[Snyk] Security upgrade axios from 1.8.3 to 1.15.0

[sdh100shaun]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Unintended Proxy or Intermediary ('Confused Deputy') SNYK-JS-AXIOS-15965856	848
	HTTP Response Splitting SNYK-JS-AXIOS-15969258	636

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[sdh100shaun]

This is a minor version upgrade for axios that includes security patches, bug fixes, and new features without direct breaking API changes. The official release notes state that no breaking changes were introduced. [1, 5]

However, the risk is assessed as medium because the maintainers recommend users validate their integration after the upgrade, specifically concerning:

• Proxy Behavior: Changes were made to no_proxy hostname normalization and environment-based proxy handling. [1, 5]
• CommonJS Compatibility: A regression affecting CJS consumers was fixed, which could alter behavior in some edge cases. [5]

Other notable changes include:

• Security: This version includes critical security patches for potential Server-Side Request Forgery (SSRF) and header injection vulnerabilities. [1, 2]
• Deprecation: The usage of url.parse() has been replaced, which resolves deprecation warnings in newer Node.js versions. [2, 3]
• New Runtimes: Support has been added for Deno and Bun environments. [1, 3]

Recommendation: While no direct code modifications are expected, it is important to verify that your application's proxy usage and module resolution continue to function as expected after the upgrade.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.