Hey folks,

I use Axios in a backend environment, where I download files using dynamic URLs.

const response = await axios({
    method: 'GET',
    responseType: 'arraybuffer',
    url,
});

Snyk flagged this as an SSRF vulnerability. However, when I'm looking online about Axios, I see a lot of resolved issues around SSRF (like #6545).

My question is: do I need to clean and verify those URLs before doing the request? Or is this done automatically by Axios?

Cheers!