origin
origin copied to clipboard
Update dependency axios to ^0.21.0 [SECURITY]
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
axios (source) | ^0.19.2 -> ^0.21.0 |
GitHub Vulnerability Alerts
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
CVE-2021-3749
axios is vulnerable to Inefficient Regular Expression Complexity
Release Notes
axios/axios
v0.21.2
Fixes and Functionality:
- Updating axios requests to be delayed by pre-emptive promise creation (#2702)
- Adding "synchronous" and "runWhen" options to interceptors api (#2702)
- Updating of transformResponse (#3377)
- Adding ability to omit User-Agent header (#3703)
- Adding multiple JSON improvements (#3688, #3763)
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
- Adding parseInt to config.timeout (#3781)
- Adding custom return type support to interceptor (#3783)
- Adding security fix for ReDoS vulnerability (#3980)
Internal and Tests:
- Updating build dev dependancies (#3401)
- Fixing builds running on Travis CI (#3538)
- Updating follow rediect version (#3694, #3771)
- Updating karma sauce launcher to fix failing sauce tests (#3712, #3717)
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
- Fixing tests by bumping karma-sauce-launcher version (#3813)
- Changing testing process from Travis CI to GitHub Actions (#3938)
Documentation:
- Updating documentation around the use of
AUTH_TOKEN
with multiple domain endpoints (#3539) - Remove duplication of item in changelog (#3523)
- Fixing gramatical errors (#2642)
- Fixing spelling error (#3567)
- Moving gitpod metion (#2637)
- Adding new axios documentation website link (#3681, #3707)
- Updating documentation around dispatching requests (#3772)
- Adding documentation for the type guard isAxiosError (#3767)
- Adding explanation of cancel token (#3803)
- Updating CI status badge (#3953)
- Fixing errors with JSON documentation (#3936)
- Fixing README typo under Request Config (#3825)
- Adding axios-multi-api to the ecosystem file (#3817)
- Adding SECURITY.md to properly disclose security vulnerabilities (#3981)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Jay
- Sasha Korotkov
- Daniel Lopretto
- Mike Bishop
- Dmitriy Mozgovoy
- Mark
- Philipe Gouveia Paixão
- hippo
- ready-research
- Xianming Zhong
- Christopher Chrapka
- Brian Anglin
- Kohta Ito
- Ali Clark
- caikan
- Elina Gorshkova
- Ryota Ikezawa
- Nisar Hassan Naqvi
- Jake
- TagawaHirotaka
- Johannes Jarbratt
- Mo Sattler
- Sam Carlton
- Matt Czapliński
- Ziding Zhang
v0.21.1
Fixes and Functionality:
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for
AxiosError
(#2949)
Internal and Tests:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Daniel Lopretto <timemachine3030@users.noreply.github.com>
- Jason Kwok [email protected]
- Jay [email protected]
- Jonathan Foster [email protected]
- Remco Haszing [email protected]
- Xianming Zhong [email protected]
v0.21.0
Fixes and Functionality:
- Fixing requestHeaders.Authorization (#3287)
- Fixing node types (#3237)
- Fixing axios.delete ignores config.data (#3282)
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
Internal and Tests:
- Lock travis to not use node v15 (#3361)
Documentation:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Allan Cruz [email protected]
- George Cheng [email protected]
- Jay [email protected]
- Kevin Kirsche [email protected]
- Remco Haszing [email protected]
- Taemin Shin <cprayer13@gmail.com>
- Tim Gates [email protected]
- Xianming Zhong [email protected]
v0.20.0
Release of 0.20.0-pre as a full release with no other changes.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.