fix: security upgrade axios from 0.27.2 to 1.6.0 [HEAD-1036]

package.json

@@ -63,21 +63,21 @@
             "scope": "application"
           },
           "snyk.yesTelemetry": {
-            "//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
+            "//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
             "type": "boolean",
             "default": true,
             "markdownDescription": "Send usage statistics to Snyk",
             "scope": "application"
           },
           "snyk.yesWelcomeNotification": {
-            "//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
+            "//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
             "type": "boolean",
             "default": true,
             "markdownDescription": "Show welcome notification after installation and restart",
             "scope": "application"
           },
           "snyk.yesBackgroundOssNotification": {
-            "//": "Name starts with y to put it at the end, as configs are sorted alphbetically",
+            "//": "Name starts with y to put it at the end, as configs are sorted alphabetically",
             "type": "boolean",
             "default": true,
             "markdownDescription": "Show scan notification for critical Open Source Security vulnerabilities when Snyk view is hidden",
@@ -440,7 +440,7 @@
     "@sentry/tracing": "^6.19.7",
     "@snyk/code-client": "^4.12.4",
     "analytics-node": "^4.0.1",
-    "axios": "^0.27.2",
+    "axios": "^1.6.0",
     "glob": "^7.2.0",
     "he": "^1.2.0",
     "htmlparser2": "^7.2.0",

src/snyk/advisor/services/advisorApiClient.ts

@@ -47,11 +47,7 @@ export class AdvisorApiClient implements IAdvisorApiClient {
     const token = await this.configuration.getToken();
     this.http.interceptors.request.use(req => {
       req.baseURL = this.configuration.baseApiUrl;
-      req.headers = {
-        ...req.headers,
-        Authorization: `token ${token}`,
-      } as { [header: string]: string };
-
+      req.headers['Authorization'] = `token ${token}`;
       return req;
     });
     return this.http.post<T, R>(url, data, config);

src/snyk/common/languageServer/staticLsApi.ts

@@ -1,12 +1,12 @@
 import axios, { CancelTokenSource } from 'axios';
+import { IConfiguration } from '../configuration/configuration';
 import { PROTOCOL_VERSION } from '../constants/languageServer';
-import { LsExecutable } from './lsExecutable';
-import { LsSupportedPlatform } from './supportedPlatforms';
-import { getAxiosConfig } from '../proxy';
-import { IVSCodeWorkspace } from '../vscode/workspace';
 import { DownloadAxiosResponse } from '../download/downloader';
-import { IConfiguration } from '../configuration/configuration';
 import { ILog } from '../logger/interfaces';
+import { getAxiosConfig } from '../proxy';
+import { IVSCodeWorkspace } from '../vscode/workspace';
+import { LsExecutable } from './lsExecutable';
+import { LsSupportedPlatform } from './supportedPlatforms';
 
 export type LsMetadata = {
   tag: string;

src/snyk/common/proxy.ts

@@ -3,9 +3,9 @@ import fs from 'fs/promises';
 import { Agent, AgentOptions, globalAgent } from 'https';
 import { HttpsProxyAgent, HttpsProxyAgentOptions } from 'https-proxy-agent';
 import * as url from 'url';
-import { IVSCodeWorkspace } from './vscode/workspace';
 import { IConfiguration } from './configuration/configuration';
 import { ILog } from './logger/interfaces';
+import { IVSCodeWorkspace } from './vscode/workspace';
 
 export async function getHttpsProxyAgent(
   workspace: IVSCodeWorkspace,