Skip to content
This repository was archived by the owner on Oct 3, 2023. It is now read-only.

Update dependency axios to ^0.19.0 [SECURITY]#569

Merged
mayurkale22 merged 1 commit into
masterfrom
renovate/npm-axios-vulnerability
May 31, 2019
Merged

Update dependency axios to ^0.19.0 [SECURITY]#569
mayurkale22 merged 1 commit into
masterfrom
renovate/npm-axios-vulnerability

Conversation

@renovate

@renovate renovate Bot commented May 31, 2019

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change References
axios devDependencies minor ^0.18.0 -> ^0.19.0 source

GitHub Vulnerability Alerts

CVE-2019-10742

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Release Notes

axios/axios

v0.19.0

Compare Source

Fixes and Functionality:

  • Unzip response body only for statuses != 204 (#​1129) - drawski
  • Destroy stream on exceeding maxContentLength (fixes #​1098) (#​1485) - Gadzhi Gadzhiev
  • Makes Axios error generic to use AxiosResponse (#​1738) - Suman Lama
  • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#​1993) - grumblerchester
  • Allow uppercase methods in typings. (#​1781) - Ken Powers
  • Fixing .eslintrc without extension (#​1789) - Manoel
  • Consistent coding style (#​1787) - Ali Servet Donmez
  • Fixing building url with hash mark (#​1771) - Anatoly Ryabov
  • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
  • Preserve HTTP method when following redirect (#​1758) - Rikki Gibson
  • Add getUri signature to TypeScript definition. (#​1736) - Alexander Trauzzi
  • Adding isAxiosError flag to errors thrown by axios (#​1419) - Ayush Gupta
  • Fix failing SauceLabs tests by updating configuration - Emily Morehouse

Documentation:

  • Add information about auth parameter to README (#​2166) - xlaguna
  • Add DELETE to list of methods that allow data as a config option (#​2169) - Daniela Borges Matos de Carvalho
  • Update ECOSYSTEM.md - Add Axios Endpoints (#​2176) - Renan
  • Add r2curl in ECOSYSTEM (#​2141) - 유용우 / CX
  • Update README.md - Add instructions for installing with yarn (#​2036) - Victor Hermes
  • Fixing spacing for README.md (#​2066) - Josh McCarty
  • Update README.md. - Change .then to .finally in example code (#​2090) - Omar Cai
  • Clarify what values responseType can have in Node (#​2121) - Tyler Breisacher
  • docs(ECOSYSTEM): add axios-api-versioning (#​2020) - Weffe
  • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
  • Add issue templates - Emily Morehouse
  • Update README.md. - Add Querystring library note (#​1896) - Dmitriy Eroshenko
  • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#​1925) - Cody Chan
  • Clarify in README that default timeout is 0 (no timeout) (#​1750) - Ben Standefer

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

@codecov-io

codecov-io commented May 31, 2019

Copy link
Copy Markdown

Codecov Report

Merging #569 into master will decrease coverage by 0.11%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #569      +/-   ##
==========================================
- Coverage    95.3%   95.18%   -0.12%     
==========================================
  Files         148      147       -1     
  Lines       10590    10412     -178     
  Branches      745      741       -4     
==========================================
- Hits        10093     9911     -182     
- Misses        497      501       +4
Impacted Files Coverage Δ
src/detect-resource.ts 66.66% <0%> (-24.25%) ⬇️
test/test-detect-resource.ts 93.93% <0%> (-5.09%) ⬇️
src/stackdriver-monitoring.ts 77.02% <0%> (-2.71%) ⬇️
src/binary-format.ts 100% <0%> (ø) ⬆️
src/resource-labels.ts 100% <0%> (ø) ⬆️
src/constants.ts
src/zpages-frontend/latency-bucket-boundaries.ts 73.23% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 20e4cf0...e943e3c. Read the comment docs.

@mayurkale22 mayurkale22 mentioned this pull request May 31, 2019
Closed
@mayurkale22 mayurkale22 merged commit 039c695 into master May 31, 2019
@mayurkale22 mayurkale22 deleted the renovate/npm-axios-vulnerability branch May 31, 2019 17:34
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@draffensperger draffensperger Awaiting requested review from draffensperger draffensperger is a code owner
@justindsmith justindsmith Awaiting requested review from justindsmith
1 more reviewer
@mayurkale22 mayurkale22 mayurkale22 approved these changes
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codecov-io @mayurkale22 @googlebot