search

alarmdisplay / display

Component for displaying alerts and general info
GNU Affero General Public License v3.0
11 stars 2 forks source link

fix(deps): update dependency axios to v1.7.4 [security] #193

Closed abrain-bot closed 1 month ago

abrain-bot commented 1 month ago

This PR contains the following updates:

Package Type Update Change
axios (source) dependencies patch 1.7.3 -> 1.7.4

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios) ### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([#​6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#​6543 )") - avatar [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#​6539 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 63.51%. Comparing base (3371f50) to head (86c673c).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## develop #193 +/- ## ======================================== Coverage 63.51% 63.51% ======================================== Files 81 81 Lines 995 995 Branches 89 89 ======================================== Hits 632 632 Misses 349 349 Partials 14 14 ``` | [Flag](https://app.codecov.io/gh/alarmdisplay/display/pull/193/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=alarmdisplay) | Coverage Δ | | |---|---|---| | [server](https://app.codecov.io/gh/alarmdisplay/display/pull/193/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=alarmdisplay) | `63.51% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=alarmdisplay#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.