Skip to content

Commit

Permalink
chore(deps): update dependency axios to v1.7.4 [security] (#778)
Browse files Browse the repository at this point in the history 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [axios](https://axios-http.com)
([source](https://github.com/axios/axios)) | [`1.7.2` ->
`1.7.4`](https://renovatebot.com/diffs/npm/axios/1.7.2/1.7.4) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/axios/1.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/axios/1.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/axios/1.7.2/1.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/1.7.2/1.7.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2024-39338](https://nvd.nist.gov/vuln/detail/CVE-2024-39338)

axios 1.7.2 allows SSRF via unexpected behavior where requests for path
relative URLs get processed as protocol relative URLs.

---

### Release Notes

<details>
<summary>axios/axios (axios)</summary>

###
[`v1.7.4`](https://github.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13)

[Compare
Source](https://github.com/axios/axios/compare/v1.7.3...v1.7.4)

##### Bug Fixes

- **sec:** CVE-2024-39338
([#&#8203;6539](https://github.com/axios/axios/issues/6539))
([#&#8203;6543](https://github.com/axios/axios/issues/6543))
([6b6b605](https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a))
- **sec:** disregard protocol-relative URL to remediate SSRF
([#&#8203;6539](https://github.com/axios/axios/issues/6539))
([07a661a](https://github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda))

##### Contributors to this release

- <img
src="https://avatars.githubusercontent.com/u/31389480?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Lev
Pachmanov](https://github.com/levpachmanov "+47/-11 (#&#8203;6543 )")
- <img
src="https://avatars.githubusercontent.com/u/41283691?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Đỗ Trọng Hải](https://github.com/hainenber
"+49/-4 (#&#8203;6539 )")

###
[`v1.7.3`](https://github.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01)

[Compare
Source](https://github.com/axios/axios/compare/v1.7.2...v1.7.3)

##### Bug Fixes

- **adapter:** fix progress event emitting;
([#&#8203;6518](https://github.com/axios/axios/issues/6518))
([e3c76fc](https://github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f))
- **fetch:** fix withCredentials request config
([#&#8203;6505](https://github.com/axios/axios/issues/6505))
([85d4d0e](https://github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787))
- **xhr:** return original config on errors from XHR adapter
([#&#8203;6515](https://github.com/axios/axios/issues/6515))
([8966ee7](https://github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388))

##### Contributors to this release

- <img
src="https://avatars.githubusercontent.com/u/12586868?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Dmitriy
Mozgovoy](https://github.com/DigitalBrainJS "+211/-159 (#&#8203;6518
#&#8203;6519 )")
- <img
src="https://avatars.githubusercontent.com/u/10867286?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [Valerii
Sidorenko](https://github.com/ValeraS "+3/-3 (#&#8203;6515 )")
- <img
src="https://avatars.githubusercontent.com/u/8599535?v&#x3D;4&amp;s&#x3D;18"
alt="avatar" width="18"/> [prianYu](https://github.com/prianyu "+2/-2
(#&#8203;6505 )")

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/cap-js/cds-dbs).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzguMjYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@renovate
renovate[bot] committed Aug 19, 2024
1 parent cdf4d37 commit 84cde4a
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 84cde4a

Please sign in to comment.