Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade axios from 0.18.0 to 0.19.1 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Feb 3, 2020

Snyk has created this PR to upgrade axios from 0.18.0 to 0.19.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-01-07.

The recommended version fixes:

Severity Issue Exploit Maturity
Denial of Service (DoS)
SNYK-JS-AXIOS-174505
No Known Exploit
Release notes
Package name: axios
  • 0.19.1 - 2020-01-07

    Fixes and Functionality:

    • Fixing invalid agent issue (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Delete useless default to hash (#2458)
    • Fix HTTP/HTTPs agents passing to follow-redirect (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Fix CI build failure (#2570)
    • Remove dependency on is-buffer from package.json (#1816)
    • Adding options typings (#2341)
    • Adding Typescript HTTP method definition for LINK and UNLINK. (#2444)
    • Update dist with newest changes, fixes Custom Attributes issue
    • Change syntax to see if build passes (#2488)
    • Update Webpack + deps, remove now unnecessary polyfills (#2410)
    • Fix to prevent XSS, throw an error when the URL contains a JS script (#2464)
    • Add custom timeout error copy in config (#2275)
    • Add error toJSON example (#2466)
    • Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)
    • Fixing subdomain handling on no_proxy (#2442)
    • Make redirection from HTTP to HTTPS work ([#2426](https://github.com/axios/axios/pull/2426] and (#2547)
    • Add toJSON property to AxiosError type (#2427)
    • Fixing socket hang up error on node side for slow response. (#1752)
    • Alternative syntax to send data into the body (#2317)
    • Fixing custom config options (#2207)
    • Fixing set config.method after mergeConfig for Axios.prototype.request (#2383)
    • Axios create url bug (#2290)
    • Do not modify config.url when using a relative baseURL (resolves #1628) (#2391)
    • Add typescript HTTP method definition for LINK and UNLINK (#2444)

    Internal:

    • Revert "Update Webpack + deps, remove now unnecessary polyfills" (#2479)
    • Order of if/else blocks is causing unit tests mocking XHR. (#2201)
    • Add license badge (#2446)
    • Fix travis CI build #2386
    • Fix cancellation error on build master. #2290 #2207 (#2407)

    Documentation:

    • Fixing typo in CHANGELOG.md: s/Functionallity/Functionality (#2639)
    • Fix badge, use master branch (#2538)
    • Fix typo in changelog #2193
    • Document fix (#2514)
    • Update docs with no_proxy change, issue #2484 (#2513)
    • Fixing missing words in docs template (#2259)
    • 🐛Fix request finally documentation in README (#2189)
    • updating spelling and adding link to docs (#2212)
    • docs: minor tweak (#2404)
    • Update response interceptor docs (#2399)
    • Update README.md (#2504)
    • Fix word 'sintaxe' to 'syntax' in README.md (#2432)
    • upadating README: notes on CommonJS autocomplete (#2256)
    • Fix grammar in README.md (#2271)
    • Doc fixes, minor examples cleanup (#2198)
  • 0.19.0 - 2019-05-30

    Fixes and Functionality:

    • Unzip response body only for statuses != 204 (#1129) - drawski
    • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
    • Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
    • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
    • Allow uppercase methods in typings. (#1781) - Ken Powers
    • Fixing .eslintrc without extension (#1789) - Manoel
    • Consistent coding style (#1787) - Ali Servet Donmez
    • Fixing building url with hash mark (#1771) - Anatoly Ryabov
    • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
    • Preserve HTTP method when following redirect (#1758) - Rikki Gibson
    • Add getUri signature to TypeScript definition. (#1736) - Alexander Trauzzi
    • Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
    • Fix failing SauceLabs tests by updating configuration - Emily Morehouse

    Documentation:

    • Add information about auth parameter to README (#2166) - xlaguna
    • Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
    • Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
    • Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
    • Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
    • Fixing spacing for README.md (#2066) - Josh McCarty
    • Update README.md. - Change .then to .finally in example code (#2090) - Omar Cai
    • Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
    • docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
    • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
    • Add issue templates - Emily Morehouse
    • Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
    • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
    • Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer
  • 0.19.0-beta.1 - 2018-08-09

    NOTE: This is a beta version of this release. There may be functionality that is broken in
    certain browsers, though we suspect that builds are hanging and not erroring. See
    https://saucelabs.com/u/axios for the most up-to-date information.

    New Functionality:

    • Add getUri method (#1712)
    • Add support for no_proxy env variable (#1693)
    • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
    • Add second then on axios call (#1623)
    • Typings: allow custom return types
    • Add option to specify character set in responses (with http adapter)

    Fixes:

    • Fix Keep defaults local to instance (#385)
    • Correctly catch exception in http test (#1475)
    • Fix accept header normalization (#1698)
    • Fix http adapter to allow HTTPS connections via HTTP (#959)
    • Fix Removes usage of deprecated Buffer constructor. (#1555, #1622)
    • Fix defaults to use httpAdapter if available (#1285)
      • Fixing defaults to use httpAdapter if available
      • Use a safer, cross-platform method to detect the Node environment
    • Fix Reject promise if request is cancelled by the browser (#537)
    • [Typescript] Fix missing type parameters on delete/head methods
    • [NS]: Send false flag isStandardBrowserEnv for Nativescript
    • Fix missing type parameters on delete/head
    • Fix Default method for an instance always overwritten by get
    • Fix type error when socketPath option in AxiosRequestConfig
    • Capture errors on request data streams
    • Decorate resolve and reject to clear timeout in all cases
  • 0.18.1 - 2019-06-01

    Security Fix:

    • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • 0.18.0 - 2018-02-19
    • Adding support for UNIX Sockets when running with Node.js (#1070)
    • Fixing typings (#1177):
      • AxiosRequestConfig.proxy: allows type false
      • AxiosProxyConfig: added auth field
    • Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
    • Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
    • Fixing configuration when using an instance - method can now be set (#1342)

    0.17.1 (Nov 11, 2017)

    • Fixing issue with web workers (#1160)
    • Allowing overriding transport (#1080)
    • Updating TypeScript typings (#1165, #1125, #1131)
from axios GitHub release notes
Commit messages
Package name: axios
  • 960e1c8 Releasing 0.19.1
  • 8a9421d Fixing typo in CHANGELOG.md: s/Functionallity/Functionality (#2639)
  • ee47120 If this place is false, it will report an error, so you should delete the useless code. (#2458)
  • 03e6f4b Fixing invalid agent issue (#1904)
  • dc4bc49 fix: fix ignore set withCredentials false (#2582)
  • 13c948e Remove 'includes' API, fix CI build failure (#2574)
  • fa6cf01 fixing Travis link (#2540)
  • a17c70c Fix CI build failure (#2570)
  • 1a32ca0 Remove dependency on is-buffer (#1816)
  • 0cc22c2 Fix badge, use master branch (#2538)
  • 8414664 Fix XSS logic that matched some valid urls (#2529)
  • bbfd5b1 Adding options typings (#2341)
  • 55aaebc Document fix (#2514)
  • 86d7750 Update docs with no_proxy change, issue #2484 (#2513)
  • b0afbed Adding Typescript HTTP method definition for LINK and UNLINK. (#2444)
  • fa68fd3 Update README.md (#2504)
  • 0979486 Revert "Update Webpack + deps, remove now unnecessary polyfills" (#2479)
  • 494d817 Change syntax to see if build passes (#2488)
  • 189b34c Update Webpack + deps, remove now unnecessary polyfills (#2410)
  • 29da6b2 Fix to prevent XSS, throw an error when the URL contains a JS script (#2464)
  • ee60ee3 Fixing missing words in docs template (#2259)
  • 6284abf custom timeout prompt copy (#2275)
  • ccca5e0 Add error toJSON example (#2466)
  • 19969b4 Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"axios","from":"0.18.0","to":"0.19.1"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/adifaidz/project/2795ac3b-b519-4036-a113-e901f0792f11?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"2795ac3b-b519-4036-a113-e901f0792f11","env":"prod","prType":"upgrade","vulns":["SNYK-JS-AXIOS-174505"],"issuesToFix":[{"issueId":"SNYK-JS-AXIOS-174505","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit"}],"upgrade":["SNYK-JS-AXIOS-174505"],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2020-01-07T17:23:39.782Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Download continues after maxContentLength exceeded
1 participant