Skip to content

[Snyk] Upgrade axios from 0.27.2 to 0.33.0#640

Open
macpro-snyk-service-account wants to merge 1 commit into
masterfrom
snyk-upgrade-ce490dd558619ef1bd2d224c744f8bf3
Open

[Snyk] Upgrade axios from 0.27.2 to 0.33.0#640
macpro-snyk-service-account wants to merge 1 commit into
masterfrom
snyk-upgrade-ce490dd558619ef1bd2d224c744f8bf3

Conversation

@macpro-snyk-service-account

Copy link
Copy Markdown
Collaborator

snyk-top-banner

Snyk has created this PR to upgrade axios from 0.27.2 to 0.33.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 11 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AXIOS-15252993
112 Proof of Concept
high severity HTTP Response Splitting
SNYK-JS-AXIOS-15969258
112 No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773
112 Proof of Concept
medium severity Unintended Proxy or Intermediary ('Confused Deputy')
SNYK-JS-AXIOS-15965856
112 Proof of Concept
medium severity Improper Encoding or Escaping of Output
SNYK-JS-AXIOS-16298055
112 Proof of Concept
critical severity HTTP Response Splitting
SNYK-JS-AXIOS-16298058
112 Proof of Concept
high severity Uncontrolled Recursion
SNYK-JS-AXIOS-16299923
112 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AXIOS-17111060
112 No Known Exploit
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-17111062
112 No Known Exploit
high severity Prototype Pollution
SNYK-JS-AXIOS-17111079
112 No Known Exploit
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
112 Proof of Concept
high severity Improper Removal of Sensitive Information Before Storage or Transfer
SNYK-JS-FOLLOWREDIRECTS-16032162
112 No Known Exploit
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137
112 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-16298095
112 No Known Exploit
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-16298130
112 Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-16298162
112 No Known Exploit
medium severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-AXIOS-16299478
112 Proof of Concept
critical severity Prototype Pollution
SNYK-JS-AXIOS-16299904
112 No Known Exploit
high severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-AXIOS-17172681
112 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-AXIOS-16299925
112 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-AXIOS-17111081
112 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-17172532
112 Proof of Concept
medium severity Insertion of Sensitive Information Into Sent Data
SNYK-JS-AXIOS-17172930
112 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857
112 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519
112 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9403194
112 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
112 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150
112 Proof of Concept
medium severity CRLF Injection
SNYK-JS-FORMDATA-17337015
112 Proof of Concept

Breaking Change Risk

Merge Risk: Medium

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade axios from 0.27.2 to 0.33.0.

See this package in yarn:
axios

See this project in Snyk:
https://app.snyk.io/org/macpro-macpro/project/77c22646-6ddf-417a-a629-defd670f4bc8?utm_source=github&utm_medium=referral&page=upgrade-pr
@macpro-snyk-service-account

Copy link
Copy Markdown
Collaborator Author

Merge Risk: Medium

This upgrade from axios 0.27.2 to 0.33.0 includes several security fixes and behavioral changes that require verification.

Key Changes:

  • Parameter Serialization Change (v0.28.0): The serialization of object parameters in GET requests has changed. Previously, an object passed in the params would be JSON stringified. It is now serialized into key-value pairs. This can break backend logic expecting a JSON string.
    • Before (v0.27.2): ?bar={"textSearch":"","conditions":[]}
    • After (v0.28.0): ?bar[textSearch]=&bar[conditions][]
  • Breaking Change (v0.32.0): The release notes mention one breaking change related to merged config and header object prototypes.
  • Hardening and Stricter Parsing (v0.32.0): This release introduces stricter URL protocol parsing and replaces a deprecated unescape() function with modern UTF-8 encoding, which may affect non-ASCII URL handling.

Recommendation:
Review and test any code that passes complex objects as GET request parameters to ensure compatibility with the new serialization format. Verify application functionality related to request configurations and URL handling, especially for non-ASCII characters.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@macpro-snyk-service-account

macpro-snyk-service-account commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator Author

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants