MT#64416 Fix axios vulnerability

Update axios to version 1.13.5 to fix a denial‑of‑service issue in mergeConfig when using malicious config object. Change-Id: I4c1d2b3de42d7ab854ffaaee07e30fcb98d4cadc (cherry picked from commit d62d29bfc1) (cherry picked from commit 3433a194b9)
4 months ago · dd7edcd8c9
parent c8f5c5934c
commit dd7edcd8c9
2 changed files with 9 additions and 9 deletions
--- a/package.json
+++ b/package.json
@ -31,7 +31,7 @@
    "@vuelidate/core": "2.0.3",
    "@vuelidate/validators": "2.0.4",
    "async": "^3.2.2",
-    "axios": "1.13.2",
+    "axios": "1.13.5",
    "content-disposition": "^1.0.1",
    "core-js": "^3.47.0",
    "crypto-browserify": "3.12.1",
--- a/yarn.lock
+++ b/yarn.lock
@ -3425,13 +3425,13 @@ available-typed-arrays@^1.0.7:
  dependencies:
    possible-typed-array-names "^1.0.0"

-axios@1.13.2:
-  version "1.13.2"
-  resolved "https://npm-registry.sipwise.com/axios/-/axios-1.13.2.tgz#9ada120b7b5ab24509553ec3e40123521117f687"
-  integrity sha512-VPk9ebNqPcy5lRGuSlKx752IlDatOjT9paPlm8A7yOuW2Fbvp4X3JznJtT4f0GzGLLiWE9W8onz51SqLYwzGaA==
+axios@1.13.5:
+  version "1.13.5"
+  resolved "https://npm-registry.sipwise.com/axios/-/axios-1.13.5.tgz#5e464688fa127e11a660a2c49441c009f6567a43"
+  integrity sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==
  dependencies:
-    follow-redirects "^1.15.6"
-    form-data "^4.0.4"
+    follow-redirects "^1.15.11"
+    form-data "^4.0.5"
    proxy-from-env "^1.1.0"

 babel-jest@30.2.0:
@ -5930,7 +5930,7 @@ flow-parser@0.*:
  resolved "https://npm-registry.sipwise.com/flow-parser/-/flow-parser-0.292.0.tgz#e6b25674a25bd58531dd797c2189ebf2ad9c2e6c"
  integrity sha512-H7TRIkLYQucAszvp1DhsUMGrlu0ImgKV7eBLQ/wiOqQGDzsllBCWGgaPyw/n1CAw615VRCcRYf6TCYIpemenzw==

-follow-redirects@^1.0.0, follow-redirects@^1.15.6:
+follow-redirects@^1.0.0, follow-redirects@^1.15.11:
  version "1.15.11"
  resolved "https://npm-registry.sipwise.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340"
  integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==
@ -5974,7 +5974,7 @@ form-data-encoder@^2.1.2:
  resolved "https://npm-registry.sipwise.com/form-data-encoder/-/form-data-encoder-2.1.4.tgz#261ea35d2a70d48d30ec7a9603130fa5515e9cd5"
  integrity sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw==

-form-data@^4.0.0, form-data@^4.0.4:
+form-data@^4.0.0, form-data@^4.0.5:
  version "4.0.5"
  resolved "https://npm-registry.sipwise.com/form-data/-/form-data-4.0.5.tgz#b49e48858045ff4cbf6b03e1805cebcad3679053"
  integrity sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==