Bump the npm_and_yarn group across 2 directories with 28 updates

[dependabot]

Bumps the npm_and_yarn group with 25 updates in the / directory:

Package	From	To
jsonwebtoken	8.5.1	9.0.0
node-fetch	2.6.1	2.6.7
stellar-sdk	8.2.2	12.1.0
socket.io	4.1.2	4.6.2
express	4.17.1	4.19.2
@babel/traverse	7.14.2	7.24.7
async	2.6.3	2.6.4
browserify-sign	4.2.1	4.2.3
cross-fetch	3.1.4	3.1.8
decode-uri-component	0.2.0	0.2.2
es5-ext	0.10.53	0.10.64
eventsource	1.1.0	1.1.2
follow-redirects	1.14.1	1.15.6
minimist	1.2.5	1.2.8
nanoid	3.1.23	3.3.7
semver	5.7.1	5.7.2
tar	6.1.0	6.2.1
terser	4.8.0	4.8.1
tmpl	1.0.4	1.0.5
tough-cookie	4.0.0	4.1.4
ua-parser-js	0.7.28	0.7.38
urijs	1.19.6	1.19.11
url-parse	1.5.1	1.5.10
word-wrap	1.2.3	1.2.5
ws	6.2.1	6.2.3

Bumps the npm_and_yarn group with 3 updates in the /@stellar/anchor-tests directory: jsonwebtoken, node-fetch and stellar-sdk.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates node-fetch from 2.6.1 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Updates stellar-sdk from 8.2.2 to 12.1.0

Release notes

Sourced from stellar-sdk's releases.

v12.1.0

v12.1.0

Added

• contract now exports the DEFAULT_TIMEOUT (#984).
• contract.AssembledTransaction now has:
  • toXDR and fromXDR methods for serializing the transaction to and from XDR. These methods should be used in place of AssembledTransaction.toJSON and AssembledTransaction.fromJSONfor multi-auth signing. The JSON methods are now deprecated. Note: you must now call simulate on the transaction before the final signAndSend call after all required signatures are gathered when using the XDR methods (#977).
  • a restoreFootprint method which accepts the restorePreamble returned when a simulation call fails due to some contract state that has expired. When invoking a contract function, one can now set restore to true in the MethodOptions. When enabled, a restoreFootprint transaction will be created and await signing when required (#991).
  • separate sign and send methods so that you can sign a transaction without sending it (signAndSend still works as before; #922).
• contract.Client now has a txFromXDR method which should be used in place of txFromJSON for multi-auth signing (#977).

Deprecated

• In contract.AssembledTransaction, toJSON and fromJSON should be replaced with toXDR and fromXDR.
• In contract.Client, txFromJSON should be replaced with txFromXDR.

Fixed

• If you edit an AssembledTransaction with tx.raw = cloneFrom(tx.build), the tx.simulationData will now be updated correctly (#985).

v12.0.1

v12.0.1: Protocol 21 Stable Release

This update supports Protocol 21. It is an additive change to the protocol so there are no binary (i.e. XDR-level) incompatibilities, but your software may break if you encounter new unexpected or renamed fields from this Protocol (#949).

The following changelog is a concatenation of all of the RCs since the previous stable release and includes one additional added feature.

Breaking Changes

• The default timeout for transaction calls is now set to 300 seconds (5 minutes) when using ContractClient from the previous default of 10 seconds. 10 seconds is often not enough time to review transactions before signing, especially in Freighter or using a hardware wallet like a Ledger, which would cause a txTooLate error response from the server. Five minutes is also the value used by the CLI, so this brings the two into alignment (#956).
• ContractClient functionality previously added in v11.3.0 was exported in a non-standard way. You can now import it as any other stellar-sdk module (#962):

-import { ContractClient } from '@stellar/stellar-sdk/lib/contract_client'
+import { contract } from '@stellar/stellar-sdk'
+const { Client } = contract

Note that this top-level contract export is a container for ContractClient and related functionality. The ContractClient class is now available at contract.Client, as shown. Further note that there is a capitalized Contract export as well, which comes from stellar-base. You can remember which is which because capital-C Contract is a class, whereas lowercase-c contract is a container/module with a bunch of classes, functions, and types.

Additionally, this is available from the /contract entrypoint, if your version of Node and TypeScript support the exports declaration. Finally, some of its exports have been renamed:

import {
   AssembledTransaction,
   SentTransaction,
-  ContractClient,
-  ContractClientOptions,
-} from '@stellar/stellar-sdk/lib/contract_client'
+  Client,
+  ClientOptions,
+} from '@stellar/stellar-sdk/contract'

... (truncated)

Changelog

Sourced from stellar-sdk's changelog.

v12.1.0

Added

• contract now exports the DEFAULT_TIMEOUT (#984).
• contract.AssembledTransaction now has:
  • toXDR and fromXDR methods for serializing the transaction to and from XDR. These methods should be used in place of AssembledTransaction.toJSON and AssembledTransaction.fromJSONfor multi-auth signing. The JSON methods are now deprecated. Note: you must now call simulate on the transaction before the final signAndSend call after all required signatures are gathered when using the XDR methods (#977).
  • a restoreFootprint method which accepts the restorePreamble returned when a simulation call fails due to some contract state that has expired. When invoking a contract function, one can now set restore to true in the MethodOptions. When enabled, a restoreFootprint transaction will be created and await signing when required (#991).
  • separate sign and send methods so that you can sign a transaction without sending it (signAndSend still works as before; #922).
• contract.Client now has a txFromXDR method which should be used in place of txFromJSON for multi-auth signing (#977).

Deprecated

• In contract.AssembledTransaction, toJSON and fromJSON should be replaced with toXDR and fromXDR.
• In contract.Client, txFromJSON should be replaced with txFromXDR.

Fixed

• If you edit an AssembledTransaction with tx.raw = cloneFrom(tx.build), the tx.simulationData will now be updated correctly (#985).

v12.0.1

• This is a re-tag of v12.0.0-rc.3 with dependency updates and a single new feature.

Added

• rpc.server.simulateTransaction now supports an optional stateChanges?: LedgerEntryChange[] field (#963):
  • If Before is omitted, it constitutes a creation, if After is omitted, it constitutes a deletions, note that Before and After cannot be be omitted at the same time. Each item follows this schema:

interface LedgerEntryChange {
  type: number;
  key: xdr.LedgerKey;
  before: xdr.LedgerEntry | null;
  after: xdr.LedgerEntry | null;
}

v12.0.0-rc.3

Breaking Changes

• ContractClient functionality previously added in v11.3.0 was exported in a non-standard way. You can now import it as any other stellar-sdk module (#962):

-import { ContractClient } from '@stellar/stellar-sdk/lib/contract_client'
+import { contract } from '@stellar/stellar-sdk'
+const { Client } = contract

Note that this top-level contract export is a container for ContractClient and related functionality. The ContractClient class is now available at contract.Client, as shown. Further note that there is a capitalized Contract export as well, which comes from stellar-base. You can remember which is which because capital-C Contract is a class, whereas lowercase-c contract is a container/module with a bunch of classes, functions, and types.

... (truncated)

Commits

• 10e5edc Release v12.1.0 (#993)
• 863d83a Add separate sign and send methods to contract.AssembledTransaction (#992)
• 556ffe8 Add auto restore functionality for contract client (#991)
• 7dc0a8c Update simulationData after re-simulation (#985)
• 840f57d Adds AssembledTransaction.toXDR|fromXDR and Client.txFromXDR methods
• 7f67469 Export DEFAULT_TIMEOUT for the contract client (#984)
• e5e49dc Convert ava tests to mocha (#975)
• ec64159 Update pinned CLI version for e2e tests (#982)
• 9390f6c Release v12.0.1 (#978)
• e32dcd9 Add stateChanges support to rpc.Server.simulateTransaction response (#963)
• Additional commits viewable in compare view

Updates socket.io from 4.1.2 to 4.6.2

Release notes

Sourced from socket.io's releases.

4.6.2

Bug Fixes

• exports: move types condition to the top (#4698) (3d44aae)

Links

• Diff: socketio/socket.io@4.6.1...4.6.2
• Client release: 4.6.2
• engine.io@~6.4.2 (diff)
• ws@~8.11.0 (no change)

4.6.1

Bug Fixes

• properly handle manually created dynamic namespaces (0d0a7a2)
• types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Links

• Diff: socketio/socket.io@4.6.0...4.6.1
• Client release: 4.6.1
• engine.io@~6.4.1 (diff)
• ws@~8.11.0 (no change)

4.6.0

Bug Fixes

• add timeout method to remote socket (#4558) (0c0eb00)
• typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

• emitWithAck()

try {
  const responses = await io.timeout(1000).emitWithAck("some-event");
  console.log(responses); // one response per client
} catch (e) {
  // some clients did not acknowledge the event in the given delay
}
io.on("connection", async (socket) => {
// without timeout
</tr></table>

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.6.2 (2023-05-31)

Bug Fixes

• exports: move types condition to the top (#4698) (3d44aae)

Dependencies

• engine.io@~6.4.0 (no change)
• ws@~8.11.0 (no change)

4.6.1 (2023-02-20)

Bug Fixes

• properly handle manually created dynamic namespaces (0d0a7a2)
• types: fix nodenext module resolution compatibility (#4625) (d0b22c6)

Dependencies

• engine.io@~6.4.0 (no change)
• ws@~8.11.0 (no change)

4.6.0 (2023-02-07)

Bug Fixes

• add timeout method to remote socket (#4558) (0c0eb00)
• typings: properly type emits with timeout (f3ada7d)

Features

Promise-based acknowledgements

This commit adds some syntactic sugar around acknowledgements:

• emitWithAck()

try {
</tr></table> 

... (truncated)

Commits

• faf914c chore(release): 4.6.2
• 15af22f refactor: add a noop handler for the error event
• d365894 chore: bump socket.io-parser to version 4.2.3
• 12b0de4 chore: bump engine.io to version 6.4.2
• 3d44aae fix(exports): move types condition to the top (#4698)
• cbf0362 docs(examples): bump dependencies for the private messaging example
• 59280da docs(examples): update examples to docker compose v2
• 50a4d37 docs(changelog): add version of transitive dependencies
• 6458b2b docs(example): basic WebSocket-only client
• b56da8a docs(examples): upgrade to React 18
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates @babel/traverse from 7.14.2 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #16466 Migrate import assertions syntax (@​JLHwung)

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• 07bd000 Improve getBindingIdentifiers (#16544)
• 17a5502 [Babel 8] Remove extra.shorthand (#16521)
• 7934963 Use type: module in all package.jsons (#16535)
• 9630250 v7.24.6
• 1f010df Explicitly define NodePath.prototype.* (#16488)
• 6e3539b [babel 8] Publish .d.ts files for every package (#16416)
• e37e64d Use eslint v9 (#16479)
• 3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
• Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates axios from 0.21.1 to 1.7.2

Release notes

Sourced from axios's releases.

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

Release v1.7.0-beta.2

Release notes:

Bug Fixes

• fetch: capitalize HTTP method names; (#6395) (ad3174a)
• fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
• fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0-beta.1

Release notes:

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

1.7.0 (2024-05-19)

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

1.7.0-beta.2 (2024-05-19)

Bug Fixes

• fetch: capitalize HTTP method names; (#6395) (ad3174a)
• fetch: fix & optimize progress capturing for cases when the request data ...

  Description has been truncated

  Note
  Automatic rebases have been disabled on this pull request as it has been open for over 30 days.