fix(deps): update dependency axios to v1.6.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
axios (source)	1.5.1 -> 1.6.0

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios (axios)

v1.6.0

Compare Source

Features

• adapter: add fetch adapter; (#​6371) (a3ff99b)

Contributors to this release

• Dmitriy Mozgovoy
• Jay

1.6.8 (2024-03-15)

Bug Fixes

• AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
• import: use named export for EventEmitter; (7320430)
• vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Mitchell
• Emmanuel
• Lucas Keller
• Aditya Mogili
• Miroslav Petrov

1.6.7 (2024-01-25)

Bug Fixes

• capture async stack only for rejections with native error objects; (#​6203) (1a08f90)

Contributors to this release

• Dmitriy Mozgovoy
• zhoulixiang

1.6.6 (2024-01-24)

Bug Fixes

• fixed missed dispatchBeforeRedirect argument (#​5778) (a1938ff)
• wrap errors to improve async stack trace (#​5987) (123f354)

Contributors to this release

• Ilya Priven
• Zao Soula

1.6.5 (2024-01-05)

Bug Fixes

• ci: refactor notify action as a job of publish action; (#​6176) (0736f95)
• dns: fixed lookup error handling; (#​6175) (f4f2b03)

Contributors to this release

• Dmitriy Mozgovoy
• Jay

1.6.4 (2024-01-03)

Bug Fixes

• security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
• security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Guy Nesher

1.6.3 (2023-12-26)

Bug Fixes

• Regular Expression Denial of Service (ReDoS) (#​6132) (5e7ad38)

Contributors to this release

• Jay
• Willian Agostini
• Dmitriy Mozgovoy

1.6.2 (2023-11-14)

Features

• withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#​6046) (cff9967)

PRs

• feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

Contributors to this release

• Dmitriy Mozgovoy
• Ng Choon Khon (CK)
• Muhammad Noman

1.6.1 (2023-11-08)

Bug Fixes

• formdata: fixed content-type header normalization for non-standard browser environments; (#​6056) (dd465ab)
• platform: fixed emulated browser detection in node.js environment; (#​6055) (3dc8369)

Contributors to this release

• Dmitriy Mozgovoy
• Fabian Meyer

PRs

• feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.