Skip to content

Comments

[Snyk] Upgrade axios from 1.3.4 to 1.13.4#15

Open
snyk-io[bot] wants to merge 1 commit intomainfrom
snyk-upgrade-09ce36a61301a93c5383766922bfdec1
Open

[Snyk] Upgrade axios from 1.3.4 to 1.13.4#15
snyk-io[bot] wants to merge 1 commit intomainfrom
snyk-upgrade-09ce36a61301a93c5383766922bfdec1

Conversation

@snyk-io
Copy link

@snyk-io snyk-io bot commented Feb 18, 2026

snyk-top-banner

Snyk has created this PR to upgrade axios from 1.3.4 to 1.13.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 43 versions ahead of your current version.

  • The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AXIOS-15252993
111 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459
111 Proof of Concept
high severity Prototype Pollution
SNYK-JS-AXIOS-6144788
111 No Known Exploit
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793
111 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137
111 Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773
111 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857
111 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9292519
111 Proof of Concept
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-9403194
111 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
111 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150
111 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085
111 No Known Exploit
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692
111 No Known Exploit

Breaking Change Risk

Merge Risk: Low

Notice: This assessment is enhanced by AI.

Release notes
Package name: axios from axios GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-io snyk-io bot requested a review from a team as a code owner February 18, 2026 17:03
@snyk-io
Copy link
Author

snyk-io bot commented Feb 18, 2026

Merge Risk: Low

This is a minor version upgrade for axios from 1.3.4 to 1.13.4. The updates within this range consist of bug fixes, security patches, performance improvements, and new optional features. No breaking changes have been documented in the official release notes for this version span.

Key Changes:

  • Includes multiple bug fixes related to HTTP/2, interceptors, and error handling.
  • Adds new features and improvements, such as enhanced type definitions and compatibility with frozen prototypes.
  • The release notes for the latest versions in this range explicitly state "Breaking Changes: None in this release".

This upgrade is considered safe with no mandatory code changes required.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

0 participants