Update dependency axios to ^0.21.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	^0.19.2 -> ^0.21.0

GitHub Vulnerability Alerts

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

CVE-2021-3749

axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.

---

Release Notes

axios/axios (axios)

v0.21.2

Compare Source

Fixes and Functionality:

• Updating axios requests to be delayed by pre-emptive promise creation (#​2702)
• Adding "synchronous" and "runWhen" options to interceptors api (#​2702)
• Updating of transformResponse (#​3377)
• Adding ability to omit User-Agent header (#​3703)
• Adding multiple JSON improvements (#​3688, #​3763)
• Fixing quadratic runtime and extra memory usage when setting a maxContentLength (#​3738)
• Adding parseInt to config.timeout (#​3781)
• Adding custom return type support to interceptor (#​3783)
• Adding security fix for ReDoS vulnerability (#​3980)

Internal and Tests:

• Updating build dev dependancies (#​3401)
• Fixing builds running on Travis CI (#​3538)
• Updating follow rediect version (#​3694, #​3771)
• Updating karma sauce launcher to fix failing sauce tests (#​3712, #​3717)
• Updating content-type header for application/json to not contain charset field, according do RFC 8259 (#​2154)
• Fixing tests by bumping karma-sauce-launcher version (#​3813)
• Changing testing process from Travis CI to GitHub Actions (#​3938)

Documentation:

• Updating documentation around the use of AUTH_TOKEN with multiple domain endpoints (#​3539)
• Remove duplication of item in changelog (#​3523)
• Fixing gramatical errors (#​2642)
• Fixing spelling error (#​3567)
• Moving gitpod metion (#​2637)
• Adding new axios documentation website link (#​3681, #​3707)
• Updating documentation around dispatching requests (#​3772)
• Adding documentation for the type guard isAxiosError (#​3767)
• Adding explanation of cancel token (#​3803)
• Updating CI status badge (#​3953)
• Fixing errors with JSON documentation (#​3936)
• Fixing README typo under Request Config (#​3825)
• Adding axios-multi-api to the ecosystem file (#​3817)
• Adding SECURITY.md to properly disclose security vulnerabilities (#​3981)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Sasha Korotkov
• Daniel Lopretto
• Mike Bishop
• Dmitriy Mozgovoy
• Mark
• Philipe Gouveia Paixão
• hippo
• ready-research
• Xianming Zhong
• Christopher Chrapka
• Brian Anglin
• Kohta Ito
• Ali Clark
• caikan
• Elina Gorshkova
• Ryota Ikezawa
• Nisar Hassan Naqvi
• Jake
• TagawaHirotaka
• Johannes Jarbratt
• Mo Sattler
• Sam Carlton
• Matt Czapliński
• Ziding Zhang

v0.21.1

Compare Source

Fixes and Functionality:

• Hotfix: Prevent SSRF (#​3410)
• Protocol not parsed when setting proxy config from env vars (#​3070)
• Updating axios in types to be lower case (#​2797)
• Adding a type guard for AxiosError (#​2949)

Internal and Tests:

• Remove the skipping of the socket http test (#​3364)
• Use different socket for Win32 test (#​3375)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Daniel Lopretto <timemachine3030@​users.noreply.github.com>
• Jason Kwok [email protected]
• Jay [email protected]
• Jonathan Foster [email protected]
• Remco Haszing [email protected]
• Xianming Zhong [email protected]

v0.21.0

Compare Source

Fixes and Functionality:

• Fixing requestHeaders.Authorization (#​3287)
• Fixing node types (#​3237)
• Fixing axios.delete ignores config.data (#​3282)
• Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#​1773)" (#​3289)
• Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#​3200)

Internal and Tests:

• Lock travis to not use node v15 (#​3361)

Documentation:

• Fixing simple typo, existant -> existent (#​3252)
• Fixing typos (#​3309)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Allan Cruz [email protected]
• George Cheng [email protected]
• Jay [email protected]
• Kevin Kirsche [email protected]
• Remco Haszing [email protected]
• Taemin Shin <cprayer13@​gmail.com>
• Tim Gates [email protected]
• Xianming Zhong [email protected]

v0.20.0

Compare Source

Release of 0.20.0-pre as a full release with no other changes.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.