[Snyk] Upgrade axios from 0.18.0 to 0.28.0 #444

angelika-draczynska · 2024-03-28T23:48:03Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 0.18.0 to 0.28.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 22 versions ahead of your current version.
The recommended version was released 2 months ago, on 2024-02-12.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-AXIOS-174505	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-EVENTSOURCE-2823375	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HAPIHOEK-548452	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

0.28.0 - 2024-02-12
Release notes:

Bug Fixes
- fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)
Backports from v1.x:
- Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
- Fixing content-type header repeated #4745
- Fixed timeout error message for HTTP 4738
- Added axios.formToJSON method (#4735)
- URL params serializer (#4734)
- Fixed toFormData Blob issue on node>v17 #4728
- Adding types for progress event callbacks #4675
- Fixed max body length defaults #4731
- Added data URL support for node.js (#4725)
- Added isCancel type assert (#4293)
- Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
- Add string[] to AxiosRequestHeaders type (#4322)
- Allow type definition for axios instance methods (#4224)
- Fixed AxiosError stack capturing; (#4718)
- Fixed AxiosError status code type; (#4717)
- Adding Canceler parameters config and request (#4711)
- fix(types): allow to specify partial default headers for instance creation (#4185)
- Added blob to the list of protocols supported by the browser (#4678)
- Fixing Z_BUF_ERROR when no content (#4701)
- Fixed race condition on immediate requests cancellation (#4261)
- Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
- Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
- Fix TS definition for AxiosRequestTransformer (#4201)
- Use type alias instead of interface for AxiosPromise (#4505)
- Include request and config when creating a CanceledError instance (#4659)
- Added generic TS types for the exposed toFormData helper (#4668)
- Optimized the code that checks cancellation (#4587)
- Replaced webpack with rollup (#4596)
- Added stack trace to AxiosError (#4624)
- Updated AxiosError.config to be optional in the type definition (#4665)
- Removed incorrect argument for NetworkError constructor (#4656)
0.27.2 - 2022-04-27
0.27.1 - 2022-04-26
0.27.0 - 2022-04-25
0.26.1 - 2022-03-09
0.26.0 - 2022-02-13
0.25.0 - 2022-01-18
0.24.0 - 2021-10-25
0.23.0 - 2021-10-12
0.22.0 - 2021-10-01
0.21.4 - 2021-09-06
0.21.3 - 2021-09-04
0.21.2 - 2021-09-04
0.21.1 - 2020-12-22
0.21.0 - 2020-10-23
0.20.0 - 2020-08-21
0.20.0-0 - 2020-07-15
0.19.2 - 2020-01-22
0.19.1 - 2020-01-07
0.19.0 - 2019-05-30
0.19.0-beta.1 - 2018-08-09
0.18.1 - 2019-06-01
0.18.0 - 2018-02-19

from axios GitHub release notes

Commit messages

Package name: axios

3b7635a [Release] v0.28.0 (#6211)
27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
80c3d74 chore(ci): backported publish action; (#6224)
2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
880b42e docs: Fix a typo in README
c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (#4927)
80b546c fix: loosing request header (#4858) (#4871)
6acb5ef feat: brower platform add data protocol. (#4814)
bbb2264 fix(typing): axios response headers can be undefined (#4813)
eff25a2 chore: updated close stale workflow
6b44df0 chore: added dependancy review
94c1f7d chore: added code QL for the 0.x branch
5576c2f chore: update ci runner rules
871ef05 Fix - Request ignores false, 0 and empty string as body values (#4786)
3dad74c Update base with master (#4754)
12103f8 chore: adjusted CI to run on any current and future version branches
1504792 Fixing content-type header repeated (#4745)
a11f950 Fix/4737/timeout error message for http (#4738)
9bb016f chore: updated actions to run on new version based branches
c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
a02fe28 Updated README.md; (#4742)
59dfed6 Bump grunt from 1.5.2 to 1.5.3 (#4743)
c008e57 Added `axios.formToJSON` method; (#4735)