Skip to content

Update dependency axios to v1 #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Nov 3, 2024

This PR contains the following updates:

Package Type Update Change
axios (source) dependencies major ^0.21.1 -> ^1.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability
High High 7.5 CVE-2025-27152
High High 7.5 WS-2023-0439
High High 7.3 CVE-2023-26159
Medium Medium 6.5 CVE-2022-0155
Medium Medium 6.5 CVE-2023-45857
Medium Medium 6.5 CVE-2024-28849
Low Low 2.6 CVE-2022-0536

Release Notes

axios/axios (axios)

v1.8.2

Compare Source

Bug Fixes
  • http-adapter: add allowAbsoluteUrls to path building (#​6810) (fb8eec2)
Contributors to this release

v1.8.1

Compare Source

Bug Fixes
  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#​6789) (36a5a62)
Contributors to this release

v1.8.0

Compare Source

Bug Fixes
Features
Reverts
BREAKING CHANGES
  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts
Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes
Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes
Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes
Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes
Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes
Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.9

Compare Source

Reverts
Contributors to this release

v1.7.8

Compare Source

Bug Fixes
Contributors to this release

v1.7.7

Compare Source

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

v1.7.6

Compare Source

Bug Fixes
Contributors to this release

v1.7.5

Compare Source

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Contributors to this release

v1.7.1

Compare Source

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.0

Compare Source

Features
Bug Fixes
Contributors to this release

v1.6.8

Compare Source

Bug Fixes
  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)
Contributors to this release

v1.6.7

Compare Source

Bug Fixes
  • capture async stack only for rejections with native error objects; (#​6203) (1a08f90)
Contributors to this release

v1.6.6

Compare Source

Bug Fixes
Contributors to this release

v1.6.5

Compare Source

Bug Fixes
Contributors to this release

v1.6.4

Compare Source

Bug Fixes
  • security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)
Contributors to this release

v1.6.3

Compare Source

Bug Fixes
Contributors to this release

v1.6.2

Compare Source

Features
  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#​6046) (cff9967)
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.
Contributors to this release

v1.6.1

Compare Source

Bug Fixes
  • formdata: fixed content-type header normalization for non-standard browser environments; (#​6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#​6055) (3dc8369)
Contributors to this release
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

v1.6.0

Compare Source

Bug Fixes
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.1

Compare Source

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.0

Compare Source

Bug Fixes
  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#​5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#​5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#​5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#​5832) (8fda276)
Features
Contributors to this release

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 3, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency axios to v1 Update dependency axios to v1 - autoclosed Mar 21, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/axios-1.x branch March 21, 2025 04:54
@mend-for-github-com mend-for-github-com bot changed the title Update dependency axios to v1 - autoclosed Update dependency axios to v1 Mar 25, 2025
@mend-for-github-com mend-for-github-com bot reopened this Mar 25, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x branch from 318309d to 3225c63 Compare March 25, 2025 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants