clarifai-nodejs-grpc [Snyk] Upgrade axios from 0.21.1 to 0.24.0

[Snyk] Upgrade axios from 0.21.1 to 0.24.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to upgrade axios from 0.21.1 to 0.24.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 6 versions ahead of your current version.
The recommended version was released 3 months ago, on 2021-10-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

0.24.0 - 2021-10-25
0.24.0 (October 25, 2021)

Breaking changes:
- Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Jay
- Rodry
- Remco Haszing
- Isaiah Thomason
0.23.0 - 2021-10-12
0.23.0 (October 12, 2021)

Breaking changes:
- Distinguish request and response data types (#4116)
- Change never type to unknown (#4142)
- Fixed TransitionalOptions typings (#4147)
Fixes and Functionality:
- Adding globalObject: 'this' to webpack config (#3176)
- Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
- Fix missing semicolon in typings (#4115)
- Fix response headers types (#4136)
Internal and Tests:
- Improve timeout error when timeout is browser default (#3209)
- Fix node version on CI (#4069)
- Added testing to TypeScript portion of project (#4140)
Documentation:
- Rename Angular to AngularJS (#4114)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.22.0 - 2021-10-01
0.22.0 (October 01, 2021)

Fixes and Functionality:
- Caseless header comparing in HTTP adapter (#2880)
- Avoid package.json import fixing issues and warnings related to this (#4041), (#4065)
- Fixed cancelToken leakage and added AbortController support (#3305)
- Updating CI to run on release branches
- Bump follow redirects version
- Fixed default transitional config for custom Axios instance; (#4052)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Jay
- Matt R. Wilson
- Xianming Zhong
- Dmitriy Mozgovoy
0.21.4 - 2021-09-06
0.21.4 (September 6, 2021)

Fixes and Functionality:
- Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.3 - 2021-09-04
0.21.3 (September 4, 2021)

Fixes and Functionality:
- Fixing response interceptor not being called when request interceptor is attached (#4013)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Julian Hollmann
0.21.2 - 2021-09-04
0.21.2 (September 4, 2021)

Fixes and Functionality:
- Updating axios requests to be delayed by pre-emptive promise creation (#2702)
- Adding "synchronous" and "runWhen" options to interceptors api (#2702)
- Updating of transformResponse (#3377)
- Adding ability to omit User-Agent header (#3703)
- Adding multiple JSON improvements (#3688, #3763)
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
- Adding parseInt to config.timeout (#3781)
- Adding custom return type support to interceptor (#3783)
- Adding security fix for ReDoS vulnerability (#3980)
Internal and Tests:
- Updating build dev dependancies (#3401)
- Fixing builds running on Travis CI (#3538)
- Updating follow rediect version (#3694, #3771)
- Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
- Fixing tests by bumping karma-sauce-launcher version (#3813)
- Changing testing process from Travis CI to GitHub Actions (#3938)
Documentation:
- Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#3539)
- Remove duplication of item in changelog (#3523)
- Fixing gramatical errors (#2642)
- Fixing spelling error (#3567)
- Moving gitpod metion (#2637)
- Adding new axios documentation website link (#3681, #3707)
- Updating documentation around dispatching requests (#3772)
- Adding documentation for the type guard isAxiosError (#3767)
- Adding explanation of cancel token (#3803)
- Updating CI status badge (#3953)
- Fixing errors with JSON documentation (#3936)
- Fixing README typo under Request Config (#3825)
- Adding axios-multi-api to the ecosystem file (#3817)
- Adding SECURITY.md to properly disclose security vulnerabilities (#3981)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.1 - 2020-12-22
0.21.1 (December 21, 2020)

Fixes and Functionality:
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for AxiosError (#2949)
Internal and Tests:
- Remove the skipping of the socket http test (#3364)
- Use different socket for Win32 test (#3375)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Daniel Lopretto [email protected]
- Jason Kwok [email protected]
- Jay [email protected]
- Jonathan Foster [email protected]
- Remco Haszing [email protected]
- Xianming Zhong [email protected]