Skip to content

build(deps): bump axios from 1.15.0 to 1.17.0#4934

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/axios-1.17.0
Closed

build(deps): bump axios from 1.15.0 to 1.17.0#4934
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/axios-1.17.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps axios from 1.15.0 to 1.17.0.

Release notes

Sourced from axios's releases.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

... (truncated)

Changelog

Sourced from axios's changelog.

v1.17.0 — June 1, 2026

This release adds Node HTTP zstd decompression, hardens config and release workflows, and fixes authentication, header, proxy, and type-handling regressions.

🔒 Security Fixes

  • Config Hardening: Guarded socketPath, params, and paramsSerializer reads with own-property checks to prevent inherited prototype values from affecting request behavior, including SSRF-sensitive paths. (#10901, #10922)
  • Release Publishing: Switched the publish workflow to npm staged publishing for safer, auditable package releases with provenance. (#10926)

🚀 New Features

  • HTTP Compression: Added Node HTTP adapter support for zstd response decompression, with transitional.advertiseZstdAcceptEncoding controlling whether zstd is advertised in Accept-Encoding. (#6792, #10920)

🐛 Bug Fixes

  • Authentication Handling: Restored Basic auth on same-origin Node redirects while continuing to strip credentials cross-origin, and aligned the fetch adapter with HTTP adapter behavior for URL-embedded Basic auth. (#10929, #10896)
  • Proxy TLS: Preserved user httpsAgent TLS options when tunneling HTTPS requests through HTTP CONNECT proxies. (#10957)
  • React Native FormData: Cleared default Content-Type for React Native FormData so multipart boundaries can be generated correctly. (#10898)
  • Headers: Silently skipped empty or whitespace-only header names instead of throwing, matching parsed-header behavior and avoiding React Native response crashes. (#10875)
  • Request Data Merging: Preserved enumerable symbol keys when cloning plain request data through axios merge logic. (#10812)
  • Bundler Compatibility: Converted resolveConfig from an arrow default export to a named function export to avoid webpack and Babel transform interop failures. (#10891)
  • Types: Corrected AxiosHeaders.toJSON() return types and updated CommonJS isCancel typings to narrow to CanceledError<T>. (#10956, #10952)
  • Build Tooling: Avoided emitting a null Authorization header from the GitHub build helper when GITHUB_TOKEN is unset. (#10931)

🔧 Maintenance & Chores

  • HTTP/2 Internals: Extracted Http2Sessions into its own helper module and added direct unit coverage for session pooling, timeout, and cleanup behavior. (#10861)
  • Package Publishing: Reduced published package size by switching to a files allowlist and dropping unneeded unminified bundle source maps. (#10939)
  • CI and Release Automation: Added bundle-size reporting, moved reports to the job summary, fixed bundle-size comparison coverage, added Node 26 to the matrix, pinned npm for staged publishing, and prepared the 1.17.0 release. (#10907, #10911, #10916, #10927, #10935, #10983)
  • Developer Workflow: Added a dev container and iterated on OpenSpec workflow files before removing them from the release branch. (#10925, #10914, #10958)
  • Documentation and Policy: Updated disclosure, contributor, collaboration, threat-model, advanced docs, README badges, release notes, moderator configuration, and project metadata. (#10890, #10889, #10921, #10945, #10905, #10933, #10915, #10887, #10955)
  • Dependencies: Bumped Babel tooling, Commitlint, ESLint, Rollup, Globals, Vitest, Playwright, fs-extra, qs, docs dependencies, and GitHub Actions dependencies including actions/dependency-review-action and zizmorcore/zizmor-action. (#10871, #10879, #10918, #10919, #10934, #10947, #10954, #10960)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump axios from 1.15.0 to 1.17.0
5769b2c 
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.17.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.15.0...v1.17.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.17.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed labels Jun 5, 2026
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

## 🔦 Lighthouse Benchmark

Tested: https://ks-dependabot-npm-and-yarn-axios-docs.kestra-io.workers.dev on 2026-06-05 08:24 UTC
No baseline available — scores will appear after the first merge to main

Scores (0–100, higher is better)

Page Performance Accessibility Best Practices SEO
Home 76 82 56 92
Pricing 97 91 56 100
Enterprise 95 82 56 100
Cloud 92 86 56 100
About Us 85 91 56 100
Docs Landing 88 88 56 92
Contribute to Kestra (simple docs) 98 87 56 92
Flow (full featured docs) 91 90 56 92
Blog Index 63 90 56 100
Blog Post (sample) 99 87 56 100
VS Page (sample) 98 88 56 100
Plugins Landing 91 80 56 92
Plugin Page (sample) 95 87 56 100
Plugin Debug Page (sample) 93 87 56 100
Plugin Debug Return Page (sample) 91 87 59 100
Blueprints Landing 93 80 56 92
Blueprint Audit Logs CSV Export 66 86 56 100

Core Web Vitals (lower is better)

Page LCP FCP TBT CLS Speed Index
Home 1.47 s 0.75 s 353 ms 0.002 1.89 s
Pricing 1.18 s 0.66 s 17 ms 0.000 0.84 s
Enterprise 1.45 s 0.62 s 22 ms 0.000 0.89 s
Cloud 1.82 s 0.51 s 16 ms 0.000 0.92 s
About Us 2.71 s 0.70 s 23 ms 0.000 0.77 s
Docs Landing 1.55 s 0.51 s 201 ms 0.000 0.88 s
Contribute to Kestra (simple docs) 1.14 s 0.56 s 47 ms 0.000 0.80 s
Flow (full featured docs) 1.68 s 0.57 s 124 ms 0.000 1.11 s
Blog Index 5.72 s 1.31 s 74 ms 0.001 33.69 s
Blog Post (sample) 0.93 s 0.57 s 9 ms 0.000 0.80 s
VS Page (sample) 0.94 s 0.58 s 16 ms 0.064 0.66 s
Plugins Landing 1.13 s 0.66 s 35 ms 0.000 2.58 s
Plugin Page (sample) 1.11 s 0.58 s 62 ms 0.051 1.82 s
Plugin Debug Page (sample) 1.02 s 0.57 s 155 ms 0.001 1.65 s
Plugin Debug Return Page (sample) 1.18 s 0.55 s 136 ms 0.025 2.01 s
Blueprints Landing 1.39 s 0.75 s 23 ms 0.000 1.74 s
Blueprint Audit Logs CSV Export 1.12 s 0.57 s 232 ms 0.485 1.89 s
Legend

🟢 improved  ·  🔻 regressed  ·  (blank) no significant change
Score threshold: ±10 pts  ·  Metric threshold: ±30% of baseline

@dependabot @github

dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #4978.

@dependabot dependabot Bot closed this Jun 17, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/axios-1.17.0 branch June 17, 2026 03:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/frontend Needs frontend code changes dependency-upgrade Dependency upgrade is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants