[Snyk] Upgrade axios from 0.21.1 to 0.28.0

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 0.21.1 to 0.28.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2024-02-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579147	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-URIJS-1319806	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Open Redirect SNYK-JS-URIJS-2401466	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Improper Input Validation SNYK-JS-URIJS-2415026	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Open Redirect SNYK-JS-URIJS-2419067	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Misinterpretation of Input SNYK-JS-URIJS-2440699	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Arbitrary Argument Injection SNYK-JS-BLAMER-5731318	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Open Redirect SNYK-JS-URIJS-1319803	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 0.28.0 - 2024-02-12
  

  Release notes:

  Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

  Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance #4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)
• 0.27.2 - 2022-04-27
• 0.27.1 - 2022-04-26
• 0.27.0 - 2022-04-25
• 0.26.1 - 2022-03-09
• 0.26.0 - 2022-02-13
• 0.25.0 - 2022-01-18
• 0.24.0 - 2021-10-25
• 0.23.0 - 2021-10-12
• 0.22.0 - 2021-10-01
• 0.21.4 - 2021-09-06
• 0.21.3 - 2021-09-04
• 0.21.2 - 2021-09-04
• 0.21.1 - 2020-12-22

from axios GitHub release notes

Commit messages

Package name: axios

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x (#6091)
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (Group log output on GitHub Actions super-linter/super-linter#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incorrect (Thank you super-linter contributors (2023-10-01..2023-10-31) super-linter/super-linter#4927)
• 80b546c fix: loosing request header (Bump stylelint-scss from 5.3.0 to 5.3.1 in /dependencies super-linter/super-linter#4858) (All filenames are being logged, with VALITATE_ALL_CODEBASE=false super-linter/super-linter#4871)
• 6acb5ef feat: brower platform add data protocol. (Bump yamllint from 1.31.0 to 1.32.0 in /dependencies/python super-linter/super-linter#4814)
• bbb2264 fix(typing): axios response headers can be undefined (Bump cfn-lint from 0.80.3 to 0.83.0 in /dependencies/python super-linter/super-linter#4813)
• eff25a2 chore: updated close stale workflow
• 6b44df0 chore: added dependancy review
• 94c1f7d chore: added code QL for the 0.x branch
• 5576c2f chore: update ci runner rules
• 871ef05 Fix - Request ignores false, 0 and empty string as body values (Bump golangci/golangci-lint from 1.54.2 to v1.55.0 super-linter/super-linter#4786)
• 3dad74c Update base with master (v5.4.2 super-linter/super-linter#4754)
• 12103f8 chore: adjusted CI to run on any current and future version branches
• 1504792 Fixing content-type header repeated (Bump renovate from 37.9.1 to 37.22.0 in /dependencies super-linter/super-linter#4745)
• a11f950 Fix/4737/timeout error message for http (Failed to deploy to production super-linter/super-linter#4738)
• 9bb016f chore: updated actions to run on new version based branches
• c731be7 chore: removed Travis CI config file as we have moved to GitHub actions
• a02fe28 Updated README.md; (Bump alpine/terragrunt from 1.6.0 to 1.6.1 super-linter/super-linter#4742)
• 59dfed6 Bump grunt from 1.5.2 to 1.5.3 (Bump packaging from 23.1 to 23.2 in /dependencies/python super-linter/super-linter#4743)
• c008e57 Added `axios.formToJSON` method; (Docker builds have run out of space super-linter/super-linter#4735)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.