fix(security): Upgrade axios to 1.8.2 to fix SSRF (#991)

* fix(security): Upgrade axios to 1.8.2 to fix SSRF & credential leakage vulnerability

Signed-off-by: Junwei Dai <[email protected]>

* fix(security): Upgrade axios to 1.8.2 to fix SSRF & credential leakage vulnerability, add yarn.lock change

Signed-off-by: Junwei Dai <[email protected]>

* Revert "fix(security): Upgrade axios to 1.8.2 to fix SSRF & credential leakage vulnerability, add yarn.lock change"

This reverts commit 1546cbc.

Signed-off-by: Junwei Dai <[email protected]>

* fix(security): Upgrade axios to 1.8.2 to fix SSRF & credential leakage vulnerability, add yarn.lock change

Signed-off-by: Junwei Dai <[email protected]>

---------

Signed-off-by: Junwei Dai <[email protected]>
Co-authored-by: Junwei Dai <[email protected]>
(cherry picked from commit ebf51ef)

Author: 2 people

package.json

@@ -54,7 +54,7 @@
     "@sideway/formula": "^3.0.1",
     "semver": "^5.7.2",
     "browserify-sign": "^4.2.2",
-    "axios": "^1.6.1",
+    "axios": "^1.8.2",
     "braces": "^3.0.3",
     "micromatch": "^4.0.8"
   }

yarn.lock

@@ -186,10 +186,10 @@ asynckit@^0.4.0:
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
-axios@^1.6.1:
-  version "1.7.7"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f"
-  integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==
+axios@^1.8.2:
+  version "1.8.2"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.8.2.tgz#fabe06e241dfe83071d4edfbcaa7b1c3a40f7979"
+  integrity sha512-ls4GYBm5aig9vWx8AWDSGLpnpDQRtWAfrjU+EuytuODrFBkqesN2RkOQCBzrA1RQNHw1SmRMSDDDSwzNAYQ6Rg==
   dependencies:
     follow-redirects "^1.15.6"
     form-data "^4.0.0"