ant-design-vue
ant-design-vue copied to clipboard
Published
20 hours ago β’
vueComponent
vueComponent
chore(deps): update dependency axios to v1 [security]
trafficstars
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| axios (source) | ^0.22.0 -> ^1.6.0 |
GitHub Vulnerability Alerts
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Release Notes
axios/axios (axios)
v1.6.0
Bug Fixes
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#β6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#β6011) (5aaff53)
- types: fix AxiosHeaders types; (#β5931) (a1c8ad0)
PRs
- CVE 2023 45857 ( #β6028 )
β οΈ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release
1.5.1 (2023-09-26)
Bug Fixes
- adapters: improved adapters loading logic to have clear error messages; (#β5919) (e410779)
- formdata: fixed automatic addition of the
Content-Typeheader for FormData in non-browser environments; (#β5917) (bc9af51) - headers: allow
content-encodingheader to handle case-insensitive values (#β5890) (#β5892) (4c89f25) - types: removed duplicated code (9e62056)
Contributors to this release
PRs
- CVE 2023 45857 ( #β6028 )
β οΈ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
v1.5.1
Bug Fixes
- adapters: improved adapters loading logic to have clear error messages; (#β5919) (e410779)
- formdata: fixed automatic addition of the
Content-Typeheader for FormData in non-browser environments; (#β5917) (bc9af51) - headers: allow
content-encodingheader to handle case-insensitive values (#β5890) (#β5892) (4c89f25) - types: removed duplicated code (9e62056)
Contributors to this release
v1.5.0
Bug Fixes
- adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#β5837) (9a414bb)
- dns: fixed
cacheable-lookupintegration; (#β5836) (b3e327d) - headers: added support for setting header names that overlap with class methods; (#β5831) (d8b4ca0)
- headers: fixed common Content-Type header merging; (#β5832) (8fda276)
Features
- export getAdapter function (#β5324) (ca73eb8)
- export: export adapters without
unsafeprefix (#β5839) (1601f4a)
Contributors to this release
v1.4.0
Bug Fixes
- formdata: add
multipart/form-datacontent type for FormData payload on custom client environments; (#β5678) (bbb61e7) - package: export package internals with unsafe path prefix; (#β5677) (df38c94)
Features
- dns: added support for a custom lookup function; (#β5339) (2701911)
- types: export
AxiosHeaderValuetype. (#β5525) (726f1c8)
Performance Improvements
- merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#β5679) (e6f7053)
Contributors to this release
1.3.6 (2023-04-19)
Bug Fixes
- types: added transport to RawAxiosRequestConfig (#β5445) (6f360a2)
- utils: make isFormData detection logic stricter to avoid unnecessary calling of the
toStringmethod on the target; (#β5661) (aa372f7)
Contributors to this release
1.3.5 (2023-04-05)
Bug Fixes
- headers: fixed isValidHeaderName to support full list of allowed characters; (#β5584) (e7decef)
- params: re-added the ability to set the function as
paramsSerializerconfig; (#β5633) (a56c866)
Contributors to this release
1.3.4 (2023-02-22)
Bug Fixes
- blob: added a check to make sure the Blob class is available in the browser's global scope; (#β5548) (3772c8f)
- http: fixed regression bug when handling synchronous errors inside the adapter; (#β5564) (a3b246c)
Contributors to this release
1.3.3 (2023-02-13)
Bug Fixes
- formdata: added a check to make sure the FormData class is available in the browser's global scope; (#β5545) (a6dfa72)
- formdata: fixed setting NaN as Content-Length for form payload in some cases; (#β5535) (c19f7bf)
- headers: fixed the filtering logic of the clear method; (#β5542) (ea87ebf)
Contributors to this release
1.3.2 (2023-02-03)
Bug Fixes
- http: treat http://localhost as base URL for relative paths to avoid
ERR_INVALID_URLerror; (#β5528) (128d56f) - http: use explicit import instead of TextEncoder global; (#β5530) (6b3c305)
Contributors to this release
1.3.1 (2023-02-01)
Bug Fixes
- formdata: add hotfix to use the asynchronous API to compute the content-length header value; (#β5521) (96d336f)
- serializer: fixed serialization of array-like objects; (#β5518) (08104c0)
Contributors to this release
v1.3.6
Bug Fixes
- types: added transport to RawAxiosRequestConfig (#β5445) (6f360a2)
- utils: make isFormData detection logic stricter to avoid unnecessary calling of the
toStringmethod on the target; (#β5661) (aa372f7)
Contributors to this release
v1.3.5
Bug Fixes
- headers: fixed isValidHeaderName to support full list of allowed characters; (#β5584) (e7decef)
- params: re-added the ability to set the function as
paramsSerializerconfig; (#β5633) (a56c866)
Contributors to this release
v1.3.4
Bug Fixes
- blob: added a check to make sure the Blob class is available in the browser's global scope; (#β5548) (3772c8f)
- http: fixed regression bug when handling synchronous errors inside the adapter; (#β5564) (a3b246c)
Contributors to this release
v1.3.3
Bug Fixes
- formdata: added a check to make sure the FormData class is available in the browser's global scope; (#β5545) (a6dfa72)
- formdata: fixed setting NaN as Content-Length for form payload in some cases; (#β5535) (c19f7bf)
- headers: fixed the filtering logic of the clear method; (#β5542) (ea87ebf)
Contributors to this release
v1.3.2
Bug Fixes
- http: treat http://localhost as base URL for relative paths to avoid
ERR_INVALID_URLerror; (#β5528) (128d56f) - http: use explicit import instead of TextEncoder global; (#β5530) (6b3c305)
Contributors to this release
v1.3.1
Bug Fixes
- formdata: add hotfix to use the asynchronous API to compute the content-length header value; (#β5521) (96d336f)
- serializer: fixed serialization of array-like objects; (#β5518) (08104c0)
Contributors to this release
v1.3.0
Bug Fixes
- headers: fixed & optimized clear method; (#β5507) (9915635)
- http: add zlib headers if missing (#β5497) (65e8d1e)
Features
Contributors to this release
1.2.6 (2023-01-28)
Bug Fixes
- headers: added missed Authorization accessor; (#β5502) (342c0ba)
- types: fixed
CommonRequestHeadersList&CommonResponseHeadersListtypes to be private in commonJS; (#β5503) (5a3d0a3)
Contributors to this release
1.2.5 (2023-01-26)
Bug Fixes
- types: fixed AxiosHeaders to handle spread syntax by making all methods non-enumerable; (#β5499) (580f1e8)
Contributors to this release
1.2.4 (2023-01-22)
Bug Fixes
- types: renamed
RawAxiosRequestConfigback toAxiosRequestConfig; (#β5486) (2a71f49) - types: fix
AxiosRequestConfiggeneric; (#β5478) (9bce81b)
Contributors to this release
1.2.3 (2023-01-10)
Bug Fixes
- types: fixed AxiosRequestConfig header interface by refactoring it to RawAxiosRequestConfig; (#β5420) (0811963)
Contributors to this release
[1.2.2] - 2022-12-29
Fixed
- fix(ci): fix release script inputs #β5392
- fix(ci): prerelease scipts #β5377
- fix(ci): release scripts #β5376
- fix(ci): typescript tests #β5375
- fix: Brotli decompression #β5353
- fix: add missing HttpStatusCode #β5345
Chores
- chore(ci): set conventional-changelog header config #β5406
- chore(ci): fix automatic contributors resolving #β5403
- chore(ci): improved logging for the contributors list generator #β5398
- chore(ci): fix release action #β5397
- chore(ci): fix version bump script by adding bump argument for target version #β5393
- chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 #β5342
- chore(ci): GitHub Actions Release script #β5384
- chore(ci): release scripts #β5364
Contributors to this release
[1.2.1] - 2022-12-05
Changed
- feat(exports): export mergeConfig #β5151
Fixed
- fix(CancelledError): include config #β4922
- fix(general): removing multiple/trailing/leading whitespace #β5022
- fix(headers): decompression for responses without Content-Length header #β5306
- fix(webWorker): exception to sending form data in web worker #β5139
Refactors
- refactor(types): AxiosProgressEvent.event type to any #β5308
- refactor(types): add missing types for static AxiosError.from method #β4956
Chores
- chore(docs): remove README link to non-existent upgrade guide #β5307
- chore(docs): typo in issue template name #β5159
Contributors to this release
- Dmitriy Mozgovoy
- Zachary Lysobey
- Kevin Ennis
- Philipp Loose
- secondl1ght
- wenzheng
- Ivan Barsukov
- Arthur Fiorette
[1.2.0] - 2022-11-10
Changed
- changed: refactored module exports #β5162
- change: re-added support for loading Axios with require('axios').default #β5225
Fixed
- fix: improve AxiosHeaders class #β5224
- fix: TypeScript type definitions for commonjs #β5196
- fix: type definition of use method on AxiosInterceptorManager to match the the README #β5071
- fix: __dirname is not defined in the sandbox #β5269
- fix: AxiosError.toJSON method to avoid circular references #β5247
- fix: Z_BUF_ERROR when content-encoding is set but the response body is empty #β5250
Refactors
- refactor: allowing adapters to be loaded by name #β5277
Chores
- chore: force CI restart #β5243
- chore: update ECOSYSTEM.md #β5077
- chore: update get/index.html #β5116
- chore: update Sandbox UI/UX #β5205
- chore:(actions): remove git credentials after checkout #β5235
- chore(actions): bump actions/dependency-review-action from 2 to 3 #β5266
- chore(packages): bump loader-utils from 1.4.1 to 1.4.2 #β5295
- chore(packages): bump engine.io from 6.2.0 to 6.2.1 #β5294
- chore(packages): bump socket.io-parser from 4.0.4 to 4.0.5 #β5241
- chore(packages): bump loader-utils from 1.4.0 to 1.4.1 #β5245
- chore(docs): update Resources links in README #β5119
- chore(docs): update the link for JSON url #β5265
- chore(docs): fix broken links #β5218
- chore(docs): update and rename UPGRADE_GUIDE.md to MIGRATION_GUIDE.md #β5170
- chore(docs): typo fix line #β856 and #β920 #β5194
- chore(docs): typo fix #β800 #β5193
- chore(docs): fix typos #β5184
- chore(docs): fix punctuation in README.md #β5197
- chore(docs): update readme in the Handling Errors section - issue reference #β5260 #β5261
- chore: remove \b from filename #β5207
- chore(docs): update CHANGELOG.md #β5137
- chore: add sideEffects false to package.json #β5025
Contributors to this release
- Maddy Miller
- Amit Saini
- ecyrbe
- Ikko Ashimine
- Geeth Gunnampalli
- Shreem Asati
- Frieder Bluemle
- μ€μΈμ
- Claudio Busatto
- Remco Haszing
- Dmitriy Mozgovoy
- Csaba Maulis
- MoPaMo
- Daniel Fjeldstad
- Adrien Brunet
- Frazer Smith
- HaiTao
- AZM
- relbns
[1.1.3] - 2022-10-15
Added
- Added custom params serializer support #β5113
Fixed
- Fixed top-level export to keep them in-line with static properties #β5109
- Stopped including null values to query string. #β5108
- Restored proxy config backwards compatibility with 0.x #β5097
- Added back AxiosHeaders in AxiosHeaderValue #β5103
- Pin CDN install instructions to a specific version #β5060
- Handling of array values fixed for AxiosHeaders #β5085
Chores
- docs: match badge style, add link to them #β5046
- chore: fixing comments typo #β5054
- chore: update issue template #β5061
- chore: added progress capturing section to the docs; #β5084
Contributors to this release
- Jason Saayman
- scarf
- Lenz Weber-Tronic
- Arvindh
- FΓ©lix Legrelle
- Patrick Petrovic
- Dmitriy Mozgovoy
- littledian
- ChronosMasterOfAllTime
[1.1.2] - 2022-10-07
Fixed
- Fixed broken exports for UMD builds.
Contributors to this release
[1.1.1] - 2022-10-07
Fixed
- Fixed broken exports for common js. This fix breaks a prior fix, I will fix both issues ASAP but the commonJS use is more impactful.
Contributors to this release
[1.1.0] - 2022-10-06
Fixed
- Fixed missing exports in type definition index.d.ts #β5003
- Fixed query params composing #β5018
- Fixed GenericAbortSignal interface by making it more generic #β5021
- Fixed adding "clear" to AxiosInterceptorManager #β5010
- Fixed commonjs & umd exports #β5030
- Fixed inability to access response headers when using axios 1.x with Jest #β5036
Contributors to this release
[1.0.0] - 2022-10-04
Added
- Added stack trace to AxiosError #β4624
- Add AxiosError to AxiosStatic #β4654
- Replaced Rollup as our build runner #β4596
- Added generic TS types for the exposed toFormData helper #β4668
- Added listen callback function #β4096
- Added instructions for installing using PNPM #β4207
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill #β4229
- Added axios-url-template in ECOSYSTEM.md #β4238
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an axios instance #β4248
- Added react hook plugin #β4319
- Adding HTTP status code for transformResponse #β4580
- Added blob to the list of protocols supported by the browser #β4678
- Resolving proxy from env on redirect #β4436
- Added enhanced toFormData implementation with additional options 4704
- Adding Canceler parameters config and request #β4711
- Added automatic payload serialization to application/x-www-form-urlencoded #β4714
- Added the ability for webpack users to overwrite built-ins #β4715
- Added string[] to AxiosRequestHeaders type #β4322
- Added the ability for the url-encoded-form serializer to respect the formSerializer config #β4721
- Added isCancel type assert #β4293
- Added data URL support for node.js #β4725
- Adding types for progress event callbacks #β4675
- URL params serializer #β4734
- Added axios.formToJSON method #β4735
- Bower platform add data protocol #β4804
- Use WHATWG URL API instead of url.parse() #β4852
- Add ENUM containing Http Status Codes to typings #β4903
- Improve typing of timeout in index.d.ts #β4934
Changed
- Updated AxiosError.config to be optional in the type definition #β4665
- Updated README emphasizing the URLSearchParam built-in interface over other solutions #β4590
- Include request and config when creating a CanceledError instance #β4659
- Changed func-names eslint rule to as-needed #β4492
- Replacing deprecated substr() with slice() as substr() is deprecated #β4468
- Updating HTTP links in README.md to use HTTPS #β4387
- Updated to a better trim() polyfill #β4072
- Updated types to allow specifying partial default headers on instance create #β4185
- Expanded isAxiosError types #β4344
- Updated type definition for axios instance methods #β4224
- Updated eslint config #β4722
- Updated Docs #β4742
- Refactored Axios to use ES2017 #β4787
Deprecated
- There are multiple deprecations, refactors and fixes provided in this release. Please read through the full release notes to see how this may impact your project and use case.
Removed
- Removed incorrect argument for NetworkError constructor #β4656
- Removed Webpack #β4596
- Removed function that transform arguments to array #β4544
Fixed
- Fixed grammar in README #β4649
- Fixed code error in README #β4599
- Optimized the code that checks cancellation #β4587
- Fix url pointing to defaults.js in README #β4532
- Use type alias instead of interface for AxiosPromise #β4505
- Fix some word spelling and lint style in code comments #β4500
- Edited readme with 3 updated browser icons of Chrome, FireFox and Safari #β4414
- Bump follow-redirects from 1.14.9 to 1.15.0 #β4673
- Fixing http tests to avoid hanging when assertions fail #β4435
- Fix TS definition for AxiosRequestTransformer #β4201
- Fix grammatical issues in README #β4232
- Fixing instance.defaults.headers type #β4557
- Fixed race condition on immediate requests cancellation #β4261
- Fixing Z_BUF_ERROR when no content #β4701
- Fixing proxy beforeRedirect regression #β4708
- Fixed AxiosError status code type #β4717
- Fixed AxiosError stack capturing #β4718
- Fixing AxiosRequestHeaders typings #β4334
- Fixed max body length defaults #β4731
- Fixed toFormData Blob issue on node>v17 #β4728
- Bump grunt from 1.5.2 to 1.5.3 #β4743
- Fixing content-type header repeated #β4745
- Fixed timeout error message for http 4738
- Request ignores false, 0 and empty string as body values #β4785
- Added back missing minified builds #β4805
- Fixed a type error #β4815
- Fixed a regression bug with unsubscribing from cancel token; #β4819
- Remove repeated compression algorithm #β4820
- The error of calling extend to pass parameters #β4857
- SerializerOptions.indexes allows boolean | null | undefined #β4862
- Require interceptors to return values #β4874
- Removed unused imports #β4949
- Allow null indexes on formSerializer and paramsSerializer #β4960
Chores
- Set permissions for GitHub actions #β4765
- Included githubactions in the dependabot config #β4770
- Included dependency review #β4771
- Update security.md #β4784
- Remove unnecessary spaces #β4854
- Simplify the import path of AxiosError #β4875
- Fix Gitpod dead link #β4941
- Enable syntax highlighting for a code block #β4970
- Using Logo Axios in Readme.md #β4993
- Fix markup for note in README #β4825
- Fix typo and formatting, add colons #β4853
- Fix typo in readme #β4942
Security
- Update SECURITY.md #β4687
Contributors to this release
- Bertrand Marron
- Dmitriy Mozgovoy
- Dan Mooney
- Michael Li
- aong
- Des Preston
- Ted Robertson
- zhoulixiang
- Arthur Fiorette
- Kumar Shanu
- JALAL
- Jingyi Lin
- Philipp Loose
- Alexander Shchukin
- Dave Cardwell
- Cat Scarlet
- Luca Pizzini
- Kai
- Maxime Bargiel
- Brian Helba
- reslear
- Jamie Slome
- Landro3
- rafw87
- Afzal Sayed
- Koki Oyatsu
- Dave
- ζ΄θ΅°θδΈ
- Spencer
- Adrian Wieprzkowicz
- Jamie Telin
- ζ―ε
- Kirill Shakirov
- Rraji Abdelbari
- Jelle Schutter
- Tom Ceuppens
- Johann Cooper
- Dimitris Halatsis
- chenjigeng
- JoΓ£o Gabriel Quaresma
- Victor Augusto
- neilnaveen
- Pavlos
- Kiryl Valkovich
- Naveen
- wenzheng
- hcwhan
- Bassel Rachid
- GrΓ©goire Pineau
- felipedamin
- Karl Horky
- Yue JIN
- Usman Ali Siddiqui
- WD
- GΓΌnther Foidl
- Stephen Jennings
- C.T.Lin
- mia-z
- Parth Banathia
- parth0105pluang
- Marco Weber
- Luca Pizzini
- Willian Agostini
- Huyen Nguyen
v1.2.6
Bug Fixes
- headers: added missed Authorization accessor; (#β5502) (342c0ba)
- types: fixed
CommonRequestHeadersList&CommonResponseHeadersListtypes to be private in commonJS; (#β5503) (5a3d0a3)
Contributors to this release
v1.2.5
Bug Fixes
- types: fixed AxiosHeaders to handle spread syntax by making all methods non-enumerable; (#β5499) (580f1e8)
Contributors to this release
v1.2.4
Bug Fixes
- types: renamed
RawAxiosRequestConfigback toAxiosRequestConfig; (#β5486) (2a71f49) - types: fix
AxiosRequestConfiggeneric; (#β5478) (9bce81b)
Contributors to this release
v1.2.3
Bug Fixes
- types: fixed AxiosRequestConfig header interface by refactoring it to RawAxiosRequestConfig; (#β5420) (0811963)
Contributors to this release
v1.2.2
Fixed
- fix(ci): fix release script inputs #β5392
- fix(ci): prerelease scipts #β5377
- fix(ci): release scripts #β5376
- fix(ci): typescript tests #β5375
- fix: Brotli decompression #β5353
- fix: add missing HttpStatusCode #β5345
Chores
- chore(ci): set conventional-changelog header config #β5406
- chore(ci): fix automatic contributors resolving #β5403
- chore(ci): improved logging for the contributors list generator #β5398
- chore(ci): fix release action #β5397
- chore(ci): fix version bump script by adding bump argument for target version #β5393
- chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 #β5342
- chore(ci): GitHub Actions Release script #β5384
- chore(ci): release scripts #β5364
Contributors to this release
v1.2.1
Changed
- feat(exports): export mergeConfig #β5151
Fixed
- fix(CancelledError): include config #β4922
- fix(general): re
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}