Lumieducation / H5P-Nodejs-library

h5p-nodejs-library is a collection of server and client-side packages that help you use H5P with a NodeJS backend
https://docs.lumi.education
GNU General Public License v3.0
160 stars 79 forks source link

fix(deps): update dependency axios to v1.7.4 [security] #3745

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.7.3 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.


Release Notes

axios/axios (axios) ### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([#​6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#​6543 )") - avatar [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#​6539 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.



This PR was generated by Mend Renovate. View the repository job log.

coveralls commented 3 months ago

Coverage Status

coverage: 65.653%. first build when pulling 25290787db78482a1c50cdb632b232eb56af5a03 on renovate/npm-axios-vulnerability into e153e53747040fea5579e8daf96e316a54374501 on master.