chore(deps): bump the npm_and_yarn group with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 23 updates:

Package	From	To
node-opcua	2.64.1	2.74.0
vm2	3.9.11	3.9.19
@babel/traverse	7.18.9	7.25.6
jsonata	1.8.3	2.0.5
@types/node-red__util	1.2.0	1.3.8
node-red	3.0.1	3.1.12
axios	0.27.2	1.7.7
body-parser	1.20.0	1.20.3
node-red-node-test-helper	0.3.0	0.3.4
braces	3.0.2	3.0.3
gulp	4.0.2	5.0.0
decode-uri-component	0.2.0	0.2.2
express	4.18.1	4.21.0
follow-redirects	1.15.1	1.15.9
qs	6.9.3	6.13.0
json5	2.2.1	2.2.3
jsrsasign	10.5.26	10.9.0
moment-timezone	0.5.34	0.5.43
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
tough-cookie	4.0.0	4.1.3
ws	7.5.6	7.5.10
xml2js	0.4.23	0.6.2

Updates node-opcua from 2.64.1 to 2.74.0

Release notes

Sourced from node-opcua's releases.

v2.74.0

This important release fixes 3 CVEs that have been recently discovered.

*We strongly encourage you to upgrade your existing node-opcua to version 2.74.0 or greater and to contact Sterfive for support.

Only Sterfive's customers or members of the NodeOPCUA Subscription Membership are entitled to receive professional advice & support. You can apply online at https://support.sterfive.com .

‼️ vulnerabilities fixes

CVE-2022-21208

• The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

CVE-2022-25231

• The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

CVE-2022-24375

• The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

🐛 bug fixes:

• [902b288aae91ef465d960039e353259a926711b1] server now returns ServiceFault response in case of error, instead of the corresponding Response of the Request command.
• [3fd46ec156e7718a506be41f3916310b6bdd0407] server: fix Subscription.modify that may cause server to crash;

©️ copyright update

• [email protected] is now copyrighted by Sterfive SAS. [902b288aae91ef465d960039e353259a926711b1]

please make sure to comply with the MIT license and includes the attributions to Sterfive SAS for NodeOPCUA in the documentation that accompanies your application.

Copyright (c) 2022  Sterfive SAS - 833264583 RCS ORLEANS - France (https://www.sterfive.com)
Copyright (c) 2014-2022 Etienne Rossignon

👬 contributors

• special Kudo to claroty'steam82 for finding the CVE. (Claroty Research https://claroty.com/team82/)

v2.73.0

... (truncated)

Commits

• 003ee04 v2.74.0
• 902b288 update copyright and license
• 7b5044b server: use ServiceFault on request error
• 3fd46ec server: fix Subscription.modify assert
• 684a796 v2.73.1
• 7edf48c improve extension object initialize field
• 6327868 cleanup
• 6d8be3b fix typo
• b23a87c v2.73.0
• 156520c fix javascript test
• Additional commits viewable in compare view

Updates vm2 from 3.9.11 to 3.9.19

Release notes

Sourced from vm2's releases.

3.9.19

Fixes

patriksimek/vm2@cfa3fc6: Fix resolver issue.

3.9.18

New Features

patriksimek/vm2@dd81ff6: Add resolver API to create a shared resolver for multiple NodeVM instances allowing to cache scripts and increase sandbox startup times. patriksimek/vm2@4d662e3: Allow to pass a function to require.context which is called with the filename allowing to specify the context pre file. (Thanks to @​blakebyrnes)

Fixes

patriksimek/vm2@d88105f: Fix issue leaking host array through Proxy. (Thanks to @​arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.) patriksimek/vm2@5206ba2: Fix issue with inspect being writeable. (Thanks to @​arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc.)

3.9.17

Fixes

patriksimek/vm2@4b22e87: Fix issue in catch block protection. (Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab.) patriksimek/vm2@f3db4de: Fix issue with host exceptions thrown in async functions leaking though the Promise.

3.9.16

Fixes

patriksimek/vm2@24c724d: Fix issue in transformer issue by reworking replacement logic. (Thanky to Xion (SeungHyun Lee) of KAIST Hacking Lab.)

3.9.15

Fixes

patriksimek/vm2@d534e57: Ensure no host objects are passed through to Error.prepareStackTrace. (Thanky to Seongil Wi from KAIST WSP Lab)

3.9.14

Fixes

patriksimek/vm2@fe3ab68: Support conditional export resolution with custom resolver (thanks to nick-klaviyo).

3.9.13

Fixes

patriksimek/vm2@1c365f7: Fix typescript error in index.d.ts.

3.9.12

New Features

patriksimek/vm2@81f625d: Add file system API.

Fixes

patriksimek/vm2@442feea: Fix parsing error with object pattern in catch clause.

Changelog

Sourced from vm2's changelog.

v3.9.19 (2023-05-16)

[fix] Fix resolver issue.

v3.9.18 (2023-05-15)

[fix] Multiple security fixes. [new] Add resolver API to create a shared resolver for multiple NodeVM instances allowing to cache scripts and increase sandbox startup times. [new] Allow to pass a function to require.context which is called with the filename allowing to specify the context pre file.

v3.9.17 (2023-04-17)

[fix] Multiple security fixes.

v3.9.16 (2023-04-11)

[fix] Security fix (see patriksimek/vm2#516).

v3.9.15 (2023-04-06)

[fix] Security fix (see patriksimek/vm2#515).

v3.9.14 (2023-02-05)

[new] Support conditional export resolution with custom resolver. (nick-klaviyo)

v3.9.13 (2022-12-08)

[fix] Fix typescript errors in index.d.ts

v3.9.12 (2022-11-29)

[new] Add file system API.
[fix] Fix parsing error with object pattern in catch clause.

Commits

• 1663f23 Release 3.9.19
• cfa3fc6 Fix resolver issue
• 2f446e5 Release 3.9.18
• 587bb13 Add tests for past vulnerabilities
• f5a129a Merge branch 'master' of https://github.com/patriksimek/vm2
• dd81ff6 Merge pull request #519 from XmiliaH/resolver-api
• af983a8 Merge remote-tracking branch 'upstream/master' into resolver-api
• 5206ba2 Inspect method should be readonly
• d88105f Ensure host array does not leak through proxy
• 4d662e3 Merge pull request #521 from ulixee/pathContext
• Additional commits viewable in compare view

Updates @babel/traverse from 7.18.9 to 7.25.6

Release notes

Sourced from @​babel/traverse's releases.

v7.25.6 (2024-08-29)

Thanks @​j4k0xb for your first PR!

🐛 Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

🏠 Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​j4k0xb
• @​liuxingbaoyu

v7.25.5 (2024-08-23)

🐛 Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate sequence expression parentheses correctly (@​liuxingbaoyu)

💅 Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

Committers: 2

• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.4 (2024-08-22)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.6 (2024-08-29)

🐛 Bug Fix

• babel-generator
  • #16783 Properly print inner comments in TS array types (@​nicolo-ribaudo)
  • #16775 fix: jsx whitespace is not properly preserved when retainLines (@​liuxingbaoyu)
• babel-traverse
  • #16727 fix: path.getAssignmentIdentifiers may be undefined (@​liuxingbaoyu)
• babel-parser
  • #16761 fix: improve static canFollowModifier checks (@​JLHwung)
• babel-helpers, babel-plugin-transform-optional-chaining, babel-runtime-corejs3
  • #16769 Only wrap functions in superPropertyGet helper (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16780 Do not enforce printing space between ( and comments (@​nicolo-ribaudo)
• babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes
  • #16781 Don't throw when enabling both syntax-import-{assertions,attributes} (@​nicolo-ribaudo)
• babel-generator
  • #16782 TS union/intersection nested in union does not need parens (@​nicolo-ribaudo)

