[Snyk] Upgrade axios from 1.18.0 to 1.18.1#188
Open
mblack-contentstack wants to merge 1 commit into
Open
Conversation
Snyk has created this PR to upgrade axios from 1.18.0 to 1.18.1. See this package in npm: axios See this project in Snyk: https://app.snyk.io/org/contentstack-devex/project/7bfde73b-0e04-4a5f-85a0-ebd699b4da10?utm_source=github&utm_medium=referral&page=upgrade-pr
Author
|
This is a patch version upgrade from axios v1.18.0 to v1.18.1. The release contains bug fixes, documentation updates, and dependency maintenance. Key Changes:
No breaking changes, deprecations, or mandatory code modifications are documented in the release notes. Source: GitHub Release Notes
|
🔒 Security Scan Results
⏱️ SLA Breach Summary
✅ BUILD PASSED - All security checks passed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade axios from 1.18.0 to 1.18.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago.
Breaking Change Risk
Release notes
Package name: axios
-
1.18.1 - 2026-06-22
- AxiosError Serialisation: Made AxiosError#cause non-enumerable to prevent circular JSON serialisation failures when errors include nested causes. (#10913)
- Node HTTP Adapter: Guarded socket.setKeepAlive for proxy agent streams, accepted path-only URLs when socketPath is configured, deferred environment proxy handling to Node, and explicitly passed maxBodyLength through to follow-redirects. (#10917, #10930, #10942, #10993)
- Runtime and Type Correctness: Fixed several runtime crashes, type definition mismatches, and incorrect error handling paths. (#10959, #11021)
- AxiosURLSearchParams: Switched the encoder callback to an arrow function so
-
-
- @ webdevelopersrinu (#10913)
- @ sijie-Z (#10993)
- @ bartlomieju (#11023)
- @ JSap0914 (#11019)
-
1.18.0 - 2026-06-14
-
-
- Status Validation: Added
-
-
-
- @ drori12 (#10984)
- @ eyupcanakman (#10899)
- @ Adi-Beker (#10995)
from axios GitHub release notesv1.18.1 — June 21, 2026
This release focuses on Node HTTP adapter fixes, safer AxiosError serialisation, runtime/type correctness fixes, documentation updates, and dependency maintenance.
🐛 Bug Fixes
encoder.call(this)receives theAxiosURLSearchParamsinstance correctly. (#11019)🔧 Maintenance & Chores
Documentation: Documented sensitive headers and status transition behaviour, prepared cleaned-up docs, added Deno install instructions, and clarified that request data is request-specific (#11007, #11010, #11023, #11025)
Dependencies: Bumped vite, rollup, form-data, js-yaml, and multer across the root project, docs, smoke tests, and module test workspaces. (#11011, #11012, #11013, #11014, #11015, #11016, #11017, #11026)
🌟 New Contributors
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
Full Changelog
v1.18.0 — June 13, 2026
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
🔒 Security Fixes
Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)
URL And Request Hardening: Rejects malformed
http:andhttps:URLs that omit//withERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and localNO_PROXYmatching. (#11000)🐛 Bug Fixes
transitional.validateStatusUndefinedResolvesso applications can opt in to treatingvalidateStatus: undefinedlike the option was omitted, whilevalidateStatus: nullremains the explicit way to accept every status. (#10899)🔧 Maintenance & Chores
Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the
proxyrequest config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)Dependencies: Bumped
@ babel/core,@ babel/preset-env,@ commitlint/cli,@ commitlint/config-conventional,@ rollup/plugin-babel,@ rollup/plugin-commonjs,@ vitest/browser,@ vitest/browser-playwright,eslint,lint-staged,rollup,vitest, andactions/checkout. (#10989, #10996, #10997)Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime
VERSIONvalue. (#11003)🌟 New Contributors
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
Full Changelog
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: