Skip to content

Commit 0d60946

Browse files
dependabot[bot]dependabot[bot]
authored
deps(deps): bump axios from 1.17.0 to 1.18.0 (#524)
Bumps [axios](https://github.com/axios/axios) from 1.17.0 to 1.18.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.18.0 — June 13, 2026</h2> <p>This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.</p> <h2>🔒 Security Fixes</h2> <ul> <li> <p><strong>Redirect Header Safety:</strong> Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (<strong><a href="https://redirect.github.com/axios/axios/issues/10892">#10892</a></strong>)</p> </li> <li> <p><strong>URL And Request Hardening:</strong> Rejects malformed <code>http:</code> and <code>https:</code> URLs that omit <code>//</code> with <code>ERR_INVALID_URL</code>, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local <code>NO_PROXY</code> matching. (<strong><a href="https://redirect.github.com/axios/axios/issues/11000">#11000</a></strong>)</p> </li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Status Validation:</strong> Added <code>transitional.validateStatusUndefinedResolves</code> so applications can opt in to treating <code>validateStatus: undefined</code> like the option was omitted, while <code>validateStatus: null</code> remains the explicit way to accept every status. (<strong><a href="https://redirect.github.com/axios/axios/issues/10899">#10899</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li> <p><strong>Documentation:</strong> Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the <code>proxy</code> request config as Node.js-only in the advanced docs. (<strong><a href="https://redirect.github.com/axios/axios/issues/10984">#10984</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10988">#10988</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10992">#10992</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10995">#10995</a></strong>)</p> </li> <li> <p><strong>Dependencies:</strong> Bumped <code>@babel/core</code>, <code>@babel/preset-env</code>, <code>@commitlint/cli</code>, <code>@commitlint/config-conventional</code>, <code>@rollup/plugin-babel</code>, <code>@rollup/plugin-commonjs</code>, <code>@vitest/browser</code>, <code>@vitest/browser-playwright</code>, <code>eslint</code>, <code>lint-staged</code>, <code>rollup</code>, <code>vitest</code>, and <code>actions/checkout</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10989">#10989</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10996">#10996</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10997">#10997</a></strong>)</p> </li> <li> <p><strong>Release Metadata:</strong> Prepared the 1.18.0 release by updating package metadata and the runtime <code>VERSION</code> value. (<strong><a href="https://redirect.github.com/axios/axios/issues/11003">#11003</a></strong>)</p> </li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/drori12"><code>@​drori12</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10984">#10984</a></strong>)</li> <li><strong><a href="https://github.com/eyupcanakman"><code>@​eyupcanakman</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10899">#10899</a></strong>)</li> <li><strong><a href="https://github.com/Adi-Beker"><code>@​Adi-Beker</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10995">#10995</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.17.0...v1.18.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.18.0 — June 13, 2026</h2> <p>This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.</p> <h2>🔒 Security Fixes</h2> <ul> <li> <p><strong>Redirect Header Safety:</strong> Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (<strong><a href="https://redirect.github.com/axios/axios/issues/10892">#10892</a></strong>)</p> </li> <li> <p><strong>URL And Request Hardening:</strong> Rejects malformed <code>http:</code> and <code>https:</code> URLs that omit <code>//</code> with <code>ERR_INVALID_URL</code>, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local <code>NO_PROXY</code> matching. (<strong><a href="https://redirect.github.com/axios/axios/issues/11000">#11000</a></strong>)</p> </li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Status Validation:</strong> Added <code>transitional.validateStatusUndefinedResolves</code> so applications can opt in to treating <code>validateStatus: undefined</code> like the option was omitted, while <code>validateStatus: null</code> remains the explicit way to accept every status. (<strong><a href="https://redirect.github.com/axios/axios/issues/10899">#10899</a></strong>)</li> </ul> <h2>🔧 Maintenance &amp; Chores</h2> <ul> <li> <p><strong>Documentation:</strong> Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the <code>proxy</code> request config as Node.js-only in the advanced docs. (<strong><a href="https://redirect.github.com/axios/axios/issues/10984">#10984</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10988">#10988</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10992">#10992</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10995">#10995</a></strong>)</p> </li> <li> <p><strong>Dependencies:</strong> Bumped <code>@babel/core</code>, <code>@babel/preset-env</code>, <code>@commitlint/cli</code>, <code>@commitlint/config-conventional</code>, <code>@rollup/plugin-babel</code>, <code>@rollup/plugin-commonjs</code>, <code>@vitest/browser</code>, <code>@vitest/browser-playwright</code>, <code>eslint</code>, <code>lint-staged</code>, <code>rollup</code>, <code>vitest</code>, and <code>actions/checkout</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10989">#10989</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10996">#10996</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10997">#10997</a></strong>)</p> </li> <li> <p><strong>Release Metadata:</strong> Prepared the 1.18.0 release by updating package metadata and the runtime <code>VERSION</code> value. (<strong><a href="https://redirect.github.com/axios/axios/issues/11003">#11003</a></strong>)</p> </li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/drori12"><code>@​drori12</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10984">#10984</a></strong>)</li> <li><strong><a href="https://github.com/eyupcanakman"><code>@​eyupcanakman</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10899">#10899</a></strong>)</li> <li><strong><a href="https://github.com/Adi-Beker"><code>@​Adi-Beker</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10995">#10995</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.17.0...v1.18.0">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/2d06f96e8602c2db13b65a26340ee4a1bbc0b61f"><code>2d06f96</code></a> chore(release): prepare release 1.18.0 (<a href="https://redirect.github.com/axios/axios/issues/11003">#11003</a>)</li> <li><a href="https://github.com/axios/axios/commit/32fc489632377d214db55bfa4e2c48486a7d7ce2"><code>32fc489</code></a> fix: malformed http urls (<a href="https://redirect.github.com/axios/axios/issues/11000">#11000</a>)</li> <li><a href="https://github.com/axios/axios/commit/b40ce498abfa10d90b873b4fd08f520afa5d2545"><code>b40ce49</code></a> chore(deps-dev): bump the development_dependencies group with 10 updates (<a href="https://redirect.github.com/axios/axios/issues/10">#10</a>...</li> <li><a href="https://github.com/axios/axios/commit/fe964f960ecb52c3e1155b0daf7be77541956b01"><code>fe964f9</code></a> docs: mark proxy config as Node.js only (<a href="https://redirect.github.com/axios/axios/issues/10995">#10995</a>)</li> <li><a href="https://github.com/axios/axios/commit/5f229d2d1f018d1db3dab6bbe034dbf3f9041b99"><code>5f229d2</code></a> chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...</li> <li><a href="https://github.com/axios/axios/commit/fae9d4e7db6a858c407c75e607a071c533c5c4f6"><code>fae9d4e</code></a> docs: clarify package update PR policy (<a href="https://redirect.github.com/axios/axios/issues/10992">#10992</a>)</li> <li><a href="https://github.com/axios/axios/commit/28ab2ced820e55192806c53472ab3eb0cbb68dc2"><code>28ab2ce</code></a> chore(deps-dev): bump the development_dependencies group with 2 updates (<a href="https://redirect.github.com/axios/axios/issues/10989">#10989</a>)</li> <li><a href="https://github.com/axios/axios/commit/a8e4f13aeecc45a3b8fab3ecfd9ddb5d70fb772b"><code>a8e4f13</code></a> fix(core): keep default validateStatus when request passes undefined (<a href="https://redirect.github.com/axios/axios/issues/10899">#10899</a>)</li> <li><a href="https://github.com/axios/axios/commit/614f4552a17de757d4171ad7c3bd38c9c1025fd8"><code>614f455</code></a> docs: publish v1.17.0 release notes (<a href="https://redirect.github.com/axios/axios/issues/10988">#10988</a>)</li> <li><a href="https://github.com/axios/axios/commit/6bb12c191f5380fad321322fb90216ae0dc36985"><code>6bb12c1</code></a> fix: custom auth headers not stripped on cross-origin redirects (<a href="https://redirect.github.com/axios/axios/issues/10892">#10892</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.17.0...v1.18.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent bafa38e commit 0d60946

2 files changed

Lines changed: 27 additions & 27 deletions

File tree

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
"dependencies": {
3131
"@pinia/nuxt": "^0.11.3",
3232
"@tailwindcss/vite": "^4.3.1",
33-
"axios": "^1.17.0",
33+
"axios": "^1.18.0",
3434
"nuxt-schema-org": "^6.2.1",
3535
"pinia": "^3.0.4",
3636
"tailwindcss": "^4.3.1"

pnpm-lock.yaml

Lines changed: 26 additions & 26 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)