anyulled / jbcnconf-react

JBCNConf Website made with React
https://www.jbcnconf.com/2020/#JBCN
1 stars 0 forks source link

fix(deps): update dependency axios to v0.28.0 [security] #560

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 0.24.0 -> 0.28.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.


Release Notes

axios/axios (axios) ### [`v0.28.0`](https://redirect.github.com/axios/axios/releases/tag/v0.28.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.2...v0.28.0) #### Release notes: ##### Bug Fixes - fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#​6091](https://redirect.github.com/axios/axios/issues/6091)) ##### Backports from v1.x: - Allow null indexes on formSerializer and paramsSerializer v0.x ([#​4961](https://redirect.github.com/axios/axios/issues/4961)) - Fixing content-type header repeated [#​4745](https://redirect.github.com/axios/axios/issues/4745) - Fixed timeout error message for HTTP 4738 - Added `axios.formToJSON` method ([#​4735](https://redirect.github.com/axios/axios/issues/4735)) - URL params serializer ([#​4734](https://redirect.github.com/axios/axios/issues/4734)) - Fixed toFormData Blob issue on node>v17 [#​4728](https://redirect.github.com/axios/axios/issues/4728) - Adding types for progress event callbacks [#​4675](https://redirect.github.com/axios/axios/issues/4675) - Fixed max body length defaults [#​4731](https://redirect.github.com/axios/axios/issues/4731) - Added data URL support for node.js ([#​4725](https://redirect.github.com/axios/axios/issues/4725)) - Added isCancel type assert ([#​4293](https://redirect.github.com/axios/axios/issues/4293)) - Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#​4721](https://redirect.github.com/axios/axios/issues/4721)) - Add `string[]` to `AxiosRequestHeaders` type ([#​4322](https://redirect.github.com/axios/axios/issues/4322)) - Allow type definition for axios instance methods ([#​4224](https://redirect.github.com/axios/axios/issues/4224)) - Fixed `AxiosError` stack capturing; ([#​4718](https://redirect.github.com/axios/axios/issues/4718)) - Fixed `AxiosError` status code type; ([#​4717](https://redirect.github.com/axios/axios/issues/4717)) - Adding Canceler parameters config and request ([#​4711](https://redirect.github.com/axios/axios/issues/4711)) - fix(types): allow to specify partial default headers for instance creation ([#​4185](https://redirect.github.com/axios/axios/issues/4185)) - Added `blob` to the list of protocols supported by the browser ([#​4678](https://redirect.github.com/axios/axios/issues/4678)) - Fixing Z_BUF_ERROR when no content ([#​4701](https://redirect.github.com/axios/axios/issues/4701)) - Fixed race condition on immediate requests cancellation ([#​4261](https://redirect.github.com/axios/axios/issues/4261)) - Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://redirect.github.com/axios/axios/pull/4248) - Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#​4229](https://redirect.github.com/axios/axios/issues/4229)) - Fix TS definition for AxiosRequestTransformer ([#​4201](https://redirect.github.com/axios/axios/issues/4201)) - Use type alias instead of interface for AxiosPromise ([#​4505](https://redirect.github.com/axios/axios/issues/4505)) - Include request and config when creating a CanceledError instance ([#​4659](https://redirect.github.com/axios/axios/issues/4659)) - Added generic TS types for the exposed toFormData helper ([#​4668](https://redirect.github.com/axios/axios/issues/4668)) - Optimized the code that checks cancellation ([#​4587](https://redirect.github.com/axios/axios/issues/4587)) - Replaced webpack with rollup ([#​4596](https://redirect.github.com/axios/axios/issues/4596)) - Added stack trace to AxiosError ([#​4624](https://redirect.github.com/axios/axios/issues/4624)) - Updated AxiosError.config to be optional in the type definition ([#​4665](https://redirect.github.com/axios/axios/issues/4665)) - Removed incorrect argument for NetworkError constructor ([#​4656](https://redirect.github.com/axios/axios/issues/4656)) ### [`v0.27.2`](https://redirect.github.com/axios/axios/releases/tag/v0.27.2) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.1...v0.27.2) Fixes and Functionality: - Fixed FormData posting in browser environment by reverting [#​3785](https://redirect.github.com/axios/axios/issues/3785) ([#​4640](https://redirect.github.com/axios/axios/pull/4640)) - Enhanced protocol parsing implementation ([#​4639](https://redirect.github.com/axios/axios/pull/4639)) - Fixed bundle size ### [`v0.27.1`](https://redirect.github.com/axios/axios/releases/tag/v0.27.1) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.0...v0.27.1) ##### Fixes and Functionality: - Removed import of url module in browser build due to huge size overhead and builds being broken ([#​4594](https://redirect.github.com/axios/axios/pull/4594)) - Bumped follow-redirects to ^1.14.9 ([#​4615](https://redirect.github.com/axios/axios/pull/4615)) ### [`v0.27.0`](https://redirect.github.com/axios/axios/releases/tag/v0.27.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.1...v0.27.0) ##### Breaking changes: - New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData ([#​3757](https://redirect.github.com/axios/axios/pull/3757)) - Removed functionality that removed the the `Content-Type` request header when passing FormData ([#​3785](https://redirect.github.com/axios/axios/pull/3785)) - **(\*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#​3645](https://redirect.github.com/axios/axios/pull/3645)) - Separated responsibility for FormData instantiation between `transformRequest` and `toFormData` ([#​4470](https://redirect.github.com/axios/axios/pull/4470)) - **(\*)** Improved and fixed multiple issues with FormData support ([#​4448](https://redirect.github.com/axios/axios/pull/4448)) ##### QOL and DevX improvements: - Added a multipart/form-data testing playground allowing contributors to debug changes easily ([#​4465](https://redirect.github.com/axios/axios/pull/4465)) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#​4515](https://redirect.github.com/axios/axios/pull/4516)) & ([#​4516](https://redirect.github.com/axios/axios/pull/4516)) - Bumped follow-redirects to ^1.14.9 ([#​4562](https://redirect.github.com/axios/axios/pull/4562)) ##### Internal and Tests: - Updated dev dependencies to latest version ##### Documentation: - Fixing incorrect link in changelog ([#​4551](https://redirect.github.com/axios/axios/pull/4551)) ##### Notes: - **(\*)** Please read these pull requests before updating, these changes are very impactful and far reaching. ### [`v0.26.1`](https://redirect.github.com/axios/axios/releases/tag/v0.26.1) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.0...v0.26.1) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#​4220](https://redirect.github.com/axios/axios/pull/4220)) ### [`v0.26.0`](https://redirect.github.com/axios/axios/releases/tag/v0.26.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.25.0...v0.26.0) ##### Fixes and Functionality: - Fixed The timeoutErrorMessage property in config not work with Node.js ([#​3581](https://redirect.github.com/axios/axios/pull/3581)) - Added errors to be displayed when the query parsing process itself fails ([#​3961](https://redirect.github.com/axios/axios/pull/3961)) - Fix/remove url required ([#​4426](https://redirect.github.com/axios/axios/pull/4426)) - Update follow-redirects dependency due to Vulnerability ([#​4462](https://redirect.github.com/axios/axios/pull/4462)) - Bump karma from 6.3.11 to 6.3.14 ([#​4461](https://redirect.github.com/axios/axios/pull/4461)) - Bump follow-redirects from 1.14.7 to 1.14.8 ([#​4473](https://redirect.github.com/axios/axios/pull/4473)) ### [`v0.25.0`](https://redirect.github.com/axios/axios/releases/tag/v0.25.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.24.0...v0.25.0) ##### Breaking changes: - Fixing maxBodyLength enforcement ([#​3786](https://redirect.github.com/axios/axios/pull/3786)) - Don't rely on strict mode behaviour for arguments ([#​3470](https://redirect.github.com/axios/axios/pull/3470)) - Adding error handling when missing url ([#​3791](https://redirect.github.com/axios/axios/pull/3791)) - Update isAbsoluteURL.js removing escaping of non-special characters ([#​3809](https://redirect.github.com/axios/axios/pull/3809)) - Use native Array.isArray() in utils.js ([#​3836](https://redirect.github.com/axios/axios/pull/3836)) - Adding error handling inside stream end callback ([#​3967](https://redirect.github.com/axios/axios/pull/3967)) ##### Fixes and Functionality: - Added aborted even handler ([#​3916](https://redirect.github.com/axios/axios/pull/3916)) - Header types expanded allowing `boolean` and `number` types ([#​4144](https://redirect.github.com/axios/axios/pull/4144)) - Fix cancel signature allowing cancel message to be `undefined` ([#​3153](https://redirect.github.com/axios/axios/pull/3153)) - Updated type checks to be formulated better ([#​3342](https://redirect.github.com/axios/axios/pull/3342)) - Avoid unnecessary buffer allocations ([#​3321](https://redirect.github.com/axios/axios/pull/3321)) - Adding a socket handler to keep TCP connection live when processing long living requests ([#​3422](https://redirect.github.com/axios/axios/pull/3422)) - Added toFormData helper function ([#​3757](https://redirect.github.com/axios/axios/pull/3757)) - Adding responseEncoding prop type in AxiosRequestConfig ([#​3918](https://redirect.github.com/axios/axios/pull/3918)) ##### Internal and Tests: - Adding axios-test-instance to ecosystem ([#​3786](https://redirect.github.com/axios/axios/pull/3786)) - Optimize the logic of isAxiosError ([#​3546](https://redirect.github.com/axios/axios/pull/3546)) - Add tests and documentation to display how multiple inceptors work ([#​3564](https://redirect.github.com/axios/axios/pull/3564)) - Updating follow-redirects to version 1.14.7 ([#​4379](https://redirect.github.com/axios/axios/pull/4379)) ##### Documentation: - Fixing changelog to show corrext pull request ([#​4219](https://redirect.github.com/axios/axios/pull/4219)) - Update upgrade guide for https proxy setting ([#​3604](https://redirect.github.com/axios/axios/pull/3604)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Rijk van Zanten](https://redirect.github.com/rijkvanzanten) - [Kohta Ito](https://redirect.github.com/koh110) - [Brandon Faulkner](https://redirect.github.com/bfaulk96) - [Stefano Magni](https://redirect.github.com/NoriSte) - [enofan](https://redirect.github.com/fanguangyi) - [Andrey Pechkurov](https://redirect.github.com/puzpuzpuz) - [Doowonee](https://redirect.github.com/doowonee) - [Emil Broman](https://redirect.github.com/emilbroman-eqt) - [Remco Haszing](https://redirect.github.com/remcohaszing) - [Black-Hole](https://redirect.github.com/BlackHole1) - [Wolfram Kriesing](https://redirect.github.com/wolframkriesing) - [Andrew Ovens](https://redirect.github.com/repl-andrew-ovens) - [Paulo Renato](https://redirect.github.com/PauloRSF) - [Ben Carp](https://redirect.github.com/carpben) - [Hirotaka Tagawa](https://redirect.github.com/wafuwafu13) - [狼族小狈](https://redirect.github.com/lzxb) - [C. Lewis](https://redirect.github.com/ctjlewis) - [Felipe Carvalho](https://redirect.github.com/FCarvalhoVII) - [Daniel](https://redirect.github.com/djs113) - [Gustavo Sales](https://redirect.github.com/gussalesdev)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
jbcnconf-react ❌ Failed (Inspect) May 19, 2024 10:40am