hyperledger-archives / aries-framework-go

Hyperledger Aries Framework Go provides packages for building Agent / DIDComm services.
https://wiki.hyperledger.org/display/ARIES/aries-framework-go
Apache License 2.0
240 stars 161 forks source link

[Snyk] Upgrade axios from 0.23.0 to 0.27.2 #3619

Open dhh1128 opened 1 year ago

dhh1128 commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.23.0 to 0.27.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **7 versions** ahead of your current version. - The recommended version was released **a year ago**, on 2022-04-27. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **372/1000**
**Why?** Proof of Concept exploit, CVSS 5.3 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **372/1000**
**Why?** Proof of Concept exploit, CVSS 5.3 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
  • 0.27.2 - 2022-04-27

    Fixes and Functionality:

    • Fixed FormData posting in browser environment by reverting #3785 (#4640)
    • Enhanced protocol parsing implementation (#4639)
    • Fixed bundle size
      </li>
      <li>
        <b>0.27.1</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.27.1">2022-04-26</a></br><h3>Fixes and Functionality:</h3>
    • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
    • Bumped follow-redirects to ^1.14.9 (#4615)
      </li>
      <li>
        <b>0.27.0</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.27.0">2022-04-25</a></br><h3>Breaking changes:</h3>
    • New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#3757)
    • Removed functionality that removed the the Content-Type request header when passing FormData (#3785)
    • (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#3645)
    • Separated responsibility for FormData instantiation between transformRequest and toFormData (#4470)
    • (*) Improved and fixed multiple issues with FormData support (#4448)

    QOL and DevX improvements:

    • Added a multipart/form-data testing playground allowing contributors to debug changes easily (#4465)

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4515) & (#4516)
    • Bumped follow-redirects to ^1.14.9 (#4562)

    Internal and Tests:

    • Updated dev dependencies to latest version

    Documentation:

    • Fixing incorrect link in changelog (#4551)

    Notes:

    • (*) Please read these pull requests before updating, these changes are very impactful and far reaching.
      </li>
      <li>
        <b>0.26.1</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.26.1">2022-03-09</a></br><h3>Fixes and Functionality:</h3>
    • Refactored project file structure to avoid circular imports (#4220)
      </li>
      <li>
        <b>0.26.0</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.26.0">2022-02-13</a></br><h3>Fixes and Functionality:</h3>
    • Fixed The timeoutErrorMessage property in config not work with Node.js (#3581)
    • Added errors to be displayed when the query parsing process itself fails (#3961)
    • Fix/remove url required (#4426)
    • Update follow-redirects dependency due to Vulnerability (#4462)
    • Bump karma from 6.3.11 to 6.3.14 (#4461)
    • Bump follow-redirects from 1.14.7 to 1.14.8 (#4473)
      </li>
      <li>
        <b>0.25.0</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.25.0">2022-01-18</a></br><h3>Breaking changes:</h3>
    • Fixing maxBodyLength enforcement (#3786)
    • Don't rely on strict mode behaviour for arguments (#3470)
    • Adding error handling when missing url (#3791)
    • Update isAbsoluteURL.js removing escaping of non-special characters (#3809)
    • Use native Array.isArray() in utils.js (#3836)
    • Adding error handling inside stream end callback (#3967)

    Fixes and Functionality:

    • Added aborted even handler (#3916)
    • Header types expanded allowing boolean and number types (#4144)
    • Fix cancel signature allowing cancel message to be undefined (#3153)
    • Updated type checks to be formulated better (#3342)
    • Avoid unnecessary buffer allocations (#3321)
    • Adding a socket handler to keep TCP connection live when processing long living requests (#3422)
    • Added toFormData helper function (#3757)
    • Adding responseEncoding prop type in AxiosRequestConfig (#3918)

    Internal and Tests:

    • Adding axios-test-instance to ecosystem (#3786)
    • Optimize the logic of isAxiosError (#3546)
    • Add tests and documentation to display how multiple inceptors work (#3564)
    • Updating follow-redirects to version 1.14.7 (#4379)

    Documentation:

    • Fixing changelog to show corrext pull request (#4219)
    • Update upgrade guide for https proxy setting (#3604)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

      </li>
      <li>
        <b>0.24.0</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.24.0">2021-10-25</a></br><h3>Breaking changes:</h3>
    • Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

      </li>
      <li>
        <b>0.23.0</b> - <a href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.23.0">2021-10-12</a></br><h3>Breaking changes:</h3>
    • Distinguish request and response data types (#4116)
    • Change never type to unknown (#4142)
    • Fixed TransitionalOptions typings (#4147)

    Fixes and Functionality:

    • Adding globalObject: 'this' to webpack config (#3176)
    • Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
    • Fix missing semicolon in typings (#4115)
    • Fix response headers types (#4136)

    Internal and Tests:

    • Improve timeout error when timeout is browser default (#3209)
    • Fix node version on CI (#4069)
    • Added testing to TypeScript portion of project (#4140)

    Documentation:

    • Rename Angular to AngularJS (#4114)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

      </li>
    </ul>
    from <a href="https://snyk.io/redirect/github/axios/axios/releases">axios GitHub release notes</a>

Commit messages
Package name: axios
  • bc733fe Releasing v0.27.2
  • b9e9fb4 Enhanced protocol parsing implementation to fix #4633; (#4639)
  • 76432c1 Fixed FormData posting in browser environment by reverting #3785; (#4640)
  • 82fd15f Combined build process and cleaned it up a bit
  • 1d82af1 Fixing issues with bundle sizes
  • bcb166e Fixed incorrect date in changelog
  • 838f53b Merge branch 'master' of github.com:axios/axios
  • cb9c534 Releasing v0.27.1
  • 91d21fc Releasing v0.72.1
  • 167cb8b Remove eslint-g package as this seems have been added in error
  • 4f7e3e3 Removed import of url module in browser build due to significant size overhead; (#4594)
  • cdd7add Fixed date on chnagelog
  • f94dda9 Bump async from 2.6.3 to 2.6.4 (#4615)
  • 008dd9d Releaseing version 0.27.0
  • ee151a7 Revert some changes that are only required when we actually release
  • 499d3be follow-redirects to ^1.14.9 (#4562)
  • d24ce8e Updated a number of out of date dev packages
  • 5b0d492 Bump minimist from 1.2.5 to 1.2.6 (#4574)
  • cdda1ad Merge branch 'carpben-env-form-data'
  • 3e0954d Fixed merge conflicts
  • a3dd603 Merge branch 'Tivix-fix#1603'
  • 9b8e004 Merge branch 'fix#1603' of https://github.com/Tivix/axios into Tivix-fix#1603
  • 1f13dd7 Fixed some imports that were not correct
  • 8699891 Fixed merge conflicts
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs