github-actions[bot]
commented
1 month ago Visit the preview URL for this PR (updated for commit e41313b):
https://oev-docs--pr84-renovate-npm-axios-v-prfznbfa.web.app
(expires Mon, 14 Oct 2024 14:20:55 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
Sign: 6915b094b5ba83fde754632ba50c1ee9406d433f
This PR contains the following updates:
1.7.3->1.7.4GitHub Vulnerability Alerts
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Release Notes
axios/axios (axios)
### [`v1.7.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([#6543](https://redirect.github.com/axios/axios/issues/6543)) ([6b6b605](https://redirect.github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([07a661a](https://redirect.github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release -Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.