[Snyk] Security upgrade axios from 0.27.2 to 0.31.1

[snyk-io]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• php/razorpay_js/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Response Splitting SNYK-JS-AXIOS-16298058	730
	Uncontrolled Recursion SNYK-JS-AXIOS-16299923	710

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[snyk-io]

This upgrade of axios from 0.27.2 to 0.31.1 includes several minor versions that introduce significant behavioral changes and security fixes backported from the v1.x line. While not a major version bump, these changes require verification.

Key Changes:

• Parameter Serialization (v0.28.0): The serialization of object parameters in GET requests has changed. For example, a parameter params: { foo: { bar: 'baz' } } is now serialized as ?foo[bar]=baz instead of the previous ?foo=%7B%22bar%22%3A%22baz%22%7D. This can break backend systems expecting the old JSON string format. [15]
• Automatic Proxy Detection (v0.28.0): Axios now automatically uses proxy settings from the npm_config_proxy environment variable. This can cause unexpected connection issues in environments where this variable is set but was not intended to be used by the application. [4]
• Security Hardening (v0.31.x): These versions backport numerous security fixes, including protections against Prototype Pollution. As a result, Axios now blocks unconventional deep-merging patterns that target the object prototype in the configuration. [1, 3]
• TypeScript Types (v0.31.0): Return types for AxiosInstance methods were corrected. This may cause type errors in TypeScript projects that require code adjustments. [2]

Recommendation:
Verify that your application is not negatively impacted by the changes in parameter serialization and automatic proxy detection. Test API calls that use complex objects as GET parameters and confirm network connectivity in your deployment environment.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hivel-marco]

PR Complexity Score: 1.2 - Trivial

View Breakdown

• Lines Changed: 2
• Files Changed: 1
• Complexity Added: 0
• Raw Score: 3.04

Overview

This PR updates the axios dependency version in the PHP Razorpay JS package.
The goal is to bring axios up to a more recent, likely more secure and feature-complete version without changing other dependencies.

Key Changes

• Upgrades axios from ^0.27.2 to ^0.31.1 to incorporate the latest fixes, improvements, and security patches.
• Leaves all other dependencies and project configuration untouched to minimize the scope of impact.

Risks & Considerations

• Potential breaking changes or behavioral differences between axios 0.27.x and 0.31.x that could affect existing HTTP request/response handling.
• Any custom axios configuration, interceptors, or error handling logic should be revalidated against the new version.
• Ensure that the runtime environment and any bundling/transpilation tools are compatible with the new axios version.

File-level change summary

File	Change summary
php/razorpay_js/package.json	Updated the axios dependency version to ^0.31.1.