Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): update dependency axios to v1.7.4 [security] (#11977)
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [axios](https://axios-http.com) ([source](https://togithub.com/axios/axios)) | [`1.7.3` -> `1.7.4`](https://renovatebot.com/diffs/npm/axios/1.7.3/1.7.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-45857](https://nvd.nist.gov/vuln/detail/CVE-2023-45857) An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. #### [CVE-2024-39338](https://nvd.nist.gov/vuln/detail/CVE-2024-39338) axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. --- ### Release Notes <details> <summary>axios/axios (axios)</summary> ### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([#​6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - <img src="https://avatars.githubusercontent.com/u/31389480?v=4&s=18" alt="avatar" width="18"/> [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#​6543 )") - <img src="https://avatars.githubusercontent.com/u/41283691?v=4&s=18" alt="avatar" width="18"/> [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#​6539 )") </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/carbon-design-system/carbon-for-ibm-dotcom). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
](https://renovatebot.com){kind=link}
- Loading branch information
1 parent
b8983f2
commit fb74b72