[Snyk] Upgrade axios from 0.21.1 to 0.30.3

[jrdh]

Snyk has created this PR to upgrade axios from 0.21.1 to 0.30.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 19 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	440	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-15252993	440	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	440	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	440	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	440	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	440	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	440	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	440	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	440	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	440	No Known Exploit

Release notes

Package name: axios

• 0.30.3 - 2026-02-18
  

  This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

  Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

  🛡️ Security Fixes

  • Backport: Fix DoS via proto key in merge config
    • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @ FeBe95 in PR #7388

  ⚙️ Maintenance & CI

  • CI Infrastructure Update
    • Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @ jasonsaayman in PR #7407

  ⚠️ Breaking Changes

  Configuration Merging Behavior:

  As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

  Full Changelog: v0.30.2...v0.30.3

• 0.30.2 - 2025-09-27
  

  What's Changed

  • Backport maxContentLength vulnerability fix to v0.x by @ FeBe95 in #7034

  New Contributors

  • @ FeBe95 made their first contribution in #7034

  Full Changelog: v0.30.1...v0.30.2

• 0.30.1 - 2025-08-04
• 0.30.0 - 2025-03-26
• 0.29.0 - 2024-11-21
• 0.28.1 - 2024-03-28
• 0.28.0 - 2024-02-12
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18
• 0.24.0 - 2021-10-25
• 0.23.0 - 2021-10-12
• 0.22.0 - 2021-10-01
• 0.21.4 - 2021-09-06
• 0.21.3 - 2021-09-04
• 0.21.2 - 2021-09-04
• 0.21.1 - 2020-12-22

from axios GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs