[Snyk] Security upgrade axios from 0.27.2 to 1.6.8

andrewmkrug commented 1 week ago

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

package.json
yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	686
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	646

[!IMPORTANT]

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

github-actions[bot] commented 1 week ago

Hi andrewmkrug! Thank you for contributing to Dashy! ✨

When updating dependencies, take a moment to verify that there are not security issues associated with any added or modified packages. If adding a new dependency, ensure that it is totally necessary, and check the packages size is not too large, as this will increase overall bundle size.

I'm a bot, and this is an automated comment 🤖

github-actions[bot] commented 1 week ago

`yarn.lock` changes

Click to toggle table visibility

| Name | Status | Previous | Current | | :- | :-: | :-: | :-: | | `axios` | [](#) | 0.27.2 | 1.7.7 | | `follow-redirects` | [](#) | 1.15.1 | 1.15.9 | | `proxy-from-env` | [](#) | - | 1.1.0 |

netlify[bot] commented 1 week ago

Deploy Preview for peppy-choux-edbc1e ready!

Name	Link
Latest commit	4f9c659973e036f7028b16eceeaa6914848f5581
Latest deploy log	https://app.netlify.com/sites/peppy-choux-edbc1e/deploys/66dad398408ba70008845864
Deploy Preview	https://deploy-preview-184--peppy-choux-edbc1e.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

socket-security[bot] commented 1 week ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/axios@1.7.7	network	`0`	2.14 MB	jasonsaayman
npm/follow-redirects@1.15.9	None	`0`	29.9 kB	olalonde, rubenverborgh
npm/proxy-from-env@1.1.0	environment	`0`	29.5 kB	rob-w

🚮 Removed packages: npm/axios@0.27.2), npm/follow-redirects@1.15.1), npm/node-forge@0.10.0)

View full report↗︎

andrewmkrug / dashy