easyGPT
easyGPT copied to clipboard
Published
20 hours ago β’
FrancescoCoding
FrancescoCoding
[Snyk] Upgrade axios from 1.3.4 to 1.6.5
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade axios from 1.3.4 to 1.6.5.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 11 versions ahead of your current version.
- The recommended version was released a month ago, on 2024-01-05.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Proof of Concept |
|
Prototype Pollution SNYK-JS-AXIOS-6144788 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
No Known Exploit |
|
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Proof of Concept |
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857 |
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
-
1.6.5 - 2024-01-05
Release notes:
Bug Fixes
- ci: refactor notify action as a job of publish action; (#6176) (0736f95)
- dns: fixed lookup error handling; (#6175) (f4f2b03)
Contributors to this release
-
1.6.4 - 2024-01-03
Release notes:
Bug Fixes
- security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
- security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)
Contributors to this release
-
1.6.3 - 2023-12-26
Release notes:
Bug Fixes
Contributors to this release
-
1.6.2 - 2023-11-14
Release notes:
Features
- withXSRFToken: added withXSRFToken option as a workaround to achieve the old
withCredentialsbehavior; (#6046) (cff9967)
PRs
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
π’ This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. You should now use withXSRFToken along with withCredential to get the old behavior. This functionality is considered as a fix.Contributors to this release
- withXSRFToken: added withXSRFToken option as a workaround to achieve the old
-
1.6.1 - 2023-11-08
Release notes:
Bug Fixes
- formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
- platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)
Contributors to this release
-
1.6.0 - 2023-10-26
Release notes:
Bug Fixes
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
- types: fix AxiosHeaders types; (#5931) (a1c8ad0)
PRs
- CVE 2023 45857 ( #6028 )
β οΈ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459Contributors to this release
-
1.5.1 - 2023-09-26
Release notes:
Bug Fixes
- adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
- formdata: fixed automatic addition of the
Content-Typeheader for FormData in non-browser environments; (#5917) (bc9af51) - headers: allow
content-encodingheader to handle case-insensitive values (#5890) (#5892) (4c89f25) - types: removed duplicated code (9e62056)
Contributors to this release
-
1.5.0 - 2023-08-26
Release notes:
Bug Fixes
- adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
- dns: fixed
cacheable-lookupintegration; (#5836) (b3e327d) - headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
- headers: fixed common Content-Type header merging; (#5832) (8fda276)
Features
- export getAdapter function (#5324) (ca73eb8)
- export: export adapters without
unsafeprefix (#5839) (1601f4a)
Contributors to this release
-
1.4.0 - 2023-04-27
Release notes:
Bug Fixes
- formdata: add
multipart/form-datacontent type for FormData payload on custom client environments; (#5678) (bbb61e7) - package: export package internals with unsafe path prefix; (#5677) (df38c94)
Features
- dns: added support for a custom lookup function; (#5339) (2701911)
- types: export
AxiosHeaderValuetype. (#5525) (726f1c8)
Performance Improvements
Contributors to this release
- formdata: add
-
1.3.6 - 2023-04-19
Release notes:
Bug Fixes
- types: added transport to RawAxiosRequestConfig (#5445) (6f360a2)
- utils: make isFormData detection logic stricter to avoid unnecessary calling of the
toStringmethod on the target; (#5661) (aa372f7)
Contributors to this release
- 1.3.5 - 2023-04-05
- 1.3.4 - 2023-02-22
Commit messages
Package name: axios
- 6d4c421 chore(release): v1.6.5 (#6177)
- 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
- f4f2b03 fix(dns): fixed lookup error handling; (#6175)
- 1f73dcb docs: update sponsor links
- 8790b8e chore(release): v1.6.4 (#6173)
- 0ad520d chore(ci): fix notify action; (#6172)
- 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
- 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
- 90864b3 docs: update logos
- 1542719 docs: updated headline sponsors
- b15b918 chore(release): v1.6.3 (#6151)
- b76cce0 chore(ci): added branches filter for notify action; (#6084)
- 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
- 8befb86 docs: update alloy link (#6145)
- d18f40d docs: add headline sponsors
- b3be365 chore(release): v1.6.2 (#6082)
- 8739acb chore(ci): removed redundant release action; (#6081)
- bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
- a2b0fb3 chore(docs): update README.md (#6048)
- b12a608 chore(ci): removed paths-ignore filter; (#6080)
- 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
- 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
- cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
- 7009715 chore(ci): fixed release notification action; (#6064)
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
π§ View latest project report
π Adjust upgrade PR settings
π Ignore this dependency or unsubscribe from future upgrade PRs
