-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency axios [security] #1109
base: master
Are you sure you want to change the base?
Conversation
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
0d6de8c
to
e8ef238
Compare
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
No dependency changes detected. Learn more about Socket for GitHub ↗︎ 👍 No dependency changes detected in pull request |
e8ef238
to
83e3adc
Compare
83e3adc
to
fffc295
Compare
fffc295
to
4310ed5
Compare
Quality Gate passedIssues Measures |
4310ed5
to
bec5a60
Compare
bec5a60
to
05c5601
Compare
05c5601
to
a65b30d
Compare
Quality Gate passedIssues Measures |
|
a65b30d
to
62c67f7
Compare
Quality Gate passedIssues Measures |
1e194d3
to
62c67f7
Compare
Quality Gate passedIssues Measures |
This PR contains the following updates:
^0.26.1
->^0.28.0
1.5.0
->1.7.4
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-45857
An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Release Notes
axios/axios (axios)
v0.28.0
Compare Source
Release notes:
Bug Fixes
withXSRFToken
option to v0.x (#6091)Backports from v1.x:
axios.formToJSON
method (#4735)url-encoded-form
serializer to respect theformSerializer
config (#4721)string[]
toAxiosRequestHeaders
type (#4322)AxiosError
stack capturing; (#4718)AxiosError
status code type; (#4717)blob
to the list of protocols supported by the browser (#4678)v0.27.2
Compare Source
Fixes and Functionality:
v0.27.1
Compare Source
Fixes and Functionality:
v0.27.0
Compare Source
Breaking changes:
Content-Type
request header when passing FormData (#3785)transformRequest
andtoFormData
(#4470)QOL and DevX improvements:
Fixes and Functionality:
Internal and Tests:
Documentation:
Notes:
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.