[Snyk] Security upgrade axios from 0.21.1 to 0.21.3 - Githubissues

RafalWilinski / express-status-monitor

🚀 Realtime Monitoring solution for Node.js/Express.js apps, inspired by status.github.com, sponsored by https://dynobase.dev

https://dynobase.dev/

MIT License

3.61k stars 255 forks source link

[Snyk] Security upgrade axios from 0.21.1 to 0.21.3 #178

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 41 commits.

e367be5 [Releasing] 0.21.3
83ae383 Correctly add response interceptors to interceptor chain (#4013)
c0c8761 [Updating] changelog to include links to issues and contributors
619bb46 [Releasing] v0.21.2
82c9455 Create SECURITY.md (#3981)
5b45711 Security fix for ReDoS (#3980)
5bc9ea2 Update ECOSYSTEM.md (#3817)
e72813a Fixing README.md (#3818)
e10a027 Fix README typo under Request Config (#3825)
e091491 Update README.md (#3936)
b42fbad Removed un-needed bracket
520c8dc Updating CI status badge (#3953)
4fbeecb Adding CI on Github Actions. (#3938)
e9965bf Fixing the sauce labs tests (#3813)
dbc634c Remove charset in tests (#3807)
3958e9f Add explanation of cancel token (#3803)
69949a6 Adding custom return type support to interceptor (#3783)
49509f6 Create FUNDING.yml (#3796)
199c8aa Adding parseInt to config.timeout (#3781)
94fc4ea Adding isAxiosError typeguard documentation (#3767)
0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
59fa614 [Updated] follow-redirects to the latest version (#3771)
7821ed2 Feat/json improvements (#3763)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic