[Snyk] Fix for 1 vulnerabilities

[vvaka]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hi-ui/hiui

The new version differs by 250 commits.

• 3530e4f chore(release): publish %v
• 1cb5bc6 Merge pull request #2187 from XiaoMi/feature/core-peer
• af18342 chore: revise HiUI name
• c799d2f chore: update notes
• 50f9236 feat: move hi-ui/core into peer deps
• 417bbec revert: update pkg
• 481e478 Merge pull request #2186 from XiaoMi/feature/readme-v4
• e514ba9 perf: 减少额外dom节点渲染
• f18134c chore: update version
• 6aa099b docs: update readme && add CONTRIBUTING
• 11447e6 Merge pull request #2165 from XiaoMi/next/4.0
• 76ea4dd Merge branch 'master' into next/4.0
• 6743a10 Merge branch 'develop' into next/4.0
• 4779d1c chore(descriptions): update stories
• 10fb759 chore(release): publish %v
• 2231788 chore: update ui
• ebb4ffb chore(release): publish %v
• 62af018 feat(hiui): add result && space && highlighter && descriptions
• dd4ab17 feat(result): update default images
• 6b723ab feat(descriptions): add labelPlacement as Item prop && update style scss
• a479087 perf(space): adjust api && add new stories
• 90c52e4 feat(result): add new result icons
• daf3f40 chore(release): publish %v
• 4179b7f fix(avatar): 修复头像无边框模式配置失效

See the full diff

Package name: axios

The new version differs by 250 commits.

• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors
• b3be365 chore(release): v1.6.2 (#6082)
• 8739acb chore(ci): removed redundant release action; (#6081)
• bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
• a2b0fb3 chore(docs): update README.md (#6048)
• b12a608 chore(ci): removed paths-ignore filter; (#6080)
• 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
• 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
• cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
• 7009715 chore(ci): fixed release notification action; (#6064)
• 7144f10 chore(ci): fixed release notification action; (#6063)
• f6d2cf9 chore(ci): fix publish action content permission; (#6061)
• a22f4b9 chore(release): v1.6.1 (#6060)
• cb8bb2b chore(ci): Publish to NPM with provenance (#5835)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution