Update dependency axios from v0.27.2 to v0.28.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	0.27.2 -> 0.28.0

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios (axios)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @material-ui/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"18.2.0" from the root project
npm ERR!   peer react@"^16.0.0 || ^17.0.0 || ^18.0.0" from @entur/[email protected]
npm ERR!   node_modules/@entur/auth-provider
npm ERR!     @entur/auth-provider@"1.1.0" from the root project
npm ERR!   9 more (@entur/micro-frontend, react-dropzone, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^16.8.0 || ^17.0.0" from @material-ui/[email protected]
npm ERR! node_modules/@material-ui/core
npm ERR!   @material-ui/core@"4.12.4" from the root project
npm ERR!   peer @material-ui/core@"^4.0.0" from @material-ui/[email protected]
npm ERR!   node_modules/@material-ui/icons
npm ERR!     @material-ui/icons@"4.11.3" from the root project
npm ERR!   1 more (@material-ui/lab)
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"^16.8.0 || ^17.0.0" from @material-ui/[email protected]
npm ERR!   node_modules/@material-ui/core
npm ERR!     @material-ui/core@"4.12.4" from the root project
npm ERR!     peer @material-ui/core@"^4.0.0" from @material-ui/[email protected]
npm ERR!     node_modules/@material-ui/icons
npm ERR!       @material-ui/icons@"4.11.3" from the root project
npm ERR!     1 more (@material-ui/lab)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-04-30T10_21_38_753Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @material-ui/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"18.2.0" from the root project
npm ERR!   peer react@"^16.0.0 || ^17.0.0 || ^18.0.0" from @entur/[email protected]
npm ERR!   node_modules/@entur/auth-provider
npm ERR!     @entur/auth-provider@"1.1.0" from the root project
npm ERR!   9 more (@entur/micro-frontend, react-dropzone, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^16.8.0 || ^17.0.0" from @material-ui/[email protected]
npm ERR! node_modules/@material-ui/core
npm ERR!   @material-ui/core@"4.12.4" from the root project
npm ERR!   peer @material-ui/core@"^4.0.0" from @material-ui/[email protected]
npm ERR!   node_modules/@material-ui/icons
npm ERR!     @material-ui/icons@"4.11.3" from the root project
npm ERR!   1 more (@material-ui/lab)
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"^16.8.0 || ^17.0.0" from @material-ui/[email protected]
npm ERR!   node_modules/@material-ui/core
npm ERR!     @material-ui/core@"4.12.4" from the root project
npm ERR!     peer @material-ui/core@"^4.0.0" from @material-ui/[email protected]
npm ERR!     node_modules/@material-ui/icons
npm ERR!       @material-ui/icons@"4.11.3" from the root project
npm ERR!     1 more (@material-ui/lab)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2025-02-04T19_15_01_229Z-debug-0.log