chore(deps): update dependency axios to v0.28.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	0.21.2 -> 0.28.0

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

---

Release Notes

axios/axios (axios)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

v0.27.2

Compare Source

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #​3785 (#​4640)
• Enhanced protocol parsing implementation (#​4639)
• Fixed bundle size

v0.27.1

Compare Source

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#​4594)
• Bumped follow-redirects to ^1.14.9 (#​4615)

v0.27.0

Compare Source

Breaking changes:

• New toFormData helper function that allows the implementor to pass an object and allow axios to convert it to FormData (#​3757)
• Removed functionality that removed the the Content-Type request header when passing FormData (#​3785)
• (*) Refactored error handling implementing AxiosError as a constructor, this is a large change to error handling on the whole (#​3645)
• Separated responsibility for FormData instantiation between transformRequest and toFormData (#​4470)
• (*) Improved and fixed multiple issues with FormData support (#​4448)

QOL and DevX improvements:

• Added a multipart/form-data testing playground allowing contributors to debug changes easily (#​4465)

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4515) & (#​4516)
• Bumped follow-redirects to ^1.14.9 (#​4562)

Internal and Tests:

• Updated dev dependencies to latest version

Documentation:

• Fixing incorrect link in changelog (#​4551)

Notes:

• (*) Please read these pull requests before updating, these changes are very impactful and far reaching.

v0.26.1

Compare Source

Fixes and Functionality:

• Refactored project file structure to avoid circular imports (#​4220)

v0.26.0

Compare Source

Fixes and Functionality:

• Fixed The timeoutErrorMessage property in config not work with Node.js (#​3581)
• Added errors to be displayed when the query parsing process itself fails (#​3961)
• Fix/remove url required (#​4426)
• Update follow-redirects dependency due to Vulnerability (#​4462)
• Bump karma from 6.3.11 to 6.3.14 (#​4461)
• Bump follow-redirects from 1.14.7 to 1.14.8 (#​4473)

v0.25.0

Compare Source

Breaking changes:

• Fixing maxBodyLength enforcement (#​3786)
• Don't rely on strict mode behaviour for arguments (#​3470)
• Adding error handling when missing url (#​3791)
• Update isAbsoluteURL.js removing escaping of non-special characters (#​3809)
• Use native Array.isArray() in utils.js (#​3836)
• Adding error handling inside stream end callback (#​3967)

Fixes and Functionality:

• Added aborted even handler (#​3916)
• Header types expanded allowing boolean and number types (#​4144)
• Fix cancel signature allowing cancel message to be undefined (#​3153)
• Updated type checks to be formulated better (#​3342)
• Avoid unnecessary buffer allocations (#​3321)
• Adding a socket handler to keep TCP connection live when processing long living requests (#​3422)
• Added toFormData helper function (#​3757)
• Adding responseEncoding prop type in AxiosRequestConfig (#​3918)

Internal and Tests:

• Adding axios-test-instance to ecosystem (#​3786)
• Optimize the logic of isAxiosError (#​3546)
• Add tests and documentation to display how multiple inceptors work (#​3564)
• Updating follow-redirects to version 1.14.7 (#​4379)

Documentation:

• Fixing changelog to show corrext pull request (#​4219)
• Update upgrade guide for https proxy setting (#​3604)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Rijk van Zanten
• Kohta Ito
• Brandon Faulkner
• Stefano Magni
• enofan
• Andrey Pechkurov
• Doowonee
• Emil Broman
• Remco Haszing
• Black-Hole
• Wolfram Kriesing
• Andrew Ovens
• Paulo Renato
• Ben Carp
• Hirotaka Tagawa
• 狼族小狈
• C. Lewis
• Felipe Carvalho
• Daniel
• Gustavo Sales

v0.24.0

Compare Source

Breaking changes:

• Revert: change type of AxiosResponse to any, please read lengthy discussion here: (#​4141) pull request: (#​4186)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Rodry
• Remco Haszing
• Isaiah Thomason

v0.23.0

Compare Source

Breaking changes:

