Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade axios from 0.18.1 to 0.21.1 #42

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade axios from 0.18.1 to 0.21.1 #42

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade axios from 0.18.1 to 0.21.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 7 months ago, on 2020-12-22.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1246392		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SSRI-1085630		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-590103		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JS-NODENOTIFIER-1035794		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS )
SNYK-JS-MARKED-584281		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.21.1 - 2020-12-22

    0.21.1 (December 21, 2020)

    Fixes and Functionality:

    • Hotfix: Prevent SSRF (#3410)
    • Protocol not parsed when setting proxy config from env vars (#3070)
    • Updating axios in types to be lower case (#2797)
    • Adding a type guard for AxiosError (#2949)

    Internal and Tests:

    • Remove the skipping of the socket http test (#3364)
    • Use different socket for Win32 test (#3375)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.0 - 2020-10-23

    0.21.0 (October 23, 2020)

    Fixes and Functionality:

    • Fixing requestHeaders.Authorization (#3287)
    • Fixing node types (#3237)
    • Fixing axios.delete ignores config.data (#3282)
    • Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
    • Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)

    Internal and Tests:

    • Lock travis to not use node v15 (#3361)

    Documentation:

    • Fixing simple typo, existant -> existent (#3252)
    • Fixing typos (#3309)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.20.0 - 2020-08-21

    Release of 0.20.0-pre as a full release with no other changes.

  • 0.20.0-0 - 2020-07-15
    Read more
  • 0.19.2 - 2020-01-22
    • Remove unnecessary XSS check (#2679) (see (#2646) for discussion)
  • 0.19.1 - 2020-01-07

    Fixes and Functionality:

    • Fixing invalid agent issue (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Delete useless default to hash (#2458)
    • Fix HTTP/HTTPs agents passing to follow-redirect (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Fix CI build failure (#2570)
    • Remove dependency on is-buffer from package.json (#1816)
    • Adding options typings (#2341)
    • Adding Typescript HTTP method definition for LINK and UNLINK. (#2444)
    • Update dist with newest changes, fixes Custom Attributes issue
    • Change syntax to see if build passes (#2488)
    • Update Webpack + deps, remove now unnecessary polyfills (#2410)
    • Fix to prevent XSS, throw an error when the URL contains a JS script (#2464)
    • Add custom timeout error copy in config (#2275)
    • Add error toJSON example (#2466)
    • Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)
    • Fixing subdomain handling on no_proxy (#2442)
    • Make redirection from HTTP to HTTPS work ([#2426](https://github.com/axios/axios/pull/2426] and (#2547)
    • Add toJSON property to AxiosError type (#2427)
    • Fixing socket hang up error on node side for slow response. (#1752)
    • Alternative syntax to send data into the body (#2317)
    • Fixing custom config options (#2207)
    • Fixing set config.method after mergeConfig for Axios.prototype.request (#2383)
    • Axios create url bug (#2290)
    • Do not modify config.url when using a relative baseURL (resolves #1628) (#2391)
    • Add typescript HTTP method definition for LINK and UNLINK (#2444)

    Internal:

    • Revert "Update Webpack + deps, remove now unnecessary polyfills" (#2479)
    • Order of if/else blocks is causing unit tests mocking XHR. (#2201)
    • Add license badge (#2446)
    • Fix travis CI build #2386
    • Fix cancellation error on build master. #2290 #2207 (#2407)

    Documentation:

    • Fixing typo in CHANGELOG.md: s/Functionallity/Functionality (#2639)
    • Fix badge, use master branch (#2538)
    • Fix typo in changelog #2193
    • Document fix (#2514)
    • Update docs with no_proxy change, issue #2484 (#2513)
    • Fixing missing words in docs template (#2259)
    • 🐛Fix request finally documentation in README (#2189)
    • updating spelling and adding link to docs (#2212)
    • docs: minor tweak (#2404)
    • Update response interceptor docs (#2399)
    • Update README.md (#2504)
    • Fix word 'sintaxe' to 'syntax' in README.md (#2432)
    • upadating README: notes on CommonJS autocomplete (#2256)
    • Fix grammar in README.md (#2271)
    • Doc fixes, minor examples cleanup (#2198)
  • 0.19.0 - 2019-05-30
    Read more
  • 0.19.0-beta.1 - 2018-08-09

    NOTE: This is a beta version of this release. There may be functionality that is broken in
    certain browsers, though we suspect that builds are hanging and not erroring. See
    https://saucelabs.com/u/axios for the most up-to-date information.

    New Functionality:

    • Add getUri method (#1712)
    • Add support for no_proxy env variable (#1693)
    • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
    • Add second then on axios call (#1623)
    • Typings: allow custom return types
    • Add option to specify character set in responses (with http adapter)

    Fixes:

    • Fix Keep defaults local to instance (#385)
    • Correctly catch exception in http test (#1475)
    • Fix accept header normalization (#1698)
    • Fix http adapter to allow HTTPS connections via HTTP (#959)
    • Fix Removes usage of deprecated Buffer constructor. (#1555, #1622)
    • Fix defaults to use httpAdapter if available (#1285)
      • Fixing defaults to use httpAdapter if available
      • Use a safer, cross-platform method to detect the Node environment
    • Fix Reject promise if request is cancelled by the browser (#537)
    • [Typescript] Fix missing type parameters on delete/head methods
    • [NS]: Send false flag isStandardBrowserEnv for Nativescript
    • Fix missing type parameters on delete/head
    • Fix Default method for an instance always overwritten by get
    • Fix type error when socketPath option in AxiosRequestConfig
    • Capture errors on request data streams
    • Decorate resolve and reject to clear timeout in all cases
  • 0.18.1 - 2019-06-01

    Security Fix:

    • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
from axios GitHub release notes
Commit messages
Package name: axios

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot