[Snyk] Security upgrade axios from 1.2.3 to 1.7.8

[gitafolabi]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• cdk/package.json
• cdk/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-AXIOS-6671926	551

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the versions of the "axios" and "aws-sdk" dependencies in the project, which is a good security practice, but it's important to review the changes and ensure they don't introduce any new security issues or breaking changes.

Expand for full summary

Summary:

The code changes in this pull request focus on updating the versions of the "axios" and "aws-sdk" dependencies in the project. Updating dependencies to their latest versions is generally a good security practice, as it helps address known vulnerabilities. However, it's important to review the changelog or release notes of the new versions to ensure that there are no new security issues introduced.

In the case of the "axios" dependency update, it's essential to verify the specific changes and their impact on the application's security, as Axios has had several security vulnerabilities reported in the past. Additionally, it's crucial to ensure that the dependency updates do not introduce breaking changes or compatibility issues that could affect the application's functionality.

Overall, the changes appear to be routine maintenance updates, and they do not introduce any obvious security risks. However, it's recommended to thoroughly test the changes and monitor the application's dependencies to maintain the overall security posture of the application.

Files Changed:

• cdk/package.json: The version of the "axios" dependency has been updated from "^1.2.3" to "^1.7.8".
• cdk/yarn.lock: The "aws-sdk" dependency has been updated to version 2.1326.0, and the "axios" dependency has been updated to version 1.7.8.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.