REPORT / 01
Analysis Report · axios v1.14.0 → v1.15.0 — CVE-2026-40175
Shared security patch analysis results
02 ·
Lifecycle actions
cancel · resume · skip · regenerate
03 ·
Share this analysis
copy link · embed report
03 ·
CVE Security Analysis & Writeups
ai-generated · per cve
Comprehensive security analysis generated by AI for each confirmed CVE match. Click on a CVE to view the detailed writeup including vulnerability background, technical details, patch analysis, and PoC guide.
CVE-2026-40175
NVD
AI-Generated Analysis
05 ·
Findings
filter · search · paginate
Showing 0 to 0 of 0 results
lib/env/data.js
AI: No vulnerabilities
CVE-2026-40175
--- cache/axios_v1.14.0/lib/env/data.js 2026-04-19 15:00:58.700188335 +0000+++ cache/axios_v1.15.0/lib/env/data.js 2026-04-19 15:00:59.128218776 +0000@@ -1 +1 @@-export const VERSION = "1.14.0";\ No newline at end of file+export const VERSION = "1.15.0";\ No newline at end of file
AI Analysis
Vulnerability Existed: no None lib/env/data.js 1 export const VERSION = "1.14.0"; export const VERSION = "1.15.0";
CVE Analysis Results:
CVE-2026-40175: Yes
View CVE Description
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.
package-lock.json
AI: 3 vulnerabilities
3 false positive(s), 2 true positive(s)
CVE-2026-40175
--- cache/axios_v1.14.0/package-lock.json 2026-04-19 15:00:58.704188619 +0000+++ cache/axios_v1.15.0/package-lock.json 2026-04-19 15:00:59.136219346 +0000@@ -1,12 +1,12 @@ { "name": "axios",- "version": "1.14.0",+ "version": "1.15.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "axios",- "version": "1.14.0",+ "version": "1.15.0", "license": "MIT", "dependencies": { "follow-redirects": "^1.15.11",@@ -2277,20 +2277,22 @@ } }, "node_modules/@napi-rs/wasm-runtime": {- "version": "1.1.1",- "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.1.tgz",- "integrity": "sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==",+ "version": "1.1.2",+ "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.2.tgz",+ "integrity": "sha512-sNXv5oLJ7ob93xkZ1XnxisYhGYXfaG9f65/ZgYuAu3qt7b3NadcOEhLvx28hv31PgX8SZJRYrAIPQilQmFpLVw==", "dev": true, "license": "MIT", "optional": true, "dependencies": {- "@emnapi/core": "^1.7.1",- "@emnapi/runtime": "^1.7.1", "@tybys/wasm-util": "^0.10.1" }, "funding": { "type": "github", "url": "https://github.com/sponsors/Brooooooklyn"+ },+ "peerDependencies": {+ "@emnapi/core": "^1.7.1",+ "@emnapi/runtime": "^1.7.1" } }, "node_modules/@noble/hashes": {@@ -2632,9 +2634,9 @@ } }, "node_modules/@oxc-project/types": {- "version": "0.122.0",- "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.122.0.tgz",- "integrity": "sha512-oLAl5kBpV4w69UtFZ9xqcmTi+GENWOcPF7FCrczTiBbmC0ibXxCwyvZGbO39rCVEuLGAZM84DH0pUIyyv/YJzA==",+ "version": "0.123.0",+ "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.123.0.tgz",+ "integrity": "sha512-YtECP/y8Mj1lSHiUWGSRzy/C6teUKlS87dEfuVKT09LgQbUsBW1rNg+MiJ4buGu3yuADV60gbIvo9/HplA56Ew==", "dev": true, "license": "MIT", "funding": {@@ -2818,9 +2820,9 @@ "license": "MIT" }, "node_modules/@rolldown/binding-android-arm64": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.11.tgz",- "integrity": "sha512-SJ+/g+xNnOh6NqYxD0V3uVN4W3VfnrGsC9/hoglicgTNfABFG9JjISvkkU0dNY84MNHLWyOgxP9v9Y9pX4S7+A==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.13.tgz",+ "integrity": "sha512-5ZiiecKH2DXAVJTNN13gNMUcCDg4Jy8ZjbXEsPnqa248wgOVeYRX0iqXXD5Jz4bI9BFHgKsI2qmyJynstbmr+g==", "cpu": [ "arm64" ],@@ -2835,9 +2837,9 @@ } }, "node_modules/@rolldown/binding-darwin-arm64": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.11.tgz",- "integrity": "sha512-7WQgR8SfOPwmDZGFkThUvsmd/nwAWv91oCO4I5LS7RKrssPZmOt7jONN0cW17ydGC1n/+puol1IpoieKqQidmg==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.13.tgz",+ "integrity": "sha512-tz/v/8G77seu8zAB3A5sK3UFoOl06zcshEzhUO62sAEtrEuW/H1CcyoupOrD+NbQJytYgA4CppXPzlrmp4JZKA==", "cpu": [ "arm64" ],@@ -2852,9 +2854,9 @@ } }, "node_modules/@rolldown/binding-darwin-x64": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.11.tgz",- "integrity": "sha512-39Ks6UvIHq4rEogIfQBoBRusj0Q0nPVWIvqmwBLaT6aqQGIakHdESBVOPRRLacy4WwUPIx4ZKzfZ9PMW+IeyUQ==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.13.tgz",+ "integrity": "sha512-8DakphqOz8JrMYWTJmWA+vDJxut6LijZ8Xcdc4flOlAhU7PNVwo2MaWBF9iXjJAPo5rC/IxEFZDhJ3GC7NHvug==", "cpu": [ "x64" ],@@ -2869,9 +2871,9 @@ } }, "node_modules/@rolldown/binding-freebsd-x64": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.11.tgz",- "integrity": "sha512-jfsm0ZHfhiqrvWjJAmzsqiIFPz5e7mAoCOPBNTcNgkiid/LaFKiq92+0ojH+nmJmKYkre4t71BWXUZDNp7vsag==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.13.tgz",+ "integrity": "sha512-4wBQFfjDuXYN/SVI8inBF3Aa+isq40rc6VMFbk5jcpolUBTe5cYnMsHZ51nFWsx3PVyyNN3vgoESki0Hmr/4BA==", "cpu": [ "x64" ],@@ -2886,9 +2888,9 @@ } }, "node_modules/@rolldown/binding-linux-arm-gnueabihf": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.11.tgz",- "integrity": "sha512-zjQaUtSyq1nVe3nxmlSCuR96T1LPlpvmJ0SZy0WJFEsV4kFbXcq2u68L4E6O0XeFj4aex9bEauqjW8UQBeAvfQ==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.13.tgz",+ "integrity": "sha512-JW/e4yPIXLms+jmnbwwy5LA/LxVwZUWLN8xug+V200wzaVi5TEGIWQlh8o91gWYFxW609euI98OCCemmWGuPrw==", "cpu": [ "arm" ],@@ -2903,9 +2905,9 @@ } }, "node_modules/@rolldown/binding-linux-arm64-gnu": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.11.tgz",- "integrity": "sha512-WMW1yE6IOnehTcFE9eipFkm3XN63zypWlrJQ2iF7NrQ9b2LDRjumFoOGJE8RJJTJCTBAdmLMnJ8uVitACUUo1Q==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.13.tgz",+ "integrity": "sha512-ZfKWpXiUymDnavepCaM6KG/uGydJ4l2nBmMxg60Ci4CbeefpqjPWpfaZM7PThOhk2dssqBAcwLc6rAyr0uTdXg==", "cpu": [ "arm64" ],@@ -2920,9 +2922,9 @@ } }, "node_modules/@rolldown/binding-linux-arm64-musl": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.11.tgz",- "integrity": "sha512-jfndI9tsfm4APzjNt6QdBkYwre5lRPUgHeDHoI7ydKUuJvz3lZeCfMsI56BZj+7BYqiKsJm7cfd/6KYV7ubrBg==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.13.tgz",+ "integrity": "sha512-bmRg3O6Z0gq9yodKKWCIpnlH051sEfdVwt+6m5UDffAQMUUqU0xjnQqqAUm+Gu7ofAAly9DqiQDtKu2nPDEABA==", "cpu": [ "arm64" ],@@ -2937,9 +2939,9 @@ } }, "node_modules/@rolldown/binding-linux-ppc64-gnu": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.11.tgz",- "integrity": "sha512-ZlFgw46NOAGMgcdvdYwAGu2Q+SLFA9LzbJLW+iyMOJyhj5wk6P3KEE9Gct4xWwSzFoPI7JCdYmYMzVtlgQ+zfw==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.13.tgz",+ "integrity": "sha512-8Wtnbw4k7pMYN9B/mOEAsQ8HOiq7AZ31Ig4M9BKn2So4xRaFEhtCSa4ZJaOutOWq50zpgR4N5+L/opnlaCx8wQ==", "cpu": [ "ppc64" ],@@ -2954,9 +2956,9 @@ } }, "node_modules/@rolldown/binding-linux-s390x-gnu": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.11.tgz",- "integrity": "sha512-hIOYmuT6ofM4K04XAZd3OzMySEO4K0/nc9+jmNcxNAxRi6c5UWpqfw3KMFV4MVFWL+jQsSh+bGw2VqmaPMTLyw==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.13.tgz",+ "integrity": "sha512-D/0Nlo8mQuxSMohNJUF2lDXWRsFDsHldfRRgD9bRgktj+EndGPj4DOV37LqDKPYS+osdyhZEH7fTakTAEcW7qg==", "cpu": [ "s390x" ],@@ -2971,9 +2973,9 @@ } }, "node_modules/@rolldown/binding-linux-x64-gnu": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.11.tgz",- "integrity": "sha512-qXBQQO9OvkjjQPLdUVr7Nr2t3QTZI7s4KZtfw7HzBgjbmAPSFwSv4rmET9lLSgq3rH/ndA3ngv3Qb8l2njoPNA==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.13.tgz",+ "integrity": "sha512-eRrPvat2YaVQcwwKi/JzOP6MKf1WRnOCr+VaI3cTWz3ZoLcP/654z90lVCJ4dAuMEpPdke0n+qyAqXDZdIC4rA==", "cpu": [ "x64" ],@@ -2988,9 +2990,9 @@ } }, "node_modules/@rolldown/binding-linux-x64-musl": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.11.tgz",- "integrity": "sha512-/tpFfoSTzUkH9LPY+cYbqZBDyyX62w5fICq9qzsHLL8uTI6BHip3Q9Uzft0wylk/i8OOwKik8OxW+QAhDmzwmg==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.13.tgz",+ "integrity": "sha512-PsdONiFRp8hR8KgVjTWjZ9s7uA3uueWL0t74/cKHfM4dR5zXYv4AjB8BvA+QDToqxAFg4ZkcVEqeu5F7inoz5w==", "cpu": [ "x64" ],@@ -3005,9 +3007,9 @@ } }, "node_modules/@rolldown/binding-openharmony-arm64": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.11.tgz",- "integrity": "sha512-mcp3Rio2w72IvdZG0oQ4bM2c2oumtwHfUfKncUM6zGgz0KgPz4YmDPQfnXEiY5t3+KD/i8HG2rOB/LxdmieK2g==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.13.tgz",+ "integrity": "sha512-hCNXgC5dI3TVOLrPT++PKFNZ+1EtS0mLQwfXXXSUD/+rGlB65gZDwN/IDuxLpQP4x8RYYHqGomlUXzpO8aVI2w==", "cpu": [ "arm64" ],@@ -3022,9 +3024,9 @@ } }, "node_modules/@rolldown/binding-wasm32-wasi": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.11.tgz",- "integrity": "sha512-LXk5Hii1Ph9asuGRjBuz8TUxdc1lWzB7nyfdoRgI0WGPZKmCxvlKk8KfYysqtr4MfGElu/f/pEQRh8fcEgkrWw==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.13.tgz",+ "integrity": "sha512-viLS5C5et8NFtLWw9Sw3M/w4vvnVkbWkO7wSNh3C+7G1+uCkGpr6PcjNDSFcNtmXY/4trjPBqUfcOL+P3sWy/g==", "cpu": [ "wasm32" ],@@ -3032,16 +3034,18 @@ "license": "MIT", "optional": true, "dependencies": {- "@napi-rs/wasm-runtime": "^1.1.1"+ "@emnapi/core": "1.9.1",+ "@emnapi/runtime": "1.9.1",+ "@napi-rs/wasm-runtime": "^1.1.2" }, "engines": { "node": ">=14.0.0" } }, "node_modules/@rolldown/binding-win32-arm64-msvc": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.11.tgz",- "integrity": "sha512-dDwf5otnx0XgRY1yqxOC4ITizcdzS/8cQ3goOWv3jFAo4F+xQYni+hnMuO6+LssHHdJW7+OCVL3CoU4ycnh35Q==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.13.tgz",+ "integrity": "sha512-Fqa3Tlt1xL4wzmAYxGNFV36Hb+VfPc9PYU+E25DAnswXv3ODDu/yyWjQDbXMo5AGWkQVjLgQExuVu8I/UaZhPQ==", "cpu": [ "arm64" ],@@ -3056,9 +3060,9 @@ } }, "node_modules/@rolldown/binding-win32-x64-msvc": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.11.tgz",- "integrity": "sha512-LN4/skhSggybX71ews7dAj6r2geaMJfm3kMbK2KhFMg9B10AZXnKoLCVVgzhMHL0S+aKtr4p8QbAW8k+w95bAA==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.13.tgz",+ "integrity": "sha512-/pLI5kPkGEi44TDlnbio3St/5gUFeN51YWNAk/Gnv6mEQBOahRBh52qVFVBpmrnU01n2yysvBML9Ynu7K4kGAQ==", "cpu": [ "x64" ],@@ -3073,9 +3077,9 @@ } }, "node_modules/@rolldown/pluginutils": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.11.tgz",- "integrity": "sha512-xQO9vbwBecJRv9EUcQ/y0dzSTJgA7Q6UVN7xp6B81+tBGSLVAK03yJ9NkJaUA7JFD91kbjxRSC/mDnmvXzbHoQ==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.13.tgz",+ "integrity": "sha512-3ngTAv6F/Py35BsYbeeLeecvhMKdsKm4AoOETVhAA+Qc8nrA2I0kF7oa93mE9qnIurngOSpMnQ0x2nQY2FPviA==", "dev": true, "license": "MIT" },@@ -3244,9 +3248,9 @@ } }, "node_modules/@rollup/rollup-android-arm-eabi": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.0.tgz",- "integrity": "sha512-WOhNW9K8bR3kf4zLxbfg6Pxu2ybOUbB2AjMDHSQx86LIF4rH4Ft7vmMwNt0loO0eonglSNy4cpD3MKXXKQu0/A==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.1.tgz",+ "integrity": "sha512-d6FinEBLdIiK+1uACUttJKfgZREXrF0Qc2SmLII7W2AD8FfiZ9Wjd+rD/iRuf5s5dWrr1GgwXCvPqOuDquOowA==", "cpu": [ "arm" ],@@ -3258,9 +3262,9 @@ ] }, "node_modules/@rollup/rollup-android-arm64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.0.tgz",- "integrity": "sha512-u6JHLll5QKRvjciE78bQXDmqRqNs5M/3GVqZeMwvmjaNODJih/WIrJlFVEihvV0MiYFmd+ZyPr9wxOVbPAG2Iw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.1.tgz",+ "integrity": "sha512-YjG/EwIDvvYI1YvYbHvDz/BYHtkY4ygUIXHnTdLhG+hKIQFBiosfWiACWortsKPKU/+dUwQQCKQM3qrDe8c9BA==", "cpu": [ "arm64" ],@@ -3272,9 +3276,9 @@ ] }, "node_modules/@rollup/rollup-darwin-arm64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.0.tgz",- "integrity": "sha512-qEF7CsKKzSRc20Ciu2Zw1wRrBz4g56F7r/vRwY430UPp/nt1x21Q/fpJ9N5l47WWvJlkNCPJz3QRVw008fi7yA==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.1.tgz",+ "integrity": "sha512-mjCpF7GmkRtSJwon+Rq1N8+pI+8l7w5g9Z3vWj4T7abguC4Czwi3Yu/pFaLvA3TTeMVjnu3ctigusqWUfjZzvw==", "cpu": [ "arm64" ],@@ -3286,9 +3290,9 @@ ] }, "node_modules/@rollup/rollup-darwin-x64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.0.tgz",- "integrity": "sha512-WADYozJ4QCnXCH4wPB+3FuGmDPoFseVCUrANmA5LWwGmC6FL14BWC7pcq+FstOZv3baGX65tZ378uT6WG8ynTw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.1.tgz",+ "integrity": "sha512-haZ7hJ1JT4e9hqkoT9R/19XW2QKqjfJVv+i5AGg57S+nLk9lQnJ1F/eZloRO3o9Scy9CM3wQ9l+dkXtcBgN5Ew==", "cpu": [ "x64" ],@@ -3300,9 +3304,9 @@ ] }, "node_modules/@rollup/rollup-freebsd-arm64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.0.tgz",- "integrity": "sha512-6b8wGHJlDrGeSE3aH5mGNHBjA0TTkxdoNHik5EkvPHCt351XnigA4pS7Wsj/Eo9Y8RBU6f35cjN9SYmCFBtzxw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.1.tgz",+ "integrity": "sha512-czw90wpQq3ZsAVBlinZjAYTKduOjTywlG7fEeWKUA7oCmpA8xdTkxZZlwNJKWqILlq0wehoZcJYfBvOyhPTQ6w==", "cpu": [ "arm64" ],@@ -3314,9 +3318,9 @@ ] }, "node_modules/@rollup/rollup-freebsd-x64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.0.tgz",- "integrity": "sha512-h25Ga0t4jaylMB8M/JKAyrvvfxGRjnPQIR8lnCayyzEjEOx2EJIlIiMbhpWxDRKGKF8jbNH01NnN663dH638mA==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.1.tgz",+ "integrity": "sha512-KVB2rqsxTHuBtfOeySEyzEOB7ltlB/ux38iu2rBQzkjbwRVlkhAGIEDiiYnO2kFOkJp+Z7pUXKyrRRFuFUKt+g==", "cpu": [ "x64" ],@@ -3328,9 +3332,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.0.tgz",- "integrity": "sha512-RzeBwv0B3qtVBWtcuABtSuCzToo2IEAIQrcyB/b2zMvBWVbjo8bZDjACUpnaafaxhTw2W+imQbP2BD1usasK4g==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.1.tgz",+ "integrity": "sha512-L+34Qqil+v5uC0zEubW7uByo78WOCIrBvci69E7sFASRl0X7b/MB6Cqd1lky/CtcSVTydWa2WZwFuWexjS5o6g==", "cpu": [ "arm" ],@@ -3342,9 +3346,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-musleabihf": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.0.tgz",- "integrity": "sha512-Sf7zusNI2CIU1HLzuu9Tc5YGAHEZs5Lu7N1ssJG4Tkw6e0MEsN7NdjUDDfGNHy2IU+ENyWT+L2obgWiguWibWQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.1.tgz",+ "integrity": "sha512-n83O8rt4v34hgFzlkb1ycniJh7IR5RCIqt6mz1VRJD6pmhRi0CXdmfnLu9dIUS6buzh60IvACM842Ffb3xd6Gg==", "cpu": [ "arm" ],@@ -3356,9 +3360,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.0.tgz",- "integrity": "sha512-DX2x7CMcrJzsE91q7/O02IJQ5/aLkVtYFryqCjduJhUfGKG6yJV8hxaw8pZa93lLEpPTP/ohdN4wFz7yp/ry9A==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.1.tgz",+ "integrity": "sha512-Nql7sTeAzhTAja3QXeAI48+/+GjBJ+QmAH13snn0AJSNL50JsDqotyudHyMbO2RbJkskbMbFJfIJKWA6R1LCJQ==", "cpu": [ "arm64" ],@@ -3370,9 +3374,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-musl": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.0.tgz",- "integrity": "sha512-09EL+yFVbJZlhcQfShpswwRZ0Rg+z/CsSELFCnPt3iK+iqwGsI4zht3secj5vLEs957QvFFXnzAT0FFPIxSrkQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.1.tgz",+ "integrity": "sha512-+pUymDhd0ys9GcKZPPWlFiZ67sTWV5UU6zOJat02M1+PiuSGDziyRuI/pPue3hoUwm2uGfxdL+trT6Z9rxnlMA==", "cpu": [ "arm64" ],@@ -3384,9 +3388,9 @@ ] }, "node_modules/@rollup/rollup-linux-loong64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.0.tgz",- "integrity": "sha512-i9IcCMPr3EXm8EQg5jnja0Zyc1iFxJjZWlb4wr7U2Wx/GrddOuEafxRdMPRYVaXjgbhvqalp6np07hN1w9kAKw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.1.tgz",+ "integrity": "sha512-VSvgvQeIcsEvY4bKDHEDWcpW4Yw7BtlKG1GUT4FzBUlEKQK0rWHYBqQt6Fm2taXS+1bXvJT6kICu5ZwqKCnvlQ==", "cpu": [ "loong64" ],@@ -3398,9 +3402,9 @@ ] }, "node_modules/@rollup/rollup-linux-loong64-musl": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.0.tgz",- "integrity": "sha512-DGzdJK9kyJ+B78MCkWeGnpXJ91tK/iKA6HwHxF4TAlPIY7GXEvMe8hBFRgdrR9Ly4qebR/7gfUs9y2IoaVEyog==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.1.tgz",+ "integrity": "sha512-4LqhUomJqwe641gsPp6xLfhqWMbQV04KtPp7/dIp0nzPxAkNY1AbwL5W0MQpcalLYk07vaW9Kp1PBhdpZYYcEw==", "cpu": [ "loong64" ],@@ -3412,9 +3416,9 @@ ] }, "node_modules/@rollup/rollup-linux-ppc64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.0.tgz",- "integrity": "sha512-RwpnLsqC8qbS8z1H1AxBA1H6qknR4YpPR9w2XX0vo2Sz10miu57PkNcnHVaZkbqyw/kUWfKMI73jhmfi9BRMUQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.1.tgz",+ "integrity": "sha512-tLQQ9aPvkBxOc/EUT6j3pyeMD6Hb8QF2BTBnCQWP/uu1lhc9AIrIjKnLYMEroIz/JvtGYgI9dF3AxHZNaEH0rw==", "cpu": [ "ppc64" ],@@ -3426,9 +3430,9 @@ ] }, "node_modules/@rollup/rollup-linux-ppc64-musl": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.0.tgz",- "integrity": "sha512-Z8pPf54Ly3aqtdWC3G4rFigZgNvd+qJlOE52fmko3KST9SoGfAdSRCwyoyG05q1HrrAblLbk1/PSIV+80/pxLg==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.1.tgz",+ "integrity": "sha512-RMxFhJwc9fSXP6PqmAz4cbv3kAyvD1etJFjTx4ONqFP9DkTkXsAMU4v3Vyc5BgzC+anz7nS/9tp4obsKfqkDHg==", "cpu": [ "ppc64" ],@@ -3440,9 +3444,9 @@ ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.0.tgz",- "integrity": "sha512-3a3qQustp3COCGvnP4SvrMHnPQ9d1vzCakQVRTliaz8cIp/wULGjiGpbcqrkv0WrHTEp8bQD/B3HBjzujVWLOA==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.1.tgz",+ "integrity": "sha512-QKgFl+Yc1eEk6MmOBfRHYF6lTxiiiV3/z/BRrbSiW2I7AFTXoBFvdMEyglohPj//2mZS4hDOqeB0H1ACh3sBbg==", "cpu": [ "riscv64" ],@@ -3454,9 +3458,9 @@ ] }, "node_modules/@rollup/rollup-linux-riscv64-musl": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.0.tgz",- "integrity": "sha512-pjZDsVH/1VsghMJ2/kAaxt6dL0psT6ZexQVrijczOf+PeP2BUqTHYejk3l6TlPRydggINOeNRhvpLa0AYpCWSQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.1.tgz",+ "integrity": "sha512-RAjXjP/8c6ZtzatZcA1RaQr6O1TRhzC+adn8YZDnChliZHviqIjmvFwHcxi4JKPSDAt6Uhf/7vqcBzQJy0PDJg==", "cpu": [ "riscv64" ],@@ -3468,9 +3472,9 @@ ] }, "node_modules/@rollup/rollup-linux-s390x-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.0.tgz",- "integrity": "sha512-3ObQs0BhvPgiUVZrN7gqCSvmFuMWvWvsjG5ayJ3Lraqv+2KhOsp+pUbigqbeWqueGIsnn+09HBw27rJ+gYK4VQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.1.tgz",+ "integrity": "sha512-wcuocpaOlaL1COBYiA89O6yfjlp3RwKDeTIA0hM7OpmhR1Bjo9j31G1uQVpDlTvwxGn2nQs65fBFL5UFd76FcQ==", "cpu": [ "s390x" ],@@ -3482,9 +3486,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.0.tgz",- "integrity": "sha512-EtylprDtQPdS5rXvAayrNDYoJhIz1/vzN2fEubo3yLE7tfAw+948dO0g4M0vkTVFhKojnF+n6C8bDNe+gDRdTg==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.1.tgz",+ "integrity": "sha512-77PpsFQUCOiZR9+LQEFg9GClyfkNXj1MP6wRnzYs0EeWbPcHs02AXu4xuUbM1zhwn3wqaizle3AEYg5aeoohhg==", "cpu": [ "x64" ],@@ -3496,9 +3500,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-musl": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.0.tgz",- "integrity": "sha512-k09oiRCi/bHU9UVFqD17r3eJR9bn03TyKraCrlz5ULFJGdJGi7VOmm9jl44vOJvRJ6P7WuBi/s2A97LxxHGIdw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.1.tgz",+ "integrity": "sha512-5cIATbk5vynAjqqmyBjlciMJl1+R/CwX9oLk/EyiFXDWd95KpHdrOJT//rnUl4cUcskrd0jCCw3wpZnhIHdD9w==", "cpu": [ "x64" ],@@ -3510,9 +3514,9 @@ ] }, "node_modules/@rollup/rollup-openbsd-x64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.0.tgz",- "integrity": "sha512-1o/0/pIhozoSaDJoDcec+IVLbnRtQmHwPV730+AOD29lHEEo4F5BEUB24H0OBdhbBBDwIOSuf7vgg0Ywxdfiiw==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.1.tgz",+ "integrity": "sha512-cl0w09WsCi17mcmWqqglez9Gk8isgeWvoUZ3WiJFYSR3zjBQc2J5/ihSjpl+VLjPqjQ/1hJRcqBfLjssREQILw==", "cpu": [ "x64" ],@@ -3524,9 +3528,9 @@ ] }, "node_modules/@rollup/rollup-openharmony-arm64": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.0.tgz",- "integrity": "sha512-pESDkos/PDzYwtyzB5p/UoNU/8fJo68vcXM9ZW2V0kjYayj1KaaUfi1NmTUTUpMn4UhU4gTuK8gIaFO4UGuMbA==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.1.tgz",+ "integrity": "sha512-4Cv23ZrONRbNtbZa37mLSueXUCtN7MXccChtKpUnQNgF010rjrjfHx3QxkS2PI7LqGT5xXyYs1a7LbzAwT0iCA==", "cpu": [ "arm64" ],@@ -3538,9 +3542,9 @@ ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.0.tgz",- "integrity": "sha512-hj1wFStD7B1YBeYmvY+lWXZ7ey73YGPcViMShYikqKT1GtstIKQAtfUI6yrzPjAy/O7pO0VLXGmUVWXQMaYgTQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.1.tgz",+ "integrity": "sha512-i1okWYkA4FJICtr7KpYzFpRTHgy5jdDbZiWfvny21iIKky5YExiDXP+zbXzm3dUcFpkEeYNHgQ5fuG236JPq0g==", "cpu": [ "arm64" ],@@ -3552,9 +3556,9 @@ ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.0.tgz",- "integrity": "sha512-SyaIPFoxmUPlNDq5EHkTbiKzmSEmq/gOYFI/3HHJ8iS/v1mbugVa7dXUzcJGQfoytp9DJFLhHH4U3/eTy2Bq4w==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.1.tgz",+ "integrity": "sha512-u09m3CuwLzShA0EYKMNiFgcjjzwqtUMLmuCJLeZWjjOYA3IT2Di09KaxGBTP9xVztWyIWjVdsB2E9goMjZvTQg==", "cpu": [ "ia32" ],@@ -3566,9 +3570,9 @@ ] }, "node_modules/@rollup/rollup-win32-x64-gnu": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.0.tgz",- "integrity": "sha512-RdcryEfzZr+lAr5kRm2ucN9aVlCCa2QNq4hXelZxb8GG0NJSazq44Z3PCCc8wISRuCVnGs0lQJVX5Vp6fKA+IA==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.1.tgz",+ "integrity": "sha512-k+600V9Zl1CM7eZxJgMyTUzmrmhB/0XZnF4pRypKAlAgxmedUA+1v9R+XOFv56W4SlHEzfeMtzujLJD22Uz5zg==", "cpu": [ "x64" ],@@ -3580,9 +3584,9 @@ ] }, "node_modules/@rollup/rollup-win32-x64-msvc": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.0.tgz",- "integrity": "sha512-PrsWNQ8BuE00O3Xsx3ALh2Df8fAj9+cvvX9AIA6o4KpATR98c9mud4XtDWVvsEuyia5U4tVSTKygawyJkjm60w==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.1.tgz",+ "integrity": "sha512-lWMnixq/QzxyhTV6NjQJ4SFo1J6PvOX8vUx5Wb4bBPsEb+8xZ89Bz6kOXpfXj9ak9AHTQVQzlgzBEc1SyM27xQ==", "cpu": [ "x64" ],@@ -3848,45 +3852,45 @@ "license": "MIT" }, "node_modules/@vitest/browser": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.1.tgz",- "integrity": "sha512-gjjrFC4+kPVK/fN9URDJWrssU5Gqh8Az8pKG/NSfQ2V+ky8b/y1BgBg0Ug13+hOGp5pzInonmGRPn7vOgSLgzA==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.2.tgz",+ "integrity": "sha512-CwdIf90LNf1Zitgqy63ciMAzmyb4oIGs8WZ40VGYrWkssQKeEKr32EzO8MKUrDPPcPVHFI9oQ5ni2Hp24NaNRQ==", "dev": true, "license": "MIT", "dependencies": { "@blazediff/core": "1.9.1",- "@vitest/mocker": "4.1.1",- "@vitest/utils": "4.1.1",+ "@vitest/mocker": "4.1.2",+ "@vitest/utils": "4.1.2", "magic-string": "^0.30.21", "pngjs": "^7.0.0", "sirv": "^3.0.2",- "tinyrainbow": "^3.0.3",+ "tinyrainbow": "^3.1.0", "ws": "^8.19.0" }, "funding": { "url": "https://opencollective.com/vitest" }, "peerDependencies": {- "vitest": "4.1.1"+ "vitest": "4.1.2" } }, "node_modules/@vitest/browser-playwright": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.1.tgz",- "integrity": "sha512-dtVSBZZha2k/7P7EAXXrEAoxuIKl8Yv9f2Dk4GN/DGfmhf4DQvkvu+57okR2wq/gan1xppKjL/aBxK/kbYrbGw==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.2.tgz",+ "integrity": "sha512-N0Z2HzMLvMR6k/tWPTS6Q/DaRscrkax/f2f9DIbNQr+Cd1l4W4wTf/I6S983PAMr0tNqqoTL+xNkLh9M5vbkLg==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/browser": "4.1.1",- "@vitest/mocker": "4.1.1",- "tinyrainbow": "^3.0.3"+ "@vitest/browser": "4.1.2",+ "@vitest/mocker": "4.1.2",+ "tinyrainbow": "^3.1.0" }, "funding": { "url": "https://opencollective.com/vitest" }, "peerDependencies": { "playwright": "*",- "vitest": "4.1.1"+ "vitest": "4.1.2" }, "peerDependenciesMeta": { "playwright": {@@ -3895,31 +3899,31 @@ } }, "node_modules/@vitest/expect": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.1.tgz",- "integrity": "sha512-xAV0fqBTk44Rn6SjJReEQkHP3RrqbJo6JQ4zZ7/uVOiJZRarBtblzrOfFIZeYUrukp2YD6snZG6IBqhOoHTm+A==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.2.tgz",+ "integrity": "sha512-gbu+7B0YgUJ2nkdsRJrFFW6X7NTP44WlhiclHniUhxADQJH5Szt9mZ9hWnJPJ8YwOK5zUOSSlSvyzRf0u1DSBQ==", "dev": true, "license": "MIT", "dependencies": { "@standard-schema/spec": "^1.1.0", "@types/chai": "^5.2.2",- "@vitest/spy": "4.1.1",- "@vitest/utils": "4.1.1",+ "@vitest/spy": "4.1.2",+ "@vitest/utils": "4.1.2", "chai": "^6.2.2",- "tinyrainbow": "^3.0.3"+ "tinyrainbow": "^3.1.