From 19ccda43922a46d467c8ceb3f2e80a2ae9c49e09 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Feb 2024 01:53:25 +0000 Subject: [PATCH] fix(deps): update dependency axios to ^0.28.0 [security] (#866) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [axios](https://axios-http.com) ([source](https://togithub.com/axios/axios)) | [`^0.27.0` -> `^0.28.0`](https://renovatebot.com/diffs/npm/axios/0.27.2/0.28.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/axios/0.28.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/axios/0.28.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/axios/0.27.2/0.28.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/0.27.2/0.28.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45857](https://nvd.nist.gov/vuln/detail/CVE-2023-45857) An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. --- ### Release Notes
axios/axios (axios) ### [`v0.28.0`](https://togithub.com/axios/axios/releases/tag/v0.28.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.27.2...v0.28.0) #### Release notes: ##### Bug Fixes - fix(security): fixed CVE-2023-45857 by backporting `withXSRFToken` option to v0.x ([#​6091](https://togithub.com/axios/axios/issues/6091)) ##### Backports from v1.x: - Allow null indexes on formSerializer and paramsSerializer v0.x ([#​4961](https://togithub.com/axios/axios/issues/4961)) - Fixing content-type header repeated [#​4745](https://togithub.com/axios/axios/issues/4745) - Fixed timeout error message for HTTP 4738 - Added `axios.formToJSON` method ([#​4735](https://togithub.com/axios/axios/issues/4735)) - URL params serializer ([#​4734](https://togithub.com/axios/axios/issues/4734)) - Fixed toFormData Blob issue on node>v17 [#​4728](https://togithub.com/axios/axios/issues/4728) - Adding types for progress event callbacks [#​4675](https://togithub.com/axios/axios/issues/4675) - Fixed max body length defaults [#​4731](https://togithub.com/axios/axios/issues/4731) - Added data URL support for node.js ([#​4725](https://togithub.com/axios/axios/issues/4725)) - Added isCancel type assert ([#​4293](https://togithub.com/axios/axios/issues/4293)) - Added the ability for the `url-encoded-form` serializer to respect the `formSerializer` config ([#​4721](https://togithub.com/axios/axios/issues/4721)) - Add `string[]` to `AxiosRequestHeaders` type ([#​4322](https://togithub.com/axios/axios/issues/4322)) - Allow type definition for axios instance methods ([#​4224](https://togithub.com/axios/axios/issues/4224)) - Fixed `AxiosError` stack capturing; ([#​4718](https://togithub.com/axios/axios/issues/4718)) - Fixed `AxiosError` status code type; ([#​4717](https://togithub.com/axios/axios/issues/4717)) - Adding Canceler parameters config and request ([#​4711](https://togithub.com/axios/axios/issues/4711)) - fix(types): allow to specify partial default headers for instance creation ([#​4185](https://togithub.com/axios/axios/issues/4185)) - Added `blob` to the list of protocols supported by the browser ([#​4678](https://togithub.com/axios/axios/issues/4678)) - Fixing Z_BUF_ERROR when no content ([#​4701](https://togithub.com/axios/axios/issues/4701)) - Fixed race condition on immediate requests cancellation ([#​4261](https://togithub.com/axios/axios/issues/4261)) - Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance [https://github.com/axios/axios/pull/4248](https://togithub.com/axios/axios/pull/4248) - Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill ([#​4229](https://togithub.com/axios/axios/issues/4229)) - Fix TS definition for AxiosRequestTransformer ([#​4201](https://togithub.com/axios/axios/issues/4201)) - Use type alias instead of interface for AxiosPromise ([#​4505](https://togithub.com/axios/axios/issues/4505)) - Include request and config when creating a CanceledError instance ([#​4659](https://togithub.com/axios/axios/issues/4659)) - Added generic TS types for the exposed toFormData helper ([#​4668](https://togithub.com/axios/axios/issues/4668)) - Optimized the code that checks cancellation ([#​4587](https://togithub.com/axios/axios/issues/4587)) - Replaced webpack with rollup ([#​4596](https://togithub.com/axios/axios/issues/4596)) - Added stack trace to AxiosError ([#​4624](https://togithub.com/axios/axios/issues/4624)) - Updated AxiosError.config to be optional in the type definition ([#​4665](https://togithub.com/axios/axios/issues/4665)) - Removed incorrect argument for NetworkError constructor ([#​4656](https://togithub.com/axios/axios/issues/4656))
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/erezrokah/aws-testing-library). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- package-lock.json | 94 ++++++++++++++++++++++++++--------------------- package.json | 2 +- 2 files changed, 53 insertions(+), 43 deletions(-) diff --git a/package-lock.json b/package-lock.json index 017c1aa1..a28d6683 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "aws-sdk": "^2.678.0", - "axios": "^0.27.0", + "axios": "^0.28.0", "filter-obj": "^3.0.0", "jest-diff": "^29.0.0", "uuid": "^9.0.0" @@ -2120,25 +2120,13 @@ } }, "node_modules/axios": { - "version": "0.27.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", - "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", + "version": "0.28.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.28.0.tgz", + "integrity": "sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q==", "dependencies": { - "follow-redirects": "^1.14.9", - "form-data": "^4.0.0" - } - }, - "node_modules/axios/node_modules/form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" } }, "node_modules/babel-jest": { @@ -3378,9 +3366,9 @@ "dev": true }, "node_modules/follow-redirects": { - "version": "1.14.9", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz", - "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==", + "version": "1.15.5", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", + "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==", "funding": [ { "type": "individual", @@ -3404,6 +3392,19 @@ "is-callable": "^1.1.3" } }, + "node_modules/form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/fs-extra": { "version": "11.1.0", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.0.tgz", @@ -5676,6 +5677,11 @@ "node": ">= 6" } }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "node_modules/punycode": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", @@ -8529,24 +8535,13 @@ } }, "axios": { - "version": "0.27.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", - "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", + "version": "0.28.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.28.0.tgz", + "integrity": "sha512-Tu7NYoGY4Yoc7I+Npf9HhUMtEEpV7ZiLH9yndTCoNhcpBH0kwcvFbzYN9/u5QKI5A6uefjsNNWaz5olJVYS62Q==", "requires": { - "follow-redirects": "^1.14.9", - "form-data": "^4.0.0" - }, - "dependencies": { - "form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "requires": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - } - } + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" } }, "babel-jest": { @@ -9472,9 +9467,9 @@ "dev": true }, "follow-redirects": { - "version": "1.14.9", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz", - "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==" + "version": "1.15.5", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz", + "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==" }, "for-each": { "version": "0.3.3", @@ -9484,6 +9479,16 @@ "is-callable": "^1.1.3" } }, + "form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + } + }, "fs-extra": { "version": "11.1.0", "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.0.tgz", @@ -11142,6 +11147,11 @@ "sisteransi": "^1.0.5" } }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "punycode": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", diff --git a/package.json b/package.json index 31f4f21c..cb712600 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ }, "dependencies": { "aws-sdk": "^2.678.0", - "axios": "^0.27.0", + "axios": "^0.28.0", "filter-obj": "^3.0.0", "jest-diff": "^29.0.0", "uuid": "^9.0.0"