web-onefx-boilerplate
web-onefx-boilerplate copied to clipboard
stargately
Update dependency axios to v0.21.1 [SECURITY]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| axios | 0.20.0 -> 0.21.1 |
GitHub Vulnerability Alerts
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Release Notes
axios/axios
v0.21.1
Fixes and Functionality:
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for
AxiosError(#2949)
Internal and Tests:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Daniel Lopretto mailto:timemachine3030@​users.noreply.github.com
- Jason Kwok mailto:[email protected]
- Jay mailto:[email protected]
- Jonathan Foster mailto:[email protected]
- Remco Haszing mailto:[email protected]
- Xianming Zhong mailto:[email protected]
v0.21.0
Fixes and Functionality:
- Fixing requestHeaders.Authorization (#3287)
- Fixing node types (#3237)
- Fixing axios.delete ignores config.data (#3282)
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
Internal and Tests:
- Lock travis to not use node v15 (#3361)
Documentation:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Allan Cruz mailto:[email protected]
- George Cheng mailto:[email protected]
- Jay mailto:[email protected]
- Kevin Kirsche mailto:[email protected]
- Remco Haszing mailto:[email protected]
- Taemin Shin mailto:cprayer13@​gmail.com
- Tim Gates mailto:[email protected]
- Xianming Zhong mailto:[email protected]
Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by WhiteSource Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}