Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Release Notes
axios/axios (axios)
### [`v0.28.0`](https://redirect.github.com/axios/axios/releases/tag/v0.28.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.2...v0.28.0)
#### Release notes:
##### Bug Fixes
- fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#6091](https://redirect.github.com/axios/axios/issues/6091))
##### Backports from v1.x:
- Allow null indexes on formSerializer and paramsSerializer v0.x ([#4961](https://redirect.github.com/axios/axios/issues/4961))
- Fixing content-type header repeated [#4745](https://redirect.github.com/axios/axios/issues/4745)
- Fixed timeout error message for HTTP 4738
- Added `axios.formToJSON` method ([#4735](https://redirect.github.com/axios/axios/issues/4735))
- URL params serializer ([#4734](https://redirect.github.com/axios/axios/issues/4734))
- Fixed toFormData Blob issue on node>v17 [#4728](https://redirect.github.com/axios/axios/issues/4728)
- Adding types for progress event callbacks [#4675](https://redirect.github.com/axios/axios/issues/4675)
- Fixed max body length defaults [#4731](https://redirect.github.com/axios/axios/issues/4731)
- Added data URL support for node.js ([#4725](https://redirect.github.com/axios/axios/issues/4725))
- Added isCancel type assert ([#4293](https://redirect.github.com/axios/axios/issues/4293))
- Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#4721](https://redirect.github.com/axios/axios/issues/4721))
- Add `string[]` to `AxiosRequestHeaders` type ([#4322](https://redirect.github.com/axios/axios/issues/4322))
- Allow type definition for axios instance methods ([#4224](https://redirect.github.com/axios/axios/issues/4224))
- Fixed `AxiosError` stack capturing; ([#4718](https://redirect.github.com/axios/axios/issues/4718))
- Fixed `AxiosError` status code type; ([#4717](https://redirect.github.com/axios/axios/issues/4717))
- Adding Canceler parameters config and request ([#4711](https://redirect.github.com/axios/axios/issues/4711))
- fix(types): allow to specify partial default headers for instance creation ([#4185](https://redirect.github.com/axios/axios/issues/4185))
- Added `blob` to the list of protocols supported by the browser ([#4678](https://redirect.github.com/axios/axios/issues/4678))
- Fixing Z_BUF_ERROR when no content ([#4701](https://redirect.github.com/axios/axios/issues/4701))
- Fixed race condition on immediate requests cancellation ([#4261](https://redirect.github.com/axios/axios/issues/4261))
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://redirect.github.com/axios/axios/pull/4248)
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#4229](https://redirect.github.com/axios/axios/issues/4229))
- Fix TS definition for AxiosRequestTransformer ([#4201](https://redirect.github.com/axios/axios/issues/4201))
- Use type alias instead of interface for AxiosPromise ([#4505](https://redirect.github.com/axios/axios/issues/4505))
- Include request and config when creating a CanceledError instance ([#4659](https://redirect.github.com/axios/axios/issues/4659))
- Added generic TS types for the exposed toFormData helper ([#4668](https://redirect.github.com/axios/axios/issues/4668))
- Optimized the code that checks cancellation ([#4587](https://redirect.github.com/axios/axios/issues/4587))
- Replaced webpack with rollup ([#4596](https://redirect.github.com/axios/axios/issues/4596))
- Added stack trace to AxiosError ([#4624](https://redirect.github.com/axios/axios/issues/4624))
- Updated AxiosError.config to be optional in the type definition ([#4665](https://redirect.github.com/axios/axios/issues/4665))
- Removed incorrect argument for NetworkError constructor ([#4656](https://redirect.github.com/axios/axios/issues/4656))
### [`v0.27.2`](https://redirect.github.com/axios/axios/releases/tag/v0.27.2)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.1...v0.27.2)
Fixes and Functionality:
- Fixed FormData posting in browser environment by reverting [#3785](https://redirect.github.com/axios/axios/issues/3785) ([#4640](https://redirect.github.com/axios/axios/pull/4640))
- Enhanced protocol parsing implementation ([#4639](https://redirect.github.com/axios/axios/pull/4639))
- Fixed bundle size
### [`v0.27.1`](https://redirect.github.com/axios/axios/releases/tag/v0.27.1)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.0...v0.27.1)
##### Fixes and Functionality:
- Removed import of url module in browser build due to huge size overhead and builds being broken ([#4594](https://redirect.github.com/axios/axios/pull/4594))
- Bumped follow-redirects to ^1.14.9 ([#4615](https://redirect.github.com/axios/axios/pull/4615))
### [`v0.27.0`](https://redirect.github.com/axios/axios/releases/tag/v0.27.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.1...v0.27.0)
##### Breaking changes:
- New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData ([#3757](https://redirect.github.com/axios/axios/pull/3757))
- Removed functionality that removed the the `Content-Type` request header when passing FormData ([#3785](https://redirect.github.com/axios/axios/pull/3785))
- **(\*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#3645](https://redirect.github.com/axios/axios/pull/3645))
- Separated responsibility for FormData instantiation between `transformRequest` and `toFormData` ([#4470](https://redirect.github.com/axios/axios/pull/4470))
- **(\*)** Improved and fixed multiple issues with FormData support ([#4448](https://redirect.github.com/axios/axios/pull/4448))
##### QOL and DevX improvements:
- Added a multipart/form-data testing playground allowing contributors to debug changes easily ([#4465](https://redirect.github.com/axios/axios/pull/4465))
##### Fixes and Functionality:
- Refactored project file structure to avoid circular imports ([#4515](https://redirect.github.com/axios/axios/pull/4516)) & ([#4516](https://redirect.github.com/axios/axios/pull/4516))
- Bumped follow-redirects to ^1.14.9 ([#4562](https://redirect.github.com/axios/axios/pull/4562))
##### Internal and Tests:
- Updated dev dependencies to latest version
##### Documentation:
- Fixing incorrect link in changelog ([#4551](https://redirect.github.com/axios/axios/pull/4551))
##### Notes:
- **(\*)** Please read these pull requests before updating, these changes are very impactful and far reaching.
### [`v0.26.1`](https://redirect.github.com/axios/axios/releases/tag/v0.26.1)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.0...v0.26.1)
##### Fixes and Functionality:
- Refactored project file structure to avoid circular imports ([#4220](https://redirect.github.com/axios/axios/pull/4220))
### [`v0.26.0`](https://redirect.github.com/axios/axios/releases/tag/v0.26.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.25.0...v0.26.0)
##### Fixes and Functionality:
- Fixed The timeoutErrorMessage property in config not work with Node.js ([#3581](https://redirect.github.com/axios/axios/pull/3581))
- Added errors to be displayed when the query parsing process itself fails ([#3961](https://redirect.github.com/axios/axios/pull/3961))
- Fix/remove url required ([#4426](https://redirect.github.com/axios/axios/pull/4426))
- Update follow-redirects dependency due to Vulnerability ([#4462](https://redirect.github.com/axios/axios/pull/4462))
- Bump karma from 6.3.11 to 6.3.14 ([#4461](https://redirect.github.com/axios/axios/pull/4461))
- Bump follow-redirects from 1.14.7 to 1.14.8 ([#4473](https://redirect.github.com/axios/axios/pull/4473))
### [`v0.25.0`](https://redirect.github.com/axios/axios/releases/tag/v0.25.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.24.0...v0.25.0)
##### Breaking changes:
- Fixing maxBodyLength enforcement ([#3786](https://redirect.github.com/axios/axios/pull/3786))
- Don't rely on strict mode behaviour for arguments ([#3470](https://redirect.github.com/axios/axios/pull/3470))
- Adding error handling when missing url ([#3791](https://redirect.github.com/axios/axios/pull/3791))
- Update isAbsoluteURL.js removing escaping of non-special characters ([#3809](https://redirect.github.com/axios/axios/pull/3809))
- Use native Array.isArray() in utils.js ([#3836](https://redirect.github.com/axios/axios/pull/3836))
- Adding error handling inside stream end callback ([#3967](https://redirect.github.com/axios/axios/pull/3967))
##### Fixes and Functionality:
- Added aborted even handler ([#3916](https://redirect.github.com/axios/axios/pull/3916))
- Header types expanded allowing `boolean` and `number` types ([#4144](https://redirect.github.com/axios/axios/pull/4144))
- Fix cancel signature allowing cancel message to be `undefined` ([#3153](https://redirect.github.com/axios/axios/pull/3153))
- Updated type checks to be formulated better ([#3342](https://redirect.github.com/axios/axios/pull/3342))
- Avoid unnecessary buffer allocations ([#3321](https://redirect.github.com/axios/axios/pull/3321))
- Adding a socket handler to keep TCP connection live when processing long living requests ([#3422](https://redirect.github.com/axios/axios/pull/3422))
- Added toFormData helper function ([#3757](https://redirect.github.com/axios/axios/pull/3757))
- Adding responseEncoding prop type in AxiosRequestConfig ([#3918](https://redirect.github.com/axios/axios/pull/3918))
##### Internal and Tests:
- Adding axios-test-instance to ecosystem ([#3786](https://redirect.github.com/axios/axios/pull/3786))
- Optimize the logic of isAxiosError ([#3546](https://redirect.github.com/axios/axios/pull/3546))
- Add tests and documentation to display how multiple inceptors work ([#3564](https://redirect.github.com/axios/axios/pull/3564))
- Updating follow-redirects to version 1.14.7 ([#4379](https://redirect.github.com/axios/axios/pull/4379))
##### Documentation:
- Fixing changelog to show corrext pull request ([#4219](https://redirect.github.com/axios/axios/pull/4219))
- Update upgrade guide for https proxy setting ([#3604](https://redirect.github.com/axios/axios/pull/3604))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Jay](mailto:jasonsaayman@gmail.com)
- [Rijk van Zanten](https://redirect.github.com/rijkvanzanten)
- [Kohta Ito](https://redirect.github.com/koh110)
- [Brandon Faulkner](https://redirect.github.com/bfaulk96)
- [Stefano Magni](https://redirect.github.com/NoriSte)
- [enofan](https://redirect.github.com/fanguangyi)
- [Andrey Pechkurov](https://redirect.github.com/puzpuzpuz)
- [Doowonee](https://redirect.github.com/doowonee)
- [Emil Broman](https://redirect.github.com/emilbroman-eqt)
- [Remco Haszing](https://redirect.github.com/remcohaszing)
- [Black-Hole](https://redirect.github.com/BlackHole1)
- [Wolfram Kriesing](https://redirect.github.com/wolframkriesing)
- [Andrew Ovens](https://redirect.github.com/repl-andrew-ovens)
- [Paulo Renato](https://redirect.github.com/PauloRSF)
- [Ben Carp](https://redirect.github.com/carpben)
- [Hirotaka Tagawa](https://redirect.github.com/wafuwafu13)
- [狼族小狈](https://redirect.github.com/lzxb)
- [C. Lewis](https://redirect.github.com/ctjlewis)
- [Felipe Carvalho](https://redirect.github.com/FCarvalhoVII)
- [Daniel](https://redirect.github.com/djs113)
- [Gustavo Sales](https://redirect.github.com/gussalesdev)
### [`v0.24.0`](https://redirect.github.com/axios/axios/releases/tag/v0.24.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.23.0...v0.24.0)
##### Breaking changes:
- Revert: change type of AxiosResponse to any, please read lengthy discussion here: ([#4141](https://redirect.github.com/axios/axios/issues/4141)) pull request: ([#4186](https://redirect.github.com/axios/axios/pull/4186))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Jay](mailto:jasonsaayman@gmail.com)
- [Rodry](https://redirect.github.com/ImRodry)
- [Remco Haszing](https://redirect.github.com/remcohaszing)
- [Isaiah Thomason](https://redirect.github.com/ITenthusiasm)
### [`v0.23.0`](https://redirect.github.com/axios/axios/releases/tag/v0.23.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.22.0...v0.23.0)
##### Breaking changes:
- Distinguish request and response data types ([#4116](https://redirect.github.com/axios/axios/pull/4116))
- Change never type to unknown ([#4142](https://redirect.github.com/axios/axios/pull/4142))
- Fixed TransitionalOptions typings ([#4147](https://redirect.github.com/axios/axios/pull/4147))
##### Fixes and Functionality:
- Adding globalObject: 'this' to webpack config ([#3176](https://redirect.github.com/axios/axios/pull/3176))
- Adding insecureHTTPParser type to AxiosRequestConfig ([#4066](https://redirect.github.com/axios/axios/pull/4066))
- Fix missing semicolon in typings ([#4115](https://redirect.github.com/axios/axios/pull/4115))
- Fix response headers types ([#4136](https://redirect.github.com/axios/axios/pull/4136))
##### Internal and Tests:
- Improve timeout error when timeout is browser default ([#3209](https://redirect.github.com/axios/axios/pull/3209))
- Fix node version on CI ([#4069](https://redirect.github.com/axios/axios/pull/4069))
- Added testing to TypeScript portion of project ([#4140](https://redirect.github.com/axios/axios/pull/4140))
##### Documentation:
- Rename Angular to AngularJS ([#4114](https://redirect.github.com/axios/axios/pull/4114))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Jay](mailto:jasonsaayman@gmail.com)
- [Evan-Finkelstein](https://redirect.github.com/Evan-Finkelstein)
- [Paweł Szymański](https://redirect.github.com/Jezorko)
- [Dobes Vandermeer](https://redirect.github.com/dobesv)
- [Claas Augner](https://redirect.github.com/caugner)
- [Remco Haszing](https://redirect.github.com/remcohaszing)
- [Evgeniy](https://redirect.github.com/egmen)
- [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS)
### [`v0.22.0`](https://redirect.github.com/axios/axios/releases/tag/v0.22.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.4...v0.22.0)
##### Fixes and Functionality:
- Caseless header comparing in HTTP adapter ([#2880](https://redirect.github.com/axios/axios/pull/2880))
- Avoid package.json import fixing issues and warnings related to this ([#4041](https://redirect.github.com/axios/axios/pull/4041)), ([#4065](https://redirect.github.com/axios/axios/pull/4065))
- Fixed cancelToken leakage and added AbortController support ([#3305](https://redirect.github.com/axios/axios/pull/3305))
- Updating CI to run on release branches
- Bump follow redirects version
- Fixed default transitional config for custom Axios instance; ([#4052](https://redirect.github.com/axios/axios/pull/4052))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Jay](mailto:jasonsaayman@gmail.com)
- [Matt R. Wilson](https://redirect.github.com/mastermatt)
- [Xianming Zhong](https://redirect.github.com/chinesedfan)
- [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS)
### [`v0.21.4`](https://redirect.github.com/axios/axios/releases/tag/v0.21.4)
[Compare Source](https://redirect.github.com/axios/axios/compare/0.21.3...v0.21.4)
##### Fixes and Functionality:
- Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard ([#4020](https://redirect.github.com/axios/axios/pull/4020))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Guillaume Fortaine](https://redirect.github.com/gfortaine)
- [Yusuke Kawasaki](https://redirect.github.com/kawanet)
- [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS)
### [`v0.21.3`](https://redirect.github.com/axios/axios/releases/tag/0.21.3)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.2...0.21.3)
##### Fixes and Functionality:
- Fixing response interceptor not being called when request interceptor is attached ([#4013](https://redirect.github.com/axios/axios/pull/4013))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Julian Hollmann](https://redirect.github.com/nerdbeere)
### [`v0.21.2`](https://redirect.github.com/axios/axios/releases/tag/v0.21.2)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.1...v0.21.2)
##### Fixes and Functionality:
- Updating axios requests to be delayed by pre-emptive promise creation ([#2702](https://redirect.github.com/axios/axios/pull/2702))
- Adding "synchronous" and "runWhen" options to interceptors api ([#2702](https://redirect.github.com/axios/axios/pull/2702))
- Updating of transformResponse ([#3377](https://redirect.github.com/axios/axios/pull/3377))
- Adding ability to omit User-Agent header ([#3703](https://redirect.github.com/axios/axios/pull/3703))
- Adding multiple JSON improvements ([#3688](https://redirect.github.com/axios/axios/pull/3688), [#3763](https://redirect.github.com/axios/axios/pull/3763))
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#3738](https://redirect.github.com/axios/axios/pull/3738))
- Adding parseInt to config.timeout ([#3781](https://redirect.github.com/axios/axios/pull/3781))
- Adding custom return type support to interceptor ([#3783](https://redirect.github.com/axios/axios/pull/3783))
- Adding security fix for ReDoS vulnerability ([#3980](https://redirect.github.com/axios/axios/pull/3980))
##### Internal and Tests:
- Updating build dev dependancies ([#3401](https://redirect.github.com/axios/axios/pull/3401))
- Fixing builds running on Travis CI ([#3538](https://redirect.github.com/axios/axios/pull/3538))
- Updating follow rediect version ([#3694](https://redirect.github.com/axios/axios/pull/3694), [#3771](https://redirect.github.com/axios/axios/pull/3771))
- Updating karma sauce launcher to fix failing sauce tests ([#3712](https://redirect.github.com/axios/axios/pull/3712), [#3717](https://redirect.github.com/axios/axios/pull/3717))
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#2154](https://redirect.github.com/axios/axios/pull/2154))
- Fixing tests by bumping karma-sauce-launcher version ([#3813](https://redirect.github.com/axios/axios/pull/3813))
- Changing testing process from Travis CI to GitHub Actions ([#3938](https://redirect.github.com/axios/axios/pull/3938))
##### Documentation:
- Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#3539](https://redirect.github.com/axios/axios/pull/3539))
- Remove duplication of item in changelog ([#3523](https://redirect.github.com/axios/axios/pull/3523))
- Fixing gramatical errors ([#2642](https://redirect.github.com/axios/axios/pull/2642))
- Fixing spelling error ([#3567](https://redirect.github.com/axios/axios/pull/3567))
- Moving gitpod metion ([#2637](https://redirect.github.com/axios/axios/pull/2637))
- Adding new axios documentation website link ([#3681](https://redirect.github.com/axios/axios/pull/3681), [#3707](https://redirect.github.com/axios/axios/pull/3707))
- Updating documentation around dispatching requests ([#3772](https://redirect.github.com/axios/axios/pull/3772))
- Adding documentation for the type guard isAxiosError ([#3767](https://redirect.github.com/axios/axios/pull/3767))
- Adding explanation of cancel token ([#3803](https://redirect.github.com/axios/axios/pull/3803))
- Updating CI status badge ([#3953](https://redirect.github.com/axios/axios/pull/3953))
- Fixing errors with JSON documentation ([#3936](https://redirect.github.com/axios/axios/pull/3936))
- Fixing README typo under Request Config ([#3825](https://redirect.github.com/axios/axios/pull/3825))
- Adding axios-multi-api to the ecosystem file ([#3817](https://redirect.github.com/axios/axios/pull/3817))
- Adding SECURITY.md to properly disclose security vulnerabilities ([#3981](https://redirect.github.com/axios/axios/pull/3981))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- [Sasha Korotkov](https://redirect.github.com/SashaKoro)
- [Daniel Lopretto](https://redirect.github.com/timemachine3030)
- [Mike Bishop](https://redirect.github.com/MikeBishop)
- [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS)
- [Mark](https://redirect.github.com/bimbiltu)
- [Philipe Gouveia Paixão](https://redirect.github.com/piiih)
- [hippo](https://redirect.github.com/hippo2cat)
- [ready-research](https://redirect.github.com/ready-research)
- [Xianming Zhong](https://redirect.github.com/chinesedfan)
- [Christopher Chrapka](https://redirect.github.com/OJezu)
- [Brian Anglin](https://redirect.github.com/anglinb)
- [Kohta Ito](https://redirect.github.com/koh110)
- [Ali Clark](https://redirect.github.com/aliclark)
- [caikan](https://redirect.github.com/caikan)
- [Elina Gorshkova](https://redirect.github.com/elinagorshkova)
- [Ryota Ikezawa](https://redirect.github.com/paveg)
- [Nisar Hassan Naqvi](https://redirect.github.com/nisarhassan12)
- [Jake](https://redirect.github.com/codemaster138)
- [TagawaHirotaka](https://redirect.github.com/wafuwafu13)
- [Johannes Jarbratt](https://redirect.github.com/johachi)
- [Mo Sattler](https://redirect.github.com/MoSattler)
- [Sam Carlton](https://redirect.github.com/ThatGuySam)
- [Matt Czapliński](https://redirect.github.com/MattCCC)
- [Ziding Zhang](https://redirect.github.com/zidingz)
### [`v0.21.1`](https://redirect.github.com/axios/axios/releases/tag/v0.21.1)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.0...v0.21.1)
##### Fixes and Functionality:
- Hotfix: Prevent SSRF ([#3410](https://redirect.github.com/axios/axios/issues/3410))
- Protocol not parsed when setting proxy config from env vars ([#3070](https://redirect.github.com/axios/axios/issues/3070))
- Updating axios in types to be lower case ([#2797](https://redirect.github.com/axios/axios/issues/2797))
- Adding a type guard for `AxiosError` ([#2949](https://redirect.github.com/axios/axios/issues/2949))
##### Internal and Tests:
- Remove the skipping of the `socket` http test ([#3364](https://redirect.github.com/axios/axios/issues/3364))
- Use different socket for Win32 test ([#3375](https://redirect.github.com/axios/axios/issues/3375))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Daniel Lopretto
- Jason Kwok
- Jay
- Jonathan Foster
- Remco Haszing
- Xianming Zhong
### [`v0.21.0`](https://redirect.github.com/axios/axios/releases/tag/v0.21.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.20.0...v0.21.0)
##### Fixes and Functionality:
- Fixing requestHeaders.Authorization ([#3287](https://redirect.github.com/axios/axios/pull/3287))
- Fixing node types ([#3237](https://redirect.github.com/axios/axios/pull/3237))
- Fixing axios.delete ignores config.data ([#3282](https://redirect.github.com/axios/axios/pull/3282))
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. ([#1773](https://redirect.github.com/axios/axios/issues/1773))" ([#3289](https://redirect.github.com/axios/axios/pull/3289))
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled ([#3200](https://redirect.github.com/axios/axios/pull/3200))
##### Internal and Tests:
- Lock travis to not use node v15 ([#3361](https://redirect.github.com/axios/axios/pull/3361))
##### Documentation:
- Fixing simple typo, existant -> existent ([#3252](https://redirect.github.com/axios/axios/pull/3252))
- Fixing typos ([#3309](https://redirect.github.com/axios/axios/pull/3309))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Allan Cruz <57270969+Allanbcruz@users.noreply.github.com>
- George Cheng
- Jay
- Kevin Kirsche
- Remco Haszing
- Taemin Shin
- Tim Gates
- Xianming Zhong
### [`v0.20.0`](https://redirect.github.com/axios/axios/releases/tag/v0.20.0)
[Compare Source](https://redirect.github.com/axios/axios/compare/v0.19.2...v0.20.0)
Release of 0.20.0-pre as a full release with no other changes.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
^0.19.2->^0.28.00.21.2->0.28.0GitHub Vulnerability Alerts
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
CVE-2021-3749
axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Release Notes
axios/axios (axios)
### [`v0.28.0`](https://redirect.github.com/axios/axios/releases/tag/v0.28.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.2...v0.28.0) #### Release notes: ##### Bug Fixes - fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#6091](https://redirect.github.com/axios/axios/issues/6091)) ##### Backports from v1.x: - Allow null indexes on formSerializer and paramsSerializer v0.x ([#4961](https://redirect.github.com/axios/axios/issues/4961)) - Fixing content-type header repeated [#4745](https://redirect.github.com/axios/axios/issues/4745) - Fixed timeout error message for HTTP 4738 - Added `axios.formToJSON` method ([#4735](https://redirect.github.com/axios/axios/issues/4735)) - URL params serializer ([#4734](https://redirect.github.com/axios/axios/issues/4734)) - Fixed toFormData Blob issue on node>v17 [#4728](https://redirect.github.com/axios/axios/issues/4728) - Adding types for progress event callbacks [#4675](https://redirect.github.com/axios/axios/issues/4675) - Fixed max body length defaults [#4731](https://redirect.github.com/axios/axios/issues/4731) - Added data URL support for node.js ([#4725](https://redirect.github.com/axios/axios/issues/4725)) - Added isCancel type assert ([#4293](https://redirect.github.com/axios/axios/issues/4293)) - Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#4721](https://redirect.github.com/axios/axios/issues/4721)) - Add `string[]` to `AxiosRequestHeaders` type ([#4322](https://redirect.github.com/axios/axios/issues/4322)) - Allow type definition for axios instance methods ([#4224](https://redirect.github.com/axios/axios/issues/4224)) - Fixed `AxiosError` stack capturing; ([#4718](https://redirect.github.com/axios/axios/issues/4718)) - Fixed `AxiosError` status code type; ([#4717](https://redirect.github.com/axios/axios/issues/4717)) - Adding Canceler parameters config and request ([#4711](https://redirect.github.com/axios/axios/issues/4711)) - fix(types): allow to specify partial default headers for instance creation ([#4185](https://redirect.github.com/axios/axios/issues/4185)) - Added `blob` to the list of protocols supported by the browser ([#4678](https://redirect.github.com/axios/axios/issues/4678)) - Fixing Z_BUF_ERROR when no content ([#4701](https://redirect.github.com/axios/axios/issues/4701)) - Fixed race condition on immediate requests cancellation ([#4261](https://redirect.github.com/axios/axios/issues/4261)) - Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://redirect.github.com/axios/axios/pull/4248) - Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#4229](https://redirect.github.com/axios/axios/issues/4229)) - Fix TS definition for AxiosRequestTransformer ([#4201](https://redirect.github.com/axios/axios/issues/4201)) - Use type alias instead of interface for AxiosPromise ([#4505](https://redirect.github.com/axios/axios/issues/4505)) - Include request and config when creating a CanceledError instance ([#4659](https://redirect.github.com/axios/axios/issues/4659)) - Added generic TS types for the exposed toFormData helper ([#4668](https://redirect.github.com/axios/axios/issues/4668)) - Optimized the code that checks cancellation ([#4587](https://redirect.github.com/axios/axios/issues/4587)) - Replaced webpack with rollup ([#4596](https://redirect.github.com/axios/axios/issues/4596)) - Added stack trace to AxiosError ([#4624](https://redirect.github.com/axios/axios/issues/4624)) - Updated AxiosError.config to be optional in the type definition ([#4665](https://redirect.github.com/axios/axios/issues/4665)) - Removed incorrect argument for NetworkError constructor ([#4656](https://redirect.github.com/axios/axios/issues/4656)) ### [`v0.27.2`](https://redirect.github.com/axios/axios/releases/tag/v0.27.2) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.1...v0.27.2) Fixes and Functionality: - Fixed FormData posting in browser environment by reverting [#3785](https://redirect.github.com/axios/axios/issues/3785) ([#4640](https://redirect.github.com/axios/axios/pull/4640)) - Enhanced protocol parsing implementation ([#4639](https://redirect.github.com/axios/axios/pull/4639)) - Fixed bundle size ### [`v0.27.1`](https://redirect.github.com/axios/axios/releases/tag/v0.27.1) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.27.0...v0.27.1) ##### Fixes and Functionality: - Removed import of url module in browser build due to huge size overhead and builds being broken ([#4594](https://redirect.github.com/axios/axios/pull/4594)) - Bumped follow-redirects to ^1.14.9 ([#4615](https://redirect.github.com/axios/axios/pull/4615)) ### [`v0.27.0`](https://redirect.github.com/axios/axios/releases/tag/v0.27.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.1...v0.27.0) ##### Breaking changes: - New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData ([#3757](https://redirect.github.com/axios/axios/pull/3757)) - Removed functionality that removed the the `Content-Type` request header when passing FormData ([#3785](https://redirect.github.com/axios/axios/pull/3785)) - **(\*)** Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole ([#3645](https://redirect.github.com/axios/axios/pull/3645)) - Separated responsibility for FormData instantiation between `transformRequest` and `toFormData` ([#4470](https://redirect.github.com/axios/axios/pull/4470)) - **(\*)** Improved and fixed multiple issues with FormData support ([#4448](https://redirect.github.com/axios/axios/pull/4448)) ##### QOL and DevX improvements: - Added a multipart/form-data testing playground allowing contributors to debug changes easily ([#4465](https://redirect.github.com/axios/axios/pull/4465)) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#4515](https://redirect.github.com/axios/axios/pull/4516)) & ([#4516](https://redirect.github.com/axios/axios/pull/4516)) - Bumped follow-redirects to ^1.14.9 ([#4562](https://redirect.github.com/axios/axios/pull/4562)) ##### Internal and Tests: - Updated dev dependencies to latest version ##### Documentation: - Fixing incorrect link in changelog ([#4551](https://redirect.github.com/axios/axios/pull/4551)) ##### Notes: - **(\*)** Please read these pull requests before updating, these changes are very impactful and far reaching. ### [`v0.26.1`](https://redirect.github.com/axios/axios/releases/tag/v0.26.1) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.26.0...v0.26.1) ##### Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#4220](https://redirect.github.com/axios/axios/pull/4220)) ### [`v0.26.0`](https://redirect.github.com/axios/axios/releases/tag/v0.26.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.25.0...v0.26.0) ##### Fixes and Functionality: - Fixed The timeoutErrorMessage property in config not work with Node.js ([#3581](https://redirect.github.com/axios/axios/pull/3581)) - Added errors to be displayed when the query parsing process itself fails ([#3961](https://redirect.github.com/axios/axios/pull/3961)) - Fix/remove url required ([#4426](https://redirect.github.com/axios/axios/pull/4426)) - Update follow-redirects dependency due to Vulnerability ([#4462](https://redirect.github.com/axios/axios/pull/4462)) - Bump karma from 6.3.11 to 6.3.14 ([#4461](https://redirect.github.com/axios/axios/pull/4461)) - Bump follow-redirects from 1.14.7 to 1.14.8 ([#4473](https://redirect.github.com/axios/axios/pull/4473)) ### [`v0.25.0`](https://redirect.github.com/axios/axios/releases/tag/v0.25.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.24.0...v0.25.0) ##### Breaking changes: - Fixing maxBodyLength enforcement ([#3786](https://redirect.github.com/axios/axios/pull/3786)) - Don't rely on strict mode behaviour for arguments ([#3470](https://redirect.github.com/axios/axios/pull/3470)) - Adding error handling when missing url ([#3791](https://redirect.github.com/axios/axios/pull/3791)) - Update isAbsoluteURL.js removing escaping of non-special characters ([#3809](https://redirect.github.com/axios/axios/pull/3809)) - Use native Array.isArray() in utils.js ([#3836](https://redirect.github.com/axios/axios/pull/3836)) - Adding error handling inside stream end callback ([#3967](https://redirect.github.com/axios/axios/pull/3967)) ##### Fixes and Functionality: - Added aborted even handler ([#3916](https://redirect.github.com/axios/axios/pull/3916)) - Header types expanded allowing `boolean` and `number` types ([#4144](https://redirect.github.com/axios/axios/pull/4144)) - Fix cancel signature allowing cancel message to be `undefined` ([#3153](https://redirect.github.com/axios/axios/pull/3153)) - Updated type checks to be formulated better ([#3342](https://redirect.github.com/axios/axios/pull/3342)) - Avoid unnecessary buffer allocations ([#3321](https://redirect.github.com/axios/axios/pull/3321)) - Adding a socket handler to keep TCP connection live when processing long living requests ([#3422](https://redirect.github.com/axios/axios/pull/3422)) - Added toFormData helper function ([#3757](https://redirect.github.com/axios/axios/pull/3757)) - Adding responseEncoding prop type in AxiosRequestConfig ([#3918](https://redirect.github.com/axios/axios/pull/3918)) ##### Internal and Tests: - Adding axios-test-instance to ecosystem ([#3786](https://redirect.github.com/axios/axios/pull/3786)) - Optimize the logic of isAxiosError ([#3546](https://redirect.github.com/axios/axios/pull/3546)) - Add tests and documentation to display how multiple inceptors work ([#3564](https://redirect.github.com/axios/axios/pull/3564)) - Updating follow-redirects to version 1.14.7 ([#4379](https://redirect.github.com/axios/axios/pull/4379)) ##### Documentation: - Fixing changelog to show corrext pull request ([#4219](https://redirect.github.com/axios/axios/pull/4219)) - Update upgrade guide for https proxy setting ([#3604](https://redirect.github.com/axios/axios/pull/3604)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Rijk van Zanten](https://redirect.github.com/rijkvanzanten) - [Kohta Ito](https://redirect.github.com/koh110) - [Brandon Faulkner](https://redirect.github.com/bfaulk96) - [Stefano Magni](https://redirect.github.com/NoriSte) - [enofan](https://redirect.github.com/fanguangyi) - [Andrey Pechkurov](https://redirect.github.com/puzpuzpuz) - [Doowonee](https://redirect.github.com/doowonee) - [Emil Broman](https://redirect.github.com/emilbroman-eqt) - [Remco Haszing](https://redirect.github.com/remcohaszing) - [Black-Hole](https://redirect.github.com/BlackHole1) - [Wolfram Kriesing](https://redirect.github.com/wolframkriesing) - [Andrew Ovens](https://redirect.github.com/repl-andrew-ovens) - [Paulo Renato](https://redirect.github.com/PauloRSF) - [Ben Carp](https://redirect.github.com/carpben) - [Hirotaka Tagawa](https://redirect.github.com/wafuwafu13) - [狼族小狈](https://redirect.github.com/lzxb) - [C. Lewis](https://redirect.github.com/ctjlewis) - [Felipe Carvalho](https://redirect.github.com/FCarvalhoVII) - [Daniel](https://redirect.github.com/djs113) - [Gustavo Sales](https://redirect.github.com/gussalesdev) ### [`v0.24.0`](https://redirect.github.com/axios/axios/releases/tag/v0.24.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.23.0...v0.24.0) ##### Breaking changes: - Revert: change type of AxiosResponse to any, please read lengthy discussion here: ([#4141](https://redirect.github.com/axios/axios/issues/4141)) pull request: ([#4186](https://redirect.github.com/axios/axios/pull/4186)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Rodry](https://redirect.github.com/ImRodry) - [Remco Haszing](https://redirect.github.com/remcohaszing) - [Isaiah Thomason](https://redirect.github.com/ITenthusiasm) ### [`v0.23.0`](https://redirect.github.com/axios/axios/releases/tag/v0.23.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.22.0...v0.23.0) ##### Breaking changes: - Distinguish request and response data types ([#4116](https://redirect.github.com/axios/axios/pull/4116)) - Change never type to unknown ([#4142](https://redirect.github.com/axios/axios/pull/4142)) - Fixed TransitionalOptions typings ([#4147](https://redirect.github.com/axios/axios/pull/4147)) ##### Fixes and Functionality: - Adding globalObject: 'this' to webpack config ([#3176](https://redirect.github.com/axios/axios/pull/3176)) - Adding insecureHTTPParser type to AxiosRequestConfig ([#4066](https://redirect.github.com/axios/axios/pull/4066)) - Fix missing semicolon in typings ([#4115](https://redirect.github.com/axios/axios/pull/4115)) - Fix response headers types ([#4136](https://redirect.github.com/axios/axios/pull/4136)) ##### Internal and Tests: - Improve timeout error when timeout is browser default ([#3209](https://redirect.github.com/axios/axios/pull/3209)) - Fix node version on CI ([#4069](https://redirect.github.com/axios/axios/pull/4069)) - Added testing to TypeScript portion of project ([#4140](https://redirect.github.com/axios/axios/pull/4140)) ##### Documentation: - Rename Angular to AngularJS ([#4114](https://redirect.github.com/axios/axios/pull/4114)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Evan-Finkelstein](https://redirect.github.com/Evan-Finkelstein) - [Paweł Szymański](https://redirect.github.com/Jezorko) - [Dobes Vandermeer](https://redirect.github.com/dobesv) - [Claas Augner](https://redirect.github.com/caugner) - [Remco Haszing](https://redirect.github.com/remcohaszing) - [Evgeniy](https://redirect.github.com/egmen) - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS) ### [`v0.22.0`](https://redirect.github.com/axios/axios/releases/tag/v0.22.0) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.4...v0.22.0) ##### Fixes and Functionality: - Caseless header comparing in HTTP adapter ([#2880](https://redirect.github.com/axios/axios/pull/2880)) - Avoid package.json import fixing issues and warnings related to this ([#4041](https://redirect.github.com/axios/axios/pull/4041)), ([#4065](https://redirect.github.com/axios/axios/pull/4065)) - Fixed cancelToken leakage and added AbortController support ([#3305](https://redirect.github.com/axios/axios/pull/3305)) - Updating CI to run on release branches - Bump follow redirects version - Fixed default transitional config for custom Axios instance; ([#4052](https://redirect.github.com/axios/axios/pull/4052)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Matt R. Wilson](https://redirect.github.com/mastermatt) - [Xianming Zhong](https://redirect.github.com/chinesedfan) - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS) ### [`v0.21.4`](https://redirect.github.com/axios/axios/releases/tag/v0.21.4) [Compare Source](https://redirect.github.com/axios/axios/compare/0.21.3...v0.21.4) ##### Fixes and Functionality: - Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard ([#4020](https://redirect.github.com/axios/axios/pull/4020)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Guillaume Fortaine](https://redirect.github.com/gfortaine) - [Yusuke Kawasaki](https://redirect.github.com/kawanet) - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS) ### [`v0.21.3`](https://redirect.github.com/axios/axios/releases/tag/0.21.3) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.2...0.21.3) ##### Fixes and Functionality: - Fixing response interceptor not being called when request interceptor is attached ([#4013](https://redirect.github.com/axios/axios/pull/4013)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Julian Hollmann](https://redirect.github.com/nerdbeere) ### [`v0.21.2`](https://redirect.github.com/axios/axios/releases/tag/v0.21.2) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.1...v0.21.2) ##### Fixes and Functionality: - Updating axios requests to be delayed by pre-emptive promise creation ([#2702](https://redirect.github.com/axios/axios/pull/2702)) - Adding "synchronous" and "runWhen" options to interceptors api ([#2702](https://redirect.github.com/axios/axios/pull/2702)) - Updating of transformResponse ([#3377](https://redirect.github.com/axios/axios/pull/3377)) - Adding ability to omit User-Agent header ([#3703](https://redirect.github.com/axios/axios/pull/3703)) - Adding multiple JSON improvements ([#3688](https://redirect.github.com/axios/axios/pull/3688), [#3763](https://redirect.github.com/axios/axios/pull/3763)) - Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#3738](https://redirect.github.com/axios/axios/pull/3738)) - Adding parseInt to config.timeout ([#3781](https://redirect.github.com/axios/axios/pull/3781)) - Adding custom return type support to interceptor ([#3783](https://redirect.github.com/axios/axios/pull/3783)) - Adding security fix for ReDoS vulnerability ([#3980](https://redirect.github.com/axios/axios/pull/3980)) ##### Internal and Tests: - Updating build dev dependancies ([#3401](https://redirect.github.com/axios/axios/pull/3401)) - Fixing builds running on Travis CI ([#3538](https://redirect.github.com/axios/axios/pull/3538)) - Updating follow rediect version ([#3694](https://redirect.github.com/axios/axios/pull/3694), [#3771](https://redirect.github.com/axios/axios/pull/3771)) - Updating karma sauce launcher to fix failing sauce tests ([#3712](https://redirect.github.com/axios/axios/pull/3712), [#3717](https://redirect.github.com/axios/axios/pull/3717)) - Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#2154](https://redirect.github.com/axios/axios/pull/2154)) - Fixing tests by bumping karma-sauce-launcher version ([#3813](https://redirect.github.com/axios/axios/pull/3813)) - Changing testing process from Travis CI to GitHub Actions ([#3938](https://redirect.github.com/axios/axios/pull/3938)) ##### Documentation: - Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#3539](https://redirect.github.com/axios/axios/pull/3539)) - Remove duplication of item in changelog ([#3523](https://redirect.github.com/axios/axios/pull/3523)) - Fixing gramatical errors ([#2642](https://redirect.github.com/axios/axios/pull/2642)) - Fixing spelling error ([#3567](https://redirect.github.com/axios/axios/pull/3567)) - Moving gitpod metion ([#2637](https://redirect.github.com/axios/axios/pull/2637)) - Adding new axios documentation website link ([#3681](https://redirect.github.com/axios/axios/pull/3681), [#3707](https://redirect.github.com/axios/axios/pull/3707)) - Updating documentation around dispatching requests ([#3772](https://redirect.github.com/axios/axios/pull/3772)) - Adding documentation for the type guard isAxiosError ([#3767](https://redirect.github.com/axios/axios/pull/3767)) - Adding explanation of cancel token ([#3803](https://redirect.github.com/axios/axios/pull/3803)) - Updating CI status badge ([#3953](https://redirect.github.com/axios/axios/pull/3953)) - Fixing errors with JSON documentation ([#3936](https://redirect.github.com/axios/axios/pull/3936)) - Fixing README typo under Request Config ([#3825](https://redirect.github.com/axios/axios/pull/3825)) - Adding axios-multi-api to the ecosystem file ([#3817](https://redirect.github.com/axios/axios/pull/3817)) - Adding SECURITY.md to properly disclose security vulnerabilities ([#3981](https://redirect.github.com/axios/axios/pull/3981)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Sasha Korotkov](https://redirect.github.com/SashaKoro) - [Daniel Lopretto](https://redirect.github.com/timemachine3030) - [Mike Bishop](https://redirect.github.com/MikeBishop) - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS) - [Mark](https://redirect.github.com/bimbiltu) - [Philipe Gouveia Paixão](https://redirect.github.com/piiih) - [hippo](https://redirect.github.com/hippo2cat) - [ready-research](https://redirect.github.com/ready-research) - [Xianming Zhong](https://redirect.github.com/chinesedfan) - [Christopher Chrapka](https://redirect.github.com/OJezu) - [Brian Anglin](https://redirect.github.com/anglinb) - [Kohta Ito](https://redirect.github.com/koh110) - [Ali Clark](https://redirect.github.com/aliclark) - [caikan](https://redirect.github.com/caikan) - [Elina Gorshkova](https://redirect.github.com/elinagorshkova) - [Ryota Ikezawa](https://redirect.github.com/paveg) - [Nisar Hassan Naqvi](https://redirect.github.com/nisarhassan12) - [Jake](https://redirect.github.com/codemaster138) - [TagawaHirotaka](https://redirect.github.com/wafuwafu13) - [Johannes Jarbratt](https://redirect.github.com/johachi) - [Mo Sattler](https://redirect.github.com/MoSattler) - [Sam Carlton](https://redirect.github.com/ThatGuySam) - [Matt Czapliński](https://redirect.github.com/MattCCC) - [Ziding Zhang](https://redirect.github.com/zidingz) ### [`v0.21.1`](https://redirect.github.com/axios/axios/releases/tag/v0.21.1) [Compare Source](https://redirect.github.com/axios/axios/compare/v0.21.0...v0.21.1) ##### Fixes and Functionality: - Hotfix: Prevent SSRF ([#3410](https://redirect.github.com/axios/axios/issues/3410)) - Protocol not parsed when setting proxy config from env vars ([#3070](https://redirect.github.com/axios/axios/issues/3070)) - Updating axios in types to be lower case ([#2797](https://redirect.github.com/axios/axios/issues/2797)) - Adding a type guard for `AxiosError` ([#2949](https://redirect.github.com/axios/axios/issues/2949)) ##### Internal and Tests: - Remove the skipping of the `socket` http test ([#3364](https://redirect.github.com/axios/axios/issues/3364)) - Use different socket for Win32 test ([#3375](https://redirect.github.com/axios/axios/issues/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel LoprettoConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.