Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump axios from 0.27.2 to 1.6.0 #6641

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump axios from 0.27.2 to 1.6.0 #6641

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2023
edited
Loading

Bumps axios from 0.27.2 to 1.6.0.

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Release v1.5.1

Release notes:

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

Release v1.5.0

Release notes:

Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps): bump axios from 0.27.2 to 1.6.0
4c140d7 
Bumps [axios](https://github.com/axios/axios) from 0.27.2 to 1.6.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.27.2...v1.6.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 10, 2023
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (1e1b543) 79.95% compared to head (4c140d7) 79.95%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #6641   +/-   ##
=======================================
  Coverage   79.95%   79.95%           
=======================================
  Files         216      216           
  Lines       18822    18822           
  Branches     2443     2443           
=======================================
  Hits        15049    15049           
  Misses       3742     3742           
  Partials       31       31

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

luhc228
luhc228 previously approved these changes Dec 5, 2023
View reviewed changes
@wssgcg1213 wssgcg1213 changed the base branch from master to release/next February 5, 2024 02:00
@wssgcg1213 wssgcg1213 dismissed luhc228’s stale review February 5, 2024 02:00

The base branch was changed.

@wssgcg1213
Copy link
Collaborator

得看下大版本升级影响是什么

从 axios 0.27.2 到 1.6.0 的变化如下:

  • 支持 ES6 Promise:axios 1.6.0 开始使用 ES6 Promise 替代之前的 Q Promise。这意味着你可以直接使用原生的 Promise 语法,而无需额外引入其他库。

  • 增加 cancelToken:axios 1.6.0 引入了 cancelToken 功能,允许你取消请求。你可以创建一个 cancel token,并在需要时使用它来取消请求。

  • 移除自动 JSON 序列化请求体:在之前的版本中,axios 会自动将请求体对象序列化为 JSON 格式。从 1.6.0 开始,axios 不再对请求体进行自动序列化,你需要手动将其转换为 JSON 字符串。

  • 默认 Content-Type 为 application/json:axios 1.6.0 默认将请求的 Content-Type 设置为 application/json,而不是之前的 application/x-www-form-urlencoded。如果你需要发送表单数据,你需要手动设置 Content-Type。

  • 修复了一些 bug 和安全性问题:在每个版本中,axios 都会修复一些 bug 和安全性问题,因此升级到 1.6.0 可能会修复一些在旧版本中存在的问题。

  • 除了以上的变化,还可能有其他一些小的改进和优化。如果你想了解更多详细的变化和更新,你可以查看 axios 的官方文档或查看 axios 的 GitHub 仓库的发布日志。

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 21, 2024

Superseded by #6802.

@dependabot dependabot bot closed this Feb 21, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/axios-1.6.0 branch February 21, 2024 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luhc228 luhc228 luhc228 left review comments

Assignees

@luhc228 luhc228

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@codecov-commenter @wssgcg1213 @luhc228