[Snyk] Upgrade axios from 0.21.1 to 1.12.0

[larissabenevides]

Snyk has created this PR to upgrade axios from 0.21.1 to 1.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 73 versions ahead of your current version.

• The recommended version was released 21 days ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	738	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	738	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	738	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	738	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	738	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	738	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	738	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	738	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	738	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	738	No Known Exploit

Release notes

Package name: axios

• 1.12.0 - 2025-09-11
  

  Release notes:

  Bug Fixes

  • adding build artifacts (9ec86de)
  • dont add dist on release (a2edc36)
  • fetch-adapter: set correct Content-Type for Node FormData (#6998) (a9f47af)
  • node: enforce maxContentLength for data: URLs (#7011) (945435f)
  • package exports (#5627) (aa78ac2)
  • params: removing '[' and ']' from URL encode exclude characters (#3316) (#5715) (6d84189)
  • release pr run (fd7f404)
  • types: change the type guard on isCancel (#5595) (0dbb7fd)

  Features

  • adapter: surface low‑level network error details; attach original error via cause (#6982) (78b290c)
  • fetch: add fetch, Request, Response env config variables for the adapter; (#7003) (c959ff2)
  • support reviver on JSON.parse (#5926) (2a97634), closes #5924
  • types: extend AxiosResponse interface to include custom headers type (#6782) (7960d34)

  Contributors to this release

  • Willian Agostini
  • Dmitriy Mozgovoy
  • khani
  • Ameer Assadi
  • Emiedonmokumo Dick-Boro
  • Zeroday BYTE
  • Jason Saayman
  • 최예찬
  • Gligor Kotushevski
  • Aleksandar Dimitrov
• 1.11.0 - 2025-07-23
  

  Release notes:

  Bug Fixes

  • form-data npm pakcage (#6970) (e72c193)
  • prevent RangeError when using large Buffers (#6961) (a2214ca)
  • types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#6956) (8517aa1)

  Contributors to this release

  • izzy goldman
  • Manish Sahani
  • Noritaka Kobayashi
  • James Nail
  • Tejaswi1305
• 1.10.0 - 2025-06-14
  

  Release notes:

  Bug Fixes

  • adapter: pass fetchOptions to fetch function (#6883) (0f50af8)
  • form-data: convert boolean values to strings in FormData serialization (#6917) (5064b10)
  • package: add module entry point for React Native; (#6933) (3d343b8)

  Features

  • types: improved fetchOptions interface (#6867) (63f1fce)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Noritaka Kobayashi
  • Dimitrios Lazanas
  • Adrian Knapp
  • Howie Zhao
  • Uhyeon Park
  • Sampo Silvennoinen
• 1.9.0 - 2025-04-24
  

  Release notes:

  Bug Fixes

  • core: fix the Axios constructor implementation to treat the config argument as optional; (#6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#6661) (987d2e2)
  • types: fix autocomplete for adapter config (#6855) (e61a893)

  Features

  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#5707) (80ea756)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
  • Willian Agostini
  • George Cheng
  • FatahChan
  • Ionuț G. Stan
• 1.8.4 - 2025-03-19
  

  Release notes:

  Bug Fixes

  • buildFullPath: handle allowAbsoluteUrls: false without baseURL (#6833) (f10c2e0)

  Contributors to this release

  • Marc Hassan
• 1.8.3 - 2025-03-12
  

  Release notes:

  Bug Fixes

  • add missing type for allowAbsoluteUrls (#6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#6814) (ec159e5)

  Contributors to this release

  • Ashcon Partovi
  • StefanBRas
  • Marc Hassan
• 1.8.2 - 2025-03-07
  

  Release notes:

  Bug Fixes

  • http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

  Contributors to this release

  • Fasoro-Joseph Alexander
• 1.8.1 - 2025-02-26
  

  Release notes:

  Bug Fixes

  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.8.0 - 2025-02-26
• 1.7.9 - 2024-12-04
• 1.7.8 - 2024-11-25
• 1.7.7 - 2024-08-31
• 1.7.6 - 2024-08-30
• 1.7.5 - 2024-08-23
• 1.7.4 - 2024-08-13
• 1.7.3 - 2024-08-01
• 1.7.2 - 2024-05-21
• 1.7.1 - 2024-05-20
• 1.7.0 - 2024-05-19
• 1.7.0-beta.2 - 2024-05-19
• 1.7.0-beta.1 - 2024-05-07
• 1.7.0-beta.0 - 2024-04-28
• 1.6.8 - 2024-03-15
• 1.6.7 - 2024-01-25
• 1.6.6 - 2024-01-24
• 1.6.5 - 2024-01-05
• 1.6.4 - 2024-01-03
• 1.6.3 - 2023-12-26
• 1.6.2 - 2023-11-14
• 1.6.1 - 2023-11-08
• 1.6.0 - 2023-10-26
• 1.5.1 - 2023-09-26
• 1.5.0 - 2023-08-26
• 1.4.0 - 2023-04-27
• 1.3.6 - 2023-04-19
• 1.3.5 - 2023-04-05
• 1.3.4 - 2023-02-22
• 1.3.3 - 2023-02-13
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17
• 1.2.2 - 2022-12-29
• 1.2.1 - 2022-12-05
• 1.2.0 - 2022-11-22
• 1.2.0-alpha.1 - 2022-11-10
• 1.1.3 - 2022-10-15
• 1.1.2 - 2022-10-07
• 1.1.1 - 2022-10-07
• 1.1.0 - 2022-10-06
• 1.0.0 - 2022-10-04
• 1.0.0-alpha.1 - 2022-05-31
• 0.30.2 - 2025-09-27
• 0.30.1 - 2025-08-04
  

  Release notes:

  Bug Fixes

  • chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @ wolandec in #6978

  Contributors to this release

  • @ wolandec made their first contribution in #6978

  Full Changelog: v0.30.0...v0.30.1

• 0.30.0 - 2025-03-26
  

  Release notes:

  Bug Fixes

  • fix: modify log while request is aborted by @ mori5321 in #4917
  • fix: update CHANGELOG.md for v0.x by @ TehZarathustra in #6271
  • fix: modify upgrade guide for 0.28.1's breaking change by @ nafeger in #6787
  • fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @ thatguyinabeanie in #6829
  • fix: add allowAbsoluteUrls type by @ thatguyinabeanie in #6849

  Contributors to this release

  • @ mori5321 made their first contribution in #4917
  • @ TehZarathustra made their first contribution in #6271
  • @ nafeger made their first contribution in #6787
  • @ thatguyinabeanie made their first contribution in #6829

  Full Changelog: v0.29.0...v0.30.0

• 0.29.0 - 2024-11-21
• 0.28.1 - 2024-03-28
• 0.28.0 - 2024-02-12
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18
• 0.24.0 - 2021-10-25
• 0.23.0 - 2021-10-12
• 0.22.0 - 2021-10-01
• 0.21.4 - 2021-09-06
• 0.21.3 - 2021-09-04
• 0.21.2 - 2021-09-04
• 0.21.1 - 2020-12-22

from axios GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[larissabenevides]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)