chore(deps): update dependency axios to v1.18.0#164
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.17.0→1.18.0Release Notes
axios/axios (axios)
v1.18.0Compare Source
v1.18.0 — June 13, 2026
This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.
🔒 Security Fixes
Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)
URL And Request Hardening: Rejects malformed
http:andhttps:URLs that omit//withERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and localNO_PROXYmatching. (#11000)🐛 Bug Fixes
transitional.validateStatusUndefinedResolvesso applications can opt in to treatingvalidateStatus: undefinedlike the option was omitted, whilevalidateStatus: nullremains the explicit way to accept every status. (#10899)🔧 Maintenance & Chores
Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the
proxyrequest config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)Dependencies: Bumped
@babel/core,@babel/preset-env,@commitlint/cli,@commitlint/config-conventional,@rollup/plugin-babel,@rollup/plugin-commonjs,@vitest/browser,@vitest/browser-playwright,eslint,lint-staged,rollup,vitest, andactions/checkout. (#10989, #10996, #10997)Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime
VERSIONvalue. (#11003)🌟 New Contributors
We are thrilled to welcome our new contributors. Thank you for helping improve axios:
Full Changelog
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.