fix(deps): upgrade axios and typescript

[jeremyadavis]

This fixes vulnerabilities in the axios library: CVE-2022-0155 and CVE-2022-0536.

There are a couple of things to consider if this PR is worth merging:

• There are a few breaking changes in axios along the way from 0.21.4 to 0.26.1
• Axios used the AbortController type from the DOM library and now doesn't. The upgrade broke a type and the fix was to add "dom" to the tsconfig. Really not sure if that is the correct work around or not.
• The upgrade needed the Omit utility type which wasn't added until 3.5.1, so I had to upgrade the typescript dependency TBH, I don't understand why the tsconfig doesn't exclude node_modules, so maybe that's the better approach unless I'm missing something.

I tested this locally with my company's iOS and Android app and saw no issues. I did not test on the web.

Fixes: #287

[jeremyadavis]

I uncovered an issue with this upgrade and multi-part/form-data:

• Axios Issue: 4406
• Axios Issue: 4460

There is a hack to get around it, but the official fix isn't merged yet so I'm going to undo my usage of the axios upgrade until an official fix is available.

I'll try to remember to update the PR when fixed.

[chakrihacker]

Thanks @jeremyadavis for the PR

[noah-eigenfeld]

@jeremyadavis you should try bumping the version of axios to 0.27.2 per this comment in one of the issues you mentioned.

[jeremyadavis]

I upgrade axios to 0.27.2 I confirmed that it does fix the issue with the multipart/form-data was broken using my company's React Native app.

Notably, axios 0.27.0 had refactored their error handling which broke a couple of tests that had expected null responses, that now have explicit error strings.

[tgensol]

Any update on this one ? thank you !

[florinvasilevilsan]

Could someone please merge and release this? It has been months since it was opened.

[hariks-mm]

@infinitered-circleci @jamonholmgren Any update on this?

Thank you

[TheWirv]

What's the status on this?

[eithe]

Any chance this could be merged and released? Perhaps labeled as beta for a while?

[nazrdogan]

Any update ?

[pgodha]

When this PR can be merged? upgrading axios lib version will fix CVE-2022-0155 and CVE-2022-0536.

[surethink]

@infinitered-circleci any one can merge this? thanks

[eithe]

Pretty please @jamonholmgren, is anyone on your team able to merge this? Or should we move on from apisauce? That's ok, but would be good to know.

[jamonholmgren]

Hey folks, I'll take a look at this. Kinda slipped off my radar. Not enough people tagged me :joy:

[infinitered-circleci]

:tada: This PR is included in version 3.0.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket:

[jamonholmgren]

@jeremyadavis Thanks a ton for sending in this PR, and for your patience.

We've been focusing on Ignite and Reactotron lately, but apisauce is on our list to revive at some point.

[TheScalion]

I have downgraded to ^2.1.5 this version and its working for me. i will upgrade if this PR merge.