fix(deps): update dependency axios to v1.7.4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	1.7.2 -> 1.7.4

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

---

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes

• sec: CVE-2024-39338 (#​6539) (#​6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#​6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

v1.7.3

Compare Source

Bug Fixes

• adapter: fix progress event emitting; (#​6518) (e3c76fc)
• fetch: fix withCredentials request config (#​6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#​6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Thanks for the PR!

Any successful deployments (not always required) will be available below.
Backend available

Once merged, code will be promoted and handed off to following workflow run.
Main Merge Workflow

[github-actions]

Current changelog

Bug Fixes

• adding baseline on migrate (f1db5f1)
• backend/package.json & backend/package-lock.json to reduce vulnerabilities (#213) (37c4663)
• be: (#160) (bffe0bb)
• be: Fixed security issue related to an uncontrolled resource consumption in braces (#266) (4d8dcd6)
• changing to flyway and fixing script (436d14f)
• deps: update dependency @nestjs/schedule to v4 (#204) (c7229e8)
• deps: update dependency axios to v1.6.0 [security] (#182) (3a09d9c)
• deps: update dependency axios to v1.7.4 [security] (049208b)
• deps: update dependency axios-oauth-client to v2 (#151) (ee677a4)
• deps: update dependency reflect-metadata to ^0.2.0 (#233) (b2951f7)
• deps: update dependency rimraf to v5 (#152) (86910b5)
• deps: update dependency swagger-ui-express to v5 (#164) (24158c5)
• deps: update nest monorepo to v10 (#176) (a863123)
• deps: update nest monorepo to v10 (major) (#153) (1295623)
• deps: update nestjs (#154) (3c64a3a)
• fixing database deploy (942d331)
• fixing deployment init (ce00b42)
• fixing health path (71a133f)
• fixing param name (c564ec8)
• fixing pr close (6aa607a)
• fixing pr workflow (2cf5b9e)
• fixing prod deployment environment (df3554d)
• fixing test workflow dir (9f8638b)
• FSADT1-1341: updated district DOS email (#252) (73bc113)
• sec: fixing trivy related issues (1bed6ac)
• Snyk: Upgrade @typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 (#261) (80d3103)
• Snyk: Upgrade axios from 1.6.8 to 1.7.2 (#262) (45943dd)
• Snyk: Upgrade rimraf from 5.0.6 to 5.0.7 (#264) (6b071d7)
• updating api check workflow (#186) (26f3de4)
• updating cove coverage report (#197) (9b7009a)
• upgrade @nestjs/testing from 10.3.7 to 10.3.8 (#246) (2fca147)
• upgrade @types/node from 20.12.11 to 20.12.12 (#259) (f5f88e4)
• upgrade @types/node from 20.12.7 to 20.12.8 (#253) (8cd500e)
• upgrade @types/node from 20.12.8 to 20.12.11 (#255) (407af8f)
• upgrade @typescript-eslint/eslint-plugin from 7.7.0 to 7.7.1 (#247) (9e7ba29)
• upgrade @typescript-eslint/eslint-plugin from 7.7.1 to 7.8.0 (#250) (eb01c71)
• upgrade @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 (#258) (c18dd44)
• upgrade @typescript-eslint/parser from 7.7.0 to 7.7.1 (#248) (3516a4d)
• upgrade @typescript-eslint/parser from 7.7.1 to 7.8.0 (#251) (5551bda)
• upgrade @typescript-eslint/parser from 7.8.0 to 7.9.0 (#257) (c6fa31b)
• upgrade @typescript-eslint/parser from 7.9.0 to 7.10.0 (#260) (8194282)
• upgrade eslint from 8.56.0 to 8.57.0 (#242) (329109b)
• upgrade multiple dependencies with Snyk (#245) (3391dc6)
• upgrade reflect-metadata from 0.2.1 to 0.2.2 (#243) (30ca554)
• upgrade rimraf from 5.0.5 to 5.0.6 (#256) (9263060)
• upgrade ts-jest from 29.1.2 to 29.1.3 (#263) (d22d21c)

Features

• adding health check (#145) (be07327)
• be:FSADT1-1338: Changed form with new distric email (#249) (1e32fa0)
• be: (#143) (a6b0de5)
• be: Log improvement (#190) (0b81088)
• health check cron check (#147) (5fc8b20)
• Improved logs (#188) (c095cb5)
• updating merge main (c0280ad)
• updating workflow (7d8424d)
• Upgraded Axios (#187) (cc710c6)

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

Backend coverage report

Coverage after merging renovate/npm-axios-vulnerability into main will be

5.70%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
src
app.controller.ts	81.82%	100%	66.67%	87.50%	15
app.module.ts	0%	0%	100%	0%	1, 15, 15, 17, 17–18, 18, 2, 29, 3–8
app.service.ts	58.33%	100%	50%	62.50%	12–14
main.ts	0%	0%	0%	0%	1, 11–12, 14, 14, 14, 14–15, 2, 23, 25, 3, 31, 33, 33, 33–34, 36, 4, 43, 45, 5, 8
src/ches
ches.module.ts	0%	100%	100%	0%	1, 10, 2–3
src/ches/services
ches.service.ts	5.26%	0%	0%	11.54%	104, 113, 22–23, 23, 23, 23, 23, 25, 33–34, 34, 34–35, 35, 35–36, 36, 36–37, 37, 37–38, 38, 38, 40, 40–41, 41, 41, 45, 55, 55–56, 62, 64, 64–65, 65, 65–66, 89, 9, 92, 98
src/email
email.module.ts	0%	100%	100%	0%	1, 13, 2–5
src/email/controllers
email.controller.ts	0%	100%	0%	0%	1, 12–13, 2–4, 8–9
src/email/model
email.entity.ts	0%	100%	100%	0%	1, 14, 20, 26, 3, 32, 45, 8
src/email/services
email.service.ts	0%	100%	0%	0%	1, 10, 3, 6–7
src/form
form.module.ts	0%	100%	100%	0%	1, 18, 2–7
src/form/controllers
form.controller.ts	0%	100%	0%	0%	1, 10–11, 2, 24–25, 29–30, 34, 37, 4, 45–46, 6
src/form/entities
emailSubmissionLog.entity.ts	0%	100%	100%	0%	1, 14, 2, 21, 28, 31, 34, 37, 45, 5, 51, 7
src/form/services
form.service.ts	0%	0%	0%	0%	1, 10, 100, 100, 100–101, 104, 104, 104, 104–105, 111, 111–112, 114, 118, 118–119, 119, 119, 123, 13, 132, 136–138, 14, 148–149, 149–150, 155, 160–162, 173–174, 176, 178–179, 18, 180, 188, 19, 191, 191–192, 192, 192, 192, 192, 192, 192, 199, 2, 200, 208, 212, 212–213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 213, 225–227, 23, 232, 234, 240–241, 250, 261, 261, 261, 261, 261–263, 266–267, 269, 277, 28, 283, 29, 296, 3, 30, 302, 302, 302–303, 303, 303–304, 309, 31, 310, 312, 315, 315, 315–317, 317–318, 318, 32, 321, 323–327, 33, 335, 339–340, 349–350, 356, 365–366, 369, 37, 372, 379, 38, 381, 384, 39, 391, 394, 4, 40, 402–403, 41, 410–412, 414, 42, 422–423, 432–433, 435, 46, 5, 55, 6, 61, 69, 78, 8, 90–96, 98–99, 99

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.