search

OpenSourcePolitics / decidim

Fork of Decidim
http://www.decidim.org
GNU Affero General Public License v3.0
20 stars 4 forks source link

[Snyk] Security upgrade axios from 0.18.1 to 0.20.0 #1174

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 416/1000
Why? Recently disclosed, Has a fix available, CVSS 2.6		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 217 commits.
  • 0d87655 Releasing 0.20.0
  • cd27741 Updating changelog for 0.20.0 release
  • ffea034 Releasing 0.20.0-0
  • fe147fb Updating changlog for 0.20.0 beta release
  • 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
  • c4300a8 Adding support for URLSearchParams in node (#1900)
  • bed6783 add table of content (preview) (#3050)
  • c70fab9 Fix stale bot config (#3049)
  • 5b08fc4 Add days and change name to work (#3035)
  • 1768c23 Update close-issues.yml (#3031)
  • 3dbf6a1 Add GitHub actions to close stale issues/prs (#3029)
  • a9010e4 Add GitHub actions to close invalid issues (#3022)
  • 36f0ad2 Replace 'blacklist' with 'blocklist' (#3006)
  • 0d69a79 Refactor mergeConfig without utils.deepMerge (#2844)
  • 4879416 Allow unsetting headers by passing null (#382) (#1845)
  • 4b3947a Add test with Node.js 12 (#2860)
  • 0077205 Adding console log on sandbox server startup (#2210)
  • ee46dff docs(): Detailed config options environment. (#2088)
  • 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (#2080)
  • 3f2ef03 Allow opening examples in Gitpod (#1958)
  • f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (#1773)
  • f2b478f Revert "Fixing default transformRequest with buffer pools (#1511)" (#2982)
  • d35b5b5 Remove axios.all() and axios.spread() from Readme.md (#2727)
  • 6d36dbe Update README.md (#2887)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. @carolromero & @xabier feel free to chime in.