Skip to content

chore(deps-dev): bump axios from 0.25.0 to 1.6.2 in /web#318

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/axios-1.6.2
Closed

chore(deps-dev): bump axios from 0.25.0 to 1.6.2 in /web#318
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/axios-1.6.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 1, 2023
edited
Loading

Bumps axios from 0.25.0 to 1.6.2.

Release notes

Sourced from axios's releases.

Release v1.6.2

Release notes:

Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

Contributors to this release

Release v1.6.1

Release notes:

Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

Contributors to this release

Release v1.6.0

Release notes:

Bug Fixes

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.2 (2023-11-14)

Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

Contributors to this release

1.6.1 (2023-11-08)

Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

Contributors to this release

PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

1.6.0 (2023-10-26)

Bug Fixes

... (truncated)

Commits
  • b3be365 chore(release): v1.6.2 (#6082)
  • 8739acb chore(ci): removed redundant release action; (#6081)
  • bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
  • a2b0fb3 chore(docs): update README.md (#6048)
  • b12a608 chore(ci): removed paths-ignore filter; (#6080)
  • 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
  • 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
  • cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve th...
  • 7009715 chore(ci): fixed release notification action; (#6064)
  • 7144f10 chore(ci): fixed release notification action; (#6063)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 1, 2023
@dependabot dependabot Bot requested a review from AchoArnold December 1, 2023 01:23
@what-the-diff
Copy link
Copy Markdown

what-the-diff Bot commented Dec 1, 2023

PR Summary

  • Update of Axios Library Version in web/package.json file
    The version of the axios library, which is used for making web requests, has been updated from "^0.25.0" to "^1.6.2". This update could improve the performance and security of the application as we are now using the latest features and fixes from the axios library.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/web/axios-1.6.2 branch 2 times, most recently from c2b5f2f to fb4af36 Compare December 8, 2023 13:03
@dependabot
chore(deps-dev): bump axios from 0.25.0 to 1.6.2 in /web
13ac630 
Bumps [axios](https://github.com/axios/axios) from 0.25.0 to 1.6.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.25.0...v1.6.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/web/axios-1.6.2 branch from fb4af36 to 13ac630 Compare December 8, 2023 13:05
@AchoArnold AchoArnold closed this Dec 11, 2023
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Dec 11, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/web/axios-1.6.2 branch December 11, 2023 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AchoArnold AchoArnold Awaiting requested review from AchoArnold

Assignees

@AchoArnold AchoArnold

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AchoArnold