[Snyk] Security upgrade axios from 1.7.4 to 1.15.0

[sdh100shaun]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	636

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[sdh100shaun]

This upgrade spans multiple minor versions and includes security fixes and one notable breaking change.

Breaking Change:

• Configuration Merging: Starting in v1.14.0, Axios restricts the merging of the __proto__ key within configuration objects to prevent prototype pollution vulnerabilities. If your application relies on deep-merging Axios configurations that modify the object prototype, this will no longer work and is a breaking change.

Other Notable Changes:

• Security Fixes: Version 1.15.0 includes critical security patches for a Server-Side Request Forgery (SSRF) bypass and a header injection vulnerability.
• Deprecation: The usage of Node.js's url.parse() has been replaced to address deprecation warnings.
• Bug Fixes: Numerous bug fixes have been implemented across these versions, including fixes for header handling, proxy behavior, and CommonJS compatibility.

Recommendation:
Verify that your application does not rely on merging the __proto__ key in Axios configurations. Given the security enhancements, the upgrade is recommended, but validation is required for this specific potential breaking change.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.