Open dependabot-preview[bot] opened 5 years ago
Merging #245 into develop will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## develop #245 +/- ##
========================================
Coverage 66.66% 66.66%
========================================
Files 146 146
Lines 1926 1926
========================================
Hits 1284 1284
Misses 642 642
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 8f0edaf...fe60b5f. Read the comment docs.
Bumps axios from 0.18.0 to 0.18.1. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects axios** > Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. > > Affected versions: <= 0.18.0Release notes
*Sourced from [axios's releases](https://github.com/axios/axios/releases).* > ## v0.18.1 > Security Fix: > > - Destroy stream on exceeding maxContentLength (fixes [#1098](https://github-redirect.dependabot.com/axios/axios/issues/1098)) ([#1485](https://github-redirect.dependabot.com/axios/axios/issues/1485)) - Gadzhi GadzhievChangelog
*Sourced from [axios's changelog](https://github.com/axios/axios/blob/v0.18.1/CHANGELOG.md).* > ### 0.18.1 (May 31, 2019) > > Security Fix: > > - Destroy stream on exceeding maxContentLength (fixes [#1098](https://github-redirect.dependabot.com/axios/axios/issues/1098)) ([#1485](https://github-redirect.dependabot.com/axios/axios/pull/1485)) - Gadzhi GadzhievCommits
- [`face016`](https://github.com/axios/axios/commit/face0165de613696d10b1fd2a0e2f7b3852fa018) Releasing 0.18.1 - [`0628763`](https://github.com/axios/axios/commit/062876378b2e46aa12cb084dce56dddde1f8172c) Update Changelog for release (0.18.1) - [`dc9b29c`](https://github.com/axios/axios/commit/dc9b29c3411f160009570d369013585693deb154) adjust README to match IE support - [`16326d5`](https://github.com/axios/axios/commit/16326d5fe93bb2bf9d793fe04786e3198f298429) Remove usages of isOldIE in tests - [`5a4228b`](https://github.com/axios/axios/commit/5a4228b9f82ef9dfb695e10c95d237f4b7afdc14) Remove IE10 launcher from karma config - [`695b5f7`](https://github.com/axios/axios/commit/695b5f7241d7a3b339a768e3d04cfa5d1efd758e) Remove isOldIE check in tests - [`e314ab0`](https://github.com/axios/axios/commit/e314ab00b48be01283f4c48fc2ecaef73fac7c85) Remove HTTP 1223 handling - [`7efa822`](https://github.com/axios/axios/commit/7efa822b2e8ac47c54f3eafc7fb0c6b52ffaa0c6) Remove btoa polyfill tests - [`f3cdcc7`](https://github.com/axios/axios/commit/f3cdcc7f0125a069998bb3c74337fea99dd98f7b) Delete btoa polyfill - [`efc0b58`](https://github.com/axios/axios/commit/efc0b581c828fe0e5e6d39a40d65d1c73181e05c) Remove ie8/9 special CORS treatment and btoa polyfill - Additional commits viewable in [compare view](https://github.com/axios/axios/compare/v0.18.0...v0.18.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.