socket-security[bot]
commented
3 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/axios@0.28.0 | network | 0 |
878 kB | jasonsaayman |
🚮 Removed packages: npm/axios@0.21.1
This PR contains the following updates:
0.21.1->0.28.0axios Inefficient Regular Expression Complexity vulnerability
CVE-2021-3749 / GHSA-cph5-m8f7-6c5x
More information
#### Details axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2021-3749](https://nvd.nist.gov/vuln/detail/CVE-2021-3749) - [https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929](https://togithub.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929) - [https://www.oracle.com/security-alerts/cpujul2022.html](https://www.oracle.com/security-alerts/cpujul2022.html) - [https://www.npmjs.com/package/axios](https://www.npmjs.com/package/axios) - [https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E](https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E) - [https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E) - [https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E](https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E) - [https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31](https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31) - [https://github.com/axios/axios](https://togithub.com/axios/axios) - [https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-cph5-m8f7-6c5x) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Axios Cross-Site Request Forgery Vulnerability
CVE-2023-45857 / GHSA-wf5p-g6vw-rhxx
More information
#### Details An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. #### Severity - CVSS Score: 6.5 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2023-45857](https://nvd.nist.gov/vuln/detail/CVE-2023-45857) - [https://github.com/axios/axios/issues/6006](https://togithub.com/axios/axios/issues/6006) - [https://github.com/axios/axios/issues/6022](https://togithub.com/axios/axios/issues/6022) - [https://github.com/axios/axios/pull/6028](https://togithub.com/axios/axios/pull/6028) - [https://github.com/axios/axios/pull/6091](https://togithub.com/axios/axios/pull/6091) - [https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967](https://togithub.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967) - [https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0](https://togithub.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0) - [https://github.com/axios/axios](https://togithub.com/axios/axios) - [https://github.com/axios/axios/releases/tag/v0.28.0](https://togithub.com/axios/axios/releases/tag/v0.28.0) - [https://github.com/axios/axios/releases/tag/v1.6.0](https://togithub.com/axios/axios/releases/tag/v1.6.0) - [https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459](https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-wf5p-g6vw-rhxx) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).Release Notes
axios/axios (axios)
### [`v0.28.0`](https://togithub.com/axios/axios/releases/tag/v0.28.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.27.2...v0.28.0) #### Release notes: ##### Bug Fixes - fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#6091](https://togithub.com/axios/axios/issues/6091)) ##### Backports from v1.x: - Allow null indexes on formSerializer and paramsSerializer v0.x ([#4961](https://togithub.com/axios/axios/issues/4961)) - Fixing content-type header repeated [#4745](https://togithub.com/axios/axios/issues/4745) - Fixed timeout error message for HTTP 4738 - Added `axios.formToJSON` method ([#4735](https://togithub.com/axios/axios/issues/4735)) - URL params serializer ([#4734](https://togithub.com/axios/axios/issues/4734)) - Fixed toFormData Blob issue on node>v17 [#4728](https://togithub.com/axios/axios/issues/4728) - Adding types for progress event callbacks [#4675](https://togithub.com/axios/axios/issues/4675) - Fixed max body length defaults [#4731](https://togithub.com/axios/axios/issues/4731) - Added data URL support for node.js ([#4725](https://togithub.com/axios/axios/issues/4725)) - Added isCancel type assert ([#4293](https://togithub.com/axios/axios/issues/4293)) - Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#4721](https://togithub.com/axios/axios/issues/4721)) - Add `string[]` to `AxiosRequestHeaders` type ([#4322](https://togithub.com/axios/axios/issues/4322)) - Allow type definition for axios instance methods ([#4224](https://togithub.com/axios/axios/issues/4224)) - Fixed `AxiosError` stack capturing; ([#4718](https://togithub.com/axios/axios/issues/4718)) - Fixed `AxiosError` status code type; ([#4717](https://togithub.com/axios/axios/issues/4717)) - Adding Canceler parameters config and request ([#4711](https://togithub.com/axios/axios/issues/4711)) - fix(types): allow to specify partial default headers for instance creation ([#4185](https://togithub.com/axios/axios/issues/4185)) - Added `blob` to the list of protocols supported by the browser ([#4678](https://togithub.com/axios/axios/issues/4678)) - Fixing Z_BUF_ERROR when no content ([#4701](https://togithub.com/axios/axios/issues/4701)) - Fixed race condition on immediate requests cancellation ([#4261](https://togithub.com/axios/axios/issues/4261)) - Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://togithub.com/axios/axios/pull/4248) - Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#4229](https://togithub.com/axios/axios/issues/4229)) - Fix TS definition for AxiosRequestTransformer ([#4201](https://togithub.com/axios/axios/issues/4201)) - Use type alias instead of interface for AxiosPromise ([#4505](https://togithub.com/axios/axios/issues/4505)) - Include request and config when creating a CanceledError instance ([#4659](https://togithub.com/axios/axios/issues/4659)) - Added generic TS types for the exposed toFormData helper ([#4668](https://togithub.com/axios/axios/issues/4668)) - Optimized the code that checks cancellation ([#4587](https://togithub.com/axios/axios/issues/4587)) - Replaced webpack with rollup ([#4596](https://togithub.com/axios/axios/issues/4596)) - Added stack trace to AxiosError ([#4624](https://togithub.com/axios/axios/issues/4624)) - Updated AxiosError.config to be optional in the type definition ([#4665](https://togithub.com/axios/axios/issues/4665)) - Removed incorrect argument for NetworkError constructor ([#4656](https://togithub.com/axios/axios/issues/4656)) ### [`v0.27.2`](https://togithub.com/axios/axios/releases/tag/v0.27.2) [Compare Source](https://togithub.com/axios/axios/compare/v0.27.1...v0.27.2) Fixes and Functionality: - Fixed FormData posting in browser environment by reverting [#3785](https://togithub.com/axios/axios/issues/3785) ([#4640](https://togithub.com/axios/axios/pull/4640)) - Enhanced protocol parsing implementation ([#4639](https://togithub.com/axios/axios/pull/4639)) - Fixed bundle size ### [`v0.27.1`](https://togithub.com/axios/axios/releases/tag/v0.27.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.27.0...v0.27.1) ##### Fixes and Functionality: - Removed import of url module in browser build due to huge size overhead and builds being broken ([#4594](https://togithub.com/axios/axios/pull/4594)) - Bumped follow-redirects to ^1.14.9 ([#4615](https://togithub.com/axios/axios/pull/4615)) ### [`v0.27.0`](https://togithub.com/axios/axios/releases/tag/v0.27.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.26.1...v0.27.0) ##### Breaking changes: - New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData ([#3757](https://togithub.com/axios/axios/pull/3757)) - Removed functionality that removed the the `Content-Type` request header when passing FormData ([#3785](https://togithub.com/axios/axios/pull/3785)) - **(\*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#3645](https://togithub.com/axios/axios/pull/3645)) - Separated responsibility for FormData instantiation between `transformRequest` and `toFormData` ([#4470](https://togithub.com/axios/axios/pull/4470)) - **(\*)** Improved and fixed multiple issues with FormData support ([#4448](https://togithub.com/axios/axios/pull/4448)) ##### QOL and DevX improvements: - Added a multipart/form-data testing playground allowing contributors to debug changes easily ([#4465](https://togithub.com/axios/axios/pull/4465)) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#4515](https://togithub.com/axios/axios/pull/4516)) & ([#4516](https://togithub.com/axios/axios/pull/4516)) - Bumped follow-redirects to ^1.14.9 ([#4562](https://togithub.com/axios/axios/pull/4562)) ##### Internal and Tests: - Updated dev dependencies to latest version ##### Documentation: - Fixing incorrect link in changelog ([#4551](https://togithub.com/axios/axios/pull/4551)) ##### Notes: - **(\*)** Please read these pull requests before updating, these changes are very impactful and far reaching. ### [`v0.26.1`](https://togithub.com/axios/axios/releases/tag/v0.26.