fix(deps): update dependency axios to ^0.28.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	^0.26.1 -> ^0.28.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios (axios)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

v0.27.2

Compare Source

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #​3785 (#​4640)
• Enhanced protocol parsing implementation (#​4639)
• Fixed bundle size

v0.27.1

Compare Source

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#​4594)
• Bumped follow-redirects to ^1.14.9 (#​4615)

v0.27.0

Compare Source

Breaking changes:

• New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#​3757)
• Removed functionality that removed the the Content-Type request header when passing FormData (#​3785)
• (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#​3645)
• Separated responsibility for FormData instantiation between transformRequest and toFormData (#​4470)
• (*) Improved and fixed multiple issues with FormData support (#​4448)

QOL and DevX improvements:

• Added a multipart/form-data testing playground allowing contributors to debug changes easily (#​4465)

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4515) & (#​4516)
• Bumped follow-redirects to ^1.14.9 (#​4562)

Internal and Tests:

• Updated dev dependencies to latest version

Documentation:

• Fixing incorrect link in changelog (#​4551)

Notes:

• (*) Please read these pull requests before updating, these changes are very impactful and far reaching.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/helper-environment-visitor@7.22.20	None	0	6.56 kB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.1	None	0	31.7 kB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.24.5	None	0	49.2 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.23.5	None	0	11.7 kB	nicolo-ribaudo
npm/@babel/parser@7.24.5	None	0	1.89 MB	nicolo-ribaudo
npm/@jridgewell/resolve-uri@3.1.2	None	0	53.2 kB	jridgewell
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@types/node@16.18.96	None	0	1.8 MB	types
npm/@types/qs@6.9.15	None	0	7.34 kB	types
npm/array-flatten@1.1.1	None	0	4.42 kB	blakeembrey
npm/base64-js@1.5.1	None	0	9.62 kB	feross
npm/boolbase@1.0.0	None	0	1.33 kB	feedic
npm/bytes@3.1.2	None	0	12.3 kB	dougwilson
npm/callsites@3.1.0	None	0	6.33 kB	sindresorhus
npm/caniuse-lite@1.0.30001614	None	0	2.05 MB	caniuse-lite
npm/content-type@1.0.5	None	0	10.5 kB	dougwilson
npm/cookie-signature@1.0.6	None	0	3.94 kB	natevw
npm/decode-uri-component@0.2.2	None	0	6.09 kB	samverschueren
npm/deepmerge@4.3.1	None	0	31.2 kB	tehshrike
npm/depd@2.0.0	environment, eval	0	27.1 kB	dougwilson
npm/destroy@1.2.0	filesystem	0	9.02 kB	dougwilson
npm/ee-first@1.1.1	None	0	6.26 kB	dougwilson
npm/electron-to-chromium@1.4.752	None	0	286 kB	kilianvalkhof
npm/encodeurl@1.0.2	None	0	7.86 kB	dougwilson
npm/escape-html@1.0.3	None	0	3.66 kB	dougwilson
npm/etag@1.8.1	filesystem	0	10.8 kB	dougwilson
npm/forwarded@0.2.0	None	0	5.88 kB	dougwilson
npm/fresh@0.5.2	None	0	10.1 kB	dougwilson
npm/fsevents@2.3.3	None	0	173 kB	pipobscure
npm/gensync@1.0.0-beta.2	None	0	28.9 kB	loganfsmyth
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/ieee754@1.2.1	None	0	6.8 kB	feross
npm/ipaddr.js@1.9.1	None	0	42.1 kB	whitequark
npm/is-number@7.0.0	None	0	9.62 kB	jonschlinkert
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/jsesc@2.5.2	None	0	32 kB	mathias
npm/json-parse-better-errors@1.0.2	None	0	6.7 kB	zkat
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/media-typer@0.3.0	None	0	11.1 kB	dougwilson
npm/merge-descriptors@1.0.1	None	0	4.89 kB	dougwilson
npm/methods@1.1.2	network	0	5.29 kB	dougwilson
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime@1.6.0	environment, filesystem	0	51.7 kB	broofa
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/object-inspect@1.13.1	None	0	97.2 kB	ljharb
npm/object-keys@1.1.1	None	0	26.5 kB	ljharb
npm/parseurl@1.3.3	None	0	10.3 kB	dougwilson
npm/path-parse@1.0.7	None	0	4.51 kB	jbgutierrez
npm/path-to-regexp@0.1.7	None	0	6.78 kB	blakeembrey
npm/picocolors@1.0.0	environment	0	5.66 kB	alexeyraspopov
npm/pirates@4.0.6	unsafe	0	13.5 kB	danez
npm/postcss-value-parser@4.2.0	None	0	27.2 kB	evilebottnawi
npm/punycode@2.3.1	None	0	33.5 kB	google-wombot
npm/range-parser@1.2.1	None	0	8.46 kB	dougwilson
npm/repeat-string@1.6.1	None	0	9.09 kB	jonschlinkert
npm/setimmediate@1.0.5	None	0	8.56 kB	domenic
npm/setprototypeof@1.2.0	None	0	4.03 kB	wesleytodd
npm/source-map-js@1.2.0	None	0	140 kB	7rulnik
npm/statuses@2.0.1	None	0	12.1 kB	dougwilson
npm/stream-shift@1.0.3	None	0	4.46 kB	mafintosh
npm/supports-preserve-symlinks-flag@1.0.0	None	0	9.18 kB	ljharb
npm/tapable@2.2.1	None	0	46.9 kB	sokra
npm/to-fast-properties@2.0.0	None	0	3.5 kB	sindresorhus
npm/toidentifier@1.0.1	None	0	4.68 kB	dougwilson
npm/unpipe@1.0.0	None	0	4.31 kB	dougwilson
npm/utils-merge@1.0.1	None	0	3.72 kB	jaredhanson
npm/vary@1.1.2	None	0	8.75 kB	dougwilson
npm/yocto-queue@0.1.0	None	0	6.03 kB	sindresorhus

