Update dependency axios to ^0.28.0 [SECURITY] #39

renovate · 2023-11-12T10:44:27Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	`^0.27.0` -> `^0.28.0`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Release Notes

axios/axios (axios)

`v0.28.0`

Compare Source

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
Fixing content-type header repeated #4745
Fixed timeout error message for HTTP 4738
Added axios.formToJSON method (#4735)
URL params serializer (#4734)
Fixed toFormData Blob issue on node>v17 #4728
Adding types for progress event callbacks #4675
Fixed max body length defaults #4731
Added data URL support for node.js (#4725)
Added isCancel type assert (#4293)
Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
Add string[] to AxiosRequestHeaders type (#4322)
Allow type definition for axios instance methods (#4224)
Fixed AxiosError stack capturing; (#4718)
Fixed AxiosError status code type; (#4717)
Adding Canceler parameters config and request (#4711)
fix(types): allow to specify partial default headers for instance creation (#4185)
Added blob to the list of protocols supported by the browser (#4678)
Fixing Z_BUF_ERROR when no content (#4701)
Fixed race condition on immediate requests cancellation (#4261)
Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
Fix TS definition for AxiosRequestTransformer (#4201)
Use type alias instead of interface for AxiosPromise (#4505)
Include request and config when creating a CanceledError instance (#4659)
Added generic TS types for the exposed toFormData helper (#4668)
Optimized the code that checks cancellation (#4587)
Replaced webpack with rollup (#4596)
Added stack trace to AxiosError (#4624)
Updated AxiosError.config to be optional in the type definition (#4665)
Removed incorrect argument for NetworkError constructor (#4656)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 2 times, most recently from 192c27b to 6f5d859 Compare November 16, 2023 14:27

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 4 times, most recently from 198d991 to cc3e161 Compare December 5, 2023 07:14

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 2 times, most recently from e18b811 to d85dfea Compare December 27, 2023 04:31

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 4 times, most recently from c5c3838 to 5fe52c5 Compare January 9, 2024 14:08

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 2 times, most recently from 7accd2f to 7a22d74 Compare January 16, 2024 14:59

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 3 times, most recently from 6794931 to c2a99f4 Compare February 4, 2024 09:23

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from c2a99f4 to eda3db2 Compare February 4, 2024 12:48

renovate bot changed the title ~~Update dependency axios to v1 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Feb 17, 2024

renovate bot force-pushed the renovate/npm-axios-vulnerability branch 2 times, most recently from 869b71a to d32d7d2 Compare February 17, 2024 17:14

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to v1 [SECURITY] Feb 17, 2024

renovate bot changed the title ~~Update dependency axios to v1 [SECURITY]~~ Update dependency axios to v1 [SECURITY] - autoclosed Feb 20, 2024

renovate bot closed this Feb 20, 2024

renovate bot deleted the renovate/npm-axios-vulnerability branch February 20, 2024 21:25

renovate bot changed the title ~~Update dependency axios to v1 [SECURITY] - autoclosed~~ Update dependency axios to v1 [SECURITY] Feb 22, 2024

renovate bot reopened this Feb 22, 2024

renovate bot restored the renovate/npm-axios-vulnerability branch February 22, 2024 23:09

renovate bot changed the title ~~Update dependency axios to v1 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Feb 22, 2024

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from d32d7d2 to 6be0e9d Compare February 22, 2024 23:09

renovate bot changed the title ~~Update dependency axios to ^0.29.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Mar 13, 2025

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.29.0 [SECURITY] Mar 17, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5e9caa9 to 19a14e7 Compare March 17, 2025 12:30

renovate bot changed the title ~~Update dependency axios to ^0.29.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Mar 17, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 19a14e7 to 3cc04c0 Compare March 17, 2025 20:34

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] Apr 1, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 3cc04c0 to 4c898cb Compare April 1, 2025 10:26

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Apr 1, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 4c898cb to a1f49e7 Compare April 1, 2025 17:09

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from a1f49e7 to b1eead8 Compare April 24, 2025 05:46

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] Apr 24, 2025

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] Apr 24, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b1eead8 to 1e681cd Compare April 24, 2025 14:36

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] May 7, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 1e681cd to 9f73436 Compare May 7, 2025 12:14

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] May 7, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 9f73436 to 9576d10 Compare May 7, 2025 16:35

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] May 13, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 9576d10 to 39fcfd8 Compare May 13, 2025 12:09

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] May 13, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 39fcfd8 to 3db9bc6 Compare May 13, 2025 17:09

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] May 19, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 3db9bc6 to e65d8fb Compare May 19, 2025 20:38

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] May 20, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e65d8fb to 624b06b Compare May 20, 2025 02:04

renovate bot changed the title ~~Update dependency axios to ^0.28.0 [SECURITY]~~ Update dependency axios to ^0.30.0 [SECURITY] May 28, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 624b06b to 16ce104 Compare May 28, 2025 13:50

Update dependency axios to ^0.28.0 [SECURITY]

65cc159

renovate bot changed the title ~~Update dependency axios to ^0.30.0 [SECURITY]~~ Update dependency axios to ^0.28.0 [SECURITY] May 28, 2025

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 16ce104 to 65cc159 Compare May 28, 2025 19:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency axios to ^0.28.0 [SECURITY] #39

Update dependency axios to ^0.28.0 [SECURITY] #39

Uh oh!

renovate bot commented Nov 12, 2023 •

edited

Loading

Uh oh!

Uh oh!

Update dependency axios to ^0.28.0 [SECURITY] #39

Are you sure you want to change the base?

Update dependency axios to ^0.28.0 [SECURITY] #39

Uh oh!

Conversation

renovate bot commented Nov 12, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2023-45857

Release Notes

v0.28.0

Release notes:

Bug Fixes

Backports from v1.x:

Configuration

Uh oh!

Uh oh!

renovate bot commented Nov 12, 2023 •

edited

Loading

`v0.28.0`