Snyk has created this PR to upgrade axios from 0.15.3 to 0.24.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is21 versions ahead of your current version.
- The recommended version was released3 months ago, on 2021-10-25.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|
 | Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269 | 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept |
 | Denial of Service (DoS)
SNYK-JS-AXIOS-174505 | 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept |
| Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255 | 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name:axios
- 0.24.0 -2021-10-25
0.24.0 (October 25, 2021)
Breaking changes:
- Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.23.0 -2021-10-12
0.23.0 (October 12, 2021)
Breaking changes:
- Distinguish request and response data types (#4116)
- Change never type to unknown (#4142)
- Fixed TransitionalOptions typings (#4147)
Fixes and Functionality:
- Adding globalObject: 'this' to webpack config (#3176)
- Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
- Fix missing semicolon in typings (#4115)
- Fix response headers types (#4136)
Internal and Tests:
- Improve timeout error when timeout is browser default (#3209)
- Fix node version on CI (#4069)
- Added testing to TypeScript portion of project (#4140)
Documentation:
- Rename Angular to AngularJS (#4114)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.22.0 -2021-10-01
0.22.0 (October 01, 2021)
Fixes and Functionality:
- Caseless header comparing in HTTP adapter (#2880)
- Avoid package.json import fixing issues and warnings related to this (#4041), (#4065)
- Fixed cancelToken leakage and added AbortController support (#3305)
- Updating CI to run on release branches
- Bump follow redirects version
- Fixed default transitional config for custom Axios instance; (#4052)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.21.4 -2021-09-06
0.21.4 (September 6, 2021)
Fixes and Functionality:
- Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.21.3 -2021-09-04
0.21.3 (September 4, 2021)
Fixes and Functionality:
- Fixing response interceptor not being called when request interceptor is attached (#4013)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.21.2 -2021-09-04
0.21.2 (September 4, 2021)
Fixes and Functionality:
- Updating axios requests to be delayed by pre-emptive promise creation (#2702)
- Adding "synchronous" and "runWhen" options to interceptors api (#2702)
- Updating of transformResponse (#3377)
- Adding ability to omit User-Agent header (#3703)
- Adding multiple JSON improvements (#3688,#3763)
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
- Adding parseInt to config.timeout (#3781)
- Adding custom return type support to interceptor (#3783)
- Adding security fix for ReDoS vulnerability (#3980)
Internal and Tests:
- Updating build dev dependancies (#3401)
- Fixing builds running on Travis CI (#3538)
- Updating follow rediect version (#3694,#3771)
- Updating karma sauce launcher to fix failing sauce tests (#3712,#3717)
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
- Fixing tests by bumping karma-sauce-launcher version (#3813)
- Changing testing process from Travis CI to GitHub Actions (#3938)
Documentation:
- Updating documentation around the use of
AUTH_TOKEN with multiple domain endpoints (#3539) - Remove duplication of item in changelog (#3523)
- Fixing gramatical errors (#2642)
- Fixing spelling error (#3567)
- Moving gitpod metion (#2637)
- Adding new axios documentation website link (#3681,#3707)
- Updating documentation around dispatching requests (#3772)
- Adding documentation for the type guard isAxiosError (#3767)
- Adding explanation of cancel token (#3803)
- Updating CI status badge (#3953)
- Fixing errors with JSON documentation (#3936)
- Fixing README typo under Request Config (#3825)
- Adding axios-multi-api to the ecosystem file (#3817)
- Adding SECURITY.md to properly disclose security vulnerabilities (#3981)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.21.1 -2020-12-22
0.21.1 (December 21, 2020)
Fixes and Functionality:
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for
AxiosError (#2949)
Internal and Tests:
- Remove the skipping of the
socket http test (#3364) - Use different socket for Win32 test (#3375)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.21.0 -2020-10-23
0.21.0 (October 23, 2020)
Fixes and Functionality:
- Fixing requestHeaders.Authorization (#3287)
- Fixing node types (#3237)
- Fixing axios.delete ignores config.data (#3282)
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
Internal and Tests:
- Lock travis to not use node v15 (#3361)
Documentation:
- Fixing simple typo, existant -> existent (#3252)
- Fixing typos (#3309)
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- 0.20.0 -2020-08-21
Release of 0.20.0-pre as a full release with no other changes.
- 0.20.0-0 -2020-07-15
Read more - 0.19.2 - 2020-01-22
- 0.19.1 - 2020-01-07
- 0.19.0 - 2019-05-30
- 0.19.0-beta.1 - 2018-08-09
- 0.18.1 - 2019-06-01
- 0.18.0 - 2018-02-19
- 0.17.1 - 2017-11-11
- 0.17.0 - 2017-10-21
- 0.16.2 - 2017-06-03
- 0.16.1 - 2017-04-08
- 0.16.0 - 2017-04-01
- 0.15.3 - 2016-11-27
fromaxios GitHub release notesCommit messages
Package name:axios
- 53d6d37 Adding minfied files
- 6d613b4 Updated changelog
- 2c9cc76 revert: change type of AxiosResponse to any (#4186)
- 1025d12 Release v0.23.0
- 6d1e30f Prepared release notes
- 20e8b6b chore(docs): rename Angular to AngularJS (#4114)
- 94a9344 Test types (#4140)
- fce210a Fixed TransitionalOptions typings (#4147)
- 547815d Mending merge conflict
- e462973 fix response headers types (#4136)
- 7c9a5c5 Fix missing semicolon in typings (#4115)
- 6c00232 Change never type to unknown (#4142)
- 28a06e6 Distinguish request and response data types (#4116)
- ba9c193 Release/v0.22.0 (#4143)
- 76f09af Release/v0.22.0 (#4107)
- 7d6bddb Fix node version on CI (#4069)
- 96956e3 Improve timeout error when timeout is browser default (#3209)
- e52cd3a Add globalObject: 'this' to webpack config (#3176)
- 2bc2507 Adding insecureHTTPParser type to AxiosRequestConfig
- f3ca637 Caseless header comparing in HTTP adapter. (#2880)
- 4091b07 Release/0.21.4 (#4025)
- 90205f8 Change headers type to string record (#3021)
- 92b29d2 Make the default type of response data never (#3002)
- 4eeb3b1 Improved type-safety for AxiosRequestConfig (#2995)
Compare
Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐View latest project report
🛠Adjust upgrade PR settings
🔕Ignore this dependency or unsubscribe from future upgrade PRs
Snyk has created this PR to upgrade axios from 0.15.3 to 0.24.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-AXIOS-1579269
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-174505
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-AXIOS-1038255
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name:axios
- 0.24.0 -2021-10-25
- Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#4141) pull request: (#4186)
- Jay
- Rodry
- Remco Haszing
- Isaiah Thomason
- 0.23.0 -2021-10-12
- Distinguish request and response data types (#4116)
- Change never type to unknown (#4142)
- Fixed TransitionalOptions typings (#4147)
- Adding globalObject: 'this' to webpack config (#3176)
- Adding insecureHTTPParser type to AxiosRequestConfig (#4066)
- Fix missing semicolon in typings (#4115)
- Fix response headers types (#4136)
- Improve timeout error when timeout is browser default (#3209)
- Fix node version on CI (#4069)
- Added testing to TypeScript portion of project (#4140)
- Rename Angular to AngularJS (#4114)
- Jay
- Evan-Finkelstein
- Paweł Szymański
- Dobes Vandermeer
- Claas Augner
- Remco Haszing
- Evgeniy
- Dmitriy Mozgovoy
- 0.22.0 -2021-10-01
- Caseless header comparing in HTTP adapter (#2880)
- Avoid package.json import fixing issues and warnings related to this (#4041), (#4065)
- Fixed cancelToken leakage and added AbortController support (#3305)
- Updating CI to run on release branches
- Bump follow redirects version
- Fixed default transitional config for custom Axios instance; (#4052)
- Jay
- Matt R. Wilson
- Xianming Zhong
- Dmitriy Mozgovoy
- 0.21.4 -2021-09-06
- Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#4020)
- Guillaume Fortaine
- Yusuke Kawasaki
- Dmitriy Mozgovoy
- 0.21.3 -2021-09-04
- Fixing response interceptor not being called when request interceptor is attached (#4013)
- Julian Hollmann
- 0.21.2 -2021-09-04
- Updating axios requests to be delayed by pre-emptive promise creation (#2702)
- Adding "synchronous" and "runWhen" options to interceptors api (#2702)
- Updating of transformResponse (#3377)
- Adding ability to omit User-Agent header (#3703)
- Adding multiple JSON improvements (#3688,#3763)
- Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#3738)
- Adding parseInt to config.timeout (#3781)
- Adding custom return type support to interceptor (#3783)
- Adding security fix for ReDoS vulnerability (#3980)
- Updating build dev dependancies (#3401)
- Fixing builds running on Travis CI (#3538)
- Updating follow rediect version (#3694,#3771)
- Updating karma sauce launcher to fix failing sauce tests (#3712,#3717)
- Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#2154)
- Fixing tests by bumping karma-sauce-launcher version (#3813)
- Changing testing process from Travis CI to GitHub Actions (#3938)
- Updating documentation around the use of
- Remove duplication of item in changelog (#3523)
- Fixing gramatical errors (#2642)
- Fixing spelling error (#3567)
- Moving gitpod metion (#2637)
- Adding new axios documentation website link (#3681,#3707)
- Updating documentation around dispatching requests (#3772)
- Adding documentation for the type guard isAxiosError (#3767)
- Adding explanation of cancel token (#3803)
- Updating CI status badge (#3953)
- Fixing errors with JSON documentation (#3936)
- Fixing README typo under Request Config (#3825)
- Adding axios-multi-api to the ecosystem file (#3817)
- Adding SECURITY.md to properly disclose security vulnerabilities (#3981)
- Sasha Korotkov
- Daniel Lopretto
- Mike Bishop
- Dmitriy Mozgovoy
- Mark
- Philipe Gouveia Paixão
- hippo
- ready-research
- Xianming Zhong
- Christopher Chrapka
- Brian Anglin
- Kohta Ito
- Ali Clark
- caikan
- Elina Gorshkova
- Ryota Ikezawa
- Nisar Hassan Naqvi
- Jake
- TagawaHirotaka
- Johannes Jarbratt
- Mo Sattler
- Sam Carlton
- Matt Czapliński
- Ziding Zhang
- 0.21.1 -2020-12-22
- Hotfix: Prevent SSRF (#3410)
- Protocol not parsed when setting proxy config from env vars (#3070)
- Updating axios in types to be lower case (#2797)
- Adding a type guard for
- Remove the skipping of the
- Use different socket for Win32 test (#3375)
- Daniel Loprettotimemachine3030@users.noreply.github.com
- Jason KwokJasonHK@users.noreply.github.com
- Jayjasonsaayman@gmail.com
- Jonathan Fosterjonathan@jonathanfoster.io
- Remco Haszingremcohaszing@gmail.com
- Xianming Zhongchinesedfan@qq.com
- 0.21.0 -2020-10-23
- Fixing requestHeaders.Authorization (#3287)
- Fixing node types (#3237)
- Fixing axios.delete ignores config.data (#3282)
- Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
- Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
- Lock travis to not use node v15 (#3361)
- Fixing simple typo, existant -> existent (#3252)
- Fixing typos (#3309)
- Allan Cruz57270969+Allanbcruz@users.noreply.github.com
- George ChengGerhut@GMail.com
- Jayjasonsaayman@gmail.com
- Kevin KirscheKev.Kirsche+GitHub@gmail.com
- Remco Haszingremcohaszing@gmail.com
- Taemin Shincprayer13@gmail.com
- Tim Gatestim.gates@iress.com
- Xianming Zhongchinesedfan@qq.com
- 0.20.0 -2020-08-21
- 0.20.0-0 -2020-07-15
- 0.19.2 - 2020-01-22
- 0.19.1 - 2020-01-07
- 0.19.0 - 2019-05-30
- 0.19.0-beta.1 - 2018-08-09
- 0.18.1 - 2019-06-01
- 0.18.0 - 2018-02-19
- 0.17.1 - 2017-11-11
- 0.17.0 - 2017-10-21
- 0.16.2 - 2017-06-03
- 0.16.1 - 2017-04-08
- 0.16.0 - 2017-04-01
- 0.15.3 - 2016-11-27
fromaxios GitHub release notes0.24.0 (October 25, 2021)
Breaking changes:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.23.0 (October 12, 2021)
Breaking changes:
Fixes and Functionality:
Internal and Tests:
Documentation:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.22.0 (October 01, 2021)
Fixes and Functionality:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.4 (September 6, 2021)
Fixes and Functionality:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.3 (September 4, 2021)
Fixes and Functionality:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.2 (September 4, 2021)
Fixes and Functionality:
Internal and Tests:
Documentation:
AUTH_TOKENwith multiple domain endpoints (#3539)Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.1 (December 21, 2020)
Fixes and Functionality:
AxiosError(#2949)Internal and Tests:
sockethttp test (#3364)Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
0.21.0 (October 23, 2020)
Fixes and Functionality:
Internal and Tests:
Documentation:
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
Release of 0.20.0-pre as a full release with no other changes.
Read more
Commit messages
Package name:axios
Compare
Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐View latest project report
🛠Adjust upgrade PR settings
🔕Ignore this dependency or unsubscribe from future upgrade PRs