixes

  • adapter: fix progress event emitting; (#6518) (e3c76fc)
  • fetch: fix withCredentials request config (#6505) (85d4d0e)
  • xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Valerii Sidorenko
  • prianYu
• 1.7.2 - 2024-05-21
  

  Release notes:

  Bug Fixes

  • fetch: enhance fetch API detection; (#6413) (4f79aef)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.1 - 2024-05-20
  

  Release notes:

  Bug Fixes

  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.7.0 - 2024-05-19
• 1.7.0-beta.2 - 2024-05-19
• 1.7.0-beta.1 - 2024-05-07
• 1.7.0-beta.0 - 2024-04-28
• 1.6.8 - 2024-03-15
• 1.6.7 - 2024-01-25
• 1.6.6 - 2024-01-24
• 1.6.5 - 2024-01-05
• 1.6.4 - 2024-01-03
• 1.6.3 - 2023-12-26
• 1.6.2 - 2023-11-14
• 1.6.1 - 2023-11-08
• 1.6.0 - 2023-10-26
• 1.5.1 - 2023-09-26
• 1.5.0 - 2023-08-26
• 1.4.0 - 2023-04-27
• 1.3.6 - 2023-04-19
• 1.3.5 - 2023-04-05
• 1.3.4 - 2023-02-22
• 1.3.3 - 2023-02-13
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17
• 1.2.2 - 2022-12-29
• 1.2.1 - 2022-12-05
• 1.2.0 - 2022-11-22
• 1.2.0-alpha.1 - 2022-11-10
• 1.1.3 - 2022-10-15
• 1.1.2 - 2022-10-07
• 1.1.1 - 2022-10-07
• 1.1.0 - 2022-10-06
• 1.0.0 - 2022-10-04
• 1.0.0-alpha.1 - 2022-05-31
• 0.29.0 - 2024-11-21
  

  Release notes:

  Bug Fixes

  • fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @ Sean-Powell in #6402
  • fix: omit nulls in params by @ Willshaw in #6394
  • fix(backport): fix paramsSerializer function validation by @ solonzhu in #6361
  • fix: Regular Expression Denial of Service (ReDoS) by @ qiongshusheng in #6708

  Contributors to this release

  • @ Sean-Powell made their first contribution in #6402
  • @ Willshaw made their first contribution in #6394
  • @ solonzhu made their first contribution in #6361
  • @ qiongshusheng made their first contribution in #6708
• 0.28.1 - 2024-03-28
• 0.28.0 - 2024-02-12
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18

from axios GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 9 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in ceb3449 path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in ceb3449 result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

Vulnerable Libraries (7)

Severity	Details
N/A	pkg:npm/ejs@3.1.7 upgrade to: 3.1.10
High	pkg:npm/busboy@0.3.1 upgrade to: > 0.3.1
High	pkg:npm/eslint@8.54.0 upgrade to: > 8.54.0
High	pkg:npm/firebase-functions@4.2.1 upgrade to: > 4.2.1
Critical	pkg:npm/firebase-admin@11.3.0 upgrade to: > 11.3.0
Informational	pkg:npm/cookie-parser@1.4.6 upgrade to: > 1.4.6
Critical	pkg:npm/@tensorflow/tfjs-node@3.14.0 upgrade to: > 3.14.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.