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/mocker": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.1.tgz",- "integrity": "sha512-h3BOylsfsCLPeceuCPAAJ+BvNwSENgJa4hXoXu4im0bs9Lyp4URc4JYK4pWLZ4pG/UQn7AT92K6IByi6rE6g3A==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.2.tgz",+ "integrity": "sha512-Ize4iQtEALHDttPRCmN+FKqOl2vxTiNUhzobQFFt/BM1lRUTG7zRCLOykG/6Vo4E4hnUdfVLo5/eqKPukcWW7Q==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/spy": "4.1.1",+ "@vitest/spy": "4.1.2", "estree-walker": "^3.0.3", "magic-string": "^0.30.21" },@@ -3950,26 +3954,26 @@ } }, "node_modules/@vitest/pretty-format": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.1.tgz",- "integrity": "sha512-GM+TEQN5WhOygr1lp7skeVjdLPqqWMHsfzXrcHAqZJi/lIVh63H0kaRCY8MDhNWikx19zBUK8ceaLB7X5AH9NQ==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.2.tgz",+ "integrity": "sha512-dwQga8aejqeuB+TvXCMzSQemvV9hNEtDDpgUKDzOmNQayl2OG241PSWeJwKRH3CiC+sESrmoFd49rfnq7T4RnA==", "dev": true, "license": "MIT", "dependencies": {- "tinyrainbow": "^3.0.3"+ "tinyrainbow": "^3.1.0" }, "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/runner": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.1.tgz",- "integrity": "sha512-f7+FPy75vN91QGWsITueq0gedwUZy1fLtHOCMeQpjs8jTekAHeKP80zfDEnhrleviLHzVSDXIWuCIOFn3D3f8A==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.2.tgz",+ "integrity": "sha512-Gr+FQan34CdiYAwpGJmQG8PgkyFVmARK8/xSijia3eTFgVfpcpztWLuP6FttGNfPLJhaZVP/euvujeNYar36OQ==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/utils": "4.1.1",+ "@vitest/utils": "4.1.2", "pathe": "^2.0.3" }, "funding": {@@ -3977,14 +3981,14 @@ } }, "node_modules/@vitest/snapshot": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.1.tgz",- "integrity": "sha512-kMVSgcegWV2FibXEx9p9WIKgje58lcTbXgnJixfcg15iK8nzCXhmalL0ZLtTWLW9PH1+1NEDShiFFedB3tEgWg==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.2.tgz",+ "integrity": "sha512-g7yfUmxYS4mNxk31qbOYsSt2F4m1E02LFqO53Xpzg3zKMhLAPZAjjfyl9e6z7HrW6LvUdTwAQR3HHfLjpko16A==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/pretty-format": "4.1.1",- "@vitest/utils": "4.1.1",+ "@vitest/pretty-format": "4.1.2",+ "@vitest/utils": "4.1.2", "magic-string": "^0.30.21", "pathe": "^2.0.3" },@@ -3993,9 +3997,9 @@ } }, "node_modules/@vitest/spy": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.1.tgz",- "integrity": "sha512-6Ti/KT5OVaiupdIZEuZN7l3CZcR0cxnxt70Z0//3CtwgObwA6jZhmVBA3yrXSVN3gmwjgd7oDNLlsXz526gpRA==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.2.tgz",+ "integrity": "sha512-DU4fBnbVCJGNBwVA6xSToNXrkZNSiw59H8tcuUspVMsBDBST4nfvsPsEHDHGtWRRnqBERBQu7TrTKskmjqTXKA==", "dev": true, "license": "MIT", "funding": {@@ -4003,15 +4007,15 @@ } }, "node_modules/@vitest/utils": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.1.tgz",- "integrity": "sha512-cNxAlaB3sHoCdL6pj6yyUXv9Gry1NHNg0kFTXdvSIZXLHsqKH7chiWOkwJ5s5+d/oMwcoG9T0bKU38JZWKusrQ==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.2.tgz",+ "integrity": "sha512-xw2/TiX82lQHA06cgbqRKFb5lCAy3axQ4H4SoUFhUsg+wztiet+co86IAMDtF6Vm1hc7J6j09oh/rgDn+JdKIQ==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/pretty-format": "4.1.1",+ "@vitest/pretty-format": "4.1.2", "convert-source-map": "^2.0.0",- "tinyrainbow": "^3.0.3"+ "tinyrainbow": "^3.1.0" }, "funding": { "url": "https://opencollective.com/vitest"@@ -7006,9 +7010,9 @@ } }, "node_modules/handlebars": {- "version": "4.7.8",- "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",- "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",+ "version": "4.7.9",+ "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",+ "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==", "dev": true, "license": "MIT", "dependencies": {@@ -9501,9 +9505,9 @@ "license": "ISC" }, "node_modules/picomatch": {- "version": "4.0.3",- "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",- "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",+ "version": "4.0.4",+ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",+ "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", "dev": true, "license": "MIT", "engines": {@@ -10034,14 +10038,14 @@ "license": "MIT" }, "node_modules/rolldown": {- "version": "1.0.0-rc.11",- "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.11.tgz",- "integrity": "sha512-NRjoKMusSjfRbSYiH3VSumlkgFe7kYAa3pzVOsVYVFY3zb5d7nS+a3KGQ7hJKXuYWbzJKPVQ9Wxq2UvyK+ENpw==",+ "version": "1.0.0-rc.13",+ "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.13.tgz",+ "integrity": "sha512-bvVj8YJmf0rq4pSFmH7laLa6pYrhghv3PRzrCdRAr23g66zOKVJ4wkvFtgohtPLWmthgg8/rkaqRHrpUEh0Zbw==", "dev": true, "license": "MIT", "dependencies": {- "@oxc-project/types": "=0.122.0",- "@rolldown/pluginutils": "1.0.0-rc.11"+ "@oxc-project/types": "=0.123.0",+ "@rolldown/pluginutils": "1.0.0-rc.13" }, "bin": { "rolldown": "bin/cli.mjs"@@ -10050,27 +10054,27 @@ "node": "^20.19.0 || >=22.12.0" }, "optionalDependencies": {- "@rolldown/binding-android-arm64": "1.0.0-rc.11",- "@rolldown/binding-darwin-arm64": "1.0.0-rc.11",- "@rolldown/binding-darwin-x64": "1.0.0-rc.11",- "@rolldown/binding-freebsd-x64": "1.0.0-rc.11",- "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.11",- "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.11",- "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.11",- "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.11",- "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.11",- "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.11",- "@rolldown/binding-linux-x64-musl": "1.0.0-rc.11",- "@rolldown/binding-openharmony-arm64": "1.0.0-rc.11",- "@rolldown/binding-wasm32-wasi": "1.0.0-rc.11",- "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.11",- "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.11"+ "@rolldown/binding-android-arm64": "1.0.0-rc.13",+ "@rolldown/binding-darwin-arm64": "1.0.0-rc.13",+ "@rolldown/binding-darwin-x64": "1.0.0-rc.13",+ "@rolldown/binding-freebsd-x64": "1.0.0-rc.13",+ "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.13",+ "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.13",+ "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.13",+ "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.13",+ "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.13",+ "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.13",+ "@rolldown/binding-linux-x64-musl": "1.0.0-rc.13",+ "@rolldown/binding-openharmony-arm64": "1.0.0-rc.13",+ "@rolldown/binding-wasm32-wasi": "1.0.0-rc.13",+ "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.13",+ "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.13" } }, "node_modules/rollup": {- "version": "4.60.0",- "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.0.tgz",- "integrity": "sha512-yqjxruMGBQJ2gG4HtjZtAfXArHomazDHoFwFFmZZl0r7Pdo7qCIXKqKHZc8yeoMgzJJ+pO6pEEHa+V7uzWlrAQ==",+ "version": "4.60.1",+ "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.1.tgz",+ "integrity": "sha512-VmtB2rFU/GroZ4oL8+ZqXgSA38O6GR8KSIvWmEFv63pQ0G6KaBH9s07PO8XTXP4vI+3UJUEypOfjkGfmSBBR0w==", "dev": true, "license": "MIT", "dependencies": {@@ -10084,31 +10088,31 @@ "npm": ">=8.0.0" }, "optionalDependencies": {- "@rollup/rollup-android-arm-eabi": "4.60.0",- "@rollup/rollup-android-arm64": "4.60.0",- "@rollup/rollup-darwin-arm64": "4.60.0",- "@rollup/rollup-darwin-x64": "4.60.0",- "@rollup/rollup-freebsd-arm64": "4.60.0",- "@rollup/rollup-freebsd-x64": "4.60.0",- "@rollup/rollup-linux-arm-gnueabihf": "4.60.0",- "@rollup/rollup-linux-arm-musleabihf": "4.60.0",- "@rollup/rollup-linux-arm64-gnu": "4.60.0",- "@rollup/rollup-linux-arm64-musl": "4.60.0",- "@rollup/rollup-linux-loong64-gnu": "4.60.0",- "@rollup/rollup-linux-loong64-musl": "4.60.0",- "@rollup/rollup-linux-ppc64-gnu": "4.60.0",- "@rollup/rollup-linux-ppc64-musl": "4.60.0",- "@rollup/rollup-linux-riscv64-gnu": "4.60.0",- "@rollup/rollup-linux-riscv64-musl": "4.60.0",- "@rollup/rollup-linux-s390x-gnu": "4.60.0",- "@rollup/rollup-linux-x64-gnu": "4.60.0",- "@rollup/rollup-linux-x64-musl": "4.60.0",- "@rollup/rollup-openbsd-x64": "4.60.0",- "@rollup/rollup-openharmony-arm64": "4.60.0",- "@rollup/rollup-win32-arm64-msvc": "4.60.0",- "@rollup/rollup-win32-ia32-msvc": "4.60.0",- "@rollup/rollup-win32-x64-gnu": "4.60.0",- "@rollup/rollup-win32-x64-msvc": "4.60.0",+ "@rollup/rollup-android-arm-eabi": "4.60.1",+ "@rollup/rollup-android-arm64": "4.60.1",+ "@rollup/rollup-darwin-arm64": "4.60.1",+ "@rollup/rollup-darwin-x64": "4.60.1",+ "@rollup/rollup-freebsd-arm64": "4.60.1",+ "@rollup/rollup-freebsd-x64": "4.60.1",+ "@rollup/rollup-linux-arm-gnueabihf": "4.60.1",+ "@rollup/rollup-linux-arm-musleabihf": "4.60.1",+ "@rollup/rollup-linux-arm64-gnu": "4.60.1",+ "@rollup/rollup-linux-arm64-musl": "4.60.1",+ "@rollup/rollup-linux-loong64-gnu": "4.60.1",+ "@rollup/rollup-linux-loong64-musl": "4.60.1",+ "@rollup/rollup-linux-ppc64-gnu": "4.60.1",+ "@rollup/rollup-linux-ppc64-musl": "4.60.1",+ "@rollup/rollup-linux-riscv64-gnu": "4.60.1",+ "@rollup/rollup-linux-riscv64-musl": "4.60.1",+ "@rollup/rollup-linux-s390x-gnu": "4.60.1",+ "@rollup/rollup-linux-x64-gnu": "4.60.1",+ "@rollup/rollup-linux-x64-musl": "4.60.1",+ "@rollup/rollup-openbsd-x64": "4.60.1",+ "@rollup/rollup-openharmony-arm64": "4.60.1",+ "@rollup/rollup-win32-arm64-msvc": "4.60.1",+ "@rollup/rollup-win32-ia32-msvc": "4.60.1",+ "@rollup/rollup-win32-x64-gnu": "4.60.1",+ "@rollup/rollup-win32-x64-msvc": "4.60.1", "fsevents": "~2.3.2" } },@@ -10316,9 +10320,9 @@ } }, "node_modules/serialize-javascript": {- "version": "7.0.4",- "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.4.tgz",- "integrity": "sha512-DuGdB+Po43Q5Jxwpzt1lhyFSYKryqoNjQSA9M92tyw0lyHIOur+XCalOUe0KTJpyqzT8+fQ5A0Jf7vCx/NKmIg==",+ "version": "7.0.5",+ "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz",+ "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", "dev": true, "license": "BSD-3-Clause", "engines": {@@ -11460,16 +11464,16 @@ } }, "node_modules/vite": {- "version": "8.0.2",- "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.2.tgz",- "integrity": "sha512-1gFhNi+bHhRE/qKZOJXACm6tX4bA3Isy9KuKF15AgSRuRazNBOJfdDemPBU16/mpMxApDPrWvZ08DcLPEoRnuA==",+ "version": "8.0.6",+ "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.6.tgz",+ "integrity": "sha512-jeOXoY6N8rOfit/mZADMd0misLqjRdWBB3/S23ZQNuPcbVsfMBJutWD8b4ftdczMOsNyMBnKro0Z1Kt0HIqq5Q==", "dev": true, "license": "MIT", "dependencies": { "lightningcss": "^1.32.0",- "picomatch": "^4.0.3",+ "picomatch": "^4.0.4", "postcss": "^8.5.8",- "rolldown": "1.0.0-rc.11",+ "rolldown": "1.0.0-rc.13", "tinyglobby": "^0.2.15" }, "bin": {@@ -11487,7 +11491,7 @@ "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.1.0",- "esbuild": "^0.27.0",+ "esbuild": "^0.27.0 || ^0.28.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0",@@ -11538,19 +11542,19 @@ } }, "node_modules/vitest": {- "version": "4.1.1",- "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.1.tgz",- "integrity": "sha512-yF+o4POL41rpAzj5KVILUxm1GCjKnELvaqmU9TLLUbMfDzuN0UpUR9uaDs+mCtjPe+uYPksXDRLQGGPvj1cTmA==",+ "version": "4.1.2",+ "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.2.tgz",+ "integrity": "sha512-xjR1dMTVHlFLh98JE3i/f/WePqJsah4A0FK9cc8Ehp9Udk0AZk6ccpIZhh1qJ/yxVWRZ+Q54ocnD8TXmkhspGg==", "dev": true, "license": "MIT", "dependencies": {- "@vitest/expect": "4.1.1",- "@vitest/mocker": "4.1.1",
AI Analysis
Vulnerability Existed: not sure FALSE POSITIVE Axios security update package-lock.json 1-12 "version": "1.14.0", "version": "1.15.0", Vulnerability Existed: yes TRUE POSITIVE Handlebars vulnerability fix package-lock.json 7006-7010 "version": "4.7.8", "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", "version": "4.7.9", "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz", "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==", Vulnerability Existed: yes TRUE POSITIVE serialize-javascript vulnerability fix package-lock.json 10316-10320 "version": "7.0.4", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.4.tgz", "integrity": "sha512-DuGdB+Po43Q5Jxwpzt1lhyFSYKryqoNjQSA9M92tyw0lyHIOur+XCalOUe0KTJpyqzT8+fQ5A0Jf7vCx/NKmIg==", "version": "7.0.5", "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-7.0.5.tgz", "integrity": "sha512-F4LcB0UqUl1zErq+1nYEEzSHJnIwb3AF2XWB94b+afhrekOUijwooAYqFyRbjYkm2PAKBabx6oYv/xDxNi8IBw==", Vulnerability Existed: yes FALSE POSITIVE picomatch vulnerability fix package-lock.json 9501-9505 "version": "4.0.3", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "version": "4.0.4", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz", "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", Vulnerability Existed: not sure FALSE POSITIVE Vite security update package-lock.json 11460-11464 "version": "8.0.2", "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.2.tgz", "integrity": "sha512-1gFhNi+bHhRE/qKZOJXACm6tX4bA3Isy9KuKF15AgSRuRazNBOJfdDemPBU16/mpMxApDPrWvZ08DcLPEoRnuA==", "version": "8.0.6", "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.6.tgz", "integrity": "sha512-jeOXoY6N8rOfit/mZADMd0misLqjRdWBB3/S23ZQNuPcbVsfMBJutWD8b4ftdczMOsNyMBnKro0Z1Kt0HIqq5Q==",
CVE Analysis Results:
CVE-2026-40175: Yes
View CVE Description
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.
test/unit/core/prototypePollution.js
AI: Not Sure
1 false positive(s)
CVE-2026-40175
--- cache/axios_v1.14.0/test/unit/core/prototypePollution.js+++ /dev/null@@ -1,213 +0,0 @@-/* eslint-disable no-prototype-builtins */-/* eslint-env mocha */-'use strict';--import assert from 'assert';-import utils from '../../../lib/utils.js';-import mergeConfig from '../../../lib/core/mergeConfig.js';--describe('Prototype Pollution Protection', function () {- afterEach(function () {- // Clean up any pollution that might have occurred- delete Object.prototype.polluted;- });-- describe('utils.merge', function () {- it('should filter __proto__ key at top level', function () {- const result = utils.merge({}, { __proto__: { polluted: 'yes' }, safe: 'value' });-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.safe, 'value');- assert.strictEqual(result.hasOwnProperty('__proto__'), false);- });-- it('should filter constructor key at top level', function () {- const result = utils.merge({}, { constructor: { polluted: 'yes' }, safe: 'value' });-- assert.strictEqual(result.safe, 'value');- assert.strictEqual(result.hasOwnProperty('constructor'), false);- });-- it('should filter prototype key at top level', function () {- const result = utils.merge({}, { prototype: { polluted: 'yes' }, safe: 'value' });-- assert.strictEqual(result.safe, 'value');- assert.strictEqual(result.hasOwnProperty('prototype'), false);- });-- it('should filter __proto__ key in nested objects', function () {- const result = utils.merge(- {},- {- headers: {- __proto__: { polluted: 'nested' },- 'Content-Type': 'application/json',- },- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.headers['Content-Type'], 'application/json');- assert.strictEqual(result.headers.hasOwnProperty('__proto__'), false);- });-- it('should filter constructor key in nested objects', function () {- const result = utils.merge(- {},- {- headers: {- constructor: { prototype: { polluted: 'nested' } },- 'Content-Type': 'application/json',- },- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.headers['Content-Type'], 'application/json');- assert.strictEqual(result.headers.hasOwnProperty('constructor'), false);- });-- it('should filter prototype key in nested objects', function () {- const result = utils.merge(- {},- {- headers: {- prototype: { polluted: 'nested' },- 'Content-Type': 'application/json',- },- }- );-- assert.strictEqual(result.headers['Content-Type'], 'application/json');- assert.strictEqual(result.headers.hasOwnProperty('prototype'), false);- });-- it('should filter dangerous keys in deeply nested objects', function () {- const result = utils.merge(- {},- {- level1: {- level2: {- __proto__: { polluted: 'deep' },- prototype: { polluted: 'deep' },- safe: 'value',- },- },- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.level1.level2.safe, 'value');- assert.strictEqual(result.level1.level2.hasOwnProperty('__proto__'), false);- });-- it('should still merge regular properties correctly', function () {- const result = utils.merge({ a: 1, b: { c: 2 } }, { b: { d: 3 }, e: 4 });-- assert.strictEqual(result.a, 1);- assert.strictEqual(result.b.c, 2);- assert.strictEqual(result.b.d, 3);- assert.strictEqual(result.e, 4);- });-- it('should handle JSON.parse payloads safely', function () {- const malicious = JSON.parse('{"__proto__": {"polluted": "yes"}}');- const result = utils.merge({}, malicious);-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.hasOwnProperty('__proto__'), false);- });-- it('should handle nested JSON.parse payloads safely', function () {- const malicious = JSON.parse(- '{"headers": {"constructor": {"prototype": {"polluted": "yes"}}}}'- );- const result = utils.merge({}, malicious);-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.headers.hasOwnProperty('constructor'), false);- });- });-- describe('mergeConfig', function () {- it('should filter dangerous keys at top level', function () {- const result = mergeConfig(- {},- {- __proto__: { polluted: 'yes' },- constructor: { polluted: 'yes' },- prototype: { polluted: 'yes' },- url: '/api/test',- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.url, '/api/test');- assert.strictEqual(result.hasOwnProperty('__proto__'), false);- assert.strictEqual(result.hasOwnProperty('constructor'), false);- assert.strictEqual(result.hasOwnProperty('prototype'), false);- });-- it('should filter dangerous keys in headers', function () {- const result = mergeConfig(- {},- {- headers: {- __proto__: { polluted: 'yes' },- 'Content-Type': 'application/json',- },- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.headers['Content-Type'], 'application/json');- assert.strictEqual(result.headers.hasOwnProperty('__proto__'), false);- });-- it('should filter dangerous keys in custom config properties', function () {- const result = mergeConfig(- {},- {- customProp: {- __proto__: { polluted: 'yes' },- safe: 'value',- },- }- );-- assert.strictEqual(Object.prototype.polluted, undefined);- assert.strictEqual(result.customProp.safe, 'value');- assert.strictEqual(result.customProp.hasOwnProperty('__proto__'), false);- });-- it('should still merge configs correctly', function () {- const config1 = {- baseURL: 'https://api.example.com',- timeout: 1000,- headers: {- common: {- Accept: 'application/json',- },- },- };-- const config2 = {- url: '/users',- timeout: 5000,- headers: {- common: {- 'Content-Type': 'application/json',- },- },- };-- const result = mergeConfig(config1, config2);-- assert.strictEqual(result.baseURL, 'https://api.example.com');- assert.strictEqual(result.url, '/users');- assert.strictEqual(result.timeout, 5000);- assert.strictEqual(result.headers.common.Accept, 'application/json');- assert.strictEqual(result.headers.common['Content-Type'], 'application/json');- });- });-});
AI Analysis
Vulnerability Existed: not sure
FALSE POSITIVE
Prototype Pollution test/unit/core/prototypePollution.js 1-213
[Old Code]
/* eslint-disable no-prototype-builtins */
/* eslint-env mocha */
'use strict';
import assert from 'assert';
import utils from '../../../lib/utils.js';
import mergeConfig from '../../../lib/core/mergeConfig.js';
describe('Prototype Pollution Protection', function () {
afterEach(function () {
// Clean up any pollution that might have occurred
delete Object.prototype.polluted;
});
describe('utils.merge', function () {
it('should filter __proto__ key at top level', function () {
const result = utils.merge({}, { __proto__: { polluted: 'yes' }, safe: 'value' });
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.safe, 'value');
assert.strictEqual(result.hasOwnProperty('__proto__'), false);
});
it('should filter constructor key at top level', function () {
const result = utils.merge({}, { constructor: { polluted: 'yes' }, safe: 'value' });
assert.strictEqual(result.safe, 'value');
assert.strictEqual(result.hasOwnProperty('constructor'), false);
});
it('should filter prototype key at top level', function () {
const result = utils.merge({}, { prototype: { polluted: 'yes' }, safe: 'value' });
assert.strictEqual(result.safe, 'value');
assert.strictEqual(result.hasOwnProperty('prototype'), false);
});
it('should filter __proto__ key in nested objects', function () {
const result = utils.merge(
{},
{
headers: {
__proto__: { polluted: 'nested' },
'Content-Type': 'application/json',
},
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.headers['Content-Type'], 'application/json');
assert.strictEqual(result.headers.hasOwnProperty('__proto__'), false);
});
it('should filter constructor key in nested objects', function () {
const result = utils.merge(
{},
{
headers: {
constructor: { prototype: { polluted: 'nested' } },
'Content-Type': 'application/json',
},
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.headers['Content-Type'], 'application/json');
assert.strictEqual(result.headers.hasOwnProperty('constructor'), false);
});
it('should filter prototype key in nested objects', function () {
const result = utils.merge(
{},
{
headers: {
prototype: { polluted: 'nested' },
'Content-Type': 'application/json',
},
}
);
assert.strictEqual(result.headers['Content-Type'], 'application/json');
assert.strictEqual(result.headers.hasOwnProperty('prototype'), false);
});
it('should filter dangerous keys in deeply nested objects', function () {
const result = utils.merge(
{},
{
level1: {
level2: {
__proto__: { polluted: 'deep' },
prototype: { polluted: 'deep' },
safe: 'value',
},
},
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.level1.level2.safe, 'value');
assert.strictEqual(result.level1.level2.hasOwnProperty('__proto__'), false);
});
it('should still merge regular properties correctly', function () {
const result = utils.merge({ a: 1, b: { c: 2 } }, { b: { d: 3 }, e: 4 });
assert.strictEqual(result.a, 1);
assert.strictEqual(result.b.c, 2);
assert.strictEqual(result.b.d, 3);
assert.strictEqual(result.e, 4);
});
it('should handle JSON.parse payloads safely', function () {
const malicious = JSON.parse('{"__proto__": {"polluted": "yes"}}');
const result = utils.merge({}, malicious);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.hasOwnProperty('__proto__'), false);
});
it('should handle nested JSON.parse payloads safely', function () {
const malicious = JSON.parse(
'{"headers": {"constructor": {"prototype": {"polluted": "yes"}}}}'
);
const result = utils.merge({}, malicious);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.headers.hasOwnProperty('constructor'), false);
});
});
describe('mergeConfig', function () {
it('should filter dangerous keys at top level', function () {
const result = mergeConfig(
{},
{
__proto__: { polluted: 'yes' },
constructor: { polluted: 'yes' },
prototype: { polluted: 'yes' },
url: '/api/test',
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.url, '/api/test');
assert.strictEqual(result.hasOwnProperty('__proto__'), false);
assert.strictEqual(result.hasOwnProperty('constructor'), false);
assert.strictEqual(result.hasOwnProperty('prototype'), false);
});
it('should filter dangerous keys in headers', function () {
const result = mergeConfig(
{},
{
headers: {
__proto__: { polluted: 'yes' },
'Content-Type': 'application/json',
},
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.headers['Content-Type'], 'application/json');
assert.strictEqual(result.headers.hasOwnProperty('__proto__'), false);
});
it('should filter dangerous keys in custom config properties', function () {
const result = mergeConfig(
{},
{
customProp: {
__proto__: { polluted: 'yes' },
safe: 'value',
},
}
);
assert.strictEqual(Object.prototype.polluted, undefined);
assert.strictEqual(result.customProp.safe, 'value');
assert.strictEqual(result.customProp.hasOwnProperty('__proto__'), false);
});
it('should still merge configs correctly', function () {
const config1 = {
baseURL: 'https://api.example.com',
timeout: 1000,
headers: {
common: {
Accept: 'application/json',
},
},
};
const config2 = {
url: '/users',
timeout: 5000,
headers: {
common: {
'Content-Type': 'application/json',
},
},
};
const result = mergeConfig(config1, config2);
assert.strictEqual(result.baseURL, 'https://api.example.com');
assert.strictEqual(result.url, '/users');
assert.strictEqual(result.timeout, 5000);
assert.strictEqual(result.headers.common.Accept, 'application/json');
assert.strictEqual(result.headers.common['Content-Type'], 'application/json');
});
});
});
[Fixed Code]
<file deleted>
CVE Analysis Results:
CVE-2026-40175: Yes
View CVE Description
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.
Showing 1 to 3 of 3 results