From 5e2a677bcb1699d9e8e0b5f5a784e5bfe9229597 Mon Sep 17 00:00:00 2001 From: Sunny Wu Date: Fri, 10 Apr 2026 10:58:47 +1000 Subject: [PATCH] UID2-6899: Upgrade axios to 1.15.0 to fix CVE-2025-62718 SSRF vulnerability --- .../client-server/package-lock.json | 19 ++++++++++-------- .../client-server/package.json | 2 +- .../server-side/package-lock.json | 19 ++++++++++-------- .../server-side/package.json | 2 +- .../client-server/package-lock.json | 19 ++++++++++-------- .../javascript-sdk/client-server/package.json | 2 +- .../client-server/package-lock.json | 19 ++++++++++-------- .../client-server/package.json | 2 +- .../server-side/package-lock.json | 20 ++++++++++--------- web-integrations/server-side/package.json | 2 +- 10 files changed, 60 insertions(+), 46 deletions(-) diff --git a/web-integrations/google-secure-signals/client-server/package-lock.json b/web-integrations/google-secure-signals/client-server/package-lock.json index 05d38de..b592210 100644 --- a/web-integrations/google-secure-signals/client-server/package-lock.json +++ b/web-integrations/google-secure-signals/client-server/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.13", "license": "BSD-2-Clause", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "dotenv": "^17.2.3", "ejs": "^3.1.7", "express": "^4.21.2", @@ -605,13 +605,13 @@ } }, "node_modules/axios": { - "version": "1.13.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", - "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "dependencies": { "follow-redirects": "^1.15.11", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "proxy-from-env": "^2.1.0" } }, "node_modules/balanced-match": { @@ -3093,9 +3093,12 @@ } }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } }, "node_modules/punycode": { "version": "2.3.1", diff --git a/web-integrations/google-secure-signals/client-server/package.json b/web-integrations/google-secure-signals/client-server/package.json index 5906df9..accc114 100644 --- a/web-integrations/google-secure-signals/client-server/package.json +++ b/web-integrations/google-secure-signals/client-server/package.json @@ -12,7 +12,7 @@ "node": "20.11.0" }, "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "dotenv": "^17.2.3", "ejs": "^3.1.7", "express": "^4.21.2", diff --git a/web-integrations/google-secure-signals/server-side/package-lock.json b/web-integrations/google-secure-signals/server-side/package-lock.json index 7461346..1ac2626 100644 --- a/web-integrations/google-secure-signals/server-side/package-lock.json +++ b/web-integrations/google-secure-signals/server-side/package-lock.json @@ -9,7 +9,7 @@ "version": "1.7.0", "license": "BSD-2-Clause", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "cookie-session": "^1.4.0", "ejs": "^3.1.7", "express": "^4.21.2", @@ -676,13 +676,13 @@ } }, "node_modules/axios": { - "version": "1.13.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", - "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "dependencies": { "follow-redirects": "^1.15.11", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "proxy-from-env": "^2.1.0" } }, "node_modules/balanced-match": { @@ -3238,9 +3238,12 @@ } }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } }, "node_modules/punycode": { "version": "2.3.1", diff --git a/web-integrations/google-secure-signals/server-side/package.json b/web-integrations/google-secure-signals/server-side/package.json index edd3cc3..ef1ea2e 100644 --- a/web-integrations/google-secure-signals/server-side/package.json +++ b/web-integrations/google-secure-signals/server-side/package.json @@ -12,7 +12,7 @@ "node": "20.11.0" }, "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "cookie-session": "^1.4.0", "ejs": "^3.1.7", "express": "^4.21.2", diff --git a/web-integrations/javascript-sdk/client-server/package-lock.json b/web-integrations/javascript-sdk/client-server/package-lock.json index 72d6bb5..0d54045 100644 --- a/web-integrations/javascript-sdk/client-server/package-lock.json +++ b/web-integrations/javascript-sdk/client-server/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.9-fa449d0766", "license": "BSD-2-Clause", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "body-parser": "^1.20.3", "dotenv": "^17.2.3", "ejs": "^3.1.7", @@ -675,13 +675,13 @@ } }, "node_modules/axios": { - "version": "1.13.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", - "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "dependencies": { "follow-redirects": "^1.15.11", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "proxy-from-env": "^2.1.0" } }, "node_modules/balanced-match": { @@ -3200,9 +3200,12 @@ } }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } }, "node_modules/punycode": { "version": "2.3.1", diff --git a/web-integrations/javascript-sdk/client-server/package.json b/web-integrations/javascript-sdk/client-server/package.json index 78bc5ae..325c00f 100644 --- a/web-integrations/javascript-sdk/client-server/package.json +++ b/web-integrations/javascript-sdk/client-server/package.json @@ -12,7 +12,7 @@ "node": "20.11.0" }, "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "body-parser": "^1.20.3", "dotenv": "^17.2.3", "ejs": "^3.1.7", diff --git a/web-integrations/prebid-integrations/client-server/package-lock.json b/web-integrations/prebid-integrations/client-server/package-lock.json index 8b7c67a..59d3ea6 100644 --- a/web-integrations/prebid-integrations/client-server/package-lock.json +++ b/web-integrations/prebid-integrations/client-server/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "ISC", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "dotenv": "^17.2.3", "ejs": "^3.1.10", "express": "^5.1.0" @@ -38,13 +38,13 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.13.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", - "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "dependencies": { "follow-redirects": "^1.15.11", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "proxy-from-env": "^2.1.0" } }, "node_modules/balanced-match": { @@ -742,9 +742,12 @@ } }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } }, "node_modules/qs": { "version": "6.14.1", diff --git a/web-integrations/prebid-integrations/client-server/package.json b/web-integrations/prebid-integrations/client-server/package.json index 90fc990..8d8af52 100644 --- a/web-integrations/prebid-integrations/client-server/package.json +++ b/web-integrations/prebid-integrations/client-server/package.json @@ -11,7 +11,7 @@ "author": "", "license": "ISC", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "dotenv": "^17.2.3", "ejs": "^3.1.10", "express": "^5.1.0" diff --git a/web-integrations/server-side/package-lock.json b/web-integrations/server-side/package-lock.json index 27394e7..78a5f62 100644 --- a/web-integrations/server-side/package-lock.json +++ b/web-integrations/server-side/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.4-49705f1e4e", "license": "BSD-2-Clause", "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "body-parser": "^1.20.3", "cookie-session": "^1.4.0", "ejs": "^3.1.7", @@ -489,13 +489,13 @@ "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" }, "node_modules/axios": { - "version": "1.13.5", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz", - "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", + "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", "dependencies": { "follow-redirects": "^1.15.11", "form-data": "^4.0.5", - "proxy-from-env": "^1.1.0" + "proxy-from-env": "^2.1.0" } }, "node_modules/balanced-match": { @@ -2759,10 +2759,12 @@ } }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", - "license": "MIT" + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "engines": { + "node": ">=10" + } }, "node_modules/punycode": { "version": "2.1.1", diff --git a/web-integrations/server-side/package.json b/web-integrations/server-side/package.json index 96b81da..61ca713 100644 --- a/web-integrations/server-side/package.json +++ b/web-integrations/server-side/package.json @@ -12,7 +12,7 @@ "node": "20.11.0" }, "dependencies": { - "axios": "^1.13.5", + "axios": ">=1.15.0", "body-parser": "^1.20.3", "cookie-session": "^1.4.0", "ejs": "^3.1.7",