fix(deps): update dependency axios [security]

[live-github-bot]

This PR contains the following updates:

Package	Type	Update	Change
axios (source)	dependencies	minor	0.26.1 -> 0.28.0
axios (source)	dependencies	minor	^0.26.1 -> ^0.28.0
axios (source)	devDependencies	minor	^0.26.1 -> ^0.28.0
axios (source)	devDependencies	minor	^0.25.0 -> ^0.28.0
axios (source)	dependencies	minor	^0.27.2 -> ^0.28.0
axios (source)	devDependencies	minor	0.26.1 -> 0.28.0
axios (source)	devDependencies	minor	1.3.4 -> 1.6.0

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios (axios)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

v0.27.2

Compare Source

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #​3785 (#​4640)
• Enhanced protocol parsing implementation (#​4639)
• Fixed bundle size

v0.27.1

Compare Source

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#​4594)
• Bumped follow-redirects to ^1.14.9 (#​4615)

v0.27.0

Compare Source

Breaking changes:

• New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#​3757)
• Removed functionality that removed the the Content-Type request header when passing FormData (#​3785)
• (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#​3645)
• Separated responsibility for FormData instantiation between transformRequest and toFormData (#​4470)
• (*) Improved and fixed multiple issues with FormData support (#​4448)

QOL and DevX improvements:

• Added a multipart/form-data testing playground allowing contributors to debug changes easily (#​4465)

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4515) & (#​4516)
• Bumped follow-redirects to ^1.14.9 (#​4562)

Internal and Tests:

• Updated dev dependencies to latest version

Documentation:

• Fixing incorrect link in changelog (#​4551)

Notes:

• (*) Please read these pull requests before updating, these changes are very impactful and far reaching.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
web-tools	❌ Failed (Inspect)			May 22, 2024 10:07pm

4 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
ledger-live-docs	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2024 10:07pm
ledger-live-github-bot	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2024 10:07pm
native-ui-storybook	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2024 10:07pm
react-ui-storybook	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2024 10:07pm

[github-actions]

There as been no activity on this PR for the last 14 days. Please consider closing this PR.