[Release] v1.6.0

CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+# [1.6.0](https://github.com/axios/axios/compare/v1.5.1...v1.6.0) (2023-10-26)
+
+
+### Bug Fixes
+
+* **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#6028](https://github.com/axios/axios/issues/6028)) ([96ee232](https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0))
+* **dns:** fixed lookup function decorator to work properly in node v20; ([#6011](https://github.com/axios/axios/issues/6011)) ([5aaff53](https://github.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8))
+* **types:** fix AxiosHeaders types; ([#5931](https://github.com/axios/axios/issues/5931)) ([a1c8ad0](https://github.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09))
+
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
+### Contributors to this release
+
+- <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+449/-114 (#6032 #6021 #6011 #5932 #5931 )")
+- <img src="https://avatars.githubusercontent.com/u/63700910?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Valentin Panov](https://github.com/valentin-panov "+4/-4 (#6028 )")
+- <img src="https://avatars.githubusercontent.com/u/76877078?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Rinku Chaudhari](https://github.com/therealrinku "+1/-1 (#5889 )")
+
 ## [1.5.1](https://github.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26)
 
 
@@ -19,6 +41,13 @@
 - <img src="https://avatars.githubusercontent.com/u/132928043?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Przemyslaw Motacki](https://github.com/sfc-gh-pmotacki "+2/-1 (#5892 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+1/-1 ()")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 # [1.5.0](https://github.com/axios/axios/compare/v1.4.0...v1.5.0) (2023-08-26)
 
 
@@ -42,6 +71,13 @@
 - <img src="https://avatars.githubusercontent.com/u/65978976?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Jonathan Budiman](https://github.com/JBudiman00 "+30/-0 (#5788 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+3/-5 (#5791 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 # [1.4.0](https://github.com/axios/axios/compare/v1.3.6...v1.4.0) (2023-04-27)
 
 
@@ -67,6 +103,13 @@
 - <img src="https://avatars.githubusercontent.com/u/47537704?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Arthur Fiorette](https://github.com/arthurfiorette "+19/-19 (#5525 )")
 - <img src="https://avatars.githubusercontent.com/u/43876655?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [PIYUSH NEGI](https://github.com/npiyush97 "+2/-18 (#5670 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.6](https://github.com/axios/axios/compare/v1.3.5...v1.3.6) (2023-04-19)
 
 
@@ -80,6 +123,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+48/-10 (#5665 #5661 #5663 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+2/-0 (#5445 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.5](https://github.com/axios/axios/compare/v1.3.4...v1.3.5) (2023-04-05)
 
 
@@ -92,6 +142,13 @@
 
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+28/-10 (#5633 #5584 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.4](https://github.com/axios/axios/compare/v1.3.3...v1.3.4) (2023-02-22)
 
 
@@ -106,6 +163,13 @@
 - <img src="https://avatars.githubusercontent.com/u/19550000?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [lcysgsg](https://github.com/lcysgsg "+4/-0 (#5548 )")
 - <img src="https://avatars.githubusercontent.com/u/5492927?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Michael Di Prisco](https://github.com/Cadienvan "+3/-0 (#5444 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.3](https://github.com/axios/axios/compare/v1.3.2...v1.3.3) (2023-02-13)
 
 
@@ -120,6 +184,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+11/-7 (#5545 #5535 #5542 )")
 - <img src="https://avatars.githubusercontent.com/u/19842213?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [陈若枫](https://github.com/ruofee "+2/-2 (#5467 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.2](https://github.com/axios/axios/compare/v1.3.1...v1.3.2) (2023-02-03)
 
 
@@ -132,6 +203,13 @@
 
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+2/-1 (#5530 #5528 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.3.1](https://github.com/axios/axios/compare/v1.3.0...v1.3.1) (2023-02-01)
 
 
@@ -144,6 +222,13 @@
 
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+27/-8 (#5521 #5518 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 # [1.3.0](https://github.com/axios/axios/compare/v1.2.6...v1.3.0) (2023-01-31)
 
 
@@ -162,6 +247,13 @@
 - <img src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+352/-67 (#5514 #5512 #5510 #5509 #5508 #5316 #5507 )")
 - <img src="https://avatars.githubusercontent.com/u/35015993?v&#x3D;4&amp;s&#x3D;18" alt="avatar" width="18"/> [ItsNotGoodName](https://github.com/ItsNotGoodName "+43/-2 (#5497 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.6](https://github.com/axios/axios/compare/v1.2.5...v1.2.6) (2023-01-28)
 
 
@@ -174,6 +266,13 @@
 
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+24/-9 (#5503 #5502 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.5](https://github.com/axios/axios/compare/v1.2.4...v1.2.5) (2023-01-26)
 
 
@@ -186,6 +285,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+82/-54 (#5499 )")
 - ![avatar](https://avatars.githubusercontent.com/u/20516159?v&#x3D;4&amp;s&#x3D;16) [Elliot Ford](https://github.com/EFord36 "+1/-1 (#5462 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.4](https://github.com/axios/axios/compare/v1.2.3...v1.2.4) (2023-01-22)
 
 
@@ -199,6 +305,13 @@
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+242/-108 (#5486 #5482 )")
 - ![avatar](https://avatars.githubusercontent.com/u/9430821?v&#x3D;4&amp;s&#x3D;16) [Daniel Hillmann](https://github.com/hilleer "+1/-1 (#5478 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.3](https://github.com/axios/axios/compare/1.2.2...1.2.3) (2023-01-10)
 
 
@@ -210,6 +323,13 @@
 
 - ![avatar](https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;16) [Dmitriy Mozgovoy](https://github.com/DigitalBrainJS "+938/-442 (#5456 #5455 #5453 #5451 #5449 #5447 #5446 #5443 #5442 #5439 #5420 )")
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.2] - 2022-12-29
 
 ### Fixed
@@ -264,6 +384,13 @@
 - [Ivan Barsukov](https://github.com/ovarn)
 - [Arthur Fiorette](https://github.com/arthurfiorette)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.2.0] - 2022-11-10
 
 ### Changed
@@ -330,6 +457,13 @@
 - [AZM](https://github.com/aziyatali)
 - [relbns](https://github.com/relbns)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.1.3] - 2022-10-15
 
 ### Added
@@ -364,6 +498,13 @@
 - [littledian](https://github.com/littledian)
 - [ChronosMasterOfAllTime](https://github.com/ChronosMasterOfAllTime)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.1.2] - 2022-10-07
 
 ### Fixed
@@ -374,6 +515,13 @@
 
 - [Jason Saayman](https://github.com/jasonsaayman)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.1.1] - 2022-10-07
 
 ### Fixed
@@ -384,6 +532,13 @@
 
 - [Jason Saayman](https://github.com/jasonsaayman)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.1.0] - 2022-10-06
 
 ### Fixed
@@ -403,6 +558,13 @@
 - [Ivan Pepelko](https://github.com/ivanpepelko)
 - [Richard Kořínek](https://github.com/risa)
 
+### PRs
+- CVE 2023 45857 ( [#6028](https://api.github.com/repos/axios/axios/pulls/6028) )
+```
+
+⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
+```
+
 ## [1.0.0] - 2022-10-04
 
 ### Added

bower.json

@@ -1,7 +1,7 @@
 {
   "name": "axios",
   "main": "./dist/axios.js",
-  "version": "1.5.1",
+  "version": "1.6.0",
   "homepage": "https://axios-http.com",
   "authors": [
     "Matt Zabriskie"

dist/browser/axios.cjs

@@ -1,4 +1,4 @@
-// Axios v1.5.1 Copyright (c) 2023 Matt Zabriskie and contributors
+// Axios v1.6.0 Copyright (c) 2023 Matt Zabriskie and contributors
 'use strict';
 
 function bind(fn, thisArg) {
@@ -2342,8 +2342,8 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
     // Specifically not if we're in a web worker, or react-native.
     if (platform.isStandardBrowserEnv) {
       // Add xsrf header
-      const xsrfValue = (config.withCredentials || isURLSameOrigin(fullPath))
-        && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
+      // regarding CVE-2023-45857 config.withCredentials condition was removed temporarily
+      const xsrfValue = isURLSameOrigin(fullPath) && config.xsrfCookieName && cookies.read(config.xsrfCookieName);
 
       if (xsrfValue) {
         requestHeaders.set(config.xsrfHeaderName, xsrfValue);
@@ -2658,7 +2658,7 @@ function mergeConfig(config1, config2) {
   return config;
 }
 
-const VERSION = "1.5.1";
+const VERSION = "1.6.0";
 
 const validators$1 = {};