Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade axios from 0.16.2 to 0.21.0 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jan 8, 2021

Snyk has created this PR to upgrade axios from 0.16.2 to 0.21.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2020-10-23.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JS-AXIOS-174505
479/1000
Why? Has a fix available, CVSS 5.3
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.21.0 - 2020-10-23

    0.21.0 (October 23, 2020)

    Fixes and Functionality:

    • Fixing requestHeaders.Authorization (#3287)
    • Fixing node types (#3237)
    • Fixing axios.delete ignores config.data (#3282)
    • Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
    • Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)

    Internal and Tests:

    • Lock travis to not use node v15 (#3361)

    Documentation:

    • Fixing simple typo, existant -> existent (#3252)
    • Fixing typos (#3309)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.20.0 - 2020-08-21

    Release of 0.20.0-pre as a full release with no other changes.

  • 0.20.0-0 - 2020-07-15
    Read more
  • 0.19.2 - 2020-01-22
    • Remove unnecessary XSS check (#2679) (see (#2646) for discussion)
  • 0.19.1 - 2020-01-07

    Fixes and Functionality:

    • Fixing invalid agent issue (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Delete useless default to hash (#2458)
    • Fix HTTP/HTTPs agents passing to follow-redirect (#1904)
    • Fix ignore set withCredentials false (#2582)
    • Fix CI build failure (#2570)
    • Remove dependency on is-buffer from package.json (#1816)
    • Adding options typings (#2341)
    • Adding Typescript HTTP method definition for LINK and UNLINK. (#2444)
    • Update dist with newest changes, fixes Custom Attributes issue
    • Change syntax to see if build passes (#2488)
    • Update Webpack + deps, remove now unnecessary polyfills (#2410)
    • Fix to prevent XSS, throw an error when the URL contains a JS script (#2464)
    • Add custom timeout error copy in config (#2275)
    • Add error toJSON example (#2466)
    • Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)
    • Fixing subdomain handling on no_proxy (#2442)
    • Make redirection from HTTP to HTTPS work ([#2426](https://github.com/axios/axios/pull/2426] and (#2547)
    • Add toJSON property to AxiosError type (#2427)
    • Fixing socket hang up error on node side for slow response. (#1752)
    • Alternative syntax to send data into the body (#2317)
    • Fixing custom config options (#2207)
    • Fixing set config.method after mergeConfig for Axios.prototype.request (#2383)
    • Axios create url bug (#2290)
    • Do not modify config.url when using a relative baseURL (resolves #1628) (#2391)
    • Add typescript HTTP method definition for LINK and UNLINK (#2444)

    Internal:

    • Revert "Update Webpack + deps, remove now unnecessary polyfills" (#2479)
    • Order of if/else blocks is causing unit tests mocking XHR. (#2201)
    • Add license badge (#2446)
    • Fix travis CI build #2386
    • Fix cancellation error on build master. #2290 #2207 (#2407)

    Documentation:

    • Fixing typo in CHANGELOG.md: s/Functionallity/Functionality (#2639)
    • Fix badge, use master branch (#2538)
    • Fix typo in changelog #2193
    • Document fix (#2514)
    • Update docs with no_proxy change, issue #2484 (#2513)
    • Fixing missing words in docs template (#2259)
    • 🐛Fix request finally documentation in README (#2189)
    • updating spelling and adding link to docs (#2212)
    • docs: minor tweak (#2404)
    • Update response interceptor docs (#2399)
    • Update README.md (#2504)
    • Fix word 'sintaxe' to 'syntax' in README.md (#2432)
    • upadating README: notes on CommonJS autocomplete (#2256)
    • Fix grammar in README.md (#2271)
    • Doc fixes, minor examples cleanup (#2198)
  • 0.19.0 - 2019-05-30
    Read more
  • 0.19.0-beta.1 - 2018-08-09

    NOTE: This is a beta version of this release. There may be functionality that is broken in
    certain browsers, though we suspect that builds are hanging and not erroring. See
    https://saucelabs.com/u/axios for the most up-to-date information.

    New Functionality:

    • Add getUri method (#1712)
    • Add support for no_proxy env variable (#1693)
    • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
    • Add second then on axios call (#1623)
    • Typings: allow custom return types
    • Add option to specify character set in responses (with http adapter)

    Fixes:

    • Fix Keep defaults local to instance (#385)
    • Correctly catch exception in http test (#1475)
    • Fix accept header normalization (#1698)
    • Fix http adapter to allow HTTPS connections via HTTP (#959)
    • Fix Removes usage of deprecated Buffer constructor. (#1555, #1622)
    • Fix defaults to use httpAdapter if available (#1285)
      • Fixing defaults to use httpAdapter if available
      • Use a safer, cross-platform method to detect the Node environment
    • Fix Reject promise if request is cancelled by the browser (#537)
    • [Typescript] Fix missing type parameters on delete/head methods
    • [NS]: Send false flag isStandardBrowserEnv for Nativescript
    • Fix missing type parameters on delete/head
    • Fix Default method for an instance always overwritten by get
    • Fix type error when socketPath option in AxiosRequestConfig
    • Capture errors on request data streams
    • Decorate resolve and reject to clear timeout in all cases
  • 0.18.1 - 2019-06-01

    Security Fix:

    • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • 0.18.0 - 2018-02-19
    • Adding support for UNIX Sockets when running with Node.js (#1070)
    • Fixing typings (#1177):
      • AxiosRequestConfig.proxy: allows type false
      • AxiosProxyConfig: added auth field
    • Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
    • Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
    • Fixing configuration when using an instance - method can now be set (#1342)

    0.17.1 (Nov 11, 2017)

    • Fixing issue with web workers (#1160)
    • Allowing overriding transport (#1080)
    • Updating TypeScript typings (#1165, #1125, #1131)
  • 0.17.1 - 2017-11-11
  • 0.17.0 - 2017-10-21
  • 0.16.2 - 2017-06-03
from axios GitHub release notes
Commit messages
Package name: axios
  • 94ca24b Releasing 0.21.0
  • 2130a0c Updating changelog for 0.21.0 release
  • fbdc150 Lock travis to not use node v15 (#3361)
  • 3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
  • 9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
  • 6d05b96 Fix typos (#3309)
  • fa36737 fix axios.delete ignores config.data (#3282)
  • b7e954e Fixing node types (#3237)
  • 04d45f2 Fixing requestHeaders.Authorization (#3287)
  • e8c6e19 docs: Fix simple typo, existant -> existent (#3252)
  • 0d87655 Releasing 0.20.0
  • cd27741 Updating changelog for 0.20.0 release
  • ffea034 Releasing 0.20.0-0
  • fe147fb Updating changlog for 0.20.0 beta release
  • 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
  • c4300a8 Adding support for URLSearchParams in node (#1900)
  • bed6783 add table of content (preview) (#3050)
  • c70fab9 Fix stale bot config (#3049)
  • 5b08fc4 Add days and change name to work (#3035)
  • 1768c23 Update close-issues.yml (#3031)
  • 3dbf6a1 Add GitHub actions to close stale issues/prs (#3029)
  • a9010e4 Add GitHub actions to close invalid issues (#3022)
  • 36f0ad2 Replace 'blacklist' with 'blocklist' (#3006)
  • 0d69a79 Refactor mergeConfig without utils.deepMerge (#2844)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant