[Snyk] Upgrade axios from 1.1.3 to 1.6.6

[Glowstudent777]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 1.1.3 to 1.6.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2024-01-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 1.6.6 - 2024-01-24
  

  Release notes:

  Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

  Contributors to this release

  • Ilya Priven
  • Zao Soula
• 1.6.5 - 2024-01-05
  

  Release notes:

  Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Jay
• 1.6.4 - 2024-01-03
  

  Release notes:

  Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

  Contributors to this release

  • Jay
  • Dmitriy Mozgovoy
  • Guy Nesher
• 1.6.3 - 2023-12-26
  

  Release notes:

  Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

  Contributors to this release

  • Jay
  • Willian Agostini
  • Dmitriy Mozgovoy
• 1.6.2 - 2023-11-14
  

  Release notes:

  Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

  PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

  
  📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
  You should now use withXSRFToken along with withCredential to get the old behavior.
  This functionality is considered as a fix.
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Ng Choon Khon (CK)
  • Muhammad Noman
• 1.6.1 - 2023-11-08
  

  Release notes:

  Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Fabian Meyer
• 1.6.0 - 2023-10-26
  

  Release notes:

  Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

  PRs

  • CVE 2023 45857 ( #6028 )

  
  ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Valentin Panov
  • Rinku Chaudhari
• 1.5.1 - 2023-09-26
  

  Release notes:

  Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

  Contributors to this release

  • Dmitriy Mozgovoy
  • David Dallas
  • Sean Sattler
  • Mustafa Ateş Uzun
  • Przemyslaw Motacki
  • Michael Di Prisco
• 1.5.0 - 2023-08-26
  

  Release notes:

  Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

  Features

  • export getAdapter function (#5324) (ca73eb8)
  • export: export adapters without unsafe prefix (#5839) (1601f4a)

  Contributors to this release

  • Dmitriy Mozgovoy
  • 夜葬
  • Jonathan Budiman
  • Michael Di Prisco
• 1.4.0 - 2023-04-27
  

  Release notes:

  Bug Fixes

  • formdata: add multipart/form-data content type for FormData payload on custom client environments; (#5678) (bbb61e7)
  • package: export package internals with unsafe path prefix; (#5677) (df38c94)

  Features

  • dns: added support for a custom lookup function; (#5339) (2701911)
  • types: export AxiosHeaderValue type. (#5525) (726f1c8)

  Performance Improvements

  • merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#5679) (e6f7053)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Arthur Fiorette
  • PIYUSH NEGI
• 1.3.6 - 2023-04-19
• 1.3.5 - 2023-04-05
• 1.3.4 - 2023-02-22
• 1.3.3 - 2023-02-13
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17
• 1.2.2 - 2022-12-29
• 1.2.1 - 2022-12-05
• 1.2.0 - 2022-11-22
• 1.2.0-alpha.1 - 2022-11-10
• 1.1.3 - 2022-10-15

from axios GitHub release notes

Commit messages

Package name: axios

• 104aa3f chore(release): v1.6.6 (#6199)
• a1938ff fix: fixed missed dispatchBeforeRedirect argument (#5778)
• 123f354 fix: wrap errors to improve async stack trace (#5987)
• 6d4c421 chore(release): v1.6.5 (#6177)
• 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
• f4f2b03 fix(dns): fixed lookup error handling; (#6175)
• 1f73dcb docs: update sponsor links
• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors
• b3be365 chore(release): v1.6.2 (#6082)
• 8739acb chore(ci): removed redundant release action; (#6081)
• bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
• a2b0fb3 chore(docs): update README.md (#6048)
• b12a608 chore(ci): removed paths-ignore filter; (#6080)
• 0c9d886 chore(ci): reworked ignoring files logic; (#6079)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs