This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade axios from 1.3.4 to 1.6.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **9 versions** ahead of your current version.
- The recommended version was released **23 days ago**, on 2023-12-26.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Cross-site Request Forgery (CSRF) [SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **222/1000** **Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 85, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.15, Score Version: V5 | Proof of Concept
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-AXIOS-6124857](https://snyk.io/vuln/SNYK-JS-AXIOS-6124857) | **222/1000** **Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 85, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.15, Score Version: V5 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: axios
withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)
PRs
feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour.
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/mimir/project/a51037e7-2099-4105-9040-ca8c035921c0?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/mimir/project/a51037e7-2099-4105-9040-ca8c035921c0/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/mimir/project/a51037e7-2099-4105-9040-ca8c035921c0/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade axios from 1.3.4 to 1.6.3.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **9 versions** ahead of your current version. - The recommended version was released **23 days ago**, on 2023-12-26. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459) | **222/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 85, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.15, Score Version: V5 | Proof of Concept
[SNYK-JS-AXIOS-6124857](https://snyk.io/vuln/SNYK-JS-AXIOS-6124857) | **222/1000**
**Why?** Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 85, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.15, Score Version: V5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
-
1.6.3 - 2023-12-26
- Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)
Jay
Willian Agostini
Dmitriy Mozgovoy
-
1.6.2 - 2023-11-14
- withXSRFToken: added withXSRFToken option as a workaround to achieve the old
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
Dmitriy Mozgovoy
Ng Choon Khon (CK)
Muhammad Noman
-
1.6.1 - 2023-11-08
- formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
- platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)
Dmitriy Mozgovoy
Fabian Meyer
-
1.6.0 - 2023-10-26
- CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
- dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
- types: fix AxiosHeaders types; (#5931) (a1c8ad0)
- CVE 2023 45857 ( #6028 )
Dmitriy Mozgovoy
Valentin Panov
Rinku Chaudhari
-
1.5.1 - 2023-09-26
- adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
- formdata: fixed automatic addition of the
- headers: allow
- types: removed duplicated code (9e62056)
Dmitriy Mozgovoy
David Dallas
Sean Sattler
Mustafa Ateş Uzun
Przemyslaw Motacki
Michael Di Prisco
-
1.5.0 - 2023-08-26
- adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
- dns: fixed
- headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
- headers: fixed common Content-Type header merging; (#5832) (8fda276)
- export getAdapter function (#5324) (ca73eb8)
- export: export adapters without
Dmitriy Mozgovoy
夜葬
Jonathan Budiman
Michael Di Prisco
-
1.4.0 - 2023-04-27
- formdata: add
- package: export package internals with unsafe path prefix; (#5677) (df38c94)
- dns: added support for a custom lookup function; (#5339) (2701911)
- types: export
- merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#5679) (e6f7053)
Dmitriy Mozgovoy
Arthur Fiorette
PIYUSH NEGI
-
1.3.6 - 2023-04-19
- types: added transport to RawAxiosRequestConfig (#5445) (6f360a2)
- utils: make isFormData detection logic stricter to avoid unnecessary calling of the
Dmitriy Mozgovoy
Michael Di Prisco
-
1.3.5 - 2023-04-05
- headers: fixed isValidHeaderName to support full list of allowed characters; (#5584) (e7decef)
- params: re-added the ability to set the function as
Dmitriy Mozgovoy
-
1.3.4 - 2023-02-22
- blob: added a check to make sure the Blob class is available in the browser's global scope; (#5548) (3772c8f)
- http: fixed regression bug when handling synchronous errors inside the adapter; (#5564) (a3b246c)
Dmitriy Mozgovoy
lcysgsg
Michael Di Prisco
from axios GitHub release notesRelease notes:
Bug Fixes
Contributors to this release
Release notes:
Features
withCredentialsbehavior; (#6046) (cff9967)PRs
Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Release notes:
Bug Fixes
PRs
Contributors to this release
Release notes:
Bug Fixes
Content-Typeheader for FormData in non-browser environments; (#5917) (bc9af51)content-encodingheader to handle case-insensitive values (#5890) (#5892) (4c89f25)Contributors to this release
Release notes:
Bug Fixes
cacheable-lookupintegration; (#5836) (b3e327d)Features
unsafeprefix (#5839) (1601f4a)Contributors to this release
Release notes:
Bug Fixes
multipart/form-datacontent type for FormData payload on custom client environments; (#5678) (bbb61e7)Features
AxiosHeaderValuetype. (#5525) (726f1c8)Performance Improvements
Contributors to this release
Release notes:
Bug Fixes
toStringmethod on the target; (#5661) (aa372f7)Contributors to this release
Release notes:
Bug Fixes
paramsSerializerconfig; (#5633) (a56c866)Contributors to this release
Release notes:
Bug Fixes
Contributors to this release
Commit messages
Package name: axios
- b15b918 chore(release): v1.6.3 (#6151)
- b76cce0 chore(ci): added branches filter for notify action; (#6084)
- 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
- 8befb86 docs: update alloy link (#6145)
- d18f40d docs: add headline sponsors
- b3be365 chore(release): v1.6.2 (#6082)
- 8739acb chore(ci): removed redundant release action; (#6081)
- bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
- a2b0fb3 chore(docs): update README.md (#6048)
- b12a608 chore(ci): removed paths-ignore filter; (#6080)
- 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
- 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
- cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
- 7009715 chore(ci): fixed release notification action; (#6064)
- 7144f10 chore(ci): fixed release notification action; (#6063)
- f6d2cf9 chore(ci): fix publish action content permission; (#6061)
- a22f4b9 chore(release): v1.6.1 (#6060)
- cb8bb2b chore(ci): Publish to NPM with provenance (#5835)
- 37cbf92 chore(ci): added labeling and notification for published PRs; (#6059)
- dd465ab fix(formdata): fixed content-type header normalization for non-standard browser environments; (#6056)
- 3dc8369 fix(platform): fixed emulated browser detection in node.js environment; (#6055)
- f7adacd chore(release): v1.6.0 (#6031)
- 9917e67 chore(ci): fix release-it arg; (#6032)
- 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: