Bump axios from 1.6.2 to 1.7.4 #2023
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [axios](https://github.com/axios/axios) from 1.6.2 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.2...v1.7.4) --- updated-dependencies: - dependency-name: axios dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
the
dependencies
|
Important Review skippedReview was skipped due to path filters Files ignored due to path filters (1)
You can disable this status message by setting the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
![codecov[bot]](https://avatars.githubusercontent.com/in/254?s=60&v=4){kind=small}
| "version": "1.6.2", | ||
| "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", | ||
| "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", | ||
| "version": "1.7.4", |
There was a problem hiding this comment.
You upgraded axios from 1.6.2 to 1.7.4. Did you check the change log for the package to ensure no breaking changes or major modifications that could impact your application were introduced between these versions?
| "dependencies": { | ||
| "follow-redirects": "^1.15.0", | ||
| "follow-redirects": "^1.15.6", |
There was a problem hiding this comment.
You upgraded follow-redirects from 1.15.0 to 1.15.6. Make sure to check the change log for this package too in order to avoid possible breaks in your application.
| @@ -6661,14 +6661,15 @@ | |||
| "license": "ISC" | |||
| }, | |||
| "node_modules/follow-redirects": { | |||
There was a problem hiding this comment.
The version of follow-redirects has changed in the package-lock.json, and it seems to align with the new version in the package.json file. This consistency between the files is good.
There was a problem hiding this comment.
The diff is primarily updating version numbers of Axios and its dependency follow-redirects within package-lock.json. This is important because these changes help keep project dependencies up to date, maintain compatibility, and ensure security patches are applied. However, it might cause issues if any of these new versions contain potential breaking changes or the codebase relies on specific functionality removed or altered in these newer versions. Always thoroughly test your application after updating dependencies.
| "version": "1.6.2", | ||
| "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.2.tgz", | ||
| "integrity": "sha512-7i24Ri4pmDRfJTR7LDBhsOTtcm+9kjX5WiY1X3wIisx6G9So3pfMkEiU7emUBe46oceVImccTEM3k6C5dbVW8A==", | ||
| "version": "1.7.4", |
There was a problem hiding this comment.
The version of Axios has been changed from 1.6.2 to 1.7.4. Please ensure this does not introduce breaking changes to any HTTP requests your project uses Axios for. Also consider updating to the latest version of Axios (axios@0.21.1 at the time of writing) because the current upgrade provides relatively outdated security, features, and bug fixes.
| "dependencies": { | ||
| "follow-redirects": "^1.15.0", | ||
| "follow-redirects": "^1.15.6", |
There was a problem hiding this comment.
The version of 'follow-redirects' has been changed from 1.15.0 to 1.15.6. Make sure if the improvement of this indirect dependency won't have a negative effect on your project's HTTP requests.
| @@ -6661,14 +6661,15 @@ | |||
| "license": "ISC" | |||
| }, | |||
| "node_modules/follow-redirects": { | |||
There was a problem hiding this comment.
It's highly recommended to keep track of the version changes to mitigate compatibility issues or to catch potential breaking changes early. The 'follow-redirects' version changed from 1.15.2 to 1.15.6 might need some attention here.
There was a problem hiding this comment.
This code review reveals that the changes made are mainly updates to the dependencies of the 'axios' and 'follow-redirects' packages. The 'axios' package went from version '1.6.2' to '1.7.4', and 'follow-redirects' went from '1.15.2' to '1.15.6'. A proper upgrade of package versions should consider the compatibility and the impact on the existing functionalities of the application.
| @@ -4626,11 +4626,11 @@ | |||
| } | |||
| }, | |||
| "node_modules/axios": { | |||
| "version": "1.6.2", | |||
There was a problem hiding this comment.
You have changed the version of 'axios' from '1.6.2' to '1.7.4'. Please confirm that the changes in these versions do not affect the program negatively. We need to ensure this given 'axios' is a promise-based HTTP client that works both in the browser and in a node.js environment. It provides a single API for dealing with XMLHttpRequests and node's http interface.
| "dependencies": { | ||
| "follow-redirects": "^1.15.0", |
There was a problem hiding this comment.
You have upgraded 'follow-redirects' from '^1.15.0' to '^1.15.6'. This package deals with following redirects transparently in node.js, which is sensitive in ensuring seamless user experience. Please verify that this new version is compatible with axios or other packages that are dependent on it.
| @@ -6661,14 +6661,15 @@ | |||
| "license": "ISC" | |||
| }, | |||
| "node_modules/follow-redirects": { | |||
There was a problem hiding this comment.
The version of 'follow-redirects' has been updated from '1.15.2' to '1.15.6'. While version upgrades are generally good for getting new features and optimizations, this might introduce breaking changes to the application. Please make sure to test thoroughly with this new version upgrade.
| "version": "1.15.2", | ||
| "version": "1.15.6", | ||
| "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", | ||
| "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", | ||
| "funding": [ | ||
| { | ||
| "type": "individual", | ||
| "url": "https://github.com/sponsors/RubenVerborgh" | ||
| } |
There was a problem hiding this comment.
The 'license' field for the 'follow-redirects' package has been removed. Please ensure that the 'follow-redirects' is still under the open-source license so that it can be used in our project without conflicts.
|
|
Looks like axios is up-to-date now, so this is no longer needed. |
Bumps axios from 1.6.2 to 1.7.4.
Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7chore(release): v1.7.4 (#6544)6b6b605fix(sec): CVE-2024-39338 (#6539) (#6543)07a661afix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43chore(release): v1.7.3 (#6521)e3c76fcfix(adapter): fix progress event emitting; (#6518)85d4d0efix(fetch): fix withCredentials request config (#6505)92cd8edchore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fachore(release): v1.7.2 (#6414)4f79aeffix(fetch): enhance fetch API detection; (#6413)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.