[Security] Bump axios from 0.20.0 to 0.21.1

[dependabot-preview]

⚠️ Dependabot Preview has been deactivated ⚠️

This pull request was created by Dependabot Preview, and you've upgraded to Dependabot. This means it won't respond to dependabot commands nor will it be automatically closed if a new version is found.

If you close this pull request, Dependabot will re-create it the next time it checks for updates and everything will work as expected.

---

Bumps axios from 0.20.0 to 0.21.1.

Release notes

Sourced from axios's releases.

v0.21.0

0.21.0 (October 23, 2020)

Fixes and Functionality:

• Fixing requestHeaders.Authorization (#3287)
• Fixing node types (#3237)
• Fixing axios.delete ignores config.data (#3282)
• Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
• Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)

Internal and Tests:

• Lock travis to not use node v15 (#3361)

Documentation:

• Fixing simple typo, existant -> existent (#3252)
• Fixing typos (#3309)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Allan Cruz [email protected]
• George Cheng [email protected]
• Jay [email protected]
• Kevin Kirsche [email protected]
• Remco Haszing [email protected]
• Taemin Shin [email protected]
• Tim Gates [email protected]
• Xianming Zhong [email protected]

Changelog

Sourced from axios's changelog.

0.21.1 (December 21, 2020)

Fixes and Functionality:

• Hotfix: Prevent SSRF (#3410)
• Protocol not parsed when setting proxy config from env vars (#3070)
• Updating axios in types to be lower case (#2797)
• Adding a type guard for AxiosError (#2949)

Internal and Tests:

• Remove the skipping of the socket http test (#3364)
• Use different socket for Win32 test (#3375)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Daniel Lopretto [email protected]
• Jason Kwok [email protected]
• Jay [email protected]
• Jonathan Foster [email protected]
• Remco Haszing [email protected]
• Xianming Zhong [email protected]

0.21.0 (October 23, 2020)

Fixes and Functionality:

• Fixing requestHeaders.Authorization (#3287)
• Fixing node types (#3237)
• Fixing axios.delete ignores config.data (#3282)
• Revert "Fixing overwrite Blob/File type as Content-Type in browser. (#1773)" (#3289)
• Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled (#3200)

Internal and Tests:

• Lock travis to not use node v15 (#3361)

Documentation:

• Fixing simple typo, existant -> existent (#3252)
• Fixing typos (#3309)

Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:

• Allan Cruz [email protected]
• George Cheng [email protected]
• Jay [email protected]
• Kevin Kirsche [email protected]
• Remco Haszing [email protected]
• Taemin Shin [email protected]

Commits

• a64050a Releasing 0.21.1
• d57cd97 Updating changelog for 0.21.1 release
• 8b0f373 Use different socket for Win32 test (#3375)
• e426910 Protocol not parsed when setting proxy config from env vars (#3070)
• c7329fe Hotfix: Prevent SSRF (#3410)
• f472e5d Adding a type guard for AxiosError (#2949)
• 7688255 Remove the skipping of the socket http test (#3364)
• 820fe6e Updating axios in types to be lower case (#2797)
• 94ca24b Releasing 0.21.0
• 2130a0c Updating changelog for 0.21.0 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[github-actions]

🤠 Cargo bloat for toolchain stable-x86_64-unknown-linux-gnu 🤠

@@ Size breakdown @@

- Size       2.08 MB
+ Size       2 MB       -79.36 KB
- Text Size  361.19 KB
+ Text Size  356.28 KB  -4.91 KB

Size difference per crate

Note: The numbers below are not 100% accurate, use them as a rough estimate.

@@ Breakdown per crate @@

+ (idna) idna::uts46::Config::to_ascii                                       14.32 KB
- (url) url::host::Host::parse                                               14.97 KB
+ (url) url::host::Host::parse                                               4.43 KB
+ (ureq) <ureq::header::Header as core::str::traits::FromStr>::from_str      1.12 KB
+ (std) std::sync::once::Once::call_once_force::{{closure}}                  806 B
+ (std) <core::str::iter::Split<P> as core::iter::traits::iterator::Iter...  779 B
+ (std) core::str::iter::SplitInternal<P>::next_back                         742 B
+ (std) <core::str::pattern::CharSearcher as core::str::pattern::Searche...  726 B
+ (idna) <alloc::vec::Vec<T> as alloc::vec::SpecFromIter<T,I>>::from_ite...  709 B
+ (std) core::str::converts::from_utf8                                       571 B
- (std) std::sys_common::thread_local_dtor::register_dtor_fallback           1.13 KB
- (std) std::io::stdio::stdout                                               1.09 KB
- (ureq) <ureq::header::Header as core::str::FromStr>::from_str              970 B
- (std) std::io::Write::write_all_vectored                                   685 B
- (std) core::str::SplitInternal<P>::next_back                               742 B
- (idna) <alloc::vec::Vec<T> as alloc::vec::SpecExtend<T,I>>::from_iter      709 B
- (std) std::panicking::default_hook::{{closure}}                            624 B
- (std) core::str::from_utf8                                                 594 B
- (std) <std::io::stdio::Stdout as std::io::Write>::write_fmt                495 B
- (std) std::path::Components::len_before_body                               478 B
- (std) core::slice::memchr::memchr                                          474 B
- (std) <std::io::buffered::BufWriter<W> as std::io::Write>::write           443 B
- (std) std::io::stdio::set_panic                                            417 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::read_exact            409 B
- (std) <core::str::Split<P> as core::iter::traits::iterator::Iterator>:...  353 B
- (std) <core::str::Utf8Error as core::fmt::Debug>::fmt                      217 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::read_vectored         185 B
- (std) <core::num::ParseIntError as core::fmt::Debug>::fmt                  165 B
- (idna) alloc::vec::Vec<T>::reserve                                         133 B
- (percent_encoding) alloc::raw_vec::RawVec<T,A>::reserve                    130 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::write_vectore...  121 B
- (std) alloc::vec::Vec<T>::drain::end_assert_failed                         119 B
- (std) core::slice::slice_index_order_fail                                  115 B
- (std) core::slice::slice_start_index_len_fail                              115 B
- (std) core::slice::slice_end_index_len_fail                                115 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::write             77 B
- (std) std::io::impls::<impl std::io::Write for alloc::boxed::Box<W>>::...  13 B
- (std) core::slice::slice_index_overflow_fail                               27 B
- (url) <T as core::any::Any>::type_id                                       11 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::flush             7 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::is_read_vectored      3 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::is_write_vect...  3 B

Dependency tree

@@ Dependency tree @@
Count: 17

└─ lib_project v0.1.0 (/home/runner/work/cargo-bloat-action/cargo-bloat-action/lib_project)
   └─ ureq v0.12.1
      ├─ base64 v0.12.0
      ├─ chunked_transfer v1.1.0
      ├─ lazy_static v1.4.0
      ├─ qstring v0.7.2
      │  └─ percent-encoding v2.1.0
      └─ url v2.1.1
         ├─ idna v0.2.0
         │  ├─ matches v0.1.8
         │  ├─ unicode-bidi v0.3.4
         │  │  └─ matches v0.1.8
         │  └─ unicode-normalization v0.1.12
         │     └─ smallvec v1.4.0
         ├─ matches v0.1.8
         └─ percent-encoding v2.1.0

Commit: 867edfb (Compare with baseline commit)

[github-actions]

🍎 Cargo bloat for toolchain stable-x86_64-apple-darwin 🍎

@@ Size breakdown @@

- Size       847.13 KB
+ Size       841.87 KB  -5.26 KB
- Text Size  359.08 KB
+ Text Size  352.27 KB  -6.81 KB

Size difference per crate

Note: The numbers below are not 100% accurate, use them as a rough estimate.

@@ Breakdown per crate @@

- __mh_execute_header                                                        6.78 KB
+ __mh_execute_header                                                        13.84 KB
+ (ureq) <ureq::header::Header as core::str::traits::FromStr>::from_str      1.19 KB
+ (std) std::sync::once::Once::call_once_force::{{closure}}                  864 B
+ (std) std::thread::park                                                    816 B
+ (std) core::str::iter::SplitInternal<P>::next_back                         768 B
+ (std) <core::str::iter::Split<P> as core::iter::traits::iterator::Iter...  768 B
+ (std) <core::str::pattern::CharSearcher as core::str::pattern::Searche...  720 B
+ (idna) <alloc::vec::Vec<T> as alloc::vec::SpecFromIter<T,I>>::from_ite...  688 B
+ (std) core::str::converts::from_utf8                                       592 B
- (std) std::io::stdio::stdout                                               1.11 KB
- (ureq) <ureq::header::Header as core::str::FromStr>::from_str              1008 B
- (std) std::io::Write::write_all_vectored                                   688 B
- (std) core::str::SplitInternal<P>::next_back                               768 B
- (idna) <alloc::vec::Vec<T> as alloc::vec::SpecExtend<T,I>>::from_iter      688 B
- (std) std::panicking::default_hook::{{closure}}                            608 B
- (std) core::str::from_utf8                                                 608 B
- (std) std::sys::unix::thread_local_dtor::register_dtor                     560 B
- (std) std::path::Components::len_before_body                               512 B
- (std) <std::io::stdio::Stdout as std::io::Write>::write_fmt                496 B
- (std) core::slice::memchr::memchr                                          496 B
- (std) <std::io::buffered::BufWriter<W> as std::io::Write>::write           448 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::read_exact            432 B
- (std) std::io::stdio::set_panic                                            400 B
- (std) <core::str::Split<P> as core::iter::traits::iterator::Iterator>:...  352 B
- (std) <core::str::Utf8Error as core::fmt::Debug>::fmt                      224 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::read_vectored         192 B
- (std) <core::num::ParseIntError as core::fmt::Debug>::fmt                  176 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::write_vectore...  128 B
- (percent_encoding) alloc::raw_vec::RawVec<T,A>::reserve                    128 B
- (std) core::slice::slice_index_order_fail                                  112 B
- (std) core::slice::slice_start_index_len_fail                              112 B
- (std) core::slice::slice_end_index_len_fail                                112 B
- (std) alloc::vec::Vec<T>::drain::end_assert_failed                         112 B
- (std) std::io::impls::<impl std::io::Write for alloc::boxed::Box<W>>::...  32 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::write             96 B
- (std) core::slice::slice_index_overflow_fail                               32 B
- (std) <std::io::cursor::Cursor<T> as std::io::Read>::is_read_vectored      16 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::flush             16 B
- (std) <std::sys::unix::stdio::Stderr as std::io::Write>::is_write_vect...  16 B
- (idna) <T as core::any::Any>::type_id                                      16 B

Dependency tree

@@ Dependency tree @@
Count: 17

└─ lib_project v0.1.0 (/Users/runner/work/cargo-bloat-action/cargo-bloat-action/lib_project)
   └─ ureq v0.12.1
      ├─ base64 v0.12.0
      ├─ chunked_transfer v1.1.0
      ├─ lazy_static v1.4.0
      ├─ qstring v0.7.2
      │  └─ percent-encoding v2.1.0
      └─ url v2.1.1
         ├─ idna v0.2.0
         │  ├─ matches v0.1.8
         │  ├─ unicode-bidi v0.3.4
         │  │  └─ matches v0.1.8
         │  └─ unicode-normalization v0.1.12
         │     └─ smallvec v1.4.0
         ├─ matches v0.1.8
         └─ percent-encoding v2.1.0

Commit: 867edfb (Compare with baseline commit)

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

Server-Side Request Forgery in Axios
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Affected versions: ["< 0.21.1"]