Open renovate[bot] opened 1 year ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/axios@0.28.0 | network Transitive: environment, filesystem | +8 |
1.25 MB | jasonsaayman |
🚮 Removed packages: npm/axios@0.27.2
This PR contains the following updates:
^0.27.2
->^0.28.0
GitHub Vulnerability Alerts
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Release Notes
axios/axios (axios)
### [`v0.28.0`](https://redirect.github.com/axios/axios/releases/tag/v0.28.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.2...v0.28.0) #### Release notes: ##### Bug Fixes - fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#6091](https://redirect.github.com/axios/axios/issues/6091)) ##### Backports from v1.x: - Allow null indexes on formSerializer and paramsSerializer v0.x ([#4961](https://redirect.github.com/axios/axios/issues/4961)) - Fixing content-type header repeated [#4745](https://redirect.github.com/axios/axios/issues/4745) - Fixed timeout error message for HTTP 4738 - Added `axios.formToJSON` method ([#4735](https://redirect.github.com/axios/axios/issues/4735)) - URL params serializer ([#4734](https://redirect.github.com/axios/axios/issues/4734)) - Fixed toFormData Blob issue on node>v17 [#4728](https://redirect.github.com/axios/axios/issues/4728) - Adding types for progress event callbacks [#4675](https://redirect.github.com/axios/axios/issues/4675) - Fixed max body length defaults [#4731](https://redirect.github.com/axios/axios/issues/4731) - Added data URL support for node.js ([#4725](https://redirect.github.com/axios/axios/issues/4725)) - Added isCancel type assert ([#4293](https://redirect.github.com/axios/axios/issues/4293)) - Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#4721](https://redirect.github.com/axios/axios/issues/4721)) - Add `string[]` to `AxiosRequestHeaders` type ([#4322](https://redirect.github.com/axios/axios/issues/4322)) - Allow type definition for axios instance methods ([#4224](https://redirect.github.com/axios/axios/issues/4224)) - Fixed `AxiosError` stack capturing; ([#4718](https://redirect.github.com/axios/axios/issues/4718)) - Fixed `AxiosError` status code type; ([#4717](https://redirect.github.com/axios/axios/issues/4717)) - Adding Canceler parameters config and request ([#4711](https://redirect.github.com/axios/axios/issues/4711)) - fix(types): allow to specify partial default headers for instance creation ([#4185](https://redirect.github.com/axios/axios/issues/4185)) - Added `blob` to the list of protocols supported by the browser ([#4678](https://redirect.github.com/axios/axios/issues/4678)) - Fixing Z_BUF_ERROR when no content ([#4701](https://redirect.github.com/axios/axios/issues/4701)) - Fixed race condition on immediate requests cancellation ([#4261](https://redirect.github.com/axios/axios/issues/4261)) - Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://redirect.github.com/axios/axios/pull/4248) - Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#4229](https://redirect.github.com/axios/axios/issues/4229)) - Fix TS definition for AxiosRequestTransformer ([#4201](https://redirect.github.com/axios/axios/issues/4201)) - Use type alias instead of interface for AxiosPromise ([#4505](https://redirect.github.com/axios/axios/issues/4505)) - Include request and config when creating a CanceledError instance ([#4659](https://redirect.github.com/axios/axios/issues/4659)) - Added generic TS types for the exposed toFormData helper ([#4668](https://redirect.github.com/axios/axios/issues/4668)) - Optimized the code that checks cancellation ([#4587](https://redirect.github.com/axios/axios/issues/4587)) - Replaced webpack with rollup ([#4596](https://redirect.github.com/axios/axios/issues/4596)) - Added stack trace to AxiosError ([#4624](https://redirect.github.com/axios/axios/issues/4624)) - Updated AxiosError.config to be optional in the type definition ([#4665](https://redirect.github.com/axios/axios/issues/4665)) - Removed incorrect argument for NetworkError constructor ([#4656](https://redirect.github.com/axios/axios/issues/4656))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.