Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade axios from 0.21.2 to 0.21.4 #1173

Merged
merged 1 commit into from
Oct 21, 2021
Merged

[Snyk] Upgrade axios from 0.21.2 to 0.21.4 #1173

merged 1 commit into from
Oct 21, 2021

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Oct 20, 2021
edited by refine-bot
Loading

Test me! 'MASTER'
Link to SNYK-UPGRADE-AEE48F45B9183814DED449992529FEC4

Snyk has created this PR to upgrade axios from 0.21.2 to 0.21.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-09-06.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: axios
  • 0.21.4 - 2021-09-06

    0.21.4 (September 6, 2021)

    Fixes and Functionality:

    • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.3 - 2021-09-04

    0.21.3 (September 4, 2021)

    Fixes and Functionality:

    • Fixing response interceptor not being called when request interceptor is attached (#4013)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.2 - 2021-09-04

    0.21.2 (September 4, 2021)

    Fixes and Functionality:

    • Updating axios requests to be delayed by pre-emptive promise creation (#2702)
    • Adding "synchronous" and "runWhen" options to interceptors api (#2702)
    • Updating of transformResponse (#3377)
    • Adding ability to omit User-Agent header (#3703)
    • Adding multiple JSON improvements (#3688, #3763)
    • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
    • Adding parseInt to config.timeout (#3781)
    • Adding custom return type support to interceptor (#3783)
    • Adding security fix for ReDoS vulnerability (#3980)

    Internal and Tests:

    • Updating build dev dependancies (#3401)
    • Fixing builds running on Travis CI (#3538)
    • Updating follow rediect version (#3694, #3771)
    • Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
    • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
    • Fixing tests by bumping karma-sauce-launcher version (#3813)
    • Changing testing process from Travis CI to GitHub Actions (#3938)

    Documentation:

    • Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
    • Remove duplication of item in changelog (#3523)
    • Fixing gramatical errors (#2642)
    • Fixing spelling error (#3567)
    • Moving gitpod metion (#2637)
    • Adding new axios documentation website link (#3681, #3707)
    • Updating documentation around dispatching requests (#3772)
    • Adding documentation for the type guard isAxiosError (#3767)
    • Adding explanation of cancel token (#3803)
    • Updating CI status badge (#3953)
    • Fixing errors with JSON documentation (#3936)
    • Fixing README typo under Request Config (#3825)
    • Adding axios-multi-api to the ecosystem file (#3817)
    • Adding SECURITY.md to properly disclose security vulnerabilities (#3981)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

from axios GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@refine-bot
Copy link
Contributor

Hello from PR Helper

Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.

If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.

@omeraplak omeraplak merged commit defa79a into master Oct 21, 2021
@omeraplak omeraplak deleted the snyk-upgrade-aee48f45b9183814ded449992529fec4 branch October 21, 2021 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@necatiozmen necatiozmen Awaiting requested review from necatiozmen

@omeraplak omeraplak Awaiting requested review from omeraplak

@salihozdemir salihozdemir Awaiting requested review from salihozdemir

Assignees
No one assigned
Labels
auto-merge review-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@snyk-bot @refine-bot @omeraplak