-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump axios from 1.6.2 to 1.7.4 #2023
Conversation
Bumps [axios](https://github.com/axios/axios) from 1.6.2 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.2...v1.7.4) --- updated-dependencies: - dependency-name: axios dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Important Review skippedReview was skipped due to path filters Files ignored due to path filters (1)
You can disable this status message by setting the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The key changes here involve upgrading versions of axios and follow-redirects. I would suggest double checking to ensure that the new versions of these modules don't break anything in your application as a result of changes made in the updated versions.
"version": "1.6.2", | ||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", | ||
"integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", | ||
"version": "1.7.4", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You upgraded axios from 1.6.2 to 1.7.4. Did you check the change log for the package to ensure no breaking changes or major modifications that could impact your application were introduced between these versions?
"dependencies": { | ||
"follow-redirects": "^1.15.0", | ||
"follow-redirects": "^1.15.6", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You upgraded follow-redirects from 1.15.0 to 1.15.6. Make sure to check the change log for this package too in order to avoid possible breaks in your application.
@@ -6661,14 +6661,15 @@ | |||
"license": "ISC" | |||
}, | |||
"node_modules/follow-redirects": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The version of follow-redirects has changed in the package-lock.json, and it seems to align with the new version in the package.json file. This consistency between the files is good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The diff is primarily updating version numbers of Axios and its dependency follow-redirects within package-lock.json. This is important because these changes help keep project dependencies up to date, maintain compatibility, and ensure security patches are applied. However, it might cause issues if any of these new versions contain potential breaking changes or the codebase relies on specific functionality removed or altered in these newer versions. Always thoroughly test your application after updating dependencies.
"version": "1.6.2", | ||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", | ||
"integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", | ||
"version": "1.7.4", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The version of Axios has been changed from 1.6.2 to 1.7.4. Please ensure this does not introduce breaking changes to any HTTP requests your project uses Axios for. Also consider updating to the latest version of Axios (axios@0.21.1 at the time of writing) because the current upgrade provides relatively outdated security, features, and bug fixes.
"dependencies": { | ||
"follow-redirects": "^1.15.0", | ||
"follow-redirects": "^1.15.6", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The version of 'follow-redirects' has been changed from 1.15.0 to 1.15.6. Make sure if the improvement of this indirect dependency won't have a negative effect on your project's HTTP requests.
@@ -6661,14 +6661,15 @@ | |||
"license": "ISC" | |||
}, | |||
"node_modules/follow-redirects": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's highly recommended to keep track of the version changes to mitigate compatibility issues or to catch potential breaking changes early. The 'follow-redirects' version changed from 1.15.2 to 1.15.6 might need some attention here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code review reveals that the changes made are mainly updates to the dependencies of the 'axios' and 'follow-redirects' packages. The 'axios' package went from version '1.6.2' to '1.7.4', and 'follow-redirects' went from '1.15.2' to '1.15.6'. A proper upgrade of package versions should consider the compatibility and the impact on the existing functionalities of the application.
@@ -4626,11 +4626,11 @@ | |||
} | |||
}, | |||
"node_modules/axios": { | |||
"version": "1.6.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You have changed the version of 'axios' from '1.6.2' to '1.7.4'. Please confirm that the changes in these versions do not affect the program negatively. We need to ensure this given 'axios' is a promise-based HTTP client that works both in the browser and in a node.js environment. It provides a single API for dealing with XMLHttpRequests and node's http interface.
"dependencies": { | ||
"follow-redirects": "^1.15.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You have upgraded 'follow-redirects' from '^1.15.0' to '^1.15.6'. This package deals with following redirects transparently in node.js, which is sensitive in ensuring seamless user experience. Please verify that this new version is compatible with axios or other packages that are dependent on it.
@@ -6661,14 +6661,15 @@ | |||
"license": "ISC" | |||
}, | |||
"node_modules/follow-redirects": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The version of 'follow-redirects' has been updated from '1.15.2' to '1.15.6'. While version upgrades are generally good for getting new features and optimizations, this might introduce breaking changes to the application. Please make sure to test thoroughly with this new version upgrade.
"version": "1.15.2", | ||
"version": "1.15.6", | ||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", | ||
"integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", | ||
"funding": [ | ||
{ | ||
"type": "individual", | ||
"url": "https://github.com/sponsors/RubenVerborgh" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The 'license' field for the 'follow-redirects' package has been removed. Please ensure that the 'follow-redirects' is still under the open-source license so that it can be used in our project without conflicts.
Quality Gate passedIssues Measures |
Looks like axios is up-to-date now, so this is no longer needed. |
Bumps axios from 1.6.2 to 1.7.4.
Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.