Skip to content

Comments

Bump axios from 1.6.5 to 1.13.5#1454

Open
renovate-pagopa[bot] wants to merge 1 commit intomasterfrom
renovate/axios-to-1.13.5
Open

Bump axios from 1.6.5 to 1.13.5#1454
renovate-pagopa[bot] wants to merge 1 commit intomasterfrom
renovate/axios-to-1.13.5

Conversation

@renovate-pagopa
Copy link
Contributor

@renovate-pagopa renovate-pagopa bot commented Feb 10, 2026

This PR contains the following updates:

Package Change Age Confidence
axios (source) 1.6.5 -> 1.13.5 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

For further information on security, please refer to the Confluence page link

Release Notes

axios/axios (axios)

v1.13.5

Compare Source

Release 1.13.5

Highlights
  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)
Changes
Security
  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)
Fixes
  • Fix/5657. (PR #​7313)
  • Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)
Features / Improvements
  • Add input validation to isAbsoluteURL. (PR #​7326)
  • Refactor: bump minor package versions. (PR #​7356)
Documentation
  • Clarify object-check comment. (PR #​7323)
  • Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)
CI / Maintenance
  • Chore: fix issues with YAML. (PR #​7355)
  • CI: update workflow YAMLs. (PR #​7372)
  • CI: fix run condition. (PR #​7373)
  • Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
  • Chore(release): prepare release 1.13.5. (PR #​7379)
New Contributors

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes
  • fix: issues with version 1.13.3 (#​7352) (ee90dfc)
    • Fixed issues discovered in v1.13.3 release
    • Cleaned up interceptor test files
    • Improved workflow configurations
Infrastructure & CI/CD

  • refactor: ci and build (#​7340) (8ff6c19)

    • Major refactoring of CI/CD workflows
    • Consolidated workflow files for better maintainability
    • Added mise configuration for the development environment
    • Improved sponsor block update automation
    • Enhanced issue and PR templates
    • Added automatic release notes generation
    • Implemented workflow cancellation for concurrent runs

  • chore: codegen and some updates to workflows (76cf77b)

    • Code generation improvements
    • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

v1.13.3

Compare Source

Bug Fixes
  • http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#​6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
  • turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)
Features
Reverts
Contributors to this release

v1.13.2

Compare Source

Bug Fixes
  • http: fix 'socket hang up' bug for keep-alive requests when using timeouts; (#​7206) (8d37233)
  • http: use default export for http2 module to support stubs; (#​7196) (0588880)
Performance Improvements
Contributors to this release

v1.13.1

Compare Source

Bug Fixes
  • http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#​7193) (bcd5581)
Contributors to this release

v1.13.0

Compare Source

Bug Fixes
Features
Contributors to this release

1.12.2 (2025-09-14)

Bug Fixes
  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)
Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes
Contributors to this release

v1.12.2

Compare Source

Bug Fixes
Features
Contributors to this release

1.12.2 (2025-09-14)

Bug Fixes
  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)
Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes
Contributors to this release

v1.12.1

Compare Source

Bug Fixes
Features
Contributors to this release

1.12.2 (2025-09-14)

Bug Fixes
  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)
Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes
Contributors to this release

v1.12.0

Compare Source

Bug Fixes
Features
Contributors to this release

1.12.2 (2025-09-14)

Bug Fixes
  • fetch: use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (#​7030) (cf78825)
Contributors to this release

1.12.1 (2025-09-12)

Bug Fixes
Contributors to this release

v1.11.0

Compare Source

Bug Fixes
Contributors to this release

v1.10.0

Compare Source

Bug Fixes
  • adapter: pass fetchOptions to fetch function (#​6883) (0f50af8)
  • form-data: convert boolean values to strings in FormData serialization (#​6917) (5064b10)
  • package: add module entry point for React Native; (#​6933) (3d343b8)
Features
Contributors to this release

v1.9.0

Compare Source

Bug Fixes
  • core: fix the Axios constructor implementation to treat the config argument as optional; (#​6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#​6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#​6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#​6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#​6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#​6661) (987d2e2)
  • types: fix autocomplete for adapter config (#​6855) (e61a893)
Features
  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#​5707) (80ea756)
Contributors to this release

1.8.4 (2025-03-19)

Bug Fixes
  • buildFullPath: handle allowAbsoluteUrls: false without baseURL (#​6833) (f10c2e0)
Contributors to this release

1.8.3 (2025-03-10)

Bug Fixes
  • add missing type for allowAbsoluteUrls (#​6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and fetch adapters (#​6814) (ec159e5)
Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes
  • http-adapter: add allowAbsoluteUrls to path building (#​6810) (fb8eec2)
Contributors to this release

1.8.1 (2025-02-26)

Bug Fixes
  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#​6789) (36a5a62)
Contributors to this release

v1.8.4

Compare Source

Bug Fixes
  • core: fix the Axios constructor implementation to treat the config argument as optional; (#​6881) (6c5d4cd)
  • fetch: fixed ERR_NETWORK mapping for Safari browsers; (#​6767) (dfe8411)
  • headers: allow iterable objects to be a data source for the set method; (#​6873) (1b1f9cc)
  • headers: fix getSetCookie by using 'get' method for caseless access; (#​6874) (d4f7df4)
  • headers: fixed support for setting multiple header values from an iterated source; (#​6885) (f7a3b5e)
  • http: send minimal end multipart boundary (#​6661) (987d2e2)
  • types: fix autocomplete for adapter config (#​6855) (e61a893)
Features
  • AxiosHeaders: add getSetCookie method to retrieve set-cookie headers values (#​5707) (80ea756)
Contributors to this release

1.8.4 (2025-03-19)

Bug Fixes
  • buildFullPath: handle allowAbsoluteUrls: false without baseURL (#​6833) (f10c2e0)
Contributors to this release

1.8.3 (2025-03-10)

Bug Fixes
  • add missing type for allowAbsoluteUrls (#​6818) (10fa70e)
  • xhr/fetch: pass allowAbsoluteUrls to buildFullPath in xhr and

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@renovate-pagopa renovate-pagopa bot requested review from a team as code owners February 10, 2026 05:59
@renovate-pagopa renovate-pagopa bot added the OER label Feb 10, 2026
@changeset-bot
Copy link

changeset-bot bot commented Feb 10, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 6ae3eb6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate-pagopa renovate-pagopa bot force-pushed the renovate/axios-to-1.13.5 branch from af77a21 to d73c45a Compare February 16, 2026 05:53
@renovate-pagopa renovate-pagopa bot changed the title Bump axios from 1.6.5 to 1.13.5 Bump axios from 1.6.5 to 1.13.5 - autoclosed Feb 19, 2026
@renovate-pagopa renovate-pagopa bot closed this Feb 19, 2026
@renovate-pagopa renovate-pagopa bot deleted the renovate/axios-to-1.13.5 branch February 19, 2026 05:46
@renovate-pagopa renovate-pagopa bot changed the title Bump axios from 1.6.5 to 1.13.5 - autoclosed Bump axios from 1.6.5 to 1.13.5 Feb 20, 2026
@renovate-pagopa renovate-pagopa bot reopened this Feb 20, 2026
@renovate-pagopa renovate-pagopa bot force-pushed the renovate/axios-to-1.13.5 branch 2 times, most recently from c6c2c3c to 50cf058 Compare February 23, 2026 05:51
@renovate-pagopa renovate-pagopa bot force-pushed the renovate/axios-to-1.13.5 branch from 50cf058 to 6ae3eb6 Compare February 24, 2026 05:44
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

OER

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants