Skip to content

Bump axios from 0.21.4 to 0.30.3#477

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/axios-0.30.3
Open

Bump axios from 0.21.4 to 0.30.3#477
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/axios-0.30.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 31, 2026
edited
Loading

Bumps axios from 0.21.4 to 0.30.3.

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

  • Backport: Fix DoS via proto key in merge config
    • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @​FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

  • CI Infrastructure Update

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

New Contributors

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

... (truncated)

Commits
  • f53bcf6 chore: release 0.30.2
  • 3ddccd3 chore: remove publish as this wont work
  • 9ef39d0 chore: try with npm token
  • 4775de6 chore: fix version scheme
  • f96f26b chore: fix issues with using replace
  • ead45c2 chore: update the publish workflow to run on tag
  • 8119265 chore: tag version as legacy on v0.x
  • 9954985 chore: dispatch for first time
  • 3f8b70f chore: final rename
  • c665584 chore: revert naming
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 31, 2026
@dependabot
Bump axios from 0.21.4 to 0.30.3
77c113d 
Bumps [axios](https://github.com/axios/axios) from 0.21.4 to 0.30.3.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.21.4...v0.30.3)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 0.30.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/axios-0.30.3 branch from 542929e to 77c113d Compare March 31, 2026 22:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants