Skip to content

[Snyk] Upgrade axios from 1.18.0 to 1.18.1#188

Open
mblack-contentstack wants to merge 1 commit into
mainfrom
snyk-upgrade-574f89c08494d3e31b36e28c647b7ef8
Open

[Snyk] Upgrade axios from 1.18.0 to 1.18.1#188
mblack-contentstack wants to merge 1 commit into
mainfrom
snyk-upgrade-574f89c08494d3e31b36e28c647b7ef8

Conversation

@mblack-contentstack

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to upgrade axios from 1.18.0 to 1.18.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released 21 days ago.

Breaking Change Risk

Merge Risk: Low

Notice: This assessment is enhanced by AI.

Release notes
Package name: axios
  • 1.18.1 - 2026-06-22

    v1.18.1 — June 21, 2026

    This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.

    🐛 Bug Fixes

    • AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
    • Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
    • Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
    • AxiosURLSearchParams: Switched the encoder callback to an arrow function so encoder.call(this) receives the AxiosURLSearchParams instance correctly. (#11019)

    🔧 Maintenance & Chores

    • Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)

    • Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)

    🌟 New Contributors

    We are thrilled to welcome our new contributors. Thank you for helping improve axios:

    Full Changelog

  • 1.18.0 - 2026-06-14

    v1.18.0 — June 13, 2026

    This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

    🔒 Security Fixes

    • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

    • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

    🐛 Bug Fixes

    • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

    🔧 Maintenance & Chores

    • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

    • Dependencies: Bumped @ babel/core, @ babel/preset-env, @ commitlint/cli, @ commitlint/config-conventional, @ rollup/plugin-babel, @ rollup/plugin-commonjs, @ vitest/browser, @ vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

    • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

    🌟 New Contributors

    We are thrilled to welcome our new contributors. Thank you for helping improve axios:

    Full Changelog

from axios GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade axios from 1.18.0 to 1.18.1.

See this package in npm:
axios

See this project in Snyk:
https://app.snyk.io/org/contentstack-devex/project/7bfde73b-0e04-4a5f-85a0-ebd699b4da10?utm_source=github&utm_medium=referral&page=upgrade-pr
@mblack-contentstack

Copy link
Copy Markdown
Author

Merge Risk: Low

This is a patch version upgrade from axios v1.18.0 to v1.18.1. The release contains bug fixes, documentation updates, and dependency maintenance.

Key Changes:

  • Error Serialization Fix: A notable fix prevents circular JSON serialization failures when an AxiosError has a nested cause property.
  • Node.js Adapter Fixes: Includes several corrections for the Node.js HTTP adapter related to proxy agents and socket paths.

No breaking changes, deprecations, or mandatory code modifications are documented in the release notes.

Source: GitHub Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@mblack-contentstack mblack-contentstack requested a review from a team as a code owner July 14, 2026 01:17
@github-actions

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants