Security Vulnerability

Package: axios
Current Version: 0.21.1
Vulnerability: CVE-2021-3749 (Regular Expression Denial of Service)
Severity: Moderate

Issue

The current version of axios (0.21.1) has a known security vulnerability:

• CVE-2021-3749 : Regular expression denial of service in trim function
• CVSS Score: 7.5 (High)

Recommendation

Upgrade axios to version 1.6.0 or later, which includes:

• Security fixes for multiple CVEs
• Better TypeScript support
• Improved error handling
• Node.js 18+ compatibility

Migration Notes

Axios 1.x has some breaking changes from 0.x:

• Response data is now accessed via response.data (unchanged)
• Some internal APIs have changed
• Default timeout behavior may differ

References

• CVE-2021-3749 Details
• Axios Changelog
• Migration Guide

Acceptance Criteria

• Upgrade axios to ^1.6.0 or later
• Run all tests to verify functionality
• Check for any breaking changes in API calls
• Update any custom axios configurations if needed