🏠 Internal

• babel-generator
  • #16777 Remove unused parent params in the generator (@​nicolo-ribaudo)

v7.25.5 (2024-08-23)

🐛 Bug Fix

• babel-generator, babel-traverse
  • #16764 fix: Generate parentheses correctly (@​liuxingbaoyu)

💅 Polish

• babel-generator
  • #16738 Only force-parenthesize satisfies's LHS if it has newlines (@​nicolo-ribaudo)

v7.25.4 (2024-08-22)

🐛 Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)

... (truncated)

Commits

• 2f72b97 v7.25.6
• faceae9 fix: path.getAssignmentIdentifiers may be undefined (#16727)
• 46ee612 Remove some NodePath methods (#16655)
• 2fdc8b5 fix: Generate sequence expression parentheses correctly (#16764)
• cbf124c v7.25.4
• 2b289fb fix: skip computed key when renaming (#16756)
• 575863c Avoid unnecessary parens around sequence expressions (#16722)
• 5174ad1 Clean all always enabled parser plugins (#16572)
• 52718ab Discontinue babel-eslint-config-internal (#16718)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• Additional commits viewable in compare view

Updates jsonata from 1.8.3 to 2.0.5

Release notes

Sourced from jsonata's releases.

2.0.5 Maintenance Release

• Fix leaking internal references in expressions when using lambdas (issue #691)

2.0.4 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#676)
• Add upper/lower presentation format for am/pm in fromMillis (PR jsonata-js/jsonata#644)
• Various documentation additions and corrections

2.0.3 Maintenance Release

• Fix regex termination lexer (PR jsonata-js/jsonata#623)
• Fix TypeScript definition (PR jsonata-js/jsonata#633)

2.0.2 Maintenance Release

• Typescript definition: fix return type of evaluate method (PR #615)

2.0.1 Maintenance Release

• Small update to pick up README changes with 2.0.0 changes

2.0.0 Major Release

Version 2.0.0 contains a breaking change to the Javascript API as a result of reimplementing the evaluator to use async functions instead of generators. This provides a performance boost. No breaking changes have been made to the JSONata language itself.

Faster JSONata evaluation by switching from generators to async/await (PR #583) Add support for parsing binary, octal & hexadecimal numbers (PR #573)

1.8.7 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#681)

1.8.6 Maintenance Release

• Fix bug in date/time picture string. Width formatting is not respected without a separator (issue #546)
• Fix error when converting empty array to an object (issue #547)
• Fix Buffer deprecation warning (PR #560)

1.8.5 Maintenance Release

• Fix regression with singleton sequence of array type (issue #462)
• Correctly handle empty array input to group expression (issue #527)
• Fix bug with outer array when evaluating wildcard (issue #495)

1.8.4 Maintenance Release

• Fix bug in $eval when second arg is an empty array (issue #463)
• Fix bug in toMillis() parsing timezones (issue #477)

Changelog

Sourced from jsonata's changelog.

2.0.5 Maintenance Release

• Fix leaking internal references in expressions when using lambdas (issue #691)

2.0.4 Maintenance Release

• Prevent writing to the object prototype or constructor (PR jsonata-js/jsonata#676)
• Add upper/lower presentation format for am/pm in fromMillis (PR jsonata-js/jsonata#644)
• Various documentation additions and corrections

2.0.3 Maintenance Release

• Fix regex termination lexer (PR jsonata-js/jsonata#623)
• Fix TypeScript definition (PR jsonata-js/jsonata#633)

2.0.2 Maintenance Release

• Typescript definition: fix return type of evaluate method (PR jsonata-js/jsonata#615)

2.0.1 Maintenance Release

• Small update to pick up README changes with 2.0.0 changes

2.0.0 Major Release

Version 2.0.0 contains a breaking change to the Javascript API as a result of reimplementing the evaluator to use async functions instead of generators. This provides a performance boost. No breaking changes have been made to the JSONata language itself.

• Faster JSONata evaluation by switching from generators to async/await (PR #583)
• Add support for parsing binary, octal & hexadecimal numbers (PR #573)

1.8.6 Maintenance Release

• Fix bug in date/time picture string. Width formatting is not respected without a separator (issue #546)
• Fix error when converting empty array to an object (issue #547)
• Fix Buffer deprecation warning (PR #560)

1.8.5 Maintenance Release

• Fix regression with singleton sequence of array type (issue #462)
• Correctly handle empty array input to group expression (issue #527)
• Fix bug with outer array when evaluating wildcard (issue #495)

1.8.4 Maintenance Release

• Fix bug in $eval when second arg is an empty array (issue #463)
• Fix bug in toMillis() parsing timezones (issue #477)

Commits

• d0afd35 Update CHANGELOG.md
• 3fde233 Release v2.0.5
• 4446161 Prevent lookup of function object properties
• b2a637e Update workflow for Node.js 20 (#683)
• 948af5a Update workflow to support v1 branch (#679)
• ea8fb85 Release v2.0.4
• 335d38f Check for constructor property
• c907b5e Prevent access to proto
• d7790e8 Update numeric-operators.md
• 41d14fc Add new Rust implementation
• Additional commits viewable in compare view

Updates @types/node-red__util from 1.2.0 to 1.3.8

Commits

• See full diff in compare view

Updates node-red from 3.0.1 to 3.1.12

Release notes

Sourced from node-red's releases.

3.1.12

What's Changed

• Bump for 3.1.12 release by @​knolleary in node-red/node-red#4885
• Update express/body-parser dependencies

Full Changelog: node-red/node-red@3.1.11...3.1.12

3.1.11

What's Changed

• Add/Update German Translations for delay node by @​dceejay in node-red/node-red#4762
• Bump for 3.1.11 release by @​knolleary in node-red/node-red#4772
• Update ws dependency

Full Changelog: node-red/node-red@3.1.10...3.1.11

3.1.10

What's Changed

• docs: Add closing paragraph tag by @​ZJvandeWeg in node-red/node-red#4664
• Fix three error typos in monaco.js by @​JoshuaCWebDeveloper in node-red/node-red#4660
• Fix undo of subflow env property edits by @​knolleary in node-red/node-red#4667
• Avoid login loops when autoLogin enabled but login fails by @​knolleary in node-red/node-red#4684
• Replacing vm.createScript in favour of vm.Script by @​patlux in node-red/node-red#4534
• Pass full error object in Function node and copy over cause property by @​knolleary in node-red/node-red#4685
• Allow nodes to return additional history entries in onEditSave by @​knolleary in node-red/node-red#4710
• Add missing tooltips to Sidebar by @​GogoVega in node-red/node-red#4713
• Change the Config Node cursor to pointer by @​GogoVega in node-red/node-red#4711
• Deleting a grouped node should update the group by @​GogoVega in node-red/node-red#4714
• Fix a checkbox should return a Boolean value and not the string on by @​GogoVega in node-red/node-red#4715
• Translate the number of items selected in the options list by @​GogoVega in node-red/node-red#4730
• Add Japanese translation for sidebar tooltip by @​kazuhitoyokoi in node-red/node-red#4727
• Fix panning with middle mouse button on windows 10/11 by @​corentin-sodebo-voile in node-red/node-red#4716
• Fix checkboxes are not updated when calling typedInput("value", "") by @​GogoVega in node-red/node-red#4729
• Fix the Sidebar Config is not refreshed after a deploy by @​GogoVega in node-red/node-red#4734
• Ensure all CSS variables are in the output file by @​bonanitech in node-red/node-red#3743
• Fix losing links when importing a copy of links into a subflow by @​GogoVega in node-red/node-red#4750
• Fix clone of group env var properties by @​knolleary in node-red/node-red#4753
• Include rewired nodes when calculating Modified Flows stop list by @​knolleary in node-red/node-red#4754
• Bump for 3.1.10 release by @​knolleary in node-red/node-red#4755

New Contributors

• @​JoshuaCWebDeveloper made their first contribution in node-red/node-red#4660
• @​patlux made their first contribution in node-red/node-red#4534
• @​corentin-sodebo-voile made their first contribution in node-red/node-red#4716

Full Changelog: node-red/node-red@3.1.9...3.1.10

3.1.9

What's Changed

• Fix subflow module sending messages to debug sidebar by @​knolleary in node-red/node-red#4642
• Guard refresh of unknown subflow by @​knolleary in node-red/node-red#4640

... (truncated)

Changelog

Sourced from node-red's changelog.

3.1.12: Maintenance Release

• Update express/body-parser dependencies

3.1.11: Maintenance Release

• Add/Update German Translations for delay node (#4762) @​dceejay
• Update ws dependency

3.1.10: Maintenance Release

• Include rewired nodes when calculating Modified Flows stop list (#4754) @​knolleary
• Fix clone of group env var properties (#4753) @​knolleary
• Fix losing links when importing a copy of links into a subflow (#4750) @​GogoVega
• Ensure all CSS variables are in the output file (#3743) @​bonanitech
• Fix the Sidebar Config is not refreshed after a deploy (#4734) @​GogoVega
• Fix checkboxes are not updated when calling typedInput("value", "") (#4729) @​GogoVega
• Fix panning with middle mouse button on windows 10/11 (#4716) @​corentin-sodebo-voile
• Add Japanese translation for sidebar tooltip (#4727) @​kazuhitoyokoi
• Translate the number of items selected in the options list (#4730) @​GogoVega
• Fix a checkbox should return a Boolean value and not the string on (#4715) @​GogoVega
• Deleting a grouped node should update the group (#4714) @​GogoVega
• Change the Config Node cursor to pointer (#4711) @​GogoVega
• Add missing tooltips to Sidebar (#4713) @​GogoVega
• Allow nodes to return additional history entries in onEditSave (#4710) @​knolleary
• Pass full error object in Function node and copy over cause property (#4685) @​knolleary
• Replacing vm.createScript in favour of vm.Script (#4534) @​patlux
• Avoid login loops when autoLogin enabled but login fails (#4684) @​knolleary
• Fix undo of subflow env property edits (#4667) @​knolleary
• Fix three error typos in monaco.js (#4660) @​JoshuaCWebDeveloper
• docs: Add closing paragraph tag (#4664) @​ZJvandeWeg

3.1.9: Maintenance Release

• Prevent subflow being added to itself (#4654) @​knolleary
• Fix use of spawn on windows with cmd files (#4652) @​knolleary
• Guard refresh of unknown subflow (#4640) @​knolleary
• Fix subflow module sending messages to debug sidebar (#4642) @​knolleary

3.1.8: Maintenance Release

• Add validation and error handling on subflow instance properties (#4632) @​knolleary
• Hide import/export context menu if disabled in theme (#4633) @​knolleary
• Show change indicator on subflow tabs (#4631) @​knolleary
• Bump dependencies (#4630) @​knolleary
• Reset workspace index when clearing nodes (#4619) @​knolleary
• Remove typo in global config (#4613) @​kazuhitoyokoi

3.1.7: Maintenance Release

... (truncated)

Commits

• 7322cd0 Merge pull request #4885 from node-red/rel3112
• 3fe4c12 Bump for 3.1.12 release
• 2a4fb71 Merge pull request #4772 from node-red/rel3111
• 38a77d2 Bump for 3.1.11 release
• dc239db Merge pull request #4762 from node-red/Update-German-delay-node-translations
• 4ba3c93 Add/Update German Translations for delay node
• 02893d3 Merge pull request #4755 from node-red/rel3110
• 5124bc6 Bump for 3.1.10 release
• 1048b16 Merge pull request #4754 from node-red/4752-add-rewired-to-stoplist
• bbbbb1b Merge pull request #4753 from node-red/4751-fix-group-json
• Additional commits viewable in compare view

Updates axios from 0.27.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml