search

ZupIT / charlescd

CharlesCD is an open source tool that makes deployments more agile, continuous and safe, which allows development teams to perform hypothesis validations with a specific group of users, simultaneously.
https://charlescd.io
Apache License 2.0
333 stars 79 forks source link

Update dependency axios to v0.21.2 [SECURITY] #1548

Open renovate[bot] opened 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
axios (source) ^0.19.2 -> ^0.21.0 age adoption passing confidence dependencies minor
axios 0.20.0 -> 0.21.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-3749

axios is vulnerable to Inefficient Regular Expression Complexity

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Release Notes

axios/axios ### [`v0.21.2`](https://togithub.com/axios/axios/releases/tag/v0.21.2) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.1...v0.21.2) ##### 0.21.2 (September 4, 2021) Fixes and Functionality: - Updating axios requests to be delayed by pre-emptive promise creation ([#​2702](https://togithub.com/axios/axios/pull/2702)) - Adding "synchronous" and "runWhen" options to interceptors api ([#​2702](https://togithub.com/axios/axios/pull/2702)) - Updating of transformResponse ([#​3377](https://togithub.com/axios/axios/pull/3377)) - Adding ability to omit User-Agent header ([#​3703](https://togithub.com/axios/axios/pull/3703)) - Adding multiple JSON improvements ([#​3688](https://togithub.com/axios/axios/pull/3688), [#​3763](https://togithub.com/axios/axios/pull/3763)) - Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#​3738](https://togithub.com/axios/axios/pull/3738)) - Adding parseInt to config.timeout ([#​3781](https://togithub.com/axios/axios/pull/3781)) - Adding custom return type support to interceptor ([#​3783](https://togithub.com/axios/axios/pull/3783)) - Adding security fix for ReDoS vulnerability ([#​3980](https://togithub.com/axios/axios/pull/3980)) Internal and Tests: - Updating build dev dependancies ([#​3401](https://togithub.com/axios/axios/pull/3401)) - Fixing builds running on Travis CI ([#​3538](https://togithub.com/axios/axios/pull/3538)) - Updating follow rediect version ([#​3694](https://togithub.com/axios/axios/pull/3694), [#​3771](https://togithub.com/axios/axios/pull/3771)) - Updating karma sauce launcher to fix failing sauce tests ([#​3712](https://togithub.com/axios/axios/pull/3712), [#​3717](https://togithub.com/axios/axios/pull/3717)) - Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#​2154](https://togithub.com/axios/axios/pull/2154)) - Fixing tests by bumping karma-sauce-launcher version ([#​3813](https://togithub.com/axios/axios/pull/3813)) - Changing testing process from Travis CI to GitHub Actions ([#​3938](https://togithub.com/axios/axios/pull/3938)) Documentation: - Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#​3539](https://togithub.com/axios/axios/pull/3539)) - Remove duplication of item in changelog ([#​3523](https://togithub.com/axios/axios/pull/3523)) - Fixing gramatical errors ([#​2642](https://togithub.com/axios/axios/pull/2642)) - Fixing spelling error ([#​3567](https://togithub.com/axios/axios/pull/3567)) - Moving gitpod metion ([#​2637](https://togithub.com/axios/axios/pull/2637)) - Adding new axios documentation website link ([#​3681](https://togithub.com/axios/axios/pull/3681), [#​3707](https://togithub.com/axios/axios/pull/3707)) - Updating documentation around dispatching requests ([#​3772](https://togithub.com/axios/axios/pull/3772)) - Adding documentation for the type guard isAxiosError ([#​3767](https://togithub.com/axios/axios/pull/3767)) - Adding explanation of cancel token ([#​3803](https://togithub.com/axios/axios/pull/3803)) - Updating CI status badge ([#​3953](https://togithub.com/axios/axios/pull/3953)) - Fixing errors with JSON documentation ([#​3936](https://togithub.com/axios/axios/pull/3936)) - Fixing README typo under Request Config ([#​3825](https://togithub.com/axios/axios/pull/3825)) - Adding axios-multi-api to the ecosystem file ([#​3817](https://togithub.com/axios/axios/pull/3817)) - Adding SECURITY.md to properly disclose security vulnerabilities ([#​3981](https://togithub.com/axios/axios/pull/3981)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Sasha Korotkov](https://togithub.com/SashaKoro) - [Daniel Lopretto](https://togithub.com/timemachine3030) - [Mike Bishop](https://togithub.com/MikeBishop) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) - [Mark](https://togithub.com/bimbiltu) - [Philipe Gouveia Paixão](https://togithub.com/piiih) - [hippo](https://togithub.com/hippo2cat) - [ready-research](https://togithub.com/ready-research) - [Xianming Zhong](https://togithub.com/chinesedfan) - [Christopher Chrapka](https://togithub.com/OJezu) - [Brian Anglin](https://togithub.com/anglinb) - [Kohta Ito](https://togithub.com/koh110) - [Ali Clark](https://togithub.com/aliclark) - [caikan](https://togithub.com/caikan) - [Elina Gorshkova](https://togithub.com/elinagorshkova) - [Ryota Ikezawa](https://togithub.com/paveg) - [Nisar Hassan Naqvi](https://togithub.com/nisarhassan12) - [Jake](https://togithub.com/codemaster138) - [TagawaHirotaka](https://togithub.com/wafuwafu13) - [Johannes Jarbratt](https://togithub.com/johachi) - [Mo Sattler](https://togithub.com/MoSattler) - [Sam Carlton](https://togithub.com/ThatGuySam) - [Matt Czapliński](https://togithub.com/MattCCC) - [Ziding Zhang](https://togithub.com/zidingz) ### [`v0.21.1`](https://togithub.com/axios/axios/releases/tag/v0.21.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1) ##### 0.21.1 (December 21, 2020) Fixes and Functionality: - Hotfix: Prevent SSRF ([#​3410](https://togithub.com/axios/axios/issues/3410)) - Protocol not parsed when setting proxy config from env vars ([#​3070](https://togithub.com/axios/axios/issues/3070)) - Updating axios in types to be lower case ([#​2797](https://togithub.com/axios/axios/issues/2797)) - Adding a type guard for `AxiosError` ([#​2949](https://togithub.com/axios/axios/issues/2949)) Internal and Tests: - Remove the skipping of the `socket` http test ([#​3364](https://togithub.com/axios/axios/issues/3364)) - Use different socket for Win32 test ([#​3375](https://togithub.com/axios/axios/issues/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel Lopretto - Jason Kwok - Jay - Jonathan Foster - Remco Haszing - Xianming Zhong ### [`v0.21.0`](https://togithub.com/axios/axios/releases/tag/v0.21.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.20.0...v0.21.0) ##### 0.21.0 (October 23, 2020) Fixes and Functionality: - Fixing requestHeaders.Authorization ([#​3287](https://togithub.com/axios/axios/pull/3287)) - Fixing node types ([#​3237](https://togithub.com/axios/axios/pull/3237)) - Fixing axios.delete ignores config.data ([#​3282](https://togithub.com/axios/axios/pull/3282)) - Revert "Fixing overwrite Blob/File type as Content-Type in browser. ([#​1773](https://togithub.com/axios/axios/issues/1773))" ([#​3289](https://togithub.com/axios/axios/pull/3289)) - Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled ([#​3200](https://togithub.com/axios/axios/pull/3200)) Internal and Tests: - Lock travis to not use node v15 ([#​3361](https://togithub.com/axios/axios/pull/3361)) Documentation: - Fixing simple typo, existant -> existent ([#​3252](https://togithub.com/axios/axios/pull/3252)) - Fixing typos ([#​3309](https://togithub.com/axios/axios/pull/3309)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Allan Cruz <57270969+Allanbcruz@users.noreply.github.com> - George Cheng - Jay - Kevin Kirsche - Remco Haszing - Taemin Shin - Tim Gates - Xianming Zhong ### [`v0.20.0`](https://togithub.com/axios/axios/releases/tag/v0.20.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.19.2...v0.20.0) Release of 0.20.0-pre as a full release with no other changes.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 2 years ago

Codecov Report

Merging #1548 (8f6a454) into main (ebc5600) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1548   +/-   ##
=========================================
  Coverage     78.37%   78.37%           
  Complexity     2266     2266           
=========================================
  Files          1287     1287           
  Lines         17918    17918           
  Branches       1650     1650           
=========================================
  Hits          14044    14044           
  Misses         3387     3387           
  Partials        487      487
Flag Coverage Δ
butler 89.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 3d610a9...8f6a454. Read the comment docs.