Skip to content

chore(deps): bump axios from 1.17.0 to 1.18.0#124

Merged
Goosterhof merged 1 commit into
mainfrom
dependabot/npm_and_yarn/axios-1.18.0
Jun 15, 2026
Merged

chore(deps): bump axios from 1.17.0 to 1.18.0#124
Goosterhof merged 1 commit into
mainfrom
dependabot/npm_and_yarn/axios-1.18.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps axios from 1.17.0 to 1.18.0.

Release notes

Sourced from axios's releases.

v1.18.0 — June 13, 2026

This release hardens redirect and URL handling, improves the validateStatus configuration semantics, and includes updates to documentation, dependencies, and release metadata.

🔒 Security Fixes

  • Redirect Header Safety: Added Node HTTP adapter support for stripping caller-specified sensitive headers on cross-origin redirects, helping prevent custom auth headers such as API keys from leaking to another origin. (#10892)

  • URL And Request Hardening: Rejects malformed http: and https: URLs that omit // with ERR_INVALID_URL, while tightening prototype-pollution-safe config reads, stream size limits, FormData depth handling, data URL sizing, and local NO_PROXY matching. (#11000)

🐛 Bug Fixes

  • Status Validation: Added transitional.validateStatusUndefinedResolves so applications can opt in to treating validateStatus: undefined like the option was omitted, while validateStatus: null remains the explicit way to accept every status. (#10899)

🔧 Maintenance & Chores

  • Documentation: Published the v1.17.0 release notes, fixed a changelog typo, clarified the package update PR policy, and marked the proxy request config as Node.js-only in the advanced docs. (#10984, #10988, #10992, #10995)

  • Dependencies: Bumped @babel/core, @babel/preset-env, @commitlint/cli, @commitlint/config-conventional, @rollup/plugin-babel, @rollup/plugin-commonjs, @vitest/browser, @vitest/browser-playwright, eslint, lint-staged, rollup, vitest, and actions/checkout. (#10989, #10996, #10997)

  • Release Metadata: Prepared the 1.18.0 release by updating package metadata and the runtime VERSION value. (#11003)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

Changelog

Sourced from axios's changelog.

Changelog

Commits
  • 2d06f96 chore(release): prepare release 1.18.0 (#11003)
  • 32fc489 fix: malformed http urls (#11000)
  • b40ce49 chore(deps-dev): bump the development_dependencies group with 10 updates (#10...
  • fe964f9 docs: mark proxy config as Node.js only (#10995)
  • 5f229d2 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 in the github-actions ...
  • fae9d4e docs: clarify package update PR policy (#10992)
  • 28ab2ce chore(deps-dev): bump the development_dependencies group with 2 updates (#10989)
  • a8e4f13 fix(core): keep default validateStatus when request passes undefined (#10899)
  • 614f455 docs: publish v1.17.0 release notes (#10988)
  • 6bb12c1 fix: custom auth headers not stripped on cross-origin redirects (#10892)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 15, 2026 05:17
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label Jun 15, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Deploying fs-packages with  Cloudflare Pages  Cloudflare Pages

Latest commit: dfcd0bb
Status: ✅  Deploy successful!
Preview URL: https://ae3b06c5.fs-packages.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-axio-wuq2.fs-packages.pages.dev

View logs

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.18.0 branch from b41dacd to 8faf1ef Compare June 15, 2026 10:02
@Goosterhof Goosterhof enabled auto-merge June 15, 2026 10:15
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.18.0 branch from 8faf1ef to e3f5725 Compare June 15, 2026 10:15
@dependabot
chore(deps): bump axios from 1.17.0 to 1.18.0
dfcd0bb 
Bumps [axios](https://github.com/axios/axios) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.18.0 branch from e3f5725 to dfcd0bb Compare June 15, 2026 10:21
@Goosterhof Goosterhof merged commit 3c45b00 into main Jun 15, 2026
2 checks passed
@Goosterhof Goosterhof deleted the dependabot/npm_and_yarn/axios-1.18.0 branch June 15, 2026 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Goosterhof Goosterhof Goosterhof approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Goosterhof