fix(deps): update dependency axios to v1.7.4 [security]

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	1.7.2 -> 1.7.4

---

Server-Side Request Forgery in axios

CVE-2024-39338 / GHSA-8hc4-vh64-cxmj

More information

Details

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Severity

High

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-39338
• https://github.com/axios/axios/issues/6463
• https://github.com/axios/axios/pull/6539
• https://github.com/axios/axios/pull/6543
• https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a
• https://github.com/axios/axios
• https://github.com/axios/axios/releases
• https://github.com/axios/axios/releases/tag/v1.7.4
• https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes

• sec: CVE-2024-39338 (#​6539) (#​6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#​6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

v1.7.3

Compare Source

Bug Fixes

• adapter: fix progress event emitting; (#​6518) (e3c76fc)
• fetch: fix withCredentials request config (#​6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#​6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.