UniversityOfHelsinkiCS / ipsutin

The IP web-tool program
https://innotin.helsinki.fi/
0 stars 0 forks source link

Update dependency axios to v1.7.4 [SECURITY] #143

Closed renovate[bot] closed 2 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.7.2 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.


Release Notes

axios/axios (axios) ### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([#​6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#​6543 )") - avatar [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#​6539 )") ### [`v1.7.3`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.2...v1.7.3) ##### Bug Fixes - **adapter:** fix progress event emitting; ([#​6518](https://togithub.com/axios/axios/issues/6518)) ([e3c76fc](https://togithub.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f)) - **fetch:** fix withCredentials request config ([#​6505](https://togithub.com/axios/axios/issues/6505)) ([85d4d0e](https://togithub.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787)) - **xhr:** return original config on errors from XHR adapter ([#​6515](https://togithub.com/axios/axios/issues/6515)) ([8966ee7](https://togithub.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+211/-159 (#​6518 #​6519 )") - avatar [Valerii Sidorenko](https://togithub.com/ValeraS "+3/-3 (#​6515 )") - avatar [prianYu](https://togithub.com/prianyu "+2/-2 (#​6505 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud