Open
Conversation
Snyk has created this PR to upgrade axios from 0.15.3 to 0.21.4. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/automatic365/project/7f0ff6e4-a9d1-400a-9658-fb08b8fcb4ce?utm_source=github&utm_medium=referral&page=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade axios from 0.15.3 to 0.21.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-174505
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-1038255
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
-
0.21.4 - 2021-09-06
- Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)
- Guillaume Fortaine
- Yusuke Kawasaki
- Dmitriy Mozgovoy
-
0.21.3 - 2021-09-04
- Fixing response interceptor not being called when request interceptor is attached (#4013)
- Julian Hollmann
-
0.21.2 - 2021-09-04
- Updating axios requests to be delayed by pre-emptive promise creation (#2702)
- Adding "synchronous" and "runWhen" options to interceptors api (#2702)
- Updating of transformResponse (#3377)
- Adding ability to omit User-Agent header (#3703)
- Adding multiple JSON improvements (#3688, #3763)
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
- Adding parseInt to config.timeout (#3781)
- Adding custom return type support to interceptor (#3783)
- Adding security fix for ReDoS vulnerability (#3980)
- Updating build dev dependancies (#3401)
- Fixing builds running on Travis CI (#3538)
- Updating follow rediect version (#3694, #3771)
- Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
- Fixing tests by bumping karma-sauce-launcher version (#3813)
- Changing testing process from Travis CI to GitHub Actions (#3938)
- Updating documentation around the use of
- Remove duplication of item in changelog (#3523)
- Fixing gramatical errors (#2642)
- Fixing spelling error (#3567)
- Moving gitpod metion (#2637)
- Adding new axios documentation website link (#3681, #3707)
- Updating documentation around dispatching requests (#3772)
- Adding documentation for the type guard isAxiosError (#3767)
- Adding explanation of cancel token (#3803)
- Updating CI status badge (#3953)
- Fixing errors with JSON documentation (#3936)
- Fixing README typo under Request Config (#3825)
- Adding axios-multi-api to the ecosystem file (#3817)
- Adding SECURITY.md to properly disclose security vulnerabilities (#3981)
- Sasha Korotkov
- Daniel Lopretto
- Mike Bishop
- Dmitriy Mozgovoy
- Mark
- Philipe Gouveia Paixão
- hippo
- ready-research
- Xianming Zhong
- Christopher Chrapka
- Brian Anglin
- Kohta Ito
- Ali Clark
- caikan
- Elina Gorshkova
- Ryota Ikezawa
- Nisar Hassan Naqvi
- Jake
- TagawaHirotaka
- Johannes Jarbratt
- Mo Sattler
- Sam Carlton
- Matt Czapliński
- Ziding Zhang
-
0.21.1 - 2020-12-22
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for
- Remove the skipping of the
- Use different socket for Win32 test (#3375)
- Daniel Lopretto timemachine3030@users.noreply.github.com
- Jason Kwok JasonHK@users.noreply.github.com
- Jay jasonsaayman@gmail.com
- Jonathan Foster jonathan@jonathanfoster.io
- Remco Haszing remcohaszing@gmail.com
- Xianming Zhong chinesedfan@qq.com
-
0.21.0 - 2020-10-23
- Fixing requestHeaders.Authorization (#3287)
- Fixing node types (#3237)
- Fixing axios.delete ignores config.data (#3282)
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
- Lock travis to not use node v15 (#3361)
- Fixing simple typo, existant -> existent (#3252)
- Fixing typos (#3309)
- Allan Cruz 57270969+Allanbcruz@users.noreply.github.com
- George Cheng Gerhut@GMail.com
- Jay jasonsaayman@gmail.com
- Kevin Kirsche Kev.Kirsche+GitHub@gmail.com
- Remco Haszing remcohaszing@gmail.com
- Taemin Shin cprayer13@gmail.com
- Tim Gates tim.gates@iress.com
- Xianming Zhong chinesedfan@qq.com
-
0.20.0 - 2020-08-21
-
0.20.0-0 - 2020-07-15
-
0.19.2 - 2020-01-22
- Remove unnecessary XSS check (#2679) (see (#2646) for discussion)
-
0.19.1 - 2020-01-07
-
0.19.0 - 2019-05-30
-
0.19.0-beta.1 - 2018-08-09
-
0.18.1 - 2019-06-01
-
0.18.0 - 2018-02-19
-
0.17.1 - 2017-11-11
-
0.17.0 - 2017-10-21
-
0.16.2 - 2017-06-03
-
0.16.1 - 2017-04-08
-
0.16.0 - 2017-04-01
-
0.15.3 - 2016-11-27
from axios GitHub release notes0.21.4 (September 6, 2021)
Fixes and Functionality:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.3 (September 4, 2021)
Fixes and Functionality:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.2 (September 4, 2021)
Fixes and Functionality:
Internal and Tests:
Documentation:
AUTH_TOKENwith multiple domain endpoints (#3539)Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.1 (December 21, 2020)
Fixes and Functionality:
AxiosError(#2949)Internal and Tests:
sockethttp test (#3364)Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.0 (October 23, 2020)
Fixes and Functionality:
Internal and Tests:
Documentation:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
Release of 0.20.0-pre as a full release with no other changes.
Read more
Read more
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs