Improved FormData support; #4448
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added support for automatic object serialization to FormData if `Content-Type` is `multipart/form-data`; Added support for FormData to be overloaded using `config.env.FormData` option; Added support for FormData in node.js environment through `form-data` package;
Added tests for FormData payload;
Refactored cancellation section;
…rmData � Conflicts: � lib/defaults.js
carpben
reviewed
Feb 13, 2022
There was a problem hiding this comment.
Added tests are excellent and valuable 🙌.
At present I suggest we don't recommend auto-serialization of form-data as the default method of choice. Instead, let's move it to be after the manual section and say that we support it now. After we have more tests, and after it is well accepted by the community, let's adapt and recommend it by default.
Currently, conversion of files in node will not work. This is solved by #4469 but tests and feedback are needed in this area.
This Pr goes way beyond adding tests to FormData payload as the title suggest. It includes FormData documentation, a whole section of documentation about AbortController, adding import from "form-data" to "Node" only, and what seems like unrelated changes to scripts (cross-env). I guess it is obvious why this is less than ideal.
While the contribution is great it would be even better if it will be separated to PRs that are scoped to a certain topic/domain.
carpben
reviewed
Feb 13, 2022
|
@DigitalBrainJS can you have a look at the review please? |
Expose toFormData helper as a static method; Refactored transform request; Added kindOf, kindOfTest, endsWith, isTypedArray util; Refactored utils.js to use kindOf for tests;
…ormData � Conflicts: � lib/adapters/http.js � lib/defaults.js � lib/helpers/toFormData.js � package-lock.json � test/specs/helpers/toFormData.spec.js
# Conflicts: # package-lock.json # package.json
Added support for automatic object serialization to FormData if `Content-Type` is `multipart/form-data`; Added support for FormData to be overloaded using `config.env.FormData` option; Added support for FormData in node.js environment using `form-data` package; (cherry picked from commit 73e3bdb)
… Form; Added ability to submit FileList object as a FormData; Updated README.md;
DigitalBrainJS
changed the title
|
Question: is there a way to send a multipart PUT with a value other than what gets hard-coded in lib/core/Axios.js line 184 In versions of axis 0.26.x and earlier, I could change that to what my 3rd-party server requires: 'multipart/mixed', but now I can not. I would like to use the 1.x.x version to get past all the security issues flagged in earlier versions. |
ksibisamir
added a commit
to SaTT-Wallet/Backend
that referenced
this pull request
May 26, 2023
<h3>Snyk has created this PR to upgrade axios from 0.26.1 to
0.27.2.</h3>
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **3 versions** ahead of your current
version.
- The recommended version was released **a year ago**, on 2022-04-27.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>axios</b></summary>
<ul>
<li>
<b>0.27.2</b> - <a
href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.27.2">2022-04-27</a></br><p>Fixes
and Functionality:</p>
<ul>
<li>Fixed FormData posting in browser environment by reverting <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="878655062" data-permission-text="Title is private"
data-url="axios/axios#3785"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/3785/hovercard"
href="https://snyk.io/redirect/github/axios/axios/pull/3785">#3785</a>
(<a href="https://snyk.io/redirect/github/axios/axios/pull/4640"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4640/hovercard">#4640</a>)</li>
<li>Enhanced protocol parsing implementation (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4639"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4639/hovercard">#4639</a>)</li>
<li>Fixed bundle size</li>
</ul>
</li>
<li>
<b>0.27.1</b> - <a
href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.27.1">2022-04-26</a></br><h3>Fixes
and Functionality:</h3>
<ul>
<li>Removed import of url module in browser build due to huge size
overhead and builds being broken (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4594"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4594/hovercard">#4594</a>)</li>
<li>Bumped follow-redirects to ^1.14.9 (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4615"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4615/hovercard">#4615</a>)</li>
</ul>
</li>
<li>
<b>0.27.0</b> - <a
href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.27.0">2022-04-25</a></br><h3>Breaking
changes:</h3>
<ul>
<li>New toFormData helper function that allows the implementor to pass
an object and allow axios to convert it to FormData (<a
href="https://snyk.io/redirect/github/axios/axios/pull/3757"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/3757/hovercard">#3757</a>)</li>
<li>Removed functionality that removed the the <code>Content-Type</code>
request header when passing FormData (<a
href="https://snyk.io/redirect/github/axios/axios/pull/3785"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/3785/hovercard">#3785</a>)</li>
<li><strong>(*)</strong> Refactored error handling implementing
AxiosError as a constructor, this is a large change to error handling on
the whole (<a
href="https://snyk.io/redirect/github/axios/axios/pull/3645"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/3645/hovercard">#3645</a>)</li>
<li>Separated responsibility for FormData instantiation between
<code>transformRequest</code> and <code>toFormData</code> (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4470"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4470/hovercard">#4470</a>)</li>
<li><strong>(*)</strong> Improved and fixed multiple issues with
FormData support (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4448"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4448/hovercard">#4448</a>)</li>
</ul>
<h3>QOL and DevX improvements:</h3>
<ul>
<li>Added a multipart/form-data testing playground allowing contributors
to debug changes easily (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4465"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4465/hovercard">#4465</a>)</li>
</ul>
<h3>Fixes and Functionality:</h3>
<ul>
<li>Refactored project file structure to avoid circular imports (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4516"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4516/hovercard">#4515</a>) &
(<a href="https://snyk.io/redirect/github/axios/axios/pull/4516"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4516/hovercard">#4516</a>)</li>
<li>Bumped follow-redirects to ^1.14.9 (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4562"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4562/hovercard">#4562</a>)</li>
</ul>
<h3>Internal and Tests:</h3>
<ul>
<li>Updated dev dependencies to latest version</li>
</ul>
<h3>Documentation:</h3>
<ul>
<li>Fixing incorrect link in changelog (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4551"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4551/hovercard">#4551</a>)</li>
</ul>
<h3>Notes:</h3>
<ul>
<li><strong>(*)</strong> Please read these pull requests before
updating, these changes are very impactful and far reaching.</li>
</ul>
</li>
<li>
<b>0.26.1</b> - <a
href="https://snyk.io/redirect/github/axios/axios/releases/tag/v0.26.1">2022-03-09</a></br><h3>Fixes
and Functionality:</h3>
<ul>
<li>Refactored project file structure to avoid circular imports (<a
href="https://snyk.io/redirect/github/axios/axios/pull/4220"
data-hovercard-type="pull_request"
data-hovercard-url="/axios/axios/pull/4220/hovercard">#4220</a>)</li>
</ul>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/axios/axios/releases">axios GitHub
release notes</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyMDVhZWJmMC01NTE3LTQ2ZjQtODg0Zi0xYjEwZjdiOWU3YjgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjIwNWFlYmYwLTU1MTctNDZmNC04ODRmLTFiMTBmN2I5ZTdiOCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"205aebf0-5517-46f4-884f-1b10f7b9e7b8","prPublicId":"205aebf0-5517-46f4-884f-1b10f7b9e7b8","dependencies":[{"name":"axios","from":"0.26.1","to":"0.27.2"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/satt/project/b89486be-ad07-4d6c-a51a-2fa8a25baa00?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"b89486be-ad07-4d6c-a51a-2fa8a25baa00","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2022-04-27T10:00:58.685Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
12 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CODE
postForm,putForm,patchFormArrayBufferand/orTypedArraywill be converted to aBlob|Bufferinstance[]- unwrap the array like object as separate fields with the same key{}- serialize the value with JSON.stringifytoFormDatahelper as a static method;kindOf,kindOfTest,endsWith,isTypedArrayutil;TESTS
Content-Typeismultipart/form-data;README
DEV
cross-envpackage to run the build scripts on Windows systems;formidableto test FormData payload;