[Snyk] Upgrade axios from 0.27.2 to 0.30.3

[madisonmay]

Snyk has created this PR to upgrade axios from 0.27.2 to 0.30.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.

• The recommended version was released 2 months ago.

Release notes

Package name: axios

• 0.30.3 - 2026-02-18
  

  This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

  Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

  🛡️ Security Fixes

  • Backport: Fix DoS via proto key in merge config
    • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @ FeBe95 in PR #7388

  ⚙️ Maintenance & CI

  • CI Infrastructure Update
    • Updated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - by @ jasonsaayman in PR #7407

  ⚠️ Breaking Changes

  Configuration Merging Behavior:

  As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

  Full Changelog: v0.30.2...v0.30.3

• 0.30.2 - 2025-09-27
  

  What's Changed

  • Backport maxContentLength vulnerability fix to v0.x by @ FeBe95 in #7034

  New Contributors

  • @ FeBe95 made their first contribution in #7034

  Full Changelog: v0.30.1...v0.30.2

• 0.30.1 - 2025-08-04
• 0.30.0 - 2025-03-26
• 0.29.0 - 2024-11-21
• 0.28.1 - 2024-03-28
• 0.28.0 - 2024-02-12
• 0.27.2 - 2022-04-27

from axios GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Note

Medium Risk
Runtime HTTP client dependency update could subtly change request/redirect/proxy handling and axios config-merging behavior. Lockfile churn is limited to transitive dependency updates pulled in by the axios upgrade.

Overview
Updates the runtime dependency axios to ^0.30.3.

Regenerates package-lock.json to align with the new axios release, including updated transitive packages (notably follow-redirects/form-data) and newly introduced proxy-from-env plus several low-level helper libraries.

^{Reviewed by Cursor Bugbot for commit cc3d58a. Bugbot is set up for automated code reviews on this repo. Configure here.}