Closed abrain-bot closed 1 month ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 63.51%. Comparing base (
3371f50
) to head (86c673c
).
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
1.7.3
->1.7.4
GitHub Vulnerability Alerts
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Release Notes
axios/axios (axios)
### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#6539](https://togithub.com/axios/axios/issues/6539)) ([#6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#6543 )") - [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#6539 )")Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.