Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Release Notes
axios/axios
### [`v0.19.0`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#0190-May-30-2019)
[Compare Source](https://togithub.com/axios/axios/compare/v0.18.0...v0.19.0)
Fixes and Functionality:
- Unzip response body only for statuses != 204 ([#1129](https://togithub.com/axios/axios/pull/1129)) - drawski
- Destroy stream on exceeding maxContentLength (fixes [#1098](https://togithub.com/axios/axios/issues/1098)) ([#1485](https://togithub.com/axios/axios/pull/1485)) - Gadzhi Gadzhiev
- Makes Axios error generic to use AxiosResponse ([#1738](https://togithub.com/axios/axios/pull/1738)) - Suman Lama
- Fixing Mocha tests by locking follow-redirects version to 1.5.10 ([#1993](https://togithub.com/axios/axios/pull/1993)) - grumblerchester
- Allow uppercase methods in typings. ([#1781](https://togithub.com/axios/axios/pull/1781)) - Ken Powers
- Fixing .eslintrc without extension ([#1789](https://togithub.com/axios/axios/pull/1789)) - Manoel
- Consistent coding style ([#1787](https://togithub.com/axios/axios/pull/1787)) - Ali Servet Donmez
- Fixing building url with hash mark ([#1771](https://togithub.com/axios/axios/pull/1771)) - Anatoly Ryabov
- This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after `#`, because client cut everything after `#`
- Preserve HTTP method when following redirect ([#1758](https://togithub.com/axios/axios/pull/1758)) - Rikki Gibson
- Add `getUri` signature to TypeScript definition. ([#1736](https://togithub.com/axios/axios/pull/1736)) - Alexander Trauzzi
- Adding isAxiosError flag to errors thrown by axios ([#1419](https://togithub.com/axios/axios/pull/1419)) - Ayush Gupta
- Fix failing SauceLabs tests by updating configuration - Emily Morehouse
Documentation:
- Add information about auth parameter to README ([#2166](https://togithub.com/axios/axios/pull/2166)) - xlaguna
- Add DELETE to list of methods that allow data as a config option ([#2169](https://togithub.com/axios/axios/pull/2169)) - Daniela Borges Matos de Carvalho
- Update ECOSYSTEM.md - Add Axios Endpoints ([#2176](https://togithub.com/axios/axios/pull/2176)) - Renan
- Add r2curl in ECOSYSTEM ([#2141](https://togithub.com/axios/axios/pull/2141)) - 유용우 / CX
- Update README.md - Add instructions for installing with yarn ([#2036](https://togithub.com/axios/axios/pull/2036)) - Victor Hermes
- Fixing spacing for README.md ([#2066](https://togithub.com/axios/axios/pull/2066)) - Josh McCarty
- Update README.md. - Change `.then` to `.finally` in example code ([#2090](https://togithub.com/axios/axios/pull/2090)) - Omar Cai
- Clarify what values responseType can have in Node ([#2121](https://togithub.com/axios/axios/pull/2121)) - Tyler Breisacher
- docs(ECOSYSTEM): add axios-api-versioning ([#2020](https://togithub.com/axios/axios/pull/2020)) - Weffe
- It seems that `responseType: 'blob'` doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
- Add issue templates - Emily Morehouse
- Update README.md. - Add Querystring library note ([#1896](https://togithub.com/axios/axios/pull/1896)) - Dmitriy Eroshenko
- Add react-hooks-axios to Libraries section of ECOSYSTEM.md ([#1925](https://togithub.com/axios/axios/pull/1925)) - Cody Chan
- Clarify in README that default timeout is 0 (no timeout) ([#1750](https://togithub.com/axios/axios/pull/1750)) - Ben Standefer
Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Renovate Bot. View repository job log here.
This PR contains the following updates:
^0.18.0->^0.19.0GitHub Vulnerability Alerts
CVE-2019-10742
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Release Notes
axios/axios
### [`v0.19.0`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#0190-May-30-2019) [Compare Source](https://togithub.com/axios/axios/compare/v0.18.0...v0.19.0) Fixes and Functionality: - Unzip response body only for statuses != 204 ([#1129](https://togithub.com/axios/axios/pull/1129)) - drawski - Destroy stream on exceeding maxContentLength (fixes [#1098](https://togithub.com/axios/axios/issues/1098)) ([#1485](https://togithub.com/axios/axios/pull/1485)) - Gadzhi Gadzhiev - Makes Axios error generic to use AxiosResponse ([#1738](https://togithub.com/axios/axios/pull/1738)) - Suman Lama - Fixing Mocha tests by locking follow-redirects version to 1.5.10 ([#1993](https://togithub.com/axios/axios/pull/1993)) - grumblerchester - Allow uppercase methods in typings. ([#1781](https://togithub.com/axios/axios/pull/1781)) - Ken Powers - Fixing .eslintrc without extension ([#1789](https://togithub.com/axios/axios/pull/1789)) - Manoel - Consistent coding style ([#1787](https://togithub.com/axios/axios/pull/1787)) - Ali Servet Donmez - Fixing building url with hash mark ([#1771](https://togithub.com/axios/axios/pull/1771)) - Anatoly Ryabov - This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after `#`, because client cut everything after `#` - Preserve HTTP method when following redirect ([#1758](https://togithub.com/axios/axios/pull/1758)) - Rikki Gibson - Add `getUri` signature to TypeScript definition. ([#1736](https://togithub.com/axios/axios/pull/1736)) - Alexander Trauzzi - Adding isAxiosError flag to errors thrown by axios ([#1419](https://togithub.com/axios/axios/pull/1419)) - Ayush Gupta - Fix failing SauceLabs tests by updating configuration - Emily Morehouse Documentation: - Add information about auth parameter to README ([#2166](https://togithub.com/axios/axios/pull/2166)) - xlaguna - Add DELETE to list of methods that allow data as a config option ([#2169](https://togithub.com/axios/axios/pull/2169)) - Daniela Borges Matos de Carvalho - Update ECOSYSTEM.md - Add Axios Endpoints ([#2176](https://togithub.com/axios/axios/pull/2176)) - Renan - Add r2curl in ECOSYSTEM ([#2141](https://togithub.com/axios/axios/pull/2141)) - 유용우 / CX - Update README.md - Add instructions for installing with yarn ([#2036](https://togithub.com/axios/axios/pull/2036)) - Victor Hermes - Fixing spacing for README.md ([#2066](https://togithub.com/axios/axios/pull/2066)) - Josh McCarty - Update README.md. - Change `.then` to `.finally` in example code ([#2090](https://togithub.com/axios/axios/pull/2090)) - Omar Cai - Clarify what values responseType can have in Node ([#2121](https://togithub.com/axios/axios/pull/2121)) - Tyler Breisacher - docs(ECOSYSTEM): add axios-api-versioning ([#2020](https://togithub.com/axios/axios/pull/2020)) - Weffe - It seems that `responseType: 'blob'` doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser - Add issue templates - Emily Morehouse - Update README.md. - Add Querystring library note ([#1896](https://togithub.com/axios/axios/pull/1896)) - Dmitriy Eroshenko - Add react-hooks-axios to Libraries section of ECOSYSTEM.md ([#1925](https://togithub.com/axios/axios/pull/1925)) - Cody Chan - Clarify in README that default timeout is 0 (no timeout) ([#1750](https://togithub.com/axios/axios/pull/1750)) - Ben StandeferRenovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!".:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.