search

CodeDredd / pinia-orm

The Pinia plugin to enable Object-Relational Mapping access to the Pinia Store.
https://pinia-orm.codedredd.de/
MIT License
452 stars 39 forks source link

chore(deps): update peerdependency axios to v1.6.0 [security] #1732

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) >=1.5.0 -> >=1.6.0 age adoption passing confidence
axios (source) 1.5.0 -> 1.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Release Notes

axios/axios (axios) ### [`v1.6.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#160-2023-10-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.5.1...v1.6.0) ##### Bug Fixes - **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#​6028](https://togithub.com/axios/axios/issues/6028)) ([96ee232](https://togithub.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0)) - **dns:** fixed lookup function decorator to work properly in node v20; ([#​6011](https://togithub.com/axios/axios/issues/6011)) ([5aaff53](https://togithub.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8)) - **types:** fix AxiosHeaders types; ([#​5931](https://togithub.com/axios/axios/issues/5931)) ([a1c8ad0](https://togithub.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09)) ##### PRs - CVE 2023 45857 ( [#​6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+449/-114 (#​6032 #​6021 #​6011 #​5932 #​5931 )") - avatar [Valentin Panov](https://togithub.com/valentin-panov "+4/-4 (#​6028 )") - avatar [Rinku Chaudhari](https://togithub.com/therealrinku "+1/-1 (#​5889 )") #### [1.5.1](https://togithub.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#​5919](https://togithub.com/axios/axios/issues/5919)) ([e410779](https://togithub.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#​5917](https://togithub.com/axios/axios/issues/5917)) ([bc9af51](https://togithub.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#​5890](https://togithub.com/axios/axios/issues/5890)) ([#​5892](https://togithub.com/axios/axios/issues/5892)) ([4c89f25](https://togithub.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://togithub.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+89/-18 (#​5919 #​5917 )") - avatar [David Dallas](https://togithub.com/DavidJDallas "+11/-5 ()") - avatar [Sean Sattler](https://togithub.com/fb-sean "+2/-8 ()") - avatar [Mustafa Ateş Uzun](https://togithub.com/0o001 "+4/-4 ()") - avatar [Przemyslaw Motacki](https://togithub.com/sfc-gh-pmotacki "+2/-1 (#​5892 )") - avatar [Michael Di Prisco](https://togithub.com/Cadienvan "+1/-1 ()") ##### PRs - CVE 2023 45857 ( [#​6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ### [`v1.5.1`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#151-2023-09-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.5.0...v1.5.1) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#​5919](https://togithub.com/axios/axios/issues/5919)) ([e410779](https://togithub.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#​5917](https://togithub.com/axios/axios/issues/5917)) ([bc9af51](https://togithub.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#​5890](https://togithub.com/axios/axios/issues/5890)) ([#​5892](https://togithub.com/axios/axios/issues/5892)) ([4c89f25](https://togithub.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://togithub.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+89/-18 (#​5919 #​5917 )") - avatar [David Dallas](https://togithub.com/DavidJDallas "+11/-5 ()") - avatar [Sean Sattler](https://togithub.com/fb-sean "+2/-8 ()") - avatar [Mustafa Ateş Uzun](https://togithub.com/0o001 "+4/-4 ()") - avatar [Przemyslaw Motacki](https://togithub.com/sfc-gh-pmotacki "+2/-1 (#​5892 )") - avatar [Michael Di Prisco](https://togithub.com/Cadienvan "+1/-1 ()")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.