[Snyk] Upgrade axios from 1.2.3 to 1.6.2

[paidynikhil]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade axios from 1.2.3 to 1.6.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-11-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: axios

• 1.6.2 - 2023-11-14
  

  Release notes:

  Features

  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#6046) (cff9967)

  PRs

  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )

  
  📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
  You should now use withXSRFToken along with withCredential to get the old behavior.
  This functionality is considered as a fix.
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Ng Choon Khon (CK)
  • Muhammad Noman
• 1.6.1 - 2023-11-08
  

  Release notes:

  Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Fabian Meyer
• 1.6.0 - 2023-10-26
  

  Release notes:

  Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

  PRs

  • CVE 2023 45857 ( #6028 )

  
  ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
  

  Contributors to this release

  • Dmitriy Mozgovoy
  • Valentin Panov
  • Rinku Chaudhari
• 1.5.1 - 2023-09-26
  

  Release notes:

  Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

  Contributors to this release

  • Dmitriy Mozgovoy
  • David Dallas
  • Sean Sattler
  • Mustafa Ateş Uzun
  • Przemyslaw Motacki
  • Michael Di Prisco
• 1.5.0 - 2023-08-26
  

  Release notes:

  Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

  Features

  • export getAdapter function (#5324) (ca73eb8)
  • export: export adapters without unsafe prefix (#5839) (1601f4a)

  Contributors to this release

  • Dmitriy Mozgovoy
  • 夜葬
  • Jonathan Budiman
  • Michael Di Prisco
• 1.4.0 - 2023-04-27
  

  Release notes:

  Bug Fixes

  • formdata: add multipart/form-data content type for FormData payload on custom client environments; (#5678) (bbb61e7)
  • package: export package internals with unsafe path prefix; (#5677) (df38c94)

  Features

  • dns: added support for a custom lookup function; (#5339) (2701911)
  • types: export AxiosHeaderValue type. (#5525) (726f1c8)

  Performance Improvements

  • merge-config: optimize mergeConfig performance by avoiding duplicate key visits; (#5679) (e6f7053)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Arthur Fiorette
  • PIYUSH NEGI
• 1.3.6 - 2023-04-19
  

  Release notes:

  Bug Fixes

  • types: added transport to RawAxiosRequestConfig (#5445) (6f360a2)
  • utils: make isFormData detection logic stricter to avoid unnecessary calling of the toString method on the target; (#5661) (aa372f7)

  Contributors to this release

  • Dmitriy Mozgovoy
  • Michael Di Prisco
• 1.3.5 - 2023-04-05
  

  Release notes:

  Bug Fixes

  • headers: fixed isValidHeaderName to support full list of allowed characters; (#5584) (e7decef)
  • params: re-added the ability to set the function as paramsSerializer config; (#5633) (a56c866)

  Contributors to this release

  • Dmitriy Mozgovoy
• 1.3.4 - 2023-02-22
  

  Release notes:

  Bug Fixes

  • blob: added a check to make sure the Blob class is available in the browser's global scope; (#5548) (3772c8f)
  • http: fixed regression bug when handling synchronous errors inside the adapter; (#5564) (a3b246c)

  Contributors to this release

  • Dmitriy Mozgovoy
  • lcysgsg
  • Michael Di Prisco
• 1.3.3 - 2023-02-13
  

  Release notes:

  Bug Fixes

  • formdata: added a check to make sure the FormData class is available in the browser's global scope; (#5545) (a6dfa72)
  • formdata: fixed setting NaN as Content-Length for form payload in some cases; (#5535) (c19f7bf)
  • headers: fixed the filtering logic of the clear method; (#5542) (ea87ebf)

  Contributors to this release

  • Dmitriy Mozgovoy
  • 陈若枫
• 1.3.2 - 2023-02-03
• 1.3.1 - 2023-02-01
• 1.3.0 - 2023-01-31
• 1.2.6 - 2023-01-28
• 1.2.5 - 2023-01-26
• 1.2.4 - 2023-01-24
• 1.2.3 - 2023-01-17

from axios GitHub release notes

Commit messages

Package name: axios

• b3be365 chore(release): v1.6.2 (#6082)
• 8739acb chore(ci): removed redundant release action; (#6081)
• bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
• a2b0fb3 chore(docs): update README.md (#6048)
• b12a608 chore(ci): removed paths-ignore filter; (#6080)
• 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
• 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
• cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
• 7009715 chore(ci): fixed release notification action; (#6064)
• 7144f10 chore(ci): fixed release notification action; (#6063)
• f6d2cf9 chore(ci): fix publish action content permission; (#6061)
• a22f4b9 chore(release): v1.6.1 (#6060)
• cb8bb2b chore(ci): Publish to NPM with provenance (#5835)
• 37cbf92 chore(ci): added labeling and notification for published PRs; (#6059)
• dd465ab fix(formdata): fixed content-type header normalization for non-standard browser environments; (#6056)
• 3dc8369 fix(platform): fixed emulated browser detection in node.js environment; (#6055)
• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with `keep-alive` enabled; (#6021)
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[netlify]

✅ Deploy Preview for movieweb22 ready!

Name	Link
🔨 Latest commit	4aafacc
🔍 Latest deploy log	https://app.netlify.com/sites/movieweb22/deploys/658326cf53524900098ff551
😎 Deploy Preview	https://deploy-preview-3--movieweb22.netlify.app/
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.