SWI-3723 [Snyk] Security upgrade axios from 1.7.4 to 1.15.0

[bwappsec]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Unintended Proxy or Intermediary ('Confused Deputy') SNYK-JS-AXIOS-15965856	306
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	247
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-15930944	209

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This upgrade spans multiple minor versions and includes security fixes and one notable breaking change.

Breaking Change:

• Configuration Merging: Starting in v1.14.0, Axios restricts the merging of the __proto__ key within configuration objects to prevent prototype pollution vulnerabilities. If your application relies on deep-merging Axios configurations that modify the object prototype, this will no longer work and is a breaking change.

Other Notable Changes:

• Security Fixes: Version 1.15.0 includes critical security patches for a Server-Side Request Forgery (SSRF) bypass and a header injection vulnerability.
• Deprecation: The usage of Node.js's url.parse() has been replaced to address deprecation warnings.
• Bug Fixes: Numerous bug fixes have been implemented across these versions, including fixes for header handling, proxy behavior, and CommonJS compatibility.

Recommendation:
Verify that your application does not rely on merging the __proto__ key in Axios configurations. Given the security enhancements, the upgrade is recommended, but validation is required for this specific potential breaking change.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.