[RENOVATE-BOT] Update dependency axios to v1.7.4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	1.6.2 -> 1.7.4

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

---

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes

• sec: CVE-2024-39338 (#​6539) (#​6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#​6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

v1.7.3

Compare Source

Bug Fixes

• adapter: fix progress event emitting; (#​6518) (e3c76fc)
• fetch: fix withCredentials request config (#​6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#​6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

v1.7.2

Compare Source

Bug Fixes

• fetch: enhance fetch API detection; (#​6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

v1.7.1

Compare Source

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

v1.7.0

Compare Source

Features

• adapter: add fetch adapter; (#​6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#​6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

v1.6.8

Compare Source

Bug Fixes

• AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
• import: use named export for EventEmitter; (7320430)
• vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Mitchell
• Emmanuel
• Lucas Keller
• Aditya Mogili
• Miroslav Petrov

v1.6.7

Compare Source

Bug Fixes

• capture async stack only for rejections with native error objects; (#​6203) (1a08f90)

Contributors to this release

• Dmitriy Mozgovoy
• zhoulixiang

v1.6.6

Compare Source

Bug Fixes

• fixed missed dispatchBeforeRedirect argument (#​5778) (a1938ff)
• wrap errors to improve async stack trace (#​5987) (123f354)

Contributors to this release

• Ilya Priven
• Zao Soula

v1.6.5

Compare Source

Bug Fixes

• ci: refactor notify action as a job of publish action; (#​6176) (0736f95)
• dns: fixed lookup error handling; (#​6175) (f4f2b03)

Contributors to this release

• Dmitriy Mozgovoy
• Jay

v1.6.4

Compare Source

Bug Fixes

• security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
• security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Guy Nesher

v1.6.3

Compare Source

Bug Fixes

• Regular Expression Denial of Service (ReDoS) (#​6132) (5e7ad38)

Contributors to this release

• Jay
• Willian Agostini
• Dmitriy Mozgovoy

---

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Taipei, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[GaaSBot]

✅ Knip Scan Result for 2419071

Unused files (8)

Unused files (8)
.bundlewatch.config.js
components/shared/Footer.tsx
configs/i18nConfigs.ts
lighthouserc.js
reset.d.ts
scripts/iconConverter/IconTemplate.tsx
scripts/knipScanReporter.js
scripts/lhciScanReporter.js

Unused dependencies (2)

Unused dependencies (2)
@svgr/webpack package.json
sharp package.json

Unused devDependencies (5)

Unused devDependencies (5)
@actions/github package.json
@octokit/core package.json
@storybook/blocks package.json
@storybook/testing-library package.json
@total-typescript/ts-reset package.json

Unused exports in namespaces (1)

Unused exports in namespaces (1)
BreadcrumbItem components/shared/Breadcrumb/Breadcrumb.tsx

Unused exported types (3)

Unused exported types (3)
ChatProps type components/shared/Chat/v2/Chat.tsx
ChatHeaderProps type components/shared/Chat/v2/ChatHeader.tsx
RoomEntryError type requests/rooms/index.ts

Unused exported types in namespaces (2)

Unused exported types in namespaces (2)
BaseBoxFancyProp interface components/shared/BoxFancy/BoxFancy.tsx
BreadcrumbItemProps interface components/shared/Breadcrumb/Breadcrumb.tsx

Unused exported enum members (1)

Unused exported enum members (1)
PRIMARY_TRANSPARENT ButtonVariant components/shared/Button/v2/Button.tsx

Configuration issues (1)

Configuration issues (1)
Unused item in ignoreDependencies: @next/bundle-analyzer

[GaaSBot]

🤖 Lighthouse Scan Result for 2419071

/rooms

Metric	Value
Performance	76
Seo	90
Accessibility	84
HTML Report for LHCI Scan	Report Link

/rooms/abc

Metric	Value
Performance	74
Seo	90
Accessibility	84
HTML Report for LHCI Scan	Report Link

/login

Metric	Value
Performance	69
Seo	90
Accessibility	97
HTML Report for LHCI Scan	Report Link