[Snyk] Upgrade axios from 0.18.0 to 0.28.0 by dmh34 · Pull Request #15 · dmh34/A-PlusBlocks

dmh34 · 2024-03-29T17:44:55Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 0.18.0 to 0.28.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 22 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-02-12.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MIXINDEEP-450212	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASHES-2434290	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-450202	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-AXIOS-174505	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HAPIHOEK-548452	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Insufficiently Protected Credentials SNYK-JS-AUTH0JS-565004	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASHES-2434283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Command Injection SNYK-JS-LODASHES-2434284	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASHES-2434285	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-469063	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579152	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-2407770	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Timing Attack SNYK-JS-ELLIPTIC-511941	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Information Exposure SNYK-JS-EVENTSOURCE-2823375	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

0.28.0 - 2024-02-12
Release notes:

Bug Fixes
- fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)
Backports from v1.x:
- Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
- Fixing content-type header repeated #4745
- Fixed timeout error message for HTTP 4738
- Added axios.formToJSON method (#4735)
- URL params serializer (#4734)
- Fixed toFormData Blob issue on node>v17 #4728
- Adding types for progress event callbacks #4675
- Fixed max body length defaults #4731
- Added data URL support for node.js (#4725)
- Added isCancel type assert (#4293)
- Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
- Add string[] to AxiosRequestHeaders type (#4322)
- Allow type definition for axios instance methods (#4224)
- Fixed AxiosError stack capturing; (#4718)
- Fixed AxiosError status code type; (#4717)
- Adding Canceler parameters config and request (#4711)
- fix(types): allow to specify partial default headers for instance creation (#4185)
- Added blob to the list of protocols supported by the browser (#4678)
- Fixing Z_BUF_ERROR when no content (#4701)
- Fixed race condition on immediate requests cancellation (#4261)
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
- Fix TS definition for AxiosRequestTransformer (#4201)
- Use type alias instead of interface for AxiosPromise (#4505)
- Include request and config when creating a CanceledError instance (#4659)
- Added generic TS types for the exposed toFormData helper (#4668)
- Optimized the code that checks cancellation (#4587)
- Replaced webpack with rollup (#4596)
- Added stack trace to AxiosError (#4624)
- Updated AxiosError.config to be optional in the type definition (#4665)
- Removed incorrect argument for NetworkError constructor (#4656)
0.27.2 - 2022-04-27
0.27.1 - 2022-04-26
0.27.0 - 2022-04-25
0.26.1 - 2022-03-09
0.26.0 - 2022-02-13
0.25.0 - 2022-01-18
0.24.0 - 2021-10-25
0.23.0 - 2021-10-12
0.22.0 - 2021-10-01
0.21.4 - 2021-09-06
0.21.3 - 2021-09-04
0.21.2 - 2021-09-04
0.21.1 - 2020-12-22
0.21.0 - 2020-10-23
0.20.0 - 2020-08-21
0.20.0-0 - 2020-07-15
0.19.2 - 2020-01-22
0.19.1 - 2020-01-07
0.19.0 - 2019-05-30
0.19.0-beta.1 - 2018-08-09
0.18.1 - 2019-06-01
0.18.0 - 2018-02-19

from axios GitHub release notes

Commit messages

Package name: axios

3b7635a [Release] v0.28.0 (#6211)
27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
80c3d74 chore(ci): backported publish action; (#6224)
2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
880b42e docs: Fix a typo in README
c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (#4927)
80b546c fix: loosing request header (#4858) (#4871)
6acb5ef feat: brower platform add data protocol. (#4814)
bbb2264 fix(typing): axios response headers can be undefined (#4813)
eff25a2 chore: updated close stale workflow
6b44df0 chore: added dependancy review
94c1f7d chore: added code QL for the 0.x branch
5576c2f chore: update ci runner rules
871ef05 Fix - Request ignores false, 0 and empty string as body values (#4786)
3dad74c Update base with master (#4754)
12103f8 chore: adjusted CI to run on any current and future version branches
1504792 Fixing content-type header repeated (#4745)
a11f950 Fix/4737/timeout error message for http (#4738)
9bb016f chore: updated actions to run on new version based branches
c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
a02fe28 Updated README.md; (#4742)
59dfed6 Bump grunt from 1.5.2 to 1.5.3 (#4743)
c008e57 Added `axios.formToJSON` method; (#4735)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade axios from 0.18.0 to 0.28.0. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/dmh34/project/76d8201a-82f7-4ec5-a64d-797d16c0fb6d?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade axios from 0.18.0 to 0.28.0#15

[Snyk] Upgrade axios from 0.18.0 to 0.28.0#15
dmh34 wants to merge 1 commit into
masterfrom
snyk-upgrade-82871c238e658c1f71fc1c2c20f58f23

dmh34 commented Mar 29, 2024

Release notes:

Bug Fixes

Backports from v1.x:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dmh34 commented Mar 29, 2024

Snyk has created this PR to upgrade axios from 0.18.0 to 0.28.0.

Release notes:

Bug Fixes

Backports from v1.x:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants