VULN UPGRADE: axios (minor → 1.13.5) [integration_tests]

[campaigner-prod]

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

• integration_tests (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
axios	1.1.3	1.13.5	minor	6 HIGH, 2 MODERATE

---

Security Details

🚨 Critical & High Severity (6 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
axios	GHSA-4hjh-wcwx-xvwj	HIGH	Axios is vulnerable to DoS attack through lack of data size check	1.1.3	1.12.0
axios	CVE-2025-58754	HIGH	Axios is vulnerable to DoS attack through lack of data size check	1.1.3	-
axios	GHSA-43fc-jf86-j433	HIGH	Axios is Vulnerable to Denial of Service via proto Key in mergeConfig	1.1.3	1.13.5
axios	CVE-2026-25639	HIGH	Axios affected by Denial of Service via proto Key in mergeConfig	1.1.3	-
axios	GHSA-jr5f-v2jv-69x6	HIGH	axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL	1.1.3	1.8.2
axios	CVE-2025-27152	HIGH	Possible SSRF and Credential Leakage via Absolute URL in axios Requests	1.1.3	-

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
axios	GHSA-wf5p-g6vw-rhxx	MODERATE	Axios Cross-Site Request Forgery Vulnerability	1.1.3	1.6.0
axios	CVE-2023-45857	MODERATE	-	1.1.3	-

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System