v1.15.0
📦 axiosView on GitHub →
✨ 2 features🐛 2 fixes⚡ 1 deprecations🔧 1 symbols
Summary
This release patches two critical security vulnerabilities related to proxy handling and header injection, and introduces official runtime support for Deno and Bun.
Migration Steps
- If you were relying on `url.parse()`, update your code to use the replacement mechanism to resolve Node.js deprecation warnings.
✨ New Features
- Added runtime support and compatibility checks for Deno environments.
- Added runtime support and compatibility checks for Bun environments.
🐛 Bug Fixes
- Fixed a `no_proxy` hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF).
- Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain.
Affected Symbols
⚡ Deprecations
- Usage of `url.parse()` is deprecated and has been replaced to address Node.js deprecation warnings.