Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency axios to v1.7.4 [SECURITY] #3385

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency axios to v1.7.4 [SECURITY] #3385

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 13, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.6.8 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Contributors to this release

v1.7.1

Compare Source

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.0

Compare Source

Features
Bug Fixes
Contributors to this release

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 13, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: d3392ed

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from aec0892 to b7d7b54 Compare August 14, 2024 22:57
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b7d7b54 to 892c6c5 Compare August 15, 2024 03:52
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 892c6c5 to 946f47d Compare August 15, 2024 07:01
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 946f47d to 4ec652b Compare August 17, 2024 01:03
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 4ec652b to 7b57c8d Compare August 19, 2024 15:45
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 7b57c8d to f1762f6 Compare August 19, 2024 16:55
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from f1762f6 to 84bd0e7 Compare August 19, 2024 20:33
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 84bd0e7 to 843fb79 Compare August 20, 2024 09:02
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 843fb79 to d1980ce Compare August 20, 2024 13:11
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from d1980ce to 3592c40 Compare August 20, 2024 14:15
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 3592c40 to 8567424 Compare August 21, 2024 16:10
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 8567424 to 5c794a4 Compare August 21, 2024 23:14
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5c794a4 to baafa2e Compare August 27, 2024 08:22
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from baafa2e to 67a15a0 Compare August 27, 2024 14:26
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from c5fe557 to 2b4f6f0 Compare September 18, 2024 10:14
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 2b4f6f0 to 118f496 Compare September 19, 2024 12:41
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 118f496 to dbdc4f8 Compare September 19, 2024 13:37
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from dbdc4f8 to 6c679b8 Compare September 20, 2024 13:39
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 6c679b8 to 5cffc36 Compare September 23, 2024 13:26
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5cffc36 to ee6b010 Compare September 24, 2024 18:52
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from ee6b010 to c67e524 Compare September 25, 2024 18:02
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from c67e524 to 08ed8d2 Compare September 26, 2024 12:34
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 08ed8d2 to 329fea6 Compare September 27, 2024 16:21
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 329fea6 to cf5b3e6 Compare September 30, 2024 08:42
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from cf5b3e6 to b4d3501 Compare September 30, 2024 12:19
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b4d3501 to cf68c1b Compare September 30, 2024 21:40
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from cf68c1b to 2cdad51 Compare October 1, 2024 14:36
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 2cdad51 to d3392ed Compare October 2, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants