vue-simple-upload
vue-simple-upload copied to clipboard
Published
20 hours ago •
debug-null
debug-null
[Snyk] Upgrade axios from 0.19.2 to 0.28.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade axios from 0.19.2 to 0.28.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 17 versions ahead of your current version.
- The recommended version was released 22 days ago, on 2024-02-12.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
|
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
|
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Proof of Concept |
 |
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
-
0.28.0 - 2024-02-12
Release notes:
Bug Fixes
- fix(security): fixed CVE-2023-45857 by backporting
withXSRFTokenoption to v0.x (#6091)
Backports from v1.x:
- Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
- Fixing content-type header repeated #4745
- Fixed timeout error message for HTTP 4738
- Added
axios.formToJSONmethod (#4735) - URL params serializer (#4734)
- Fixed toFormData Blob issue on node>v17 #4728
- Adding types for progress event callbacks #4675
- Fixed max body length defaults #4731
- Added data URL support for node.js (#4725)
- Added isCancel type assert (#4293)
- Added the ability for the
url-encoded-formserializer to respect theformSerializerconfig (#4721) - Add
string[]toAxiosRequestHeaderstype (#4322) - Allow type definition for axios instance methods (#4224)
- Fixed
AxiosErrorstack capturing; (#4718) - Fixed
AxiosErrorstatus code type; (#4717) - Adding Canceler parameters config and request (#4711)
- fix(types): allow to specify partial default headers for instance creation (#4185)
- Added
blobto the list of protocols supported by the browser (#4678) - Fixing Z_BUF_ERROR when no content (#4701)
- Fixed race condition on immediate requests cancellation (#4261)
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
- Fix TS definition for AxiosRequestTransformer (#4201)
- Use type alias instead of interface for AxiosPromise (#4505)
- Include request and config when creating a CanceledError instance (#4659)
- Added generic TS types for the exposed toFormData helper (#4668)
- Optimized the code that checks cancellation (#4587)
- Replaced webpack with rollup (#4596)
- Added stack trace to AxiosError (#4624)
- Updated AxiosError.config to be optional in the type definition (#4665)
- Removed incorrect argument for NetworkError constructor (#4656)
- fix(security): fixed CVE-2023-45857 by backporting
- 0.27.2 - 2022-04-27
- 0.27.1 - 2022-04-26
- 0.27.0 - 2022-04-25
- 0.26.1 - 2022-03-09
- 0.26.0 - 2022-02-13
- 0.25.0 - 2022-01-18
- 0.24.0 - 2021-10-25
- 0.23.0 - 2021-10-12
- 0.22.0 - 2021-10-01
- 0.21.4 - 2021-09-06
- 0.21.3 - 2021-09-04
- 0.21.2 - 2021-09-04
- 0.21.1 - 2020-12-22
- 0.21.0 - 2020-10-23
- 0.20.0 - 2020-08-21
- 0.20.0-0 - 2020-07-15
- 0.19.2 - 2020-01-22
Commit messages
Package name: axios
- 3b7635a [Release] v0.28.0 (#6211)
- 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
- 80c3d74 chore(ci): backported publish action; (#6224)
- 2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
- 880b42e docs: Fix a typo in README
- c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
- 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (#4927)
- 80b546c fix: loosing request header (#4858) (#4871)
- 6acb5ef feat: brower platform add data protocol. (#4814)
- bbb2264 fix(typing): axios response headers can be undefined (#4813)
- eff25a2 chore: updated close stale workflow
- 6b44df0 chore: added dependancy review
- 94c1f7d chore: added code QL for the 0.x branch
- 5576c2f chore: update ci runner rules
- 871ef05 Fix - Request ignores false, 0 and empty string as body values (#4786)
- 3dad74c Update base with master (#4754)
- 12103f8 chore: adjusted CI to run on any current and future version branches
- 1504792 Fixing content-type header repeated (#4745)
- a11f950 Fix/4737/timeout error message for http (#4738)
- 9bb016f chore: updated actions to run on new version based branches
- c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
- a02fe28 Updated README.md; (#4742)
- 59dfed6 Bump grunt from 1.5.2 to 1.5.3 (#4743)
- c008e57 Added `axios.formToJSON` method; (#4735)
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| vue-simple-upload | ❌ Failed (Inspect) | Mar 6, 2024 4:28am |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}