search

chatengine-io / react-chat-engine-advanced

Chat Engine's react components done the right way...
MIT License
18 stars 11 forks source link

[Snyk] Upgrade axios from 0.24.0 to 0.26.1 #182

Open alamorre opened 2 years ago

alamorre commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.24.0 to 0.26.1.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=axios&from_version=0.24.0&to_version=0.26.1&pr_id=8bd3f188-e137-4e35-b10e-a18f54790b33&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-03-09. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **372/1000**
**Why?** Proof of Concept exploit, CVSS 5.3 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **372/1000**
**Why?** Proof of Concept exploit, CVSS 5.3 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
  • 0.26.1 - 2022-03-09

    0.26.1 (March 9, 2022)

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4220)
  • 0.26.0 - 2022-02-13

    0.26.0 (February 13, 2022)

    Fixes and Functionality:

    • Fixed The timeoutErrorMessage property in config not work with Node.js (#3581)
    • Added errors to be displayed when the query parsing process itself fails (#3961)
    • Fix/remove url required (#4426)
    • Update follow-redirects dependency due to Vulnerability (#4462)
    • Bump karma from 6.3.11 to 6.3.14 (#4461)
    • Bump follow-redirects from 1.14.7 to 1.14.8 (#4473)
  • 0.25.0 - 2022-01-18

    0.25.0 (January 18, 2022)

    Breaking changes:

    • Fixing maxBodyLength enforcement (#3786)
    • Don't rely on strict mode behaviour for arguments (#3470)
    • Adding error handling when missing url (#3791)
    • Update isAbsoluteURL.js removing escaping of non-special characters (#3809)
    • Use native Array.isArray() in utils.js (#3836)
    • Adding error handling inside stream end callback (#3967)

    Fixes and Functionality:

    • Added aborted even handler (#3916)
    • Header types expanded allowing boolean and number types (#4144)
    • Fix cancel signature allowing cancel message to be undefined (#3153)
    • Updated type checks to be formulated better (#3342)
    • Avoid unnecessary buffer allocations (#3321)
    • Adding a socket handler to keep TCP connection live when processing long living requests (#3422)
    • Added toFormData helper function (#3757)
    • Adding responseEncoding prop type in AxiosRequestConfig (#3918)

    Internal and Tests:

    • Adding axios-test-instance to ecosystem (#3786)
    • Optimize the logic of isAxiosError (#3546)
    • Add tests and documentation to display how multiple inceptors work (#3564)
    • Updating follow-redirects to version 1.14.7 (#4379)

    Documentation:

    • Fixing changelog to show corrext pull request (#4219)
    • Update upgrade guide for https proxy setting (#3604)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.24.0 - 2021-10-25

    0.24.0 (October 25, 2021)

    Breaking changes:

    • Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

from axios GitHub release notes
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/chat-engine/project/0d858128-027e-477e-a459-ee16f1ac05f2?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/chat-engine/project/0d858128-027e-477e-a459-ee16f1ac05f2/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/chat-engine/project/0d858128-027e-477e-a459-ee16f1ac05f2/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
github-actions[bot] commented 2 years ago

size-limit report 📦

Path Size
dist/react-chat-engine-advanced.cjs.production.min.js 237.01 KB (+0.01% 🔺)
dist/react-chat-engine-advanced.esm.js 56 KB (-0.01% 🔽)