Skip to content

[Snyk] Security upgrade axios from 0.19.2 to 0.21.1

Susheel Varma requested to merge snyk-fix-e29e0c2d2b39a5ef883aa68983fbfade into master

Created by: snyk-bot

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255 		No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 76 commits.
  • a64050a Releasing 0.21.1
  • d57cd97 Updating changelog for 0.21.1 release
  • 8b0f373 Use different socket for Win32 test (#3375)
  • e426910 Protocol not parsed when setting proxy config from env vars (#3070)
  • c7329fe Hotfix: Prevent SSRF (#3410)
  • f472e5d Adding a type guard for `AxiosError` (#2949)
  • 7688255 Remove the skipping of the `socket` http test (#3364)
  • 820fe6e Updating axios in types to be lower case (#2797)
  • 94ca24b Releasing 0.21.0
  • 2130a0c Updating changelog for 0.21.0 release
  • fbdc150 Lock travis to not use node v15 (#3361)
  • 3a8b87d Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)
  • 9a78465 Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
  • 6d05b96 Fix typos (#3309)
  • fa36737 fix axios.delete ignores config.data (#3282)
  • b7e954e Fixing node types (#3237)
  • 04d45f2 Fixing requestHeaders.Authorization (#3287)
  • e8c6e19 docs: Fix simple typo, existant -> existent (#3252)
  • 0d87655 Releasing 0.20.0
  • cd27741 Updating changelog for 0.20.0 release
  • ffea034 Releasing 0.20.0-0
  • fe147fb Updating changlog for 0.20.0 beta release
  • 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
  • c4300a8 Adding support for URLSearchParams in node (#1900)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports