Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency axios to v1.6.0 [security] #182

Merged
merged 1 commit into from
Nov 14, 2023
Merged

fix(deps): update dependency axios to v1.6.0 [security] #182

merged 1 commit into from
Nov 14, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 12, 2023
edited
Loading

Mend Renovate logo banner

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.4.0 -> 1.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Release Notes

axios/axios (axios)

v1.6.0

Compare Source

Bug Fixes
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.1

Compare Source

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release

v1.5.0

Compare Source

Bug Fixes
  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#​5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#​5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#​5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#​5832) (8fda276)
Features
Contributors to this release

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions github-actions bot added the fix label Nov 12, 2023
@github-actions GitHub Actions
Copy link

Current changelog

Bug Fixes

Features

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@mamartinezmejia mamartinezmejia merged commit 3a09d9c into main Nov 14, 2023
11 checks passed
@mamartinezmejia mamartinezmejia deleted the renovate/npm-axios-vulnerability branch November 14, 2023 17:28
This was referenced Nov 17, 2023
Merged
Merged
Merged
Merged
Merged
Merged
This was referenced Nov 27, 2023
Merged
Merged
Merged
Merged
Merged
Merged
This was referenced Dec 11, 2023
Merged
Merged
Merged
Merged
Merged
@github-actions github-actions bot mentioned this pull request Dec 20, 2023
Closed
1 task
This was referenced Jun 4, 2024
Merged
Merged
Merged
This was referenced Jun 12, 2024
Merged
Merged
Merged
Merged
Merged
Merged
Merged
This was referenced Jul 10, 2024
Merged
Merged
@github-actions github-actions bot mentioned this pull request Jul 19, 2024
Merged
1 task
@github-actions github-actions bot mentioned this pull request Aug 13, 2024
Merged
1 task
This was referenced Aug 20, 2024
Merged
Merged
Merged
This was referenced Aug 31, 2024
Closed
Merged
@github-actions github-actions bot mentioned this pull request Sep 16, 2024
Merged
This was referenced Sep 23, 2024
Merged
Closed
Closed
Merged
Merged
Closed
Closed
This was referenced Oct 1, 2024
Merged
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mamartinezmejia mamartinezmejia mamartinezmejia approved these changes

@paulushcgcj paulushcgcj Awaiting requested review from paulushcgcj paulushcgcj is a code owner

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mamartinezmejia