Update dependency axios to ^0.21.0 [SECURITY] - autoclosed

renovate[bot] commented 3 years ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios	`^0.19.0` -> `^0.21.0`

GitHub Vulnerability Alerts

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Release Notes

axios/axios

### [`v0.21.1`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#0211-December-21-2020) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1) Fixes and Functionality: - Hotfix: Prevent SSRF ([#3410](https://togithub.com/axios/axios/issues/3410)) - Protocol not parsed when setting proxy config from env vars ([#3070](https://togithub.com/axios/axios/issues/3070)) - Updating axios in types to be lower case ([#2797](https://togithub.com/axios/axios/issues/2797)) - Adding a type guard for `AxiosError` ([#2949](https://togithub.com/axios/axios/issues/2949)) Internal and Tests: - Remove the skipping of the `socket` http test ([#3364](https://togithub.com/axios/axios/issues/3364)) - Use different socket for Win32 test ([#3375](https://togithub.com/axios/axios/issues/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel Lopretto - Jason Kwok - Jay - Jonathan Foster - Remco Haszing - Xianming Zhong ### [`v0.21.0`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#0210-October-23-2020) [Compare Source](https://togithub.com/axios/axios/compare/v0.20.0...v0.21.0) Fixes and Functionality: - Fixing requestHeaders.Authorization ([#3287](https://togithub.com/axios/axios/pull/3287)) - Fixing node types ([#3237](https://togithub.com/axios/axios/pull/3237)) - Fixing axios.delete ignores config.data ([#3282](https://togithub.com/axios/axios/pull/3282)) - Revert "Fixing overwrite Blob/File type as Content-Type in browser. ([#1773](https://togithub.com/axios/axios/issues/1773))" ([#3289](https://togithub.com/axios/axios/pull/3289)) - Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled ([#3200](https://togithub.com/axios/axios/pull/3200)) Internal and Tests: - Lock travis to not use node v15 ([#3361](https://togithub.com/axios/axios/pull/3361)) Documentation: - Fixing simple typo, existant -> existent ([#3252](https://togithub.com/axios/axios/pull/3252)) - Fixing typos ([#3309](https://togithub.com/axios/axios/pull/3309)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Allan Cruz <57270969+Allanbcruz@users.noreply.github.com> - George Cheng - Jay - Kevin Kirsche - Remco Haszing - Taemin Shin - Tim Gates - Xianming Zhong ### [`v0.20.0`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#0200-August-20-2020) [Compare Source](https://togithub.com/axios/axios/compare/v0.19.2...v0.20.0) Release of 0.20.0-pre as a full release with no other changes.

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

slacle commented 3 years ago

Is this repo not maintained anymore? I'm trying integrate WooCommerce with a CRM and thought to use this library to not have to write everything from scratch, but outdated as it is I don't dare to use it. The other language libraries are also way outdated. Any other alternatives that we can use to help integrate WooCommerce with other apps?

qnxdev commented 3 years ago

Why isn't it updated yet?

woocommerce / woocommerce-rest-api-js-lib