[Snyk] Upgrade axios from 1.6.2 to 1.6.4

[cs-sagarmalve]

Snyk has created this PR to upgrade axios from 1.6.2 to 1.6.4.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2024-01-03.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-AXIOS-6144788	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 1.6.4 - 2024-01-03
  

  Release notes:

  Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Guy Nesher
• 1.6.3 - 2023-12-26
  

  Release notes:

  Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

  Contributors to this release

  • Jay
  • Willian Agostini
  • Dmitriy Mozgovoy
• 1.6.2 - 2023-11-14
  

  Release notes:

  Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

  PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

  
  📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
  You should now use withXSRFToken along with withCredential to get the old behavior.
  This functionality is considered as a fix.
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Ng Choon Khon (CK)
  • Muhammad Noman

from axios GitHub release notes

Commit messages

Package name: axios

• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[hanoak20]

This has been already fixed.