• Distinguish request and response data types (#​4116)
• Change never type to unknown (#​4142)
• Fixed TransitionalOptions typings (#​4147)

Fixes and Functionality:

• Adding globalObject: 'this' to webpack config (#​3176)
• Adding insecureHTTPParser type to AxiosRequestConfig (#​4066)
• Fix missing semicolon in typings (#​4115)
• Fix response headers types (#​4136)

Internal and Tests:

• Improve timeout error when timeout is browser default (#​3209)
• Fix node version on CI (#​4069)
• Added testing to TypeScript portion of project (#​4140)

Documentation:

• Rename Angular to AngularJS (#​4114)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Evan-Finkelstein
• Paweł Szymański
• Dobes Vandermeer
• Claas Augner
• Remco Haszing
• Evgeniy
• Dmitriy Mozgovoy

v0.22.0

Compare Source

Fixes and Functionality:

• Caseless header comparing in HTTP adapter (#​2880)
• Avoid package.json import fixing issues and warnings related to this (#​4041), (#​4065)
• Fixed cancelToken leakage and added AbortController support (#​3305)
• Updating CI to run on release branches
• Bump follow redirects version
• Fixed default transitional config for custom Axios instance; (#​4052)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Jay
• Matt R. Wilson
• Xianming Zhong
• Dmitriy Mozgovoy

v0.21.4

Compare Source

Fixes and Functionality:

• Fixing JSON transform when data is stringified. Providing backward compatibility and complying to the JSON RFC standard (#​4020)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Guillaume Fortaine
• Yusuke Kawasaki
• Dmitriy Mozgovoy

v0.21.3

Compare Source

Fixes and Functionality:

• Fixing response interceptor not being called when request interceptor is attached (#​4013)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Julian Hollmann

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @hot-loader/react-dom@17.0.0
npm ERR! Found: react@17.0.1
npm ERR! node_modules/react
npm ERR!   react@"17.0.1" from the root project
npm ERR!   peer react@">=16.3.0" from @emotion/core@10.0.35
npm ERR!   node_modules/@emotion/core
npm ERR!     peer @emotion/core@"^10.0.27" from @emotion/styled@10.0.27
npm ERR!     node_modules/@emotion/styled
npm ERR!       peer @emotion/styled@"^10.0.14" from gatsby-interface@0.0.193
npm ERR!       node_modules/gatsby-interface
npm ERR!         gatsby-interface@"^0.0.193" from gatsby-recipes@0.2.33
npm ERR!         node_modules/gatsby-recipes
npm ERR!       1 more (gatsby-recipes)
npm ERR!     peer @emotion/core@"^10.0.28" from @emotion/styled-base@10.0.31
npm ERR!     node_modules/@emotion/styled-base
npm ERR!       @emotion/styled-base@"^10.0.27" from @emotion/styled@10.0.27
npm ERR!       node_modules/@emotion/styled
npm ERR!         peer @emotion/styled@"^10.0.14" from gatsby-interface@0.0.193
npm ERR!         node_modules/gatsby-interface
npm ERR!         1 more (gatsby-recipes)
npm ERR!     3 more (gatsby-interface, gatsby-recipes, theme-ui)
npm ERR!   14 more (@emotion/styled, @emotion/styled-base, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.0" from @hot-loader/react-dom@17.0.0
npm ERR! node_modules/@hot-loader/react-dom
npm ERR!   dev @hot-loader/react-dom@"17.0.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: react@17.0.0
npm ERR! node_modules/react
npm ERR!   peer react@"17.0.0" from @hot-loader/react-dom@17.0.0
npm ERR!   node_modules/@hot-loader/react-dom
npm ERR!     dev @hot-loader/react-dom@"17.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-02-21T12_01_54_743Z-debug-0.log

[netlify]

❌ Deploy preview failed at Netlify. @jimmyandrade take a look please

Name	Link
🔨 Latest commit	47a3f57
🔍 Latest deploy log	https://app.netlify.com/sites/multei/deploys/65d5e63c18830700088ac009