chore(deps): update dependency axios [security]

[apalchys]

This PR contains the following updates:

Package	Type	Update	Change
axios			1.6.2 -> 1.7.4
axios			0.27.2 -> 0.28.0
axios (source)	dependencies	minor	1.6.2 -> 1.7.4

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios

v1.7.4

Compare Source

Bug Fixes

• sec: CVE-2024-39338 (#​6539) (#​6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#​6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

v1.7.3

Compare Source

Bug Fixes

• adapter: fix progress event emitting; (#​6518) (e3c76fc)
• fetch: fix withCredentials request config (#​6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#​6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

v1.7.2

Compare Source

Bug Fixes

• fetch: enhance fetch API detection; (#​6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

v1.7.1

Compare Source

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

v1.7.0

Compare Source

Features

• adapter: add fetch adapter; (#​6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#​6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

v1.6.8

Compare Source

Bug Fixes

• AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
• import: use named export for EventEmitter; (7320430)
• vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Mitchell
• Emmanuel
• Lucas Keller
• Aditya Mogili
• Miroslav Petrov

v1.6.7

Compare Source

Bug Fixes

• capture async stack only for rejections with native error objects; (#​6203) (1a08f90)

Contributors to this release

• Dmitriy Mozgovoy
• zhoulixiang

v1.6.6

Compare Source

Bug Fixes

• fixed missed dispatchBeforeRedirect argument (#​5778) (a1938ff)
• wrap errors to improve async stack trace (#​5987) (123f354)

Contributors to this release

• Ilya Priven
• Zao Soula

v1.6.5

Compare Source

Bug Fixes

• ci: refactor notify action as a job of publish action; (#​6176) (0736f95)
• dns: fixed lookup error handling; (#​6175) (f4f2b03)

Contributors to this release

• Dmitriy Mozgovoy
• Jay

v1.6.4

Compare Source

Bug Fixes

• security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
• security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Guy Nesher

v1.6.3

Compare Source

Bug Fixes

• Regular Expression Denial of Service (ReDoS) (#​6132) (5e7ad38)

Contributors to this release

• Jay
• Willian Agostini
• Dmitriy Mozgovoy

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

📦 Next.js Bundle Analysis

This analysis was generated by the next.js bundle analysis action 🤖

🎉 Global Bundle Size Decreased

Page	Size (compressed)
global	111.47 KB (-3 B)

Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

Fifty-eight Pages Changed Size

The following pages changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load	% of Budget (500 KB)
/	297.2 KB	408.68 KB	81.74% (🟡 +0.39%)
/404	231.86 KB	343.33 KB	68.67% (🟡 +0.39%)
/admin/courses	392.87 KB	504.35 KB	100.87% (🟡 +0.40%)
/admin/disciplines	337.86 KB	449.33 KB	89.87% (🟡 +0.39%)
/admin/discord-server	364.61 KB	476.09 KB	95.22% (🟡 +0.39%)
/admin/events	365.26 KB	476.74 KB	95.35% (🟡 +0.39%)
/admin/mentor-registry	390.42 KB	501.89 KB	100.38% (🟡 +0.39%)
/admin/notifications	406.1 KB	517.57 KB	103.51% (🟡 +0.40%)
/admin/prompts	345.14 KB	456.62 KB	91.32% (🟡 +0.40%)
/admin/registrations	337.58 KB	449.05 KB	89.81% (🟡 +0.40%)
/admin/students	353.37 KB	464.85 KB	92.97% (🟡 +0.40%)
/admin/tasks	437.92 KB	549.39 KB	109.88% (🟡 +0.39%)
/admin/user-group	389.58 KB	501.06 KB	100.21% (🟡 +0.40%)
/admin/users	279.83 KB	391.3 KB	78.26% (🟡 +0.40%)
/applicants	320.46 KB	431.94 KB	86.39% (🟡 +0.39%)
/course/admin/certified-students	177.71 KB	289.19 KB	57.84% (🟡 +0.39%)
/course/admin/cross-check-table	465.5 KB	576.97 KB	115.39% (🟡 +0.40%)
/course/admin/events	448.9 KB	560.37 KB	112.07% (🟡 +0.40%)
/course/admin/interviews	388.53 KB	500 KB	100.00% (🟡 +0.40%)
/course/admin/mentor-tasks-review	406.12 KB	517.59 KB	103.52% (🟡 +0.39%)
/course/admin/mentors	393.04 KB	504.52 KB	100.90% (🟡 +0.40%)
/course/admin/stage-interviews	390.2 KB	501.67 KB	100.33% (🟡 +0.40%)
/course/admin/students	401.65 KB	513.12 KB	102.62% (🟡 +0.40%)
/course/admin/tasks	421.43 KB	532.91 KB	106.58% (🟡 +0.40%)
/course/admin/users	388.23 KB	499.7 KB	99.94% (🟡 +0.40%)
/course/interview/[type]/feedback	352.42 KB	463.9 KB	92.78% (🟡 +0.40%)
/course/mentor/auto-confirm	234.15 KB	345.63 KB	69.13% (🟡 +0.39%)
/course/mentor/confirm	300.97 KB	412.45 KB	82.49% (🟡 +0.40%)
/course/mentor/dashboard	408.81 KB	520.28 KB	104.06% (🟡 +0.39%)
/course/mentor/expel-student	304.92 KB	416.39 KB	83.28% (🟡 +0.39%)
/course/mentor/feedback	307.42 KB	418.89 KB	83.78% (🟡 +0.39%)
/course/mentor/interview-technical-screening	273.21 KB	384.68 KB	76.94% (🟡 +0.39%)
/course/mentor/interview-wait-list	346.07 KB	457.54 KB	91.51% (🟡 +0.39%)
/course/mentor/interviews	357.13 KB	468.6 KB	93.72% (🟡 +0.40%)
/course/mentor/students	263.23 KB	374.7 KB	74.94% (🟡 +0.40%)
/course/schedule	491.33 KB	602.8 KB	120.56% (🟡 +0.40%)
/course/score	345.89 KB	457.36 KB	91.47% (🟡 +0.40%)
/course/stats	293.74 KB	405.21 KB	81.04% (🟡 +0.40%)
/course/student/auto-test	398.91 KB	510.39 KB	102.08% (🟡 +0.39%)
/course/student/auto-test/task	398.83 KB	510.3 KB	102.06% (🟡 +0.40%)
/course/student/cross-check-review	490.15 KB	601.63 KB	120.33% (🟡 +0.39%)
/course/student/cross-check-submit	470.03 KB	581.5 KB	116.30% (🟡 +0.40%)
/course/student/dashboard	405.55 KB	517.03 KB	103.41% (🟡 +0.39%)
/course/student/interviews	310.98 KB	422.45 KB	84.49% (🟡 +0.40%)
/course/submit-scores	421.31 KB	532.79 KB	106.56% (🟡 +0.39%)
/course/team-distributions	392.25 KB	503.72 KB	100.74% (🟡 +0.40%)
/course/teams	438.71 KB	550.18 KB	110.04% (🟡 +0.39%)
/cv/[uuid]	251.46 KB	362.93 KB	72.59% (🟡 +0.39%)
/cv/edit	355.85 KB	467.32 KB	93.46% (🟡 +0.40%)
/gratitude	299.36 KB	410.84 KB	82.17% (🟡 +0.39%)
/heroes	405.57 KB	517.04 KB	103.41% (🟡 +0.39%)
/job	177.8 KB	289.28 KB	57.86% (🟡 +0.39%)
/profile	417.13 KB	528.6 KB	105.72% (🟡 +0.40%)
/profile/connection-confirmed	273.36 KB	384.83 KB	76.97% (🟡 +0.39%)
/profile/notifications	338.98 KB	450.45 KB	90.09% (🟡 +0.40%)
/registry/epamlearningjs	300.37 KB	411.84 KB	82.37% (🟡 +0.40%)
/registry/mentor	350.34 KB	461.81 KB	92.36% (🟡 +0.40%)
/registry/student	350.33 KB	461.8 KB	92.36% (🟡 +0.40%)

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

The "Budget %" column shows what percentage of your performance budget the First Load total takes up. For example, if your budget was 100kb, and a given page's first load size was 10kb, it would be 10% of your budget. You can also see how much this has increased or decreased compared to the base branch of your PR. If this percentage has increased by 5% or more, there will be a red status indicator applied, indicating that special attention should be given to this. If you see "+/- <0.01%" it means that there was a change in bundle size, but it is a trivial enough amount that it can be ignored.