[Snyk] Security upgrade axios from 1.4.0 to 1.13.5#184
[Snyk] Security upgrade axios from 1.4.0 to 1.13.5#184snyk-io[bot] wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-15252993
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
WalkthroughThis PR upgrades the axios HTTP client library from version 1.4.0 to 1.13.5 in the GUI component. This significant version jump addresses security vulnerabilities and improves stability. The update cascades to several transitive dependencies, including follow-redirects (1.15.2 to 1.15.11) and form-data (4.0.0 to 4.0.5). Additionally, the upgrade introduces new utility packages (call-bind-apply-helpers, dunder-proto, es-define-property, es-errors, es-object-atoms, get-proto, hasown, math-intrinsics) and updates existing packages (function-bind, get-intrinsic, gopd, has-symbols, has-tostringtag, es-set-tostringtag) to their latest versions. The changes are reflected in both package.json and package-lock.json files. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
participant App as GUI Application
participant Axios as Axios v1.13.5
participant FormData as form-data v4.0.5
participant FollowRedirects as follow-redirects v1.15.11
participant Intrinsics as ES Intrinsics Layer
participant Network as External API
Note over App,Network: Dependency Update: Axios 1.4.0 → 1.13.5
App->>Axios: HTTP Request (GET/POST/etc)
activate Axios
alt Request includes form data
Axios->>FormData: Prepare multipart/form-data
activate FormData
FormData->>Intrinsics: Use es-set-tostringtag, hasown
Note over FormData,Intrinsics: Enhanced type checking<br/>and property validation
Intrinsics-->>FormData: Validated data structure
FormData-->>Axios: Formatted request body
deactivate FormData
end
Axios->>FollowRedirects: Execute HTTP request
activate FollowRedirects
FollowRedirects->>Network: Send request
activate Network
alt Response is redirect (3xx)
Network-->>FollowRedirects: Redirect response
FollowRedirects->>Network: Follow redirect
Network-->>FollowRedirects: Final response
else Direct response
Network-->>FollowRedirects: Response data
end
deactivate Network
FollowRedirects-->>Axios: Response data
deactivate FollowRedirects
Axios->>Intrinsics: Process response with enhanced introspection
Note over Intrinsics: New utilities: get-intrinsic,<br/>es-errors, math-intrinsics
Intrinsics-->>Axios: Validated response
Axios-->>App: HTTP Response
deactivate Axios
Note over App,Axios: Improved stability and security<br/>with updated dependencies
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
gui/package.jsongui/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-15252993
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
EntelligenceAI PR Summary
This PR upgrades the axios HTTP client library from 1.4.0 to 1.13.5 to address security vulnerabilities and improve stability.