Patch `0.x` branch to resolve `CVE-2023-45857` vulnerability

[lnjbr]

Is your feature request related to a problem? Please describe.

Barring a migration guide for Axios 1.x, the latest 0.x version of Axios should continue to receive updates for non-breaking security vulnerability resolutions.

Describe the solution you'd like

CVE-2023-45857 affects versions 0.8.1 thru 1.5.1. The fix applied to the 1.x versions in #6028 should be applied to the 0.x branch as well, and released as a patch.

Describe alternatives you've considered

No response

Additional context/Screenshots

Spots that would need mitigation:

https://github.com/axios/axios/blob/880b42e2b8cdd467ce0c6ecd1cf522ef6ef65682/lib/adapters/xhr.js#L143-L156

https://github.com/axios/axios/blob/880b42e2b8cdd467ce0c6ecd1cf522ef6ef65682/test/specs/xsrf.spec.js#L70-L80

[lnjbr]

Incorporating the fix applied in #6046 as well 👍

[bmuenzenmeyer]

this is a huge win for those still unable to upgrade to 1.X due to missing guidance

[Shikari0744]

I still don't understand. How to get this patch version pulled in my application?
I am using 0.27.2v. What is the patch version called ?

Should I just write 0.x instead of 0.27.2 ?

[bmuenzenmeyer]

@Shikari0744 we are waiting for maintainers to merge #6091 and release it

[Shikari0744]

@Shikari0744 we are waiting for maintainers to merge #6091 and release it

But 6091 is already merged as I can see. So, I believe only release part is left. Do we have deadline for this ?

[breadadams]

The related PR was merged and 0.28.x was released. I believe this issue can be closed as completed.