[Snyk] Security upgrade axios from 1.12.0 to 1.15.0

[Cullima]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Unintended Proxy or Intermediary ('Confused Deputy') SNYK-JS-AXIOS-15965856	848
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	636

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[Cullima]

This upgrade for axios from v1.12.0 to v1.15.0 includes important security patches and bug fixes. While no direct breaking API changes are documented, the v1.14.0 release notes call for user verification, elevating the risk.

Behavioral Changes Requiring Verification:

• The v1.14.0 release notes state: "Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade". This could impact applications with specific proxy configurations or module resolution setups.

Security Fixes:

• Version 1.15.0 includes critical security patches for a Server-Side Request Forgery (SSRF) vulnerability and a header injection vulnerability.

Other Changes:

• The deprecated url.parse() usage has been replaced, which may resolve warnings in newer Node.js environments.

Recommendation: Review your application's usage of environment-variable-based proxies and its CommonJS import patterns for axios to ensure they are not affected by the changes in v1.14.0.

Source: GitHub Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.