Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency axios to v1.7.4 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency axios to v1.7.4 #3

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Dec 5, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
axios (source) dependencies minor 1.4.0 -> 1.7.4

By merging this PR, the issue #2 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2024-39338
High High 7.5 WS-2023-0439
High High 7.3 CVE-2023-26159
Medium Medium 6.5 CVE-2023-45857

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Contributors to this release

v1.7.1

Compare Source

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.0

Compare Source

Features
Bug Fixes
Contributors to this release

v1.6.8

Compare Source

Bug Fixes
  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)
Contributors to this release

v1.6.7

Compare Source

Bug Fixes
  • capture async stack only for rejections with native error objects; (#​6203) (1a08f90)
Contributors to this release

v1.6.6

Compare Source

Bug Fixes
Contributors to this release

v1.6.5

Compare Source

Bug Fixes
Contributors to this release

v1.6.4

Compare Source

Bug Fixes
  • security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)
Contributors to this release

v1.6.3

Compare Source

Bug Fixes
Contributors to this release

v1.6.2

Compare Source

Features
  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#​6046) (cff9967)
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.
Contributors to this release

v1.6.1

Compare Source

Bug Fixes
  • formdata: fixed content-type header normalization for non-standard browser environments; (#​6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#​6055) (3dc8369)
Contributors to this release
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

v1.6.0

Compare Source

Bug Fixes
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.1

Compare Source

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.0

Compare Source

Bug Fixes
  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#​5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#​5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#​5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#​5832) (8fda276)
Features
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Dec 5, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch from e957589 to a7396df Compare May 16, 2024 04:22
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch from a7396df to f5ab139 Compare August 26, 2024 21:26
@mend-for-github-com mend-for-github-com bot changed the title Update dependency axios to v1.6.0 Update dependency axios to v1.7.4 Aug 26, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch 2 times, most recently from fc8c821 to 8d3025e Compare September 7, 2024 04:58
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch from 8d3025e to 1cbf1cb Compare September 17, 2024 19:29
@mend-for-github-com mend-for-github-com bot changed the title Update dependency axios to v1.7.4 Update dependency axios to v1.6.0 Sep 17, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency axios to v1.6.0 Update dependency axios to v1.7.4 Sep 24, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch from 1cbf1cb to ea12b20 Compare September 24, 2024 06:09
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/axios-1.x-lockfile branch from ea12b20 to 896f507 Compare October 11, 2024 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants