cli
cli copied to clipboard
netlify
chore(deps): bump axios from 1.5.1 to 1.6.2
Bumps axios from 1.5.1 to 1.6.2.
Release notes
Sourced from axios's releases.
Release v1.6.2
Release notes:
Features
- withXSRFToken: added withXSRFToken option as a workaround to achieve the old
withCredentialsbehavior; (#6046) (cff9967)PRs
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. You should now use withXSRFToken along with withCredential to get the old behavior. This functionality is considered as a fix.Contributors to this release
Release v1.6.1
Release notes:
Bug Fixes
- formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
- platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)
Contributors to this release
Release v1.6.0
Release notes:
Bug Fixes
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
- types: fix AxiosHeaders types; (#5931) (a1c8ad0)
PRs
- CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459Contributors to this release
... (truncated)
Changelog
Sourced from axios's changelog.
1.6.2 (2023-11-14)
Features
- withXSRFToken: added withXSRFToken option as a workaround to achieve the old
withCredentialsbehavior; (#6046) (cff9967)PRs
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. You should now use withXSRFToken along with withCredential to get the old behavior. This functionality is considered as a fix.Contributors to this release
1.6.1 (2023-11-08)
Bug Fixes
- formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
- platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)
Contributors to this release
PRs
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. You should now use withXSRFToken along with withCredential to get the old behavior. This functionality is considered as a fix.1.6.0 (2023-10-26)
Bug Fixes
... (truncated)
Commits
b3be365chore(release): v1.6.2 (#6082)8739acbchore(ci): removed redundant release action; (#6081)bfa9c30chore(docs): fix outdated grunt to npm scripts (#6073)a2b0fb3chore(docs): update README.md (#6048)b12a608chore(ci): removed paths-ignore filter; (#6080)0c9d886chore(ci): reworked ignoring files logic; (#6079)30873eechore(ci): add paths-ignore config to testing action; (#6078)cff9967feat(withXSRFToken): added withXSRFToken option as a workaround to achieve th...7009715chore(ci): fixed release notification action; (#6064)7144f10chore(ci): fixed release notification action; (#6063)- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
📊 Benchmark results
Comparing with 3f37b8e6b99b4fe93b82d41c6aaa6629f92b6d27
- Dependency count: 1,399 (no change)
- Package size: 405 MB ⬆️ 0.01% increase vs. 3f37b8e6b99b4fe93b82d41c6aaa6629f92b6d27
- Number of ts-expect-error directives: 1,331 (no change)
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Any chance of getting this merged and shipped? I'd like to clear this CVE from my dependency chain before Christmas if possible.
Thanks.
Can a human please look at this
Axios needs updating as there is both a CVE open against it (CVE-2023-45857) and against follow-redirects (CVE-2023-26159) which is a dependency.
$ npm ls follow-redirects
[email protected] /opt/share/projects/flowforge/website
└─┬ [email protected]
├─┬ @netlify/[email protected]
│ └─┬ @honeycombio/[email protected]
│ └─┬ [email protected]
│ └── [email protected] deduped
└─┬ [email protected]
└── [email protected]
Looks like axios is no longer a dependency, so this is no longer needed.