[Snyk] Upgrade axios from 1.7.4 to 1.9.0

[gregmeszaros]

Snyk has created this PR to upgrade axios from 1.7.4 to 1.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	248	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	248	No Known Exploit

Release notes

Package name: axios

• 1.9.0 - 2025-04-24
  

  Release notes:

  Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

  Features

  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
  • Willian Agostini
  • George Cheng
  • FatahChan
  • Ionuț G. Stan
• 1.8.4 - 2025-03-19
  

  Release notes:

  Bug Fixes

  • buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

  Contributors to this release

  • Marc Hassan
• 1.8.3 - 2025-03-12
  

  Release notes:

  Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

  Contributors to this release

  • Ashcon Partovi
  • StefanBRas
  • Marc Hassan
• 1.8.2 - 2025-03-07
  

  Release notes:

  Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

  Contributors to this release

  • Fasoro-Joseph Alexander
• 1.8.1 - 2025-02-26
  

  Release notes:

  Bug Fixes

  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.8.0 - 2025-02-26
  

  Release notes:

  Bug Fixes

  • examples: application crashed when navigating examples in browser (#5938) (1260ded)
  • missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
  • utils: replace getRandomValues with crypto module (#6788) (23a25af)

  Features

  • Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

  Reverts

  • Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

  BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

  Contributors to this release

  • Michael Toscano
  • Willian Agostini
  • Naron
  • shravan || श्रvan
  • Justin Dhillon
  • yionr
  • Shin'ya Ueoka
  • Dan Dascalescu
  • Nitin Ramnani
  • Shay Molcho
  • Jay
  • fancy45daddy
  • Habip Akyol
  • Bailey Lissington
  • Bernardo da Eira Duarte
  • Shivam Batham
  • Lipin Kariappa
• 1.7.9 - 2024-12-04
  

  Release notes:

  Reverts

  • Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

  Contributors to this release

  • Jay
• 1.7.8 - 2024-11-25
  

  Release notes:

  Bug Fixes

  • allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
  • core: fixed config merging bug (#6668) (5d99fe4)
  • fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
  • http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
  • http: fixed proxy-from-env module import (#5222) (12b3295)
  • http: use globalThis.TextEncoder when available (#6634) (df956d1)
  • ios11 breaks when build (#6608) (7638952)
  • types: add missing types for mergeConfig function (#6590) (00de614)
  • types: export CJS types from ESM (#6218) (c71811b)
  • updated stream aborted error message to be more clear (#6615) (cc3217a)
  • use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

  Contributors to this release

  • Remco Haszing
  • Jay
  • Aayush Yadav
  • Dmitriy Mozgovoy
  • Ell Bradshaw
  • Amit Saini
  • Tommaso Paulon
  • Akki
  • Sampo Silvennoinen
  • Kasper Isager Dalsgarð
  • Christian Clauss
  • Pavan Welihinda
  • Taylor Flatt
  • Kenzo Wada
  • Ngole Lawson
  • Haven
  • Shrivali Dutt
  • Henco Appel
• 1.7.7 - 2024-08-31
• 1.7.6 - 2024-08-30
• 1.7.5 - 2024-08-23
• 1.7.4 - 2024-08-13

from axios GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs