Skip to content
This repository has been archived by the owner on Oct 14, 2024. It is now read-only.

[Snyk] Upgrade axios from 0.19.2 to 0.28.0 #176

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snykbotzup
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.19.2 to 0.28.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 17 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-02-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
158/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.28.0 - 2024-02-12

    Release notes:

    Bug Fixes

    Backports from v1.x:

    • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
    • Fixing content-type header repeated #4745
    • Fixed timeout error message for HTTP 4738
    • Added axios.formToJSON method (#4735)
    • URL params serializer (#4734)
    • Fixed toFormData Blob issue on node>v17 #4728
    • Adding types for progress event callbacks #4675
    • Fixed max body length defaults #4731
    • Added data URL support for node.js (#4725)
    • Added isCancel type assert (#4293)
    • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
    • Add string[] to AxiosRequestHeaders type (#4322)
    • Allow type definition for axios instance methods (#4224)
    • Fixed AxiosError stack capturing; (#4718)
    • Fixed AxiosError status code type; (#4717)
    • Adding Canceler parameters config and request (#4711)
    • fix(types): allow to specify partial default headers for instance creation (#4185)
    • Added blob to the list of protocols supported by the browser (#4678)
    • Fixing Z_BUF_ERROR when no content (#4701)
    • Fixed race condition on immediate requests cancellation (#4261)
    • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
    • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
    • Fix TS definition for AxiosRequestTransformer (#4201)
    • Use type alias instead of interface for AxiosPromise (#4505)
    • Include request and config when creating a CanceledError instance (#4659)
    • Added generic TS types for the exposed toFormData helper (#4668)
    • Optimized the code that checks cancellation (#4587)
    • Replaced webpack with rollup (#4596)
    • Added stack trace to AxiosError (#4624)
    • Updated AxiosError.config to be optional in the type definition (#4665)
    • Removed incorrect argument for NetworkError constructor (#4656)
  • 0.27.2 - 2022-04-27
  • 0.27.1 - 2022-04-26
  • 0.27.0 - 2022-04-25
  • 0.26.1 - 2022-03-09
  • 0.26.0 - 2022-02-13
  • 0.25.0 - 2022-01-18
  • 0.24.0 - 2021-10-25
  • 0.23.0 - 2021-10-12
  • 0.22.0 - 2021-10-01
  • 0.21.4 - 2021-09-06
  • 0.21.3 - 2021-09-04
  • 0.21.2 - 2021-09-04
  • 0.21.1 - 2020-12-22
  • 0.21.0 - 2020-10-23
  • 0.20.0 - 2020-08-21
  • 0.20.0-0 - 2020-07-15
  • 0.19.2 - 2020-01-22
from axios GitHub release notes
Commit messages
Package name: axios
  • 3b7635a [Release] v0.28.0 (#6211)
  • 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
  • 80c3d74 chore(ci): backported publish action; (#6224)
  • 2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
  • 880b42e docs: Fix a typo in README
  • c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (#4927)
  • 80b546c fix: loosing request header (#4858) (#4871)
  • 6acb5ef feat: brower platform add data protocol. (#4814)
  • bbb2264 fix(typing): axios response headers can be undefined (#4813)
  • eff25a2 chore: updated close stale workflow
  • 6b44df0 chore: added dependancy review
  • 94c1f7d chore: added code QL for the 0.x branch
  • 5576c2f chore: update ci runner rules
  • 871ef05 Fix - Request ignores false, 0 and empty string as body values (#4786)
  • 3dad74c Update base with master (#4754)
  • 12103f8 chore: adjusted CI to run on any current and future version branches
  • 1504792 Fixing content-type header repeated (#4745)
  • a11f950 Fix/4737/timeout error message for http (#4738)
  • 9bb016f chore: updated actions to run on new version based branches
  • c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
  • a02fe28 Updated README.md; (#4742)
  • 59dfed6 Bump grunt from 1.5.2 to 1.5.3 (#4743)
  • c008e57 Added `axios.formToJSON` method; (#4735)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants