build(deps): bump axios and start-server-and-test in /client

[dependabot]

Bumps axios and start-server-and-test. These dependencies needed to be updated together.
Updates axios from 0.21.4 to 1.8.2

Release notes

Sourced from axios's releases.

Release v1.8.2

Release notes:

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

• examples: application crashed when navigating examples in browser (#5938) (1260ded)
• missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
• utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

• Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

• Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

• code relying on the above will now combine the URLs instead of prefer request URL

• feat: add config option for allowing absolute URLs

• fix: add default value for allowAbsoluteUrls in buildFullPath

• fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.2 (2025-03-07)

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

• examples: application crashed when navigating examples in browser (#5938) (1260ded)
• missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
• utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

• Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

• Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

• code relying on the above will now combine the URLs instead of prefer request URL

• feat: add config option for allowing absolute URLs

• fix: add default value for allowAbsoluteUrls in buildFullPath

... (truncated)

Commits

• a9f7689 chore(release): v1.8.2 (#6812)
• fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
• 9812045 chore(sponsor): update sponsor block (#6804)
• 72acf75 chore(sponsor): update sponsor block (#6794)
• 2e64afd chore(release): v1.8.1 (#6800)
• 36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
• cceb7b1 chore(release): v1.8.0 (#6795)
• 23a25af fix(utils): replace getRandomValues with crypto module (#6788)
• 32c7bcc feat: Add config for ignoring absolute URLs (#5902) (#6192)
• 4a3e26c chore(config): adjust rollup config to preserve license header to minified Ja...
• Additional commits viewable in compare view

Updates start-server-and-test from 1.14.0 to 2.0.10

Release notes

Sourced from start-server-and-test's releases.

v2.0.10

2.0.10 (2025-01-14)

Bug Fixes

• deps: update dependency wait-on to v8.0.2 (#399) (a514875)

v2.0.9

2.0.9 (2024-12-11)

Bug Fixes

• deps: update dependency debug to v4.4.0 (#397) (0f057d7)

v2.0.8

2.0.8 (2024-09-16)

Bug Fixes

• deps: update dependency wait-on to v8.0.1 (fe1c25d)

v2.0.7

2.0.7 (2024-09-09)

Bug Fixes

• deps: update dependency wait-on to v8 (#386) (d814a72)

v2.0.6

2.0.6 (2024-09-08)

Bug Fixes

• deps: update dependency debug to v4.3.7 (78c6f53)

v2.0.5

2.0.5 (2024-07-29)

Bug Fixes

• deps: update dependency debug to v4.3.6 (8ebb70b)

v2.0.4

2.0.4 (2024-06-05)

... (truncated)

Commits

• a514875 fix(deps): update dependency wait-on to v8.0.2 (#399)
• 0f057d7 fix(deps): update dependency debug to v4.4.0 (#397)
• fe1c25d fix(deps): update dependency wait-on to v8.0.1
• d814a72 fix(deps): update dependency wait-on to v8 (#386)
• 78c6f53 fix(deps): update dependency debug to v4.3.7
• 8ebb70b fix(deps): update dependency debug to v4.3.6
• dd8a2d7 fix(deps): update dependency debug to v4.3.5
• ad35c2e fix(deps): update dependency wait-on to v7.2.0 (#374)
• efe7384 fix(deps): update dependency wait-on to v7.1.0
• 2fc1f98 fix: bump minimum Node to v16, closes #351
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[semgrep-code-therredhatter]

Semgrep found 1 ssc-aff5e8de-c638-4356-8a93-120597e35ce9 finding:

• client/package-lock.json
  • L6813 - Triage

Risk: Affected versions of @babel/traverse are vulnerable to Incomplete List Of Disallowed Inputs. An attacker can exploit a vulnerability in the internal Babel methods path.evaluate() or path.evaluateTruthy() by compiling specially crafted code, potentially resulting in arbitrary code execution during compilation.

Manual Review Advice: A vulnerability from this advisory is reachable if you use Babel to compile untrusted JavaScript

Fix: Upgrade this library to at least version 7.23.2 at brokencrystals/client/package-lock.json:6813.

Reference(s): GHSA-67hx-6x53-jw92, CVE-2023-45133

[semgrep-code-theredhatter]

Semgrep found 1 ssc-aff5e8de-c638-4356-8a93-120597e35ce9 finding:

• client/package-lock.json
  • L6813 - Triage

Risk: Affected versions of @babel/traverse are vulnerable to Incomplete List Of Disallowed Inputs. An attacker can exploit a vulnerability in the internal Babel methods path.evaluate() or path.evaluateTruthy() by compiling specially crafted code, potentially resulting in arbitrary code execution during compilation.

Manual Review Advice: A vulnerability from this advisory is reachable if you use Babel to compile untrusted JavaScript

Fix: Upgrade this library to at least version 7.23.2 at brokencrystals/client/package-lock.json:6813.

Reference(s): GHSA-67hx-6x53-jw92, CVE-2023-45133

[TheRedHatter]

Checkmarx One – Scan Summary & Details – dac8c2c0-7afd-4dd2-9c9c-eeaaf4de696c

New Issues (12)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Cx88b46a98-47a5	Npm-elliptic-6.5.4	details Recommended version: 6.6.1 Description: The elliptic package is a plain JavaScript implementation of elliptic-curve cryptography. Versions of elliptic package prior to 6.6.1 are vulnerabl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Insecure_Storage_of_Sensitive_Data	/client/src/api/makeApiRequest.ts: 13	details The application takes sensitive, personal data authorization, found at line 13 of /client/src/api/makeApiRequest.ts, and stores it in an unprotecte... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/Login/Login.tsx: 89	details The application takes sensitive, personal data lastName, found at line 89 of /client/src/pages/auth/Login/Login.tsx, and stores it in an unprotecte... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/Login/Login.tsx: 89	details The application takes sensitive, personal data firstName, found at line 89 of /client/src/pages/auth/Login/Login.tsx, and stores it in an unprotect... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/LoginNew/PasswordCheck.tsx: 70	details The application takes sensitive, personal data lastName, found at line 70 of /client/src/pages/auth/LoginNew/PasswordCheck.tsx, and stores it in an... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/LoginNew/PasswordCheck.tsx: 70	details The application takes sensitive, personal data firstName, found at line 70 of /client/src/pages/auth/LoginNew/PasswordCheck.tsx, and stores it in a... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/LoginNew/PasswordCheck.tsx: 65	details The application takes sensitive, personal data lastName, found at line 65 of /client/src/pages/auth/LoginNew/PasswordCheck.tsx, and stores it in an... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/auth/LoginNew/PasswordCheck.tsx: 65	details The application takes sensitive, personal data firstName, found at line 65 of /client/src/pages/auth/LoginNew/PasswordCheck.tsx, and stores it in a... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/main/Userprofile.tsx: 50	details The application takes sensitive, personal data lastName, found at line 50 of /client/src/pages/main/Userprofile.tsx, and stores it in an unprotecte... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/main/Userprofile.tsx: 50	details The application takes sensitive, personal data firstName, found at line 50 of /client/src/pages/main/Userprofile.tsx, and stores it in an unprotect... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/main/Userprofile.tsx: 46	details The application takes sensitive, personal data lastName, found at line 46 of /client/src/pages/main/Userprofile.tsx, and stores it in an unprotecte... Attack Vector
	Insecure_Storage_of_Sensitive_Data	/client/src/pages/main/Userprofile.tsx: 46	details The application takes sensitive, personal data firstName, found at line 46 of /client/src/pages/main/Userprofile.tsx, and stores it in an unprotect... Attack Vector

Fixed Issues (29)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Client_DOM_Stored_XSS	/client/public/assets/vendor/owl.carousel/owl.carousel.min.js: 717
	Client_DOM_Stored_XSS	/client/public/assets/vendor/php-email-form/validate.js: 112
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/venobox/venobox.js: 663
	Client_DOM_Stored_XSS	/client/public/assets/vendor/venobox/venobox.js: 663
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/owl.carousel/owl.carousel.min.js: 717
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/php-email-form/validate.js: 112
	Client_DOM_Stored_XSS	/client/public/assets/vendor/venobox/venobox.js: 663
	Client_DOM_Stored_XSS	/client/public/assets/vendor/php-email-form/validate.js: 112
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/owl.carousel/owl.carousel.min.js: 717
	Client_DOM_Stored_XSS	/client/public/assets/vendor/owl.carousel/owl.carousel.min.js: 717
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/php-email-form/validate.js: 112
	Client_DOM_Stored_XSS	/client/public/assets/vendor/php-email-form/validate.js: 112
	Client_DOM_Stored_XSS	/client/public/vendor/assets/vendor/venobox/venobox.js: 663
	Client_DOM_Stored_XSS	/client/public/assets/vendor/venobox/venobox.js: 663
	CVE-2023-26159	Npm-follow-redirects-1.14.8
	SSRF	/src/email/email.service.ts: 139
	SSRF	/src/email/email.service.ts: 139
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 2370
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 2371
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 2370
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 2371
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 1328
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 1328
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 2370
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 2371
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 2371
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 2370
	Client_JQuery_Deprecated_Symbols	/client/public/js/bootstrap-datetimepicker.js: 1328
	Client_JQuery_Deprecated_Symbols	/client/public/vendor/js/bootstrap-datetimepicker.js: 1328

[dependabot]

Superseded by #192.