Chore: Upgrade Axios #47
Description
GitHub has alerted us of a vulnerability in axios which is included through serverless/platform-client, which was last released 2 year ago. serverlesss/platform-client is included through serverless 3.39.0
The earliest fixed version is https://github.com/axios/axios/releases/tag/v1.12.0
I have confirmed that we are affected by the vulnerability using the poc provided by the advisory.
PS C:\Users\user\GNS\nshm-model-graphql-api> node --max-old-space-size=100 .\axiostest.js
Generating URI with base64 length: 160000000
<--- Last few GCs --->
[60624:000001ECE0D04000] 54 ms: Scavenge 6.3 (7.8) -> 5.9 (10.3) MB, pooled: 0 MB, 0.51 / 0.00 ms (average mu = 1.000, current mu = 1.000) allocation failure;
[60624:000001ECE0D04000] 285 ms: Mark-Compact 160.9 (163.9) -> 159.8 (164.2) MB, pooled: 0 MB, 4.21 / 0.00 ms (average mu = 0.985, current mu = 0.985) allocation failure; scavenge might not succeed
<--- JS stacktrace --->
FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory