fix(deps): update dependency axios to v1.7.4 [security] by renovate[bot] · Pull Request #122 · tomasciar/foodmaps

renovate · 2023-11-11T15:15:19Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
axios (source)	`1.4.0` → `1.7.4`

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

`v1.7.4`

Compare Source

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)
missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL
feat: add config option for allowing absolute URLs
fix: add default value for allowAbsoluteUrls in buildFullPath
fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts

Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

Jay

1.7.8 (2024-11-25)

Bug Fixes

allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
core: fixed config merging bug (#6668) (5d99fe4)
fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
http: fixed proxy-from-env module import (#5222) (12b3295)
http: use globalThis.TextEncoder when available (#6634) (df956d1)
ios11 breaks when build (#6608) (7638952)
types: add missing types for mergeConfig function (#6590) (00de614)
types: export CJS types from ESM (#6218) (c71811b)
updated stream aborted error message to be more clear (#6615) (cc3217a)
use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)
fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

adapter: fix progress event emitting; (#6518) (e3c76fc)
fetch: fix withCredentials request config (#6505) (85d4d0e)
xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes

fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

Dmitriy Mozgovoy

`v1.7.3`

Compare Source

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)
missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL
feat: add config option for allowing absolute URLs
fix: add default value for allowAbsoluteUrls in buildFullPath
fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts

Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

Jay

1.7.8 (2024-11-25)

Bug Fixes

allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
core: fixed config merging bug (#6668) (5d99fe4)
fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
http: fixed proxy-from-env module import (#5222) (12b3295)
http: use globalThis.TextEncoder when available (#6634) (df956d1)
ios11 breaks when build (#6608) (7638952)
types: add missing types for mergeConfig function (#6590) (00de614)
types: export CJS types from ESM (#6218) (c71811b)
updated stream aborted error message to be more clear (#6615) (cc3217a)
use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)
fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

adapter: fix progress event emitting; (#6518) (e3c76fc)
fetch: fix withCredentials request config (#6505) (85d4d0e)
xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes

fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

Dmitriy Mozgovoy

`v1.7.2`

Compare Source

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)
missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)
utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL
feat: add config option for allowing absolute URLs
fix: add default value for allowAbsoluteUrls in buildFullPath
fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts

Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

Jay

1.7.8 (2024-11-25)

Bug Fixes

allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
core: fixed config merging bug (#6668) (5d99fe4)
fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
http: fixed proxy-from-env module import (#5222) (12b3295)
http: use globalThis.TextEncoder when available (#6634) (df956d1)
ios11 breaks when build (#6608) (7638952)
types: add missing types for mergeConfig function (#6590) (00de614)
types: export CJS types from ESM (#6218) (c71811b)
updated stream aborted error message to be more clear (#6615) (cc3217a)
use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)
fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

[Lev Pachmanov](https://redirect.github.com/levpachmanov "+4

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

vercel · 2023-11-11T15:15:21Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
foodmaps	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 13, 2024 10:56pm

vercel bot deployed to Preview November 11, 2023 15:16 View deployment

renovate bot changed the title ~~fix(deps): update dependency axios to v1.6.0 [security]~~ fix(deps): update dependency axios to v1.6.0 [security] - autoclosed Feb 20, 2024

renovate bot closed this Feb 20, 2024

renovate bot deleted the renovate/npm-axios-vulnerability branch February 20, 2024 21:58

renovate bot changed the title ~~fix(deps): update dependency axios to v1.6.0 [security] - autoclosed~~ fix(deps): update dependency axios to v1.6.0 [security] Feb 21, 2024

renovate bot reopened this Feb 21, 2024

renovate bot restored the renovate/npm-axios-vulnerability branch February 21, 2024 04:05

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 2ae5639 to 79c1c15 Compare February 21, 2024 04:06

vercel bot deployed to Preview February 21, 2024 04:07 View deployment

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 79c1c15 to 752cc76 Compare August 13, 2024 22:54

renovate bot changed the title ~~fix(deps): update dependency axios to v1.6.0 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Aug 13, 2024

vercel bot deployed to Preview August 13, 2024 22:56 View deployment

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 752cc76 to f746e9c Compare March 7, 2025 23:05

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.8.2 [security] Mar 7, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from f746e9c to eb30891 Compare March 28, 2025 16:38

renovate bot changed the title ~~fix(deps): update dependency axios to v1.8.2 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Mar 28, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from eb30891 to c0bb8a3 Compare March 28, 2025 23:05

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.8.2 [security] Mar 28, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from c0bb8a3 to 5705292 Compare May 17, 2025 06:05

renovate bot changed the title ~~fix(deps): update dependency axios to v1.8.2 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] May 17, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5705292 to de07d9e Compare August 10, 2025 12:38

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from de07d9e to 40f1703 Compare September 13, 2025 20:10

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.12.0 [security] Sep 13, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 40f1703 to 701627a Compare September 18, 2025 18:28

renovate bot changed the title ~~fix(deps): update dependency axios to v1.12.0 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Sep 18, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 2 times, most recently from 0edbb83 to b3472b0 Compare September 30, 2025 02:07

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.12.0 [security] Sep 30, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b3472b0 to cc9d183 Compare September 30, 2025 22:44

renovate bot changed the title ~~fix(deps): update dependency axios to v1.12.0 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Sep 30, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from cc9d183 to 338e689 Compare February 10, 2026 00:44

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.13.5 [security] Feb 10, 2026

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 338e689 to bb3ed7c Compare February 12, 2026 00:31

renovate bot changed the title ~~fix(deps): update dependency axios to v1.13.5 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Feb 12, 2026

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from bb3ed7c to 15aa4a4 Compare February 19, 2026 21:31

renovate bot changed the title ~~fix(deps): update dependency axios to v1.7.4 [security]~~ fix(deps): update dependency axios to v1.13.5 [security] Feb 19, 2026

fix(deps): update dependency axios to v1.7.4 [security]

efa3406

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 15aa4a4 to efa3406 Compare February 21, 2026 02:06

renovate bot changed the title ~~fix(deps): update dependency axios to v1.13.5 [security]~~ fix(deps): update dependency axios to v1.7.4 [security] Feb 21, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency axios to v1.7.4 [security]#122

fix(deps): update dependency axios to v1.7.4 [security]#122
renovate[bot] wants to merge 1 commit intodevfrom
renovate/npm-axios-vulnerability

renovate bot commented Nov 11, 2023 •

edited

Loading

Uh oh!

vercel bot commented Nov 11, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Nov 11, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2023-45857

CVE-2024-39338

Release Notes

v1.7.4

Bug Fixes

Features

Reverts

BREAKING CHANGES

Contributors to this release

1.7.9 (2024-12-04)

Reverts

Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes

Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes

Contributors to this release

v1.7.3

Bug Fixes

Features

Reverts

BREAKING CHANGES

Contributors to this release

1.7.9 (2024-12-04)

Reverts

Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes

Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes

Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes

Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes

Contributors to this release

v1.7.2

Bug Fixes

Features

Reverts

BREAKING CHANGES

Contributors to this release

1.7.9 (2024-12-04)

renovate bot commented Nov 11, 2023 •

edited

Loading

`v1.7.4`

`v1.7.3`

`v1.7.2`

vercel bot commented Nov 11, 2023 •

edited

Loading