MatiseAms / create-matise-wordpress

Epic Matise Wordpress project startup
MIT License
0 stars 1 forks source link

[Security] Bump axios from 0.18.0 to 0.19.0 #9

Closed dependabot-preview[bot] closed 5 years ago

dependabot-preview[bot] commented 5 years ago

Bumps axios from 0.18.0 to 0.19.0. This update includes security fixes.

Vulnerabilities fixed *Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects axios** > Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. > > Affected versions: <= 0.18.0
Release notes *Sourced from [axios's releases](https://github.com/axios/axios/releases).* > ## v0.19.0 > Fixes and Functionality: > > - Unzip response body only for statuses != 204 ([#1129](https://github-redirect.dependabot.com/axios/axios/issues/1129)) - drawski > - Destroy stream on exceeding maxContentLength (fixes [#1098](https://github-redirect.dependabot.com/axios/axios/issues/1098)) ([#1485](https://github-redirect.dependabot.com/axios/axios/issues/1485)) - Gadzhi Gadzhiev > - Makes Axios error generic to use AxiosResponse ([#1738](https://github-redirect.dependabot.com/axios/axios/issues/1738)) - Suman Lama > - Fixing Mocha tests by locking follow-redirects version to 1.5.10 ([#1993](https://github-redirect.dependabot.com/axios/axios/issues/1993)) - grumblerchester > - Allow uppercase methods in typings. ([#1781](https://github-redirect.dependabot.com/axios/axios/issues/1781)) - Ken Powers > - Fixing .eslintrc without extension ([#1789](https://github-redirect.dependabot.com/axios/axios/issues/1789)) - Manoel > - Consistent coding style ([#1787](https://github-redirect.dependabot.com/axios/axios/issues/1787)) - Ali Servet Donmez > - Fixing building url with hash mark ([#1771](https://github-redirect.dependabot.com/axios/axios/issues/1771)) - Anatoly Ryabov > - This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after `#`, because client cut everything after `#` > - Preserve HTTP method when following redirect ([#1758](https://github-redirect.dependabot.com/axios/axios/issues/1758)) - Rikki Gibson > - Add `getUri` signature to TypeScript definition. ([#1736](https://github-redirect.dependabot.com/axios/axios/issues/1736)) - Alexander Trauzzi > - Adding isAxiosError flag to errors thrown by axios ([#1419](https://github-redirect.dependabot.com/axios/axios/issues/1419)) - Ayush Gupta > - Fix failing SauceLabs tests by updating configuration - Emily Morehouse > > Documentation: > > - Add information about auth parameter to README ([#2166](https://github-redirect.dependabot.com/axios/axios/issues/2166)) - xlaguna > - Add DELETE to list of methods that allow data as a config option ([#2169](https://github-redirect.dependabot.com/axios/axios/issues/2169)) - Daniela Borges Matos de Carvalho > - Update ECOSYSTEM.md - Add Axios Endpoints ([#2176](https://github-redirect.dependabot.com/axios/axios/issues/2176)) - Renan > - Add r2curl in ECOSYSTEM ([#2141](https://github-redirect.dependabot.com/axios/axios/issues/2141)) - 유용우 / CX > - Update README.md - Add instructions for installing with yarn ([#2036](https://github-redirect.dependabot.com/axios/axios/issues/2036)) - Victor Hermes > - Fixing spacing for README.md ([#2066](https://github-redirect.dependabot.com/axios/axios/issues/2066)) - Josh McCarty > - Update README.md. - Change `.then` to `.finally` in example code ([#2090](https://github-redirect.dependabot.com/axios/axios/issues/2090)) - Omar Cai > - Clarify what values responseType can have in Node ([#2121](https://github-redirect.dependabot.com/axios/axios/issues/2121)) - Tyler Breisacher > - docs(ECOSYSTEM): add axios-api-versioning ([#2020](https://github-redirect.dependabot.com/axios/axios/issues/2020)) - Weffe > - It seems that `responseType: 'blob'` doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser > - Add issue templates - Emily Morehouse > - Update README.md. - Add Querystring library note ([#1896](https://github-redirect.dependabot.com/axios/axios/issues/1896)) - Dmitriy Eroshenko > - Add react-hooks-axios to Libraries section of ECOSYSTEM.md ([#1925](https://github-redirect.dependabot.com/axios/axios/issues/1925)) - Cody Chan > - Clarify in README that default timeout is 0 (no timeout) ([#1750](https://github-redirect.dependabot.com/axios/axios/issues/1750)) - Ben Standefer > > ## v0.19.0-beta.1 > **NOTE:** This is a beta version of this release. There may be functionality that is broken in > certain browsers, though we suspect that builds are hanging and not erroring. See > https://saucelabs.com/u/axios for the most up-to-date information. > > New Functionality: > > - Add getUri method ([#1712](https://github-redirect.dependabot.com/axios/axios/issues/1712)) > - Add support for no_proxy env variable ([#1693](https://github-redirect.dependabot.com/axios/axios/issues/1693)) > - Add toJSON to decorated Axios errors to faciliate serialization ([#1625](https://github-redirect.dependabot.com/axios/axios/issues/1625)) > - Add second then on axios call ([#1623](https://github-redirect.dependabot.com/axios/axios/issues/1623)) > - Typings: allow custom return types > - Add option to specify character set in responses (with http adapter) > > Fixes: > > ... (truncated)
Changelog *Sourced from [axios's changelog](https://github.com/axios/axios/blob/master/CHANGELOG.md).* > ### 0.19.0 (May 30, 2019) > > Fixes and Functionality: > > - Unzip response body only for statuses != 204 ([#1129](https://github-redirect.dependabot.com/axios/axios/pull/1129)) - drawski > - Destroy stream on exceeding maxContentLength (fixes [#1098](https://github-redirect.dependabot.com/axios/axios/issue/1098)) ([#1485](https://github-redirect.dependabot.com/axios/axios/pull/1485)) - Gadzhi Gadzhiev > - Makes Axios error generic to use AxiosResponse ([#1738](https://github-redirect.dependabot.com/axios/axios/pull/1738)) - Suman Lama > - Fixing Mocha tests by locking follow-redirects version to 1.5.10 ([#1993](https://github-redirect.dependabot.com/axios/axios/pull/1993)) - grumblerchester > - Allow uppercase methods in typings. ([#1781](https://github-redirect.dependabot.com/axios/axios/pull/1781)) - Ken Powers > - Fixing .eslintrc without extension ([#1789](https://github-redirect.dependabot.com/axios/axios/pull/1789)) - Manoel > - Consistent coding style ([#1787](https://github-redirect.dependabot.com/axios/axios/pull/1787)) - Ali Servet Donmez > - Fixing building url with hash mark ([#1771](https://github-redirect.dependabot.com/axios/axios/pull/1771)) - Anatoly Ryabov > - This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after `#`, because client cut everything after `#` > - Preserve HTTP method when following redirect ([#1758](https://github-redirect.dependabot.com/axios/axios/pull/1758)) - Rikki Gibson > - Add `getUri` signature to TypeScript definition. ([#1736](https://github-redirect.dependabot.com/axios/axios/pull/1736)) - Alexander Trauzzi > - Adding isAxiosError flag to errors thrown by axios ([#1419](https://github-redirect.dependabot.com/axios/axios/pull/1419)) - Ayush Gupta > - Fix failing SauceLabs tests by updating configuration - Emily Morehouse > > Documentation: > > - Add information about auth parameter to README ([#2166](https://github-redirect.dependabot.com/axios/axios/pull/2166)) - xlaguna > - Add DELETE to list of methods that allow data as a config option ([#2169](https://github-redirect.dependabot.com/axios/axios/pull/2169)) - Daniela Borges Matos de Carvalho > - Update ECOSYSTEM.md - Add Axios Endpoints ([#2176](https://github-redirect.dependabot.com/axios/axios/pull/2176)) - Renan > - Add r2curl in ECOSYSTEM ([#2141](https://github-redirect.dependabot.com/axios/axios/pull/2141)) - 유용우 / CX > - Update README.md - Add instructions for installing with yarn ([#2036](https://github-redirect.dependabot.com/axios/axios/pull/2036)) - Victor Hermes > - Fixing spacing for README.md ([#2066](https://github-redirect.dependabot.com/axios/axios/pull/2066)) - Josh McCarty > - Update README.md. - Change `.then` to `.finally` in example code ([#2090](https://github-redirect.dependabot.com/axios/axios/pull/2090)) - Omar Cai > - Clarify what values responseType can have in Node ([#2121](https://github-redirect.dependabot.com/axios/axios/pull/2121)) - Tyler Breisacher > - docs(ECOSYSTEM): add axios-api-versioning ([#2020](https://github-redirect.dependabot.com/axios/axios/pull/2020)) - Weffe > - It seems that `responseType: 'blob'` doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser > - Add issue templates - Emily Morehouse > - Update README.md. - Add Querystring library note ([#1896](https://github-redirect.dependabot.com/axios/axios/pull/1896)) - Dmitriy Eroshenko > - Add react-hooks-axios to Libraries section of ECOSYSTEM.md ([#1925](https://github-redirect.dependabot.com/axios/axios/pull/1925)) - Cody Chan > - Clarify in README that default timeout is 0 (no timeout) ([#1750](https://github-redirect.dependabot.com/axios/axios/pull/1750)) - Ben Standefer > > ### 0.19.0-beta.1 (Aug 9, 2018) > > **NOTE:** This is a beta version of this release. There may be functionality that is broken in > certain browsers, though we suspect that builds are hanging and not erroring. See > https://saucelabs.com/u/axios for the most up-to-date information. > > New Functionality: > > - Add getUri method ([#1712](https://github-redirect.dependabot.com/axios/axios/issues/1712)) > - Add support for no_proxy env variable ([#1693](https://github-redirect.dependabot.com/axios/axios/issues/1693)) > - Add toJSON to decorated Axios errors to faciliate serialization ([#1625](https://github-redirect.dependabot.com/axios/axios/issues/1625)) > - Add second then on axios call ([#1623](https://github-redirect.dependabot.com/axios/axios/issues/1623)) > - Typings: allow custom return types > - Add option to specify character set in responses (with http adapter) > > ... (truncated)
Commits - [`8d0b92b`](https://github.com/axios/axios/commit/8d0b92b2678d96770304dd767cd05a59d37f12cf) Releasing 0.19.0 - [`3f7451c`](https://github.com/axios/axios/commit/3f7451ceb7b8386a0c233b869dddea1fea05b12f) Update Changelog for release (0.19.0) - [`f28ff93`](https://github.com/axios/axios/commit/f28ff933e491ad7b1dd77af6ad3abe126109bd9e) Add information about auth parameter to README ([#2166](https://github-redirect.dependabot.com/axios/axios/issues/2166)) - [`5250e6e`](https://github.com/axios/axios/commit/5250e6e168f22bf75f0643b21577ac7c4dc486b9) Add DELETE to list of methods that allow data as a config option ([#2169](https://github-redirect.dependabot.com/axios/axios/issues/2169)) - [`6b0ccd1`](https://github.com/axios/axios/commit/6b0ccd13fa3fd87e256d5e220ddc6ce935fa72dd) Update ECOSYSTEM.md - Add Axios Endpoints ([#2176](https://github-redirect.dependabot.com/axios/axios/issues/2176)) - [`299e827`](https://github.com/axios/axios/commit/299e827c577c2f1461e17678282f4d19a753e6f2) Add r2curl in ECOSYSTEM ([#2141](https://github-redirect.dependabot.com/axios/axios/issues/2141)) - [`fd0c959`](https://github.com/axios/axios/commit/fd0c959355e85afa76d1728b7c7bd93a05e004a4) Unzip response body only for statuses != 204 ([#1129](https://github-redirect.dependabot.com/axios/axios/issues/1129)) - [`92d2313`](https://github.com/axios/axios/commit/92d231387fe2092f8736bc1746d4caa766b675f5) Update README.md - Add instructions for installing with yarn ([#2036](https://github-redirect.dependabot.com/axios/axios/issues/2036)) - [`ddcc2e4`](https://github.com/axios/axios/commit/ddcc2e4bc0282499afc1370e3686bacaff1faee3) Fixing spacing for README.md ([#2066](https://github-redirect.dependabot.com/axios/axios/issues/2066)) - [`48c43d5`](https://github.com/axios/axios/commit/48c43d5240e1ac6e6c44495e7428262d32a438f9) Update README.md. - Change `.then` to `.finally` in example code ([#2090](https://github-redirect.dependabot.com/axios/axios/issues/2090)) - Additional commits viewable in [compare view](https://github.com/axios/axios/compare/v0.18.0...v0.19.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

Dependabot has been acquired by GitHub  🎉