[3.0.2] Vulnerable dependencies axios and dexie

[tory-kk]

According to GitHub Dependabot, used versions of axios and dexie are vulnerable https://github.com/reyesoft/ngx-jsonapi/blob/6a50dc5c5489cfa1eb40a80e0b2c0bf771924917/package.json#L154-L155

Dexie: Affected versions: < 3.2.2 Patched version: 3.2.2

Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like proto or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. Note: This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input.

Axios: Affected versions: >= 0.8.1, < 1.6.0 Patched version: 1.6.0

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Please upgrade these dependencies.