Skip to content

fix(deps): update dependency axios to v0.21.1 [security]#63

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-axios-vulnerability
Open

fix(deps): update dependency axios to v0.21.1 [security]#63
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-axios-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Jan 5, 2021
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
axios (source) 0.19.20.21.1 age confidence

GitHub Vulnerability Alerts

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Release Notes

axios/axios (axios)

v0.21.1

Compare Source

Fixes and Functionality:
  • Hotfix: Prevent SSRF (#​3410)
  • Protocol not parsed when setting proxy config from env vars (#​3070)
  • Updating axios in types to be lower case (#​2797)
  • Adding a type guard for AxiosError (#​2949)
Internal and Tests:
  • Remove the skipping of the socket http test (#​3364)
  • Use different socket for Win32 test (#​3375)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.21.0

Compare Source

Fixes and Functionality:
  • Fixing requestHeaders.Authorization (#​3287)
  • Fixing node types (#​3237)
  • Fixing axios.delete ignores config.data (#​3282)
  • Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#​1773)" (#​3289)
  • Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#​3200)
Internal and Tests:
  • Lock travis to not use node v15 (#​3361)
Documentation:

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

v0.20.0

Compare Source

Release of 0.20.0-pre as a full release with no other changes.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from f1a24c2 to 7cd4403 Compare October 18, 2021 20:01
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.1 [security] fix(deps): update dependency axios to v0.21.2 [security] Oct 18, 2021
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.2 [security] fix(deps): update dependency axios to v0.21.1 [security] Apr 25, 2022
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 7cd4403 to 9e7524c Compare April 25, 2022 01:23
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 9e7524c to e4b4e2b Compare September 25, 2022 17:14
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e4b4e2b to a7347ee Compare May 28, 2023 08:37
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.1 [security] fix(deps): update dependency axios to v0.21.2 [security] May 28, 2023
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from a7347ee to e017a2e Compare November 10, 2023 10:06
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.2 [security] fix(deps): update dependency axios to v1 [security] Nov 10, 2023
@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v1 [security] - autoclosed Feb 12, 2024
@renovate renovate bot closed this Feb 12, 2024
@renovate renovate bot deleted the renovate/npm-axios-vulnerability branch February 12, 2024 19:29
@renovate renovate bot restored the renovate/npm-axios-vulnerability branch February 12, 2024 21:08
@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] - autoclosed fix(deps): update dependency axios to v1 [security] Feb 12, 2024
@renovate renovate bot reopened this Feb 12, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e017a2e to 5a46876 Compare February 12, 2024 21:10
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5a46876 to a983e63 Compare February 20, 2024 21:48
@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v0.21.2 [security] Feb 20, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from a983e63 to ffb3c55 Compare February 21, 2024 03:10
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.2 [security] fix(deps): update dependency axios to v0.28.0 [security] Feb 21, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from ffb3c55 to e55364f Compare August 6, 2024 06:47
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.28.0 [security] fix(deps): update dependency axios to v0.21.1 [security] Aug 6, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e55364f to 9f754d1 Compare August 14, 2025 00:02
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.21.1 [security] fix(deps): update dependency axios to v0.28.0 [security] Aug 14, 2025
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 9f754d1 to dea4262 Compare September 14, 2025 15:32
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.28.0 [security] fix(deps): update dependency axios to v1 [security] Sep 14, 2025
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from dea4262 to dd2285a Compare September 30, 2025 03:40
@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v0.28.0 [security] Sep 30, 2025
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from dd2285a to e7ab580 Compare October 1, 2025 23:03
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.28.0 [security] fix(deps): update dependency axios to v0.30.2 [security] Oct 1, 2025
@renovate renovate bot changed the title fix(deps): update dependency axios to v0.30.2 [security] fix(deps): update dependency axios to v0.21.1 [security] Oct 16, 2025
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e7ab580 to 03fd1b0 Compare October 16, 2025 02:12
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 03fd1b0 to 0568894 Compare November 11, 2025 01:04
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 0568894 to 5e20e29 Compare November 18, 2025 14:47
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5e20e29 to 312c985 Compare December 31, 2025 12:59
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 312c985 to 407900a Compare December 31, 2025 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants