Skip to content

chore(deps): bump axios from 1.14.0 to 1.15.0#825

Merged
mcm1957 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-1.15.0
Apr 21, 2026
Merged

chore(deps): bump axios from 1.14.0 to 1.15.0#825
mcm1957 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-1.15.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps axios from 1.14.0 to 1.15.0.

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

  • Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

  • Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)
  • Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

  • Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

  • CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)
  • Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)
  • Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)
  • Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)
  • Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 772a4e5 chore(release): prepare release 1.15.0 (#10671)
  • 4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
  • 51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
  • fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
  • 0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
  • 8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
  • e66530e ci: require npm-publish environment for releases (#10666)
  • 49f23cb chore(sponsor): update sponsor block (#10668)
  • 3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
  • fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 10, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.0 branch from 614d5e5 to 0908a3e Compare April 10, 2026 19:58
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 10, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.0 branch from 0908a3e to bc6b5ab Compare April 10, 2026 21:21
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 10, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.0 branch from bc6b5ab to dccc31d Compare April 11, 2026 06:51
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@dependabot dependabot Bot changed the title chore(deps): bump axios from 1.14.0 to 1.15.0 Bump axios from 1.14.0 to 1.15.0 Apr 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.0 branch from dccc31d to 80ac8f3 Compare April 11, 2026 10:52
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 11, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@dependabot
chore(deps): bump axios from 1.14.0 to 1.15.0
d2edbb2 
Bumps [axios](https://github.com/axios/axios) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump axios from 1.14.0 to 1.15.0 chore(deps): bump axios from 1.14.0 to 1.15.0 Apr 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.0 branch from 80ac8f3 to d2edbb2 Compare April 12, 2026 19:34
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 12, 2026

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): axios
  • Update type: minor
  • Dependency type: production
  • Previous version: 1.14.0
  • New version: 1.15.0

Modified Files:

  • package-lock.json
  • package.json

@mcm1957 mcm1957 merged commit 5fb9991 into master Apr 21, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/axios-1.15.0 branch April 21, 2026 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mcm1957