Open
Conversation
Snyk has created this PR to upgrade axios from 1.13.2 to 1.14.0. See this package in npm: axios See this project in Snyk: https://app.eu.snyk.io/org/pigs/project/581c082d-5492-4d66-b5ae-c80c24f9d394?utm_source=github-enterprise&utm_medium=referral&page=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade axios from 1.13.2 to 1.14.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 5 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-15252993
Release notes
Package name: axios
-
1.14.0 - 2026-03-27
⚠️ Important Changes
- Breaking Changes: None identified in this release.
- Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably
- Runtime Features: No new end-user features were introduced in this release.
- Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)
- Headers: Trim trailing CRLF in normalised header values. (#7456)
- HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
- Fetch Adapter: Cancel
- Proxy Handling: Fixed env proxy behavior with
- CommonJS Compatibility: Fixed package
- Security/Dependencies: Updated
- Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
- Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
- Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)
- @ aviu16 (#7456)
- @ NETIZEN-11 (#7460)
- @ fedotov (#7457)
- @ nthbotast (#7478)
- @ veeceey (#7398)
- @ penkzhou (#7515)
-
1.13.6 - 2026-02-27
⚠️ Important Changes
- Breaking Changes: None identified in this release.
- Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.
- React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @ moh3n9595 for the initial implementation. (#5764)
- Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)
-
- Fixed module exports for React Native and Browserify environments. (#7386)
- Added safe FormData detection for the WeChat Mini Program environment. (#7324)
-
- AxiosError.message is now correctly enumerable. (#7392)
- AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)
- Dependencies: Updated the development_dependencies group (5 updates). (#7432)
- Infrastructure: Migrated @ rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
- Documentation: Added missing JSDoc comments to utilities. (#7427)
- @ Gudahtt (#7386)
- @ ybbus (#7392)
- @ Shiwaangee (#7324)
- @ skrtheboss (#7403)
- @ Janaka66 (#7427)
- @ moh3n9595 (#5764)
- @ digital-wizard48 (#7424)
-
1.13.5 - 2026-02-08
- Security: Fixed a potential Denial of Service issue involving the
- Bug fix: Resolved an issue where
- Fix Denial of Service via
- Fix/5657. (PR #7313)
- Ensure
- Add input validation to
- Refactor: bump minor package versions. (PR #7356)
- Clarify object-check comment. (PR #7323)
- Fix deprecated
- Chore: fix issues with YAML. (PR #7355)
- CI: update workflow YAMLs. (PR #7372)
- CI: fix run condition. (PR #7373)
- Dev deps: bump
- Chore(release): prepare release 1.13.5. (PR #7379)
- @ sachin11063 (first contribution — PR #7323)
- @ asmitha-16 (first contribution — PR #7326)
-
1.13.4 - 2026-01-27
- fix: issues with version 1.13.3 (#7352) (ee90dfc)
- Fixed issues discovered in v1.13.3 release
- Cleaned up interceptor test files
- Improved workflow configurations
-
- Major refactoring of CI/CD workflows
- Consolidated workflow files for better maintainability
- Added mise configuration for the development environment
- Improved sponsor block update automation
- Enhanced issue and PR templates
- Added automatic release notes generation
- Implemented workflow cancellation for concurrent runs
-
- Code generation improvements
- Workflow optimisations
- jasonsaayman - Release management and CI/CD improvements
-
1.13.3 - 2026-01-25
- http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
- interceptor: handle the error in the same interceptor (#6269) (5945e40)
- main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
- package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
- silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
- turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
- types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
- types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
- unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)
- add
- add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
- add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
- added copilot instructions (3f83143)
- compatibility with frozen prototypes (#6265) (860e033)
- enhance pipeFileToResponse with error handling (#7169) (88d7884)
- types: Intellisense for string literals in a widened union (#6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329
- Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
- deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)
Ashvin Tiwari
Nikunj Mochi
Anchal Singh
jasonsaayman
Julian Dax
Akash Dhar Dubey
Madhumita
Tackoil
Justin Dhillon
Rudransh
WuMingDao
codenomnom
Nandan Acharya
Eric Dubé
Tibor Pilz
Gabriel Quaresma
Turadg Aleahmad
JohnTitor
rohit miryala
Wilson Mun
techcodie
Ved Vadnere
svihpinc
SANDESH LENDVE
Lubos
Jarred Sumner
Adam Hines
Subhan Kumar Rai
Joseph Frazier
KT0803
Albie
Jake Hayes
-
1.13.2 - 2025-11-04
- http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#7206) (8d37233)
- http: use default export for http2 module to support stubs; (#7196) (0588880)
- http: fix early loop exit; (#7202) (12c314b)
Dmitriy Mozgovoy
Kasper Isager Dalsgarð
from axios GitHub release notesThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.
proxy-from-envv2 alignment andmainentry compatibility fix).🚀 New Features
🐛 Bug Fixes
ReadableStreamcreated during request-stream capability probing to prevent async resource leaks. (#7515)proxy-from-envv2 usage. (#7499)mainentry regression affecting CJS consumers. (#7532)🔧 Maintenance & Chores
formidableand refreshed package set to newer versions. (#7533, #10556)🌟 New Contributors
We are thrilled to welcome our new contributors. Thank you for helping improve Axios:
Full Changelog: v1.13.6...v1.14.0
This release focuses on platform compatibility, error handling improvements, and code quality maintenance.
🚀 New Features
🐛 Bug Fixes
Environment Compatibility:
Error Handling:
🔧 Maintenance & Chores
🌟 New Contributors
We are thrilled to welcome our new contributors! Thank you for helping improve the project:
Full Changelog: v1.13.5...v1.13.6
Release 1.13.5
Highlights
__proto__key inmergeConfig. (PR #7369)AxiosErrorcould be missing thestatusfield on and after v1.13.3. (PR #7368)Changes
Security
__proto__key inmergeConfig. (PR #7369)Fixes
statusis present inAxiosErroron and after v1.13.3. (PR #7368)Features / Improvements
isAbsoluteURL. (PR #7326)Documentation
Bufferconstructor usage and README formatting. (PR #7371)CI / Maintenance
karma-sourcemap-loaderfrom 0.3.8 to 0.4.0. (PR #7360)New Contributors
Full Changelog: v1.13.4...v1.13.5
Overview
The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.
Full Changelog: v1.13.3...v1.13.4
What's New in v1.13.4
Bug Fixes
Infrastructure & CI/CD
refactor: ci and build (#7340) (8ff6c19)
chore: codegen and some updates to workflows (76cf77b)
Migration Notes
Breaking Changes
None in this release.
Deprecations
None in this release.
Contributors
Thank you to all contributors who made this release possible! Special thanks to:
Release notes:
Bug Fixes
Features
undefinedas a value in AxiosRequestConfig (#5560) (095033c)Reverts
Contributors to this release
Release notes:
Bug Fixes
Performance Improvements
Contributors to this release
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: