[Snyk] Upgrade axios from 0.17.1 to 0.21.1

[snyk-bot]

Snyk has created this PR to upgrade axios from 0.17.1 to 0.21.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 8 months ago, on 2020-12-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 0.21.1 - 2020-12-22
  

  0.21.1 (December 21, 2020)

  Fixes and Functionality:

  • Hotfix: Prevent SSRF (#3410)
  • Protocol not parsed when setting proxy config from env vars (#3070)
  • Updating axios in types to be lower case (#2797)
  • Adding a type guard for AxiosError (#2949)

  Internal and Tests:

  • Remove the skipping of the socket http test (#3364)
  • Use different socket for Win32 test (#3375)

  Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • Daniel Lopretto timemachine3030@users.noreply.github.com
  • Jason Kwok JasonHK@users.noreply.github.com
  • Jay jasonsaayman@gmail.com
  • Jonathan Foster jonathan@jonathanfoster.io
  • Remco Haszing remcohaszing@gmail.com
  • Xianming Zhong chinesedfan@qq.com
• 0.21.0 - 2020-10-23
  

  0.21.0 (October 23, 2020)

  Fixes and Functionality:

  • Fixing requestHeaders.Authorization (#3287)
  • Fixing node types (#3237)
  • Fixing axios.delete ignores config.data (#3282)
  • Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
  • Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)

  Internal and Tests:

  • Lock travis to not use node v15 (#3361)

  Documentation:

  • Fixing simple typo, existant -> existent (#3252)
  • Fixing typos (#3309)

  Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • Allan Cruz 57270969+Allanbcruz@users.noreply.github.com
  • George Cheng Gerhut@GMail.com
  • Jay jasonsaayman@gmail.com
  • Kevin Kirsche Kev.Kirsche+GitHub@gmail.com
  • Remco Haszing remcohaszing@gmail.com
  • Taemin Shin cprayer13@gmail.com
  • Tim Gates tim.gates@iress.com
  • Xianming Zhong chinesedfan@qq.com
• 0.20.0 - 2020-08-21
  

  Release of 0.20.0-pre as a full release with no other changes.

• 0.20.0-0 - 2020-07-15
  Read more
• 0.19.2 - 2020-01-22
  
  • Remove unnecessary XSS check (#2679) (see (#2646) for discussion)
• 0.19.1 - 2020-01-07
  

  Fixes and Functionality:

  • Fixing invalid agent issue (#1904)
  • Fix ignore set withCredentials false (#2582)
  • Delete useless default to hash (#2458)
  • Fix HTTP/HTTPs agents passing to follow-redirect (#1904)
  • Fix ignore set withCredentials false (#2582)
  • Fix CI build failure (#2570)
  • Remove dependency on is-buffer from package.json (#1816)
  • Adding options typings (#2341)
  • Adding Typescript HTTP method definition for LINK and UNLINK. (#2444)
  • Update dist with newest changes, fixes Custom Attributes issue
  • Change syntax to see if build passes (#2488)
  • Update Webpack + deps, remove now unnecessary polyfills (#2410)
  • Fix to prevent XSS, throw an error when the URL contains a JS script (#2464)
  • Add custom timeout error copy in config (#2275)
  • Add error toJSON example (#2466)
  • Fixing Vulnerability A Fortify Scan finds a critical Cross-Site Scrip… (#2451)
  • Fixing subdomain handling on no_proxy (#2442)
  • Make redirection from HTTP to HTTPS work ([#2426](https://github.com/axios/axios/pull/2426] and (#2547)
  • Add toJSON property to AxiosError type (#2427)
  • Fixing socket hang up error on node side for slow response. (#1752)
  • Alternative syntax to send data into the body (#2317)
  • Fixing custom config options (#2207)
  • Fixing set config.method after mergeConfig for Axios.prototype.request (#2383)
  • Axios create url bug (#2290)
  • Do not modify config.url when using a relative baseURL (resolves #1628) (#2391)
  • Add typescript HTTP method definition for LINK and UNLINK (#2444)

  Internal:

  • Revert "Update Webpack + deps, remove now unnecessary polyfills" (#2479)
  • Order of if/else blocks is causing unit tests mocking XHR. (#2201)
  • Add license badge (#2446)
  • Fix travis CI build #2386
  • Fix cancellation error on build master. #2290 #2207 (#2407)

  Documentation:

  • Fixing typo in CHANGELOG.md: s/Functionallity/Functionality (#2639)
  • Fix badge, use master branch (#2538)
  • Fix typo in changelog #2193
  • Document fix (#2514)
  • Update docs with no_proxy change, issue #2484 (#2513)
  • Fixing missing words in docs template (#2259)
  • 🐛Fix request finally documentation in README (#2189)
  • updating spelling and adding link to docs (#2212)
  • docs: minor tweak (#2404)
  • Update response interceptor docs (#2399)
  • Update README.md (#2504)
  • Fix word 'sintaxe' to 'syntax' in README.md (#2432)
  • upadating README: notes on CommonJS autocomplete (#2256)
  • Fix grammar in README.md (#2271)
  • Doc fixes, minor examples cleanup (#2198)
• 0.19.0 - 2019-05-30
  Read more
• 0.19.0-beta.1 - 2018-08-09
  

  NOTE: This is a beta version of this release. There may be functionality that is broken in
  certain browsers, though we suspect that builds are hanging and not erroring. See
  https://saucelabs.com/u/axios for the most up-to-date information.

  New Functionality:

  • Add getUri method (#1712)
  • Add support for no_proxy env variable (#1693)
  • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
  • Add second then on axios call (#1623)
  • Typings: allow custom return types
  • Add option to specify character set in responses (with http adapter)

  Fixes:

  • Fix Keep defaults local to instance (#385)
  • Correctly catch exception in http test (#1475)
  • Fix accept header normalization (#1698)
  • Fix http adapter to allow HTTPS connections via HTTP (#959)
  • Fix Removes usage of deprecated Buffer constructor. (#1555, #1622)
  • Fix defaults to use httpAdapter if available (#1285)
    • Fixing defaults to use httpAdapter if available
    • Use a safer, cross-platform method to detect the Node environment
  • Fix Reject promise if request is cancelled by the browser (#537)
  • [Typescript] Fix missing type parameters on delete/head methods
  • [NS]: Send false flag isStandardBrowserEnv for Nativescript
  • Fix missing type parameters on delete/head
  • Fix Default method for an instance always overwritten by get
  • Fix type error when socketPath option in AxiosRequestConfig
  • Capture errors on request data streams
  • Decorate resolve and reject to clear timeout in all cases
• 0.18.1 - 2019-06-01
  

  Security Fix:

  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
• 0.18.0 - 2018-02-19
• 0.17.1 - 2017-11-11

from axios GitHub release notes

Commit messages

Package name: axios

• a64050a Releasing 0.21.1
• d57cd97 Updating changelog for 0.21.1 release
• 8b0f373 Use different socket for Win32 test (#3375)
• e426910 Protocol not parsed when setting proxy config from env vars (#3070)
• c7329fe Hotfix: Prevent SSRF (#3410)
• f472e5d Adding a type guard for `AxiosError` (#2949)
• 7688255 Remove the skipping of the `socket` http test (#3364)
• 820fe6e Updating axios in types to be lower case (#2797)
• 94ca24b Releasing 0.21.0
• 2130a0c Updating changelog for 0.21.0 release
• fbdc150 Lock travis to not use node v15 (#3361)
• 3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
• 9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
• 6d05b96 Fix typos (#3309)
• fa36737 fix axios.delete ignores config.data (#3282)
• b7e954e Fixing node types (#3237)
• 04d45f2 Fixing requestHeaders.Authorization (#3287)
• e8c6e19 docs: Fix simple typo, existant -> existent (#3252)
• 0d87655 Releasing 0.20.0
• cd27741 Updating changelog for 0.20.0 release
• ffea034 Releasing 0.20.0-0
• fe147fb Updating changlog for 0.20.0 beta release
• 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
• c4300a8 Adding support for URLSearchParams in node (#1900)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs