Skip to content

Bump axios from 1.13.2 to 1.14.0#2052

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/axios-1.15.2
Open

Bump axios from 1.13.2 to 1.14.0#2052
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/axios-1.15.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026
edited
Loading

Bumps axios from 1.13.2 to 1.14.0.

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

  • Runtime Features: No new end-user features were introduced in this release.
  • Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

  • Headers: Trim trailing CRLF in normalised header values. (#7456)
  • HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
  • Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
  • Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
  • CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

  • Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
  • Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
  • Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
  • Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

  • Environment Compatibility:
    • Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

v1.14.0 - March 27, 2026

This release fixes a security vulnerability in the formidable dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.

🔒 Security Fixes

  • Formidable Vulnerability: Upgraded formidable from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (#7533)

🐛 Bug Fixes

  • CommonJS Compatibility: Restored require('axios') in Node.js by correcting the main field in package.json to point to the built CJS bundle. (#7532)

  • Fetch Adapter: Cancel the ReadableStream body after the request stream capability probe to prevent resource leaks. (#7515)

  • Proxy: Upgraded proxy-from-env to v2 and switched to the named getProxyForUrl export, fixing proxy detection from environment variables and resolving CJS bundling errors. (#7499)

  • HTTP/2: Close detached HTTP/2 sessions on timeout to free resources when no new requests arrive. (#7457)

  • Headers: Trim trailing CRLF characters from normalised header values. (#7456)

🔧 Maintenance & Chores

  • Toolchain Modernisation: Migrated test suite to Vitest, updated ESLint to v10, upgraded Rollup and @rollup/plugin-babel, migrated to Husky 9, upgraded TypeScript to latest, and modernised the Express test harness. (#7484, #7489, #7498, #7505, #7506, #7507, #7508, #7509, #7510, #7516, #7522)

  • Dependencies: Bumped multer to v2, minimatch, tar, pacote, @babel/preset-env, and additional dev dependencies. (#7453, #7480, #7491, #7504, #7517, #7531)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

Full Changelog

v1.13.6 - February 27, 2026

This release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.

🚀 New Features

  • React Native Blob Support: Axios now correctly handles native Blob objects in React Native environments. (#5764)

🐛 Bug Fixes

  • AxiosError: Fixed AxiosError.from not copying the status field from the source error. (#7403)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 22, 2026
Copilot AI review requested due to automatic review settings April 22, 2026 18:26
@dependabot dependabot Bot added javascript Pull requests that update Javascript code dependencies Pull requests that update a dependency file labels Apr 22, 2026
@dependabot dependabot Bot review requested due to automatic review settings April 22, 2026 18:26
@github-project-automation github-project-automation Bot moved this to Backlog (Not Ready) in DevX Apr 22, 2026
@dependabot dependabot Bot mentioned this pull request Apr 22, 2026
Closed
@dependabot dependabot Bot changed the title Bump axios from 1.13.2 to 1.15.2 Bump axios from 1.13.2 to 1.14.0 Apr 23, 2026
Copilot AI review requested due to automatic review settings April 23, 2026 20:18
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.2 branch from d784eda to 5f74584 Compare April 23, 2026 20:18
@dependabot dependabot Bot review requested due to automatic review settings April 23, 2026 20:18
@dependabot
Bump axios from 1.13.2 to 1.14.0
56d54c1 
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.14.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.2...v1.14.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings April 30, 2026 20:03
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-1.15.2 branch from 5f74584 to 56d54c1 Compare April 30, 2026 20:03
@dependabot dependabot Bot review requested due to automatic review settings April 30, 2026 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

DevX
Status: Backlog (Not Ready)

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants