Skip to content
This repository has been archived by the owner on Mar 28, 2024. It is now read-only.

Update dependency axios to ^0.28.0 [SECURITY] #151

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 11, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) ^0.27.0 -> ^0.28.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.


Release Notes

axios/axios (axios)

v0.28.0

Compare Source

Release notes:

Bug Fixes
Backports from v1.x:
  • Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
  • Fixing content-type header repeated #​4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#​4735)
  • URL params serializer (#​4734)
  • Fixed toFormData Blob issue on node>v17 #​4728
  • Adding types for progress event callbacks #​4675
  • Fixed max body length defaults #​4731
  • Added data URL support for node.js (#​4725)
  • Added isCancel type assert (#​4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
  • Add string[] to AxiosRequestHeaders type (#​4322)
  • Allow type definition for axios instance methods (#​4224)
  • Fixed AxiosError stack capturing; (#​4718)
  • Fixed AxiosError status code type; (#​4717)
  • Adding Canceler parameters config and request (#​4711)
  • fix(types): allow to specify partial default headers for instance creation (#​4185)
  • Added blob to the list of protocols supported by the browser (#​4678)
  • Fixing Z_BUF_ERROR when no content (#​4701)
  • Fixed race condition on immediate requests cancellation (#​4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
  • Fix TS definition for AxiosRequestTransformer (#​4201)
  • Use type alias instead of interface for AxiosPromise (#​4505)
  • Include request and config when creating a CanceledError instance (#​4659)
  • Added generic TS types for the exposed toFormData helper (#​4668)
  • Optimized the code that checks cancellation (#​4587)
  • Replaced webpack with rollup (#​4596)
  • Added stack trace to AxiosError (#​4624)
  • Updated AxiosError.config to be optional in the type definition (#​4665)
  • Removed incorrect argument for NetworkError constructor (#​4656)

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency axios to v1 [SECURITY] Update dependency axios to v1 [SECURITY] - autoclosed Feb 20, 2024
@renovate renovate bot closed this Feb 20, 2024
@renovate renovate bot deleted the renovate/npm-axios-vulnerability branch February 20, 2024 22:35
@renovate renovate bot restored the renovate/npm-axios-vulnerability branch February 22, 2024 00:18
@renovate renovate bot changed the title Update dependency axios to v1 [SECURITY] - autoclosed Update dependency axios to v1 [SECURITY] Feb 22, 2024
@renovate renovate bot reopened this Feb 22, 2024
@renovate renovate bot changed the title Update dependency axios to v1 [SECURITY] Update dependency axios to ^0.28.0 [SECURITY] Feb 22, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 51c9333 to e7bb4a3 Compare February 22, 2024 00:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants