npcheck icon indicating copy to clipboard operation
npcheck copied to clipboard
verified publisher icon nodeshift

[Snyk] Upgrade axios from 0.24.0 to 1.6.5

Open lholmquist opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.24.0 to 1.6.5.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 36 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2024-01-05.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Proof of Concept
Prototype Pollution
SNYK-JS-AXIOS-6144788		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 No Known Exploit
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 676/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 1.6.5 - 2024-01-05

    Release notes:

    Bug Fixes

    • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
    • dns: fixed lookup error handling; (#6175) (f4f2b03)

    Contributors to this release

  • 1.6.4 - 2024-01-03

    Release notes:

    Bug Fixes

    • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
    • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

    Contributors to this release

  • 1.6.3 - 2023-12-26

    Release notes:

    Bug Fixes

    • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

    Contributors to this release

  • 1.6.2 - 2023-11-14

    Release notes:

    Features

    • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

    PRs

    • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
    
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

    Contributors to this release

  • 1.6.1 - 2023-11-08

    Release notes:

    Bug Fixes

    • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
    • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

    Contributors to this release

  • 1.6.0 - 2023-10-26

    Release notes:

    Bug Fixes

    PRs

    • CVE 2023 45857 ( #6028 )
    
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

    Contributors to this release

  • 1.5.1 - 2023-09-26

    Release notes:

    Bug Fixes

    • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
    • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
    • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
    • types: removed duplicated code (9e62056)

    Contributors to this release

  • 1.5.0 - 2023-08-26

    Release notes:

    Bug Fixes

    • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
    • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
    • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
    • headers: fixed common Content-Type header merging; (#5832) (8fda276)

    Features

    Contributors to this release

  • 1.4.0 - 2023-04-27

    Release notes:

    Bug Fixes

    • formdata: add multipart/form-data content type for FormData payload on custom client environments; (#5678) (bbb61e7)
    • package: export package internals with unsafe path prefix; (#5677) (df38c94)

    Features

    • dns: added support for a custom lookup function; (#5339) (2701911)
    • types: export AxiosHeaderValue type. (#5525) (726f1c8)

    Performance Improvements

    • merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#5679) (e6f7053)

    Contributors to this release

  • 1.3.6 - 2023-04-19

    Release notes:

    Bug Fixes

    • types: added transport to RawAxiosRequestConfig (#5445) (6f360a2)
    • utils: make isFormData detection logic stricter to avoid unnecessary calling of the toString method on the target; (#5661) (aa372f7)

    Contributors to this release

  • 1.3.5 - 2023-04-05
  • 1.3.4 - 2023-02-22
  • 1.3.3 - 2023-02-13
  • 1.3.2 - 2023-02-03
  • 1.3.1 - 2023-02-01
  • 1.3.0 - 2023-01-31
  • 1.2.6 - 2023-01-28
  • 1.2.5 - 2023-01-26
  • 1.2.4 - 2023-01-24
  • 1.2.3 - 2023-01-17
  • 1.2.2 - 2022-12-29
  • 1.2.1 - 2022-12-05
  • 1.2.0 - 2022-11-22
  • 1.2.0-alpha.1 - 2022-11-10
  • 1.1.3 - 2022-10-15
  • 1.1.2 - 2022-10-07
  • 1.1.1 - 2022-10-07
  • 1.1.0 - 2022-10-06
  • 1.0.0 - 2022-10-04
  • 1.0.0-alpha.1 - 2022-05-31
  • 0.27.2 - 2022-04-27
  • 0.27.1 - 2022-04-26
  • 0.27.0 - 2022-04-25
  • 0.26.1 - 2022-03-09
  • 0.26.0 - 2022-02-13
  • 0.25.0 - 2022-01-18
  • 0.24.0 - 2021-10-25
from axios GitHub release notes
Commit messages
Package name: axios
  • 6d4c421 chore(release): v1.6.5 (#6177)
  • 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
  • f4f2b03 fix(dns): fixed lookup error handling; (#6175)
  • 1f73dcb docs: update sponsor links
  • 8790b8e chore(release): v1.6.4 (#6173)
  • 0ad520d chore(ci): fix notify action; (#6172)
  • 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
  • 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
  • 90864b3 docs: update logos
  • 1542719 docs: updated headline sponsors
  • b15b918 chore(release): v1.6.3 (#6151)
  • b76cce0 chore(ci): added branches filter for notify action; (#6084)
  • 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
  • 8befb86 docs: update alloy link (#6145)
  • d18f40d docs: add headline sponsors
  • b3be365 chore(release): v1.6.2 (#6082)
  • 8739acb chore(ci): removed redundant release action; (#6081)
  • bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
  • a2b0fb3 chore(docs): update README.md (#6048)
  • b12a608 chore(ci): removed paths-ignore filter; (#6080)
  • 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
  • 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
  • cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
  • 7009715 chore(ci): fixed release notification action; (#6064)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

lholmquist avatar Jan 28 '24 04:01 lholmquist