Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency axios to v1.7.4 [security] - autoclosed #3385

Closed
wants to merge 1 commit into from
Closed

fix(deps): update dependency axios to v1.7.4 [security] - autoclosed #3385

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 13, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.6.8 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Contributors to this release

v1.7.1

Compare Source

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.0

Compare Source

Features
Bug Fixes
Contributors to this release

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Aug 13, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 3a284a7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from aec0892 to b7d7b54 Compare August 14, 2024 22:57
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b7d7b54 to 892c6c5 Compare August 15, 2024 03:52
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 892c6c5 to 946f47d Compare August 15, 2024 07:01
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 946f47d to 4ec652b Compare August 17, 2024 01:03
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 4ec652b to 7b57c8d Compare August 19, 2024 15:45
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 7b57c8d to f1762f6 Compare August 19, 2024 16:55
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from f1762f6 to 84bd0e7 Compare August 19, 2024 20:33
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 84bd0e7 to 843fb79 Compare August 20, 2024 09:02
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 843fb79 to d1980ce Compare August 20, 2024 13:11
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from d1980ce to 3592c40 Compare August 20, 2024 14:15
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 3592c40 to 8567424 Compare August 21, 2024 16:10
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 8567424 to 5c794a4 Compare August 21, 2024 23:14
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5c794a4 to baafa2e Compare August 27, 2024 08:22
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from baafa2e to 67a15a0 Compare August 27, 2024 14:26
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e590d05 to 2d61cd0 Compare October 9, 2024 16:22
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 2d61cd0 to 6c07324 Compare October 10, 2024 13:41
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 6c07324 to 9b0a037 Compare October 11, 2024 09:53
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 9b0a037 to 7cf218b Compare October 11, 2024 13:12
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 7cf218b to 40b3fc5 Compare October 11, 2024 14:13
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 40b3fc5 to f899628 Compare October 11, 2024 19:08
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from f899628 to cca31d6 Compare October 14, 2024 22:01
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from cca31d6 to 18d46ec Compare October 15, 2024 14:38
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 18d46ec to 1d3a296 Compare October 15, 2024 15:30
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 1d3a296 to 2dd5a74 Compare October 15, 2024 15:57
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 2dd5a74 to 3c9559d Compare October 15, 2024 16:50
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 3c9559d to 24ab0c8 Compare October 15, 2024 20:52
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 24ab0c8 to 3a284a7 Compare October 16, 2024 00:59
@renovate renovate bot changed the title fix(deps): update dependency axios to v1.7.4 [security] fix(deps): update dependency axios to v1.7.4 [security] - autoclosed Oct 16, 2024
@renovate renovate bot closed this Oct 16, 2024
@renovate renovate bot deleted the renovate/npm-axios-vulnerability branch October 16, 2024 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants