[Snyk] Upgrade axios from 1.6.2 to 1.6.8

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 1.6.2 to 1.6.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.

• The recommended version was released 2 months ago, on 2024-03-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-AXIOS-6144788	89/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 159, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 3.78, Score Version: V5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	89/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 159, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 3.78, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 1.6.8 - 2024-03-15
  

  Release notes:

  Bug Fixes

  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Mitchell
  • Emmanuel
  • Lucas Keller
  • Aditya Mogili
  • Miroslav Petrov
• 1.6.7 - 2024-01-25
  

  Release notes:

  Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

  Contributors to this release

  • Dmitriy Mozgovoy
  • zhoulixiang
• 1.6.6 - 2024-01-24
  

  Release notes:

  Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

  Contributors to this release

  • Ilya Priven
  • Zao Soula
• 1.6.5 - 2024-01-05
  

  Release notes:

  Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
• 1.6.4 - 2024-01-03
  

  Release notes:

  Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Guy Nesher
• 1.6.3 - 2023-12-26
  

  Release notes:

  Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

  Contributors to this release

  • Jay
  • Willian Agostini
  • Dmitriy Mozgovoy
• 1.6.2 - 2023-11-14
  

  Release notes:

  Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

  PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

  
  📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
  You should now use withXSRFToken along with withCredential to get the old behavior.
  This functionality is considered as a fix.
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Ng Choon Khon (CK)
  • Muhammad Noman

from axios GitHub release notes

Commit messages

Package name: axios

• ab3f0f9 chore(release): v1.6.8 (chore(test): fix gitignore in fixture vercel/turborepo#6303)
• 2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config merging ([turborepo] Turbo error: unable to find any locator for array-source@0 vercel/turborepo#6243)
• 7320430 fix(import): use named export for EventEmitter;
• 8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (chore(test): fix gitignore in fixture vercel/turborepo#6300)
• d844227 chore: update and bump deps (chore(test): Add test to ensure env var changes task hash vercel/turborepo#6238)
• caa0625 docs: update README responseEncoding types (Move OutputAssets length check into new method vercel/turborepo#6194)
• 41c4584 docs: Update README.md to point to current axios version in CDN links (chore: remove debug logging for file hashes vercel/turborepo#6196)
• bf6974f chore(ci): add npm tag action; (Update swc_core to v0.86.10 vercel/turborepo#6231)
• a52e4d9 chore(release): v1.6.7 (chore: fix old clippy warnings vercel/turborepo#6204)
• 2b69888 chore: remove unnecessary check (chore: deny all clippy lints on turborepo clippy run vercel/turborepo#6186)
• 1a08f90 fix: capture async stack only for rejections with native error objects; (preserve topological build order (via ^) but have exceptions vercel/turborepo#6203)
• 104aa3f chore(release): v1.6.6 (fix: log replay message should say replay vercel/turborepo#6199)
• a1938ff fix: fixed missed dispatchBeforeRedirect argument (fix(examples): rename basic eslint config vercel/turborepo#5778)
• 123f354 fix: wrap errors to improve async stack trace (Why are there no root configs for eslint, prettier, ts in the examples? vercel/turborepo#5987)
• 6d4c421 chore(release): v1.6.5 (Add support for FreeVarReference::Error vercel/turborepo#6177)
• 0736f95 fix(ci): refactor notify action as a job of publish action; (feat(benchmark): add workflow to benchmark time to first task vercel/turborepo#6176)
• f4f2b03 fix(dns): fixed lookup error handling; (chore(ci): rename go_integration to turborepo_integration vercel/turborepo#6175)
• 1f73dcb docs: update sponsor links
• 8790b8e chore(release): v1.6.4 (chore: add a few diagnostic log lines for measuring time-to-execute vercel/turborepo#6173)
• 0ad520d chore(ci): fix notify action; (Chunking Refactoring followup fixes vercel/turborepo#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (fix: support non UTF-8 logs vercel/turborepo#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (DO NOT MERGE: touch integration tests vercel/turborepo#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

[github-actions]

🟢 Turbopack Benchmark CI successful 🟢

Thanks

[github-actions]

⚠️ CI failed ⚠️

The following steps have failed in CI:

• Formatting

See workflow summary for details