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.26.0...v0.26.1) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#4220](https://togithub.com/axios/axios/pull/4220)) ### [`v0.26.0`](https://togithub.com/axios/axios/releases/tag/v0.26.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.25.0...v0.26.0) ##### Fixes and Functionality: - Fixed The timeoutErrorMessage property in config not work with Node.js ([#3581](https://togithub.com/axios/axios/pull/3581)) - Added errors to be displayed when the query parsing process itself fails ([#3961](https://togithub.com/axios/axios/pull/3961)) - Fix/remove url required ([#4426](https://togithub.com/axios/axios/pull/4426)) - Update follow-redirects dependency due to Vulnerability ([#4462](https://togithub.com/axios/axios/pull/4462)) - Bump karma from 6.3.11 to 6.3.14 ([#4461](https://togithub.com/axios/axios/pull/4461)) - Bump follow-redirects from 1.14.7 to 1.14.8 ([#4473](https://togithub.com/axios/axios/pull/4473)) ### [`v0.25.0`](https://togithub.com/axios/axios/releases/tag/v0.25.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.24.0...v0.25.0) ##### Breaking changes: - Fixing maxBodyLength enforcement ([#3786](https://togithub.com/axios/axios/pull/3786)) - Don't rely on strict mode behaviour for arguments ([#3470](https://togithub.com/axios/axios/pull/3470)) - Adding error handling when missing url ([#3791](https://togithub.com/axios/axios/pull/3791)) - Update isAbsoluteURL.js removing escaping of non-special characters ([#3809](https://togithub.com/axios/axios/pull/3809)) - Use native Array.isArray() in utils.js ([#3836](https://togithub.com/axios/axios/pull/3836)) - Adding error handling inside stream end callback ([#3967](https://togithub.com/axios/axios/pull/3967)) ##### Fixes and Functionality: - Added aborted even handler ([#3916](https://togithub.com/axios/axios/pull/3916)) - Header types expanded allowing `boolean` and `number` types ([#4144](https://togithub.com/axios/axios/pull/4144)) - Fix cancel signature allowing cancel message to be `undefined` ([#3153](https://togithub.com/axios/axios/pull/3153)) - Updated type checks to be formulated better ([#3342](https://togithub.com/axios/axios/pull/3342)) - Avoid unnecessary buffer allocations ([#3321](https://togithub.com/axios/axios/pull/3321)) - Adding a socket handler to keep TCP connection live when processing long living requests ([#3422](https://togithub.com/axios/axios/pull/3422)) - Added toFormData helper function ([#3757](https://togithub.com/axios/axios/pull/3757)) - Adding responseEncoding prop type in AxiosRequestConfig ([#3918](https://togithub.com/axios/axios/pull/3918)) ##### Internal and Tests: - Adding axios-test-instance to ecosystem ([#3786](https://togithub.com/axios/axios/pull/3786)) - Optimize the logic of isAxiosError ([#3546](https://togithub.com/axios/axios/pull/3546)) - Add tests and documentation to display how multiple inceptors work ([#3564](https://togithub.com/axios/axios/pull/3564)) - Updating follow-redirects to version 1.14.7 ([#4379](https://togithub.com/axios/axios/pull/4379)) ##### Documentation: - Fixing changelog to show corrext pull request ([#4219](https://togithub.com/axios/axios/pull/4219)) - Update upgrade guide for https proxy setting ([#3604](https://togithub.com/axios/axios/pull/3604)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Rijk van Zanten](https://togithub.com/rijkvanzanten) - [Kohta Ito](https://togithub.com/koh110) - [Brandon Faulkner](https://togithub.com/bfaulk96) - [Stefano Magni](https://togithub.com/NoriSte) - [enofan](https://togithub.com/fanguangyi) - [Andrey Pechkurov](https://togithub.com/puzpuzpuz) - [Doowonee](https://togithub.com/doowonee) - [Emil Broman](https://togithub.com/emilbroman-eqt) - [Remco Haszing](https://togithub.com/remcohaszing) - [Black-Hole](https://togithub.com/BlackHole1) - [Wolfram Kriesing](https://togithub.com/wolframkriesing) - [Andrew Ovens](https://togithub.com/repl-andrew-ovens) - [Paulo Renato](https://togithub.com/PauloRSF) - [Ben Carp](https://togithub.com/carpben) - [Hirotaka Tagawa](https://togithub.com/wafuwafu13) - [狼族小狈](https://togithub.com/lzxb) - [C. Lewis](https://togithub.com/ctjlewis) - [Felipe Carvalho](https://togithub.com/FCarvalhoVII) - [Daniel](https://togithub.com/djs113) - [Gustavo Sales](https://togithub.com/gussalesdev) ### [`v0.24.0`](https://togithub.com/axios/axios/releases/tag/v0.24.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.23.0...v0.24.0) ##### Breaking changes: - Revert: change type of AxiosResponse to any, please read lengthy discussion here: ([#4141](https://togithub.com/axios/axios/issues/4141)) pull request: ([#4186](https://togithub.com/axios/axios/pull/4186)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Rodry](https://togithub.com/ImRodry) - [Remco Haszing](https://togithub.com/remcohaszing) - [Isaiah Thomason](https://togithub.com/ITenthusiasm) ### [`v0.23.0`](https://togithub.com/axios/axios/releases/tag/v0.23.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.22.0...v0.23.0) ##### Breaking changes: - Distinguish request and response data types ([#4116](https://togithub.com/axios/axios/pull/4116)) - Change never type to unknown ([#4142](https://togithub.com/axios/axios/pull/4142)) - Fixed TransitionalOptions typings ([#4147](https://togithub.com/axios/axios/pull/4147)) ##### Fixes and Functionality: - Adding globalObject: 'this' to webpack config ([#3176](https://togithub.com/axios/axios/pull/3176)) - Adding insecureHTTPParser type to AxiosRequestConfig ([#4066](https://togithub.com/axios/axios/pull/4066)) - Fix missing semicolon in typings ([#4115](https://togithub.com/axios/axios/pull/4115)) - Fix response headers types ([#4136](https://togithub.com/axios/axios/pull/4136)) ##### Internal and Tests: - Improve timeout error when timeout is browser default ([#3209](https://togithub.com/axios/axios/pull/3209)) - Fix node version on CI ([#4069](https://togithub.com/axios/axios/pull/4069)) - Added testing to TypeScript portion of project ([#4140](https://togithub.com/axios/axios/pull/4140)) ##### Documentation: - Rename Angular to AngularJS ([#4114](https://togithub.com/axios/axios/pull/4114)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Evan-Finkelstein](https://togithub.com/Evan-Finkelstein) - [Paweł Szymański](https://togithub.com/Jezorko) - [Dobes Vandermeer](https://togithub.com/dobesv) - [Claas Augner](https://togithub.com/caugner) - [Remco Haszing](https://togithub.com/remcohaszing) - [Evgeniy](https://togithub.com/egmen) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) ### [`v0.22.0`](https://togithub.com/axios/axios/releases/tag/v0.22.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.4...v0.22.0) ##### Fixes and Functionality: - Caseless header comparing in HTTP adapter ([#2880](https://togithub.com/axios/axios/pull/2880)) - Avoid package.json import fixing issues and warnings related to this ([#4041](https://togithub.com/axios/axios/pull/4041)), ([#4065](https://togithub.com/axios/axios/pull/4065)) - Fixed cancelToken leakage and added AbortController support ([#3305](https://togithub.com/axios/axios/pull/3305)) - Updating CI to run on release branches - Bump follow redirects version - Fixed default transitional config for custom Axios instance; ([#4052](https://togithub.com/axios/axios/pull/4052)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Matt R. Wilson](https://togithub.com/mastermatt) - [Xianming Zhong](https://togithub.com/chinesedfan) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) ### [`v0.21.4`](https://togithub.com/axios/axios/releases/tag/v0.21.4) [Compare Source](https://togithub.com/axios/axios/compare/0.21.3...v0.21.4) ##### Fixes and Functionality: - Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard ([#4020](https://togithub.com/axios/axios/pull/4020)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Guillaume Fortaine](https://togithub.com/gfortaine) - [Yusuke Kawasaki](https://togithub.com/kawanet) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) ### [`v0.21.3`](https://togithub.com/axios/axios/releases/tag/0.21.3) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.2...0.21.3) ##### Fixes and Functionality: - Fixing response interceptor not being called when request interceptor is attached ([#4013](https://togithub.com/axios/axios/pull/4013)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Julian Hollmann](https://togithub.com/nerdbeere) ### [`v0.21.2`](https://togithub.com/axios/axios/releases/tag/v0.21.2) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.1...v0.21.2) ##### Fixes and Functionality: - Updating axios requests to be delayed by pre-emptive promise creation ([#2702](https://togithub.com/axios/axios/pull/2702)) - Adding "synchronous" and "runWhen" options to interceptors api ([#2702](https://togithub.com/axios/axios/pull/2702)) - Updating of transformResponse ([#3377](https://togithub.com/axios/axios/pull/3377)) - Adding ability to omit User-Agent header ([#3703](https://togithub.com/axios/axios/pull/3703)) - Adding multiple JSON improvements ([#3688](https://togithub.com/axios/axios/pull/3688), [#3763](https://togithub.com/axios/axios/pull/3763)) - Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#3738](https://togithub.com/axios/axios/pull/3738)) - Adding parseInt to config.timeout ([#3781](https://togithub.com/axios/axios/pull/3781)) - Adding custom return type support to interceptor ([#3783](https://togithub.com/axios/axios/pull/3783)) - Adding security fix for ReDoS vulnerability ([#3980](https://togithub.com/axios/axios/pull/3980)) ##### Internal and Tests: - Updating build dev dependancies ([#3401](https://togithub.com/axios/axios/pull/3401)) - Fixing builds running on Travis CI ([#3538](https://togithub.com/axios/axios/pull/3538)) - Updating follow rediect version ([#3694](https://togithub.com/axios/axios/pull/3694), [#3771](https://togithub.com/axios/axios/pull/3771)) - Updating karma sauce launcher to fix failing sauce tests ([#3712](https://togithub.com/axios/axios/pull/3712), [#3717](https://togithub.com/axios/axios/pull/3717)) - Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#2154](https://togithub.com/axios/axios/pull/2154)) - Fixing tests by bumping karma-sauce-launcher version ([#3813](https://togithub.com/axios/axios/pull/3813)) - Changing testing process from Travis CI to GitHub Actions ([#3938](https://togithub.com/axios/axios/pull/3938)) ##### Documentation: - Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#3539](https://togithub.com/axios/axios/pull/3539)) - Remove duplication of item in changelog ([#3523](https://togithub.com/axios/axios/pull/3523)) - Fixing gramatical errors ([#2642](https://togithub.com/axios/axios/pull/2642)) - Fixing spelling error ([#3567](https://togithub.com/axios/axios/pull/3567)) - Moving gitpod metion ([#2637](https://togithub.com/axios/axios/pull/2637)) - Adding new axios documentation website link ([#3681](https://togithub.com/axios/axios/pull/3681), [#3707](https://togithub.com/axios/axios/pull/3707)) - Updating documentation around dispatching requests ([#3772](https://togithub.com/axios/axios/pull/3772)) - Adding documentation for the type guard isAxiosError ([#3767](https://togithub.com/axios/axios/pull/3767)) - Adding explanation of cancel token ([#3803](https://togithub.com/axios/axios/pull/3803)) - Updating CI status badge ([#3953](https://togithub.com/axios/axios/pull/3953)) - Fixing errors with JSON documentation ([#3936](https://togithub.com/axios/axios/pull/3936)) - Fixing README typo under Request Config ([#3825](https://togithub.com/axios/axios/pull/3825)) - Adding axios-multi-api to the ecosystem file ([#3817](https://togithub.com/axios/axios/pull/3817)) - Adding SECURITY.md to properly disclose security vulnerabilities ([#3981](https://togithub.com/axios/axios/pull/3981)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Sasha Korotkov](https://togithub.com/SashaKoro) - [Daniel Lopretto](https://togithub.com/timemachine3030) - [Mike Bishop](https://togithub.com/MikeBishop) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) - [Mark](https://togithub.com/bimbiltu) - [Philipe Gouveia Paixão](https://togithub.com/piiih) - [hippo](https://togithub.com/hippo2cat) - [ready-research](https://togithub.com/ready-research) - [Xianming Zhong](https://togithub.com/chinesedfan) - [Christopher Chrapka](https://togithub.com/OJezu) - [Brian Anglin](https://togithub.com/anglinb) - [Kohta Ito](https://togithub.com/koh110) - [Ali Clark](https://togithub.com/aliclark) - [caikan](https://togithub.com/caikan) - [Elina Gorshkova](https://togithub.com/elinagorshkova) - [Ryota Ikezawa](https://togithub.com/paveg) - [Nisar Hassan Naqvi](https://togithub.com/nisarhassan12) - [Jake](https://togithub.com/codemaster138) - [TagawaHirotaka](https://togithub.com/wafuwafu13) - [Johannes Jarbratt](https://togithub.com/johachi) - [Mo Sattler](https://togithub.com/MoSattler) - [Sam Carlton](https://togithub.com/ThatGuySam) - [Matt Czapliński](https://togithub.com/MattCCC) - [Ziding Zhang](https://togithub.com/zidingz)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.