🚮 Removed packages: npm/@nrwl/cli@15.9.7, npm/@nrwl/nx-darwin-arm64@15.9.7, npm/@nrwl/nx-darwin-x64@15.9.7, npm/@nrwl/nx-linux-arm-gnueabihf@15.9.7, npm/@nrwl/nx-linux-arm64-gnu@15.9.7, npm/@nrwl/nx-linux-arm64-musl@15.9.7, npm/@nrwl/nx-linux-x64-gnu@15.9.7, npm/@nrwl/nx-linux-x64-musl@15.9.7, npm/@nrwl/nx-win32-arm64-msvc@15.9.7, npm/@nrwl/nx-win32-x64-msvc@15.9.7, npm/@nrwl/tao@15.9.7, npm/@parcel/watcher@2.0.4, npm/@yarnpkg/lockfile@1.1.0, npm/@yarnpkg/parsers@3.0.0-rc.46, npm/@zkochan/js-yaml@0.0.6, npm/array-find-index@1.0.2, npm/array-uniq@1.0.3, npm/axios@1.6.8, npm/cli-spinners@2.6.1, npm/cp-file@3.2.0, npm/currently-unhandled@0.4.1, npm/dotenv@10.0.0, npm/enquirer@2.3.6, npm/error-ex@1.3.2, npm/flat@5.0.2, npm/indent-string@2.1.0, npm/is-utf8@0.2.1, npm/isexe@2.0.0, npm/jsonc-parser@3.2.0, npm/lines-and-columns@2.0.4, npm/nested-error-stacks@1.0.2, npm/node-addon-api@3.2.1, npm/node-gyp-build@4.8.0, npm/open@8.4.2, npm/pinkie-promise@2.0.1, npm/pseudomap@1.0.2, npm/repeating@2.0.1, npm/shebang-regex@1.0.0, npm/strip-indent@1.0.1, npm/tar-stream@2.2.0, npm/tsconfig-paths@4.2.0, npm/v8-compile-cache@2.3.0

View full report↗︎

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud