Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade axios from 0.18.1 to 0.27.2 #137

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade axios from 0.18.1 to 0.27.2 #137

wants to merge 1 commit into from

Conversation

engbaher77
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.18.1 to 0.27.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 20 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2022-04-27.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.27.2 - 2022-04-27

    Fixes and Functionality:

    • Fixed FormData posting in browser environment by reverting #3785 (#4640)
    • Enhanced protocol parsing implementation (#4639)
    • Fixed bundle size
  • 0.27.1 - 2022-04-26

    Fixes and Functionality:

    • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
    • Bumped follow-redirects to ^1.14.9 (#4615)
  • 0.27.0 - 2022-04-25

    Breaking changes:

    • New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#3757)
    • Removed functionality that removed the the Content-Type request header when passing FormData (#3785)
    • (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#3645)
    • Separated responsibility for FormData instantiation between transformRequest and toFormData (#4470)
    • (*) Improved and fixed multiple issues with FormData support (#4448)

    QOL and DevX improvements:

    • Added a multipart/form-data testing playground allowing contributors to debug changes easily (#4465)

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4515) & (#4516)
    • Bumped follow-redirects to ^1.14.9 (#4562)

    Internal and Tests:

    • Updated dev dependencies to latest version

    Documentation:

    • Fixing incorrect link in changelog (#4551)

    Notes:

    • (*) Please read these pull requests before updating, these changes are very impactful and far reaching.
  • 0.26.1 - 2022-03-09

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4220)
  • 0.26.0 - 2022-02-13

    Fixes and Functionality:

    • Fixed The timeoutErrorMessage property in config not work with Node.js (#3581)
    • Added errors to be displayed when the query parsing process itself fails (#3961)
    • Fix/remove url required (#4426)
    • Update follow-redirects dependency due to Vulnerability (#4462)
    • Bump karma from 6.3.11 to 6.3.14 (#4461)
    • Bump follow-redirects from 1.14.7 to 1.14.8 (#4473)
  • 0.25.0 - 2022-01-18

    Breaking changes:

    • Fixing maxBodyLength enforcement (#3786)
    • Don't rely on strict mode behaviour for arguments (#3470)
    • Adding error handling when missing url (#3791)
    • Update isAbsoluteURL.js removing escaping of non-special characters (#3809)
    • Use native Array.isArray() in utils.js (#3836)
    • Adding error handling inside stream end callback (#3967)

    Fixes and Functionality:

    • Added aborted even handler (#3916)
    • Header types expanded allowing boolean and number types (#4144)
    • Fix cancel signature allowing cancel message to be undefined (#3153)
    • Updated type checks to be formulated better (#3342)
    • Avoid unnecessary buffer allocations (#3321)
    • Adding a socket handler to keep TCP connection live when processing long living requests (#3422)
    • Added toFormData helper function (#3757)
    • Adding responseEncoding prop type in AxiosRequestConfig (#3918)

    Internal and Tests:

    • Adding axios-test-instance to ecosystem (#3786)
    • Optimize the logic of isAxiosError (#3546)
    • Add tests and documentation to display how multiple inceptors work (#3564)
    • Updating follow-redirects to version 1.14.7 (#4379)

    Documentation:

    • Fixing changelog to show corrext pull request (#4219)
    • Update upgrade guide for https proxy setting (#3604)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.24.0 - 2021-10-25

    Breaking changes:

    • Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.23.0 - 2021-10-12

    Breaking changes:

    • Distinguish request and response data types (#4116)
    • Change never type to unknown (#4142)
    • Fixed TransitionalOptions typings (#4147)

    Fixes and Functionality:

    • Adding globalObject: 'this' to webpack config (#3176)
    • Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
    • Fix missing semicolon in typings (#4115)
    • Fix response headers types (#4136)

    Internal and Tests:

    • Improve timeout error when timeout is browser default (#3209)
    • Fix node version on CI (#4069)
    • Added testing to TypeScript portion of project (#4140)

    Documentation:

    • Rename Angular to AngularJS (#4114)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.22.0 - 2021-10-01

    Fixes and Functionality:

    • Caseless header comparing in HTTP adapter (#2880)
    • Avoid package.json import fixing issues and warnings related to this (#4041), (#4065)
    • Fixed cancelToken leakage and added AbortController support (#3305)
    • Updating CI to run on release branches
    • Bump follow redirects version
    • Fixed default transitional config for custom Axios instance; (#4052)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.4 - 2021-09-06

    Fixes and Functionality:

    • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.3 - 2021-09-04
  • 0.21.2 - 2021-09-04
  • 0.21.1 - 2020-12-22
  • 0.21.0 - 2020-10-23
  • 0.20.0 - 2020-08-21
  • 0.20.0-0 - 2020-07-15
  • 0.19.2 - 2020-01-22
  • 0.19.1 - 2020-01-07
  • 0.19.0 - 2019-05-30
  • 0.19.0-beta.1 - 2018-08-09
  • 0.18.1 - 2019-06-01
from axios GitHub release notes
Commit messages
Package name: axios
  • bc733fe Releasing v0.27.2
  • b9e9fb4 Enhanced protocol parsing implementation to fix #4633; (#4639)
  • 76432c1 Fixed FormData posting in browser environment by reverting #3785; (#4640)
  • 82fd15f Combined build process and cleaned it up a bit
  • 1d82af1 Fixing issues with bundle sizes
  • bcb166e Fixed incorrect date in changelog
  • 838f53b Merge branch 'master' of github.com:axios/axios
  • cb9c534 Releasing v0.27.1
  • 91d21fc Releasing v0.72.1
  • 167cb8b Remove eslint-g package as this seems have been added in error
  • 4f7e3e3 Removed import of url module in browser build due to significant size overhead; (#4594)
  • cdd7add Fixed date on chnagelog
  • f94dda9 Bump async from 2.6.3 to 2.6.4 (#4615)
  • 008dd9d Releaseing version 0.27.0
  • ee151a7 Revert some changes that are only required when we actually release
  • 499d3be follow-redirects to ^1.14.9 (#4562)
  • d24ce8e Updated a number of out of date dev packages
  • 5b0d492 Bump minimist from 1.2.5 to 1.2.6 (#4574)
  • cdda1ad Merge branch 'carpben-env-form-data'
  • 3e0954d Fixed merge conflicts
  • a3dd603 Merge branch 'Tivix-fix#1603'
  • 9b8e004 Merge branch 'fix#1603' of https://github.com/Tivix/axios into Tivix-fix#1603
  • 1f13dd7 Fixed some imports that were not correct
  • 8699891 Fixed merge conflicts

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@engbaher77 @snyk-bot