[Snyk-dev] Fix for 8 vulnerabilities

[dragos-cojocari]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• ab3f0f9 chore(release): v1.6.8 (#6303)
• 2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config merging (#6243)
• 7320430 fix(import): use named export for EventEmitter;
• 8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
• d844227 chore: update and bump deps (#6238)
• caa0625 docs: update README responseEncoding types (#6194)
• 41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
• bf6974f chore(ci): add npm tag action; (#6231)
• a52e4d9 chore(release): v1.6.7 (#6204)
• 2b69888 chore: remove unnecessary check (#6186)
• 1a08f90 fix: capture async stack only for rejections with native error objects; (#6203)
• 104aa3f chore(release): v1.6.6 (#6199)
• a1938ff fix: fixed missed dispatchBeforeRedirect argument (#5778)
• 123f354 fix: wrap errors to improve async stack trace (#5987)
• 6d4c421 chore(release): v1.6.5 (#6177)
• 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
• f4f2b03 fix(dns): fixed lookup error handling; (#6175)
• 1f73dcb docs: update sponsor links
• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)