search

praekeltfoundation / molo

Molo is a set of tools for publishing low end mobi sites with a community focus.
http://molo.rtfd.org
BSD 2-Clause "Simplified" License
27 stars 5 forks source link

[Snyk] Upgrade axios from 0.9.1 to 0.27.2 #741

Open jerith opened 2 years ago

jerith commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 0.9.1 to 0.27.2.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=axios&from_version=0.9.1&to_version=0.27.2&pr_id=c4c8dc66-3371-4d86-80d0-78004035e9dc&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **38 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2022-04-27. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-1579269](https://snyk.io/vuln/SNYK-JS-AXIOS-1579269) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-AXIOS-174505](https://snyk.io/vuln/SNYK-JS-AXIOS-174505) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | Server-Side Request Forgery (SSRF)
[SNYK-JS-AXIOS-1038255](https://snyk.io/vuln/SNYK-JS-AXIOS-1038255) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios
  • 0.27.2 - 2022-04-27

    0.27.2 (April 27, 2022)

    Fixes and Functionality:

    • Fixed FormData posting in browser environment by reverting #3785 (#4640)
    • Enhanced protocol parsing implementation (#4639)
    • Fixed bundle size
  • 0.27.1 - 2022-04-26

    0.27.1 (April 26, 2022)

    Fixes and Functionality:

    • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
    • Bumped follow-redirects to ^1.14.9 (#4615)
  • 0.27.0 - 2022-04-25

    0.27.0 (April 25, 2022)

    Breaking changes:

    • New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#3757)
    • Removed functionality that removed the the Content-Type request header when passing FormData (#3785)
    • (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#3645)
    • Separated responsibility for FormData instantiation between transformRequest and toFormData (#4470)
    • (*) Improved and fixed multiple issues with FormData support (#4448)

    QOL and DevX improvements:

    • Added a multipart/form-data testing playground allowing contributors to debug changes easily (#4465)

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4515) & (#4516)
    • Bumped follow-redirects to ^1.14.9 (#4562)

    Internal and Tests:

    • Updated dev dependencies to latest version

    Documentation:

    • Fixing incorrect link in changelog (#4551)

    Notes:

    • (*) Please read these pull requests before updating, these changes are very impactful and far reaching.
  • 0.26.1 - 2022-03-09

    0.26.1 (March 9, 2022)

    Fixes and Functionality:

    • Refactored project file structure to avoid circular imports (#4220)
  • 0.26.0 - 2022-02-13

    0.26.0 (February 13, 2022)

    Fixes and Functionality:

    • Fixed The timeoutErrorMessage property in config not work with Node.js (#3581)
    • Added errors to be displayed when the query parsing process itself fails (#3961)
    • Fix/remove url required (#4426)
    • Update follow-redirects dependency due to Vulnerability (#4462)
    • Bump karma from 6.3.11 to 6.3.14 (#4461)
    • Bump follow-redirects from 1.14.7 to 1.14.8 (#4473)
  • 0.25.0 - 2022-01-18

    0.25.0 (January 18, 2022)

    Breaking changes:

    • Fixing maxBodyLength enforcement (#3786)
    • Don't rely on strict mode behaviour for arguments (#3470)
    • Adding error handling when missing url (#3791)
    • Update isAbsoluteURL.js removing escaping of non-special characters (#3809)
    • Use native Array.isArray() in utils.js (#3836)
    • Adding error handling inside stream end callback (#3967)

    Fixes and Functionality:

    • Added aborted even handler (#3916)
    • Header types expanded allowing boolean and number types (#4144)
    • Fix cancel signature allowing cancel message to be undefined (#3153)
    • Updated type checks to be formulated better (#3342)
    • Avoid unnecessary buffer allocations (#3321)
    • Adding a socket handler to keep TCP connection live when processing long living requests (#3422)
    • Added toFormData helper function (#3757)
    • Adding responseEncoding prop type in AxiosRequestConfig (#3918)

    Internal and Tests:

    • Adding axios-test-instance to ecosystem (#3786)
    • Optimize the logic of isAxiosError (#3546)
    • Add tests and documentation to display how multiple inceptors work (#3564)
    • Updating follow-redirects to version 1.14.7 (#4379)

    Documentation:

    • Fixing changelog to show corrext pull request (#4219)
    • Update upgrade guide for https proxy setting (#3604)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.24.0 - 2021-10-25

    0.24.0 (October 25, 2021)

    Breaking changes:

    • Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.23.0 - 2021-10-12

    0.23.0 (October 12, 2021)

    Breaking changes:

    • Distinguish request and response data types (#4116)
    • Change never type to unknown (#4142)
    • Fixed TransitionalOptions typings (#4147)

    Fixes and Functionality:

    • Adding globalObject: 'this' to webpack config (#3176)
    • Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
    • Fix missing semicolon in typings (#4115)
    • Fix response headers types (#4136)

    Internal and Tests:

    • Improve timeout error when timeout is browser default (#3209)
    • Fix node version on CI (#4069)
    • Added testing to TypeScript portion of project (#4140)

    Documentation:

    • Rename Angular to AngularJS (#4114)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.22.0 - 2021-10-01

    0.22.0 (October 01, 2021)

    Fixes and Functionality:

    • Caseless header comparing in HTTP adapter (#2880)
    • Avoid package.json import fixing issues and warnings related to this (#4041), (#4065)
    • Fixed cancelToken leakage and added AbortController support (#3305)
    • Updating CI to run on release branches
    • Bump follow redirects version
    • Fixed default transitional config for custom Axios instance; (#4052)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.4 - 2021-09-06

    0.21.4 (September 6, 2021)

    Fixes and Functionality:

    • Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)

    Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

  • 0.21.3 - 2021-09-04
  • 0.21.2 - 2021-09-04
  • 0.21.1 - 2020-12-22
  • 0.21.0 - 2020-10-23
  • 0.20.0 - 2020-08-21
  • 0.20.0-0 - 2020-07-15
  • 0.19.2 - 2020-01-22
  • 0.19.1 - 2020-01-07
  • 0.19.0 - 2019-05-30
  • 0.19.0-beta.1 - 2018-08-09
  • 0.18.1 - 2019-06-01
  • 0.18.0 - 2018-02-19
  • 0.17.1 - 2017-11-11
  • 0.17.0 - 2017-10-21
  • 0.16.2 - 2017-06-03
  • 0.16.1 - 2017-04-08
  • 0.16.0 - 2017-04-01
  • 0.15.3 - 2016-11-27
  • 0.15.2 - 2016-10-18
  • 0.15.1 - 2016-10-15
  • 0.15.0 - 2016-10-11
  • 0.14.0 - 2016-08-27
  • 0.13.1 - 2016-07-16
  • 0.13.0 - 2016-07-13
  • 0.12.0 - 2016-06-01
  • 0.11.1 - 2016-05-17
  • 0.11.0 - 2016-04-27
  • 0.10.0 - 2016-04-21
  • 0.9.1 - 2016-01-24
from axios GitHub release notes
Commit messages
Package name: axios
  • bc733fe Releasing v0.27.2
  • b9e9fb4 Enhanced protocol parsing implementation to fix #4633; (#4639)
  • 76432c1 Fixed FormData posting in browser environment by reverting #3785; (#4640)
  • 82fd15f Combined build process and cleaned it up a bit
  • 1d82af1 Fixing issues with bundle sizes
  • bcb166e Fixed incorrect date in changelog
  • 838f53b Merge branch 'master' of github.com:axios/axios
  • cb9c534 Releasing v0.27.1
  • 91d21fc Releasing v0.72.1
  • 167cb8b Remove eslint-g package as this seems have been added in error
  • 4f7e3e3 Removed import of url module in browser build due to significant size overhead; (#4594)
  • cdd7add Fixed date on chnagelog
  • f94dda9 Bump async from 2.6.3 to 2.6.4 (#4615)
  • 008dd9d Releaseing version 0.27.0
  • ee151a7 Revert some changes that are only required when we actually release
  • 499d3be follow-redirects to ^1.14.9 (#4562)
  • d24ce8e Updated a number of out of date dev packages
  • 5b0d492 Bump minimist from 1.2.5 to 1.2.6 (#4574)
  • cdda1ad Merge branch 'carpben-env-form-data'
  • 3e0954d Fixed merge conflicts
  • a3dd603 Merge branch 'Tivix-fix#1603'
  • 9b8e004 Merge branch 'fix#1603' of https://github.com/Tivix/axios into Tivix-fix#1603
  • 1f13dd7 Fixed some imports that were not correct
  • 8699891 Fixed merge conflicts
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/samer/project/c60491e1-009b-46c7-bc0a-5948c4ee965e?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/samer/project/c60491e1-009b-46c7-bc0a-5948c4ee965e/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/samer/project/c60491e1-009b-46c7-bc0a-5948c4ee965e/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)