Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade axios from 0.23.0 to 0.28.0 #434

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

stanleyowen
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.23.0 to 0.28.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2024-02-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-6096077
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-5871286
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.28.0 - 2024-02-12

    Release notes:

    Bug Fixes

    Backports from v1.x:

    • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
    • Fixing content-type header repeated #4745
    • Fixed timeout error message for HTTP 4738
    • Added axios.formToJSON method (#4735)
    • URL params serializer (#4734)
    • Fixed toFormData Blob issue on node>v17 #4728
    • Adding types for progress event callbacks #4675
    • Fixed max body length defaults #4731
    • Added data URL support for node.js (#4725)
    • Added isCancel type assert (#4293)
    • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
    • Add string[] to AxiosRequestHeaders type (#4322)
    • Allow type definition for axios instance methods (#4224)
    • Fixed AxiosError stack capturing; (#4718)
    • Fixed AxiosError status code type; (#4717)
    • Adding Canceler parameters config and request (#4711)
    • fix(types): allow to specify partial default headers for instance creation (#4185)
    • Added blob to the list of protocols supported by the browser (#4678)
    • Fixing Z_BUF_ERROR when no content (#4701)
    • Fixed race condition on immediate requests cancellation (#4261)
    • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
    • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
    • Fix TS definition for AxiosRequestTransformer (#4201)
    • Use type alias instead of interface for AxiosPromise (#4505)
    • Include request and config when creating a CanceledError instance (#4659)
    • Added generic TS types for the exposed toFormData helper (#4668)
    • Optimized the code that checks cancellation (#4587)
    • Replaced webpack with rollup (#4596)
    • Added stack trace to AxiosError (#4624)
    • Updated AxiosError.config to be optional in the type definition (#4665)
    • Removed incorrect argument for NetworkError constructor (#4656)
  • 0.27.2 - 2022-04-27
  • 0.27.1 - 2022-04-26
  • 0.27.0 - 2022-04-25
  • 0.26.1 - 2022-03-09
  • 0.26.0 - 2022-02-13
  • 0.25.0 - 2022-01-18
  • 0.24.0 - 2021-10-25
  • 0.23.0 - 2021-10-12
from axios GitHub release notes
Commit messages
Package name: axios
  • 3b7635a [Release] v0.28.0 (#6211)
  • 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
  • 80c3d74 chore(ci): backported publish action; (#6224)
  • 2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
  • 880b42e docs: Fix a typo in README
  • c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (#4927)
  • 80b546c fix: loosing request header (#4858) (#4871)
  • 6acb5ef feat: brower platform add data protocol. (#4814)
  • bbb2264 fix(typing): axios response headers can be undefined (#4813)
  • eff25a2 chore: updated close stale workflow
  • 6b44df0 chore: added dependancy review
  • 94c1f7d chore: added code QL for the 0.x branch
  • 5576c2f chore: update ci runner rules
  • 871ef05 Fix - Request ignores false, 0 and empty string as body values (#4786)
  • 3dad74c Update base with master (#4754)
  • 12103f8 chore: adjusted CI to run on any current and future version branches
  • 1504792 Fixing content-type header repeated (#4745)
  • a11f950 Fix/4737/timeout error message for http (#4738)
  • 9bb016f chore: updated actions to run on new version based branches
  • c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
  • a02fe28 Updated README.md; (#4742)
  • 59dfed6 Bump grunt from 1.5.2 to 1.5.3 (#4743)
  • c008e57 Added `axios.formToJSON` method; (#4735)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Copy link

netlify bot commented Mar 4, 2024

Deploy Preview for otlio ready!

Name Link
🔨 Latest commit dfd6956
🔍 Latest deploy log https://app.netlify.com/sites/otlio/deploys/65e6506c35c2550008ee9fea
😎 Deploy Preview https://deploy-preview-434--otlio.netlify.app/
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 70 (🟢 up 3 from production)
Accessibility: 97 (🟢 up 3 from production)
Best Practices: 92 (🟢 up 9 from production)
SEO: 97 (no change from production)
PWA: 70 (no change from production)
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants