azukashi / exxyll

🤖 Multipurpose Discord Bot with Commands for Fun, Games, Moderation, Utility, and many more!
MIT License
48 stars 41 forks source link

fix(deps): update dependency axios to v1.7.4 [security] #225

Open renovate[bot] opened 2 months ago

renovate[bot] commented 2 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.6.2 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.


Release Notes

axios/axios (axios) ### [`v1.7.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://redirect.github.com/axios/axios/issues/6539)) ([#​6543](https://redirect.github.com/axios/axios/issues/6543)) ([6b6b605](https://redirect.github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://redirect.github.com/axios/axios/issues/6539)) ([07a661a](https://redirect.github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar [Lev Pachmanov](https://redirect.github.com/levpachmanov "+47/-11 (#​6543 )") - avatar [Đỗ Trọng Hải](https://redirect.github.com/hainenber "+49/-4 (#​6539 )") ### [`v1.7.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.2...v1.7.3) ##### Bug Fixes - **adapter:** fix progress event emitting; ([#​6518](https://redirect.github.com/axios/axios/issues/6518)) ([e3c76fc](https://redirect.github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f)) - **fetch:** fix withCredentials request config ([#​6505](https://redirect.github.com/axios/axios/issues/6505)) ([85d4d0e](https://redirect.github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787)) - **xhr:** return original config on errors from XHR adapter ([#​6515](https://redirect.github.com/axios/axios/issues/6515)) ([8966ee7](https://redirect.github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+211/-159 (#​6518 #​6519 )") - avatar [Valerii Sidorenko](https://redirect.github.com/ValeraS "+3/-3 (#​6515 )") - avatar [prianYu](https://redirect.github.com/prianyu "+2/-2 (#​6505 )") ### [`v1.7.2`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#172-2024-05-21) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.1...v1.7.2) ##### Bug Fixes - **fetch:** enhance fetch API detection; ([#​6413](https://redirect.github.com/axios/axios/issues/6413)) ([4f79aef](https://redirect.github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-3 (#​6413 )") ### [`v1.7.1`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#171-2024-05-20) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.0...v1.7.1) ##### Bug Fixes - **fetch:** fixed ReferenceError issue when TextEncoder is not available in the environment; ([#​6410](https://redirect.github.com/axios/axios/issues/6410)) ([733f15f](https://redirect.github.com/axios/axios/commit/733f15fe5bd2d67e1fadaee82e7913b70d45dc5e)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+14/-9 (#​6410 )") ### [`v1.7.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#170-2024-05-19) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.8...v1.7.0) ##### Features - **adapter:** add fetch adapter; ([#​6371](https://redirect.github.com/axios/axios/issues/6371)) ([a3ff99b](https://redirect.github.com/axios/axios/commit/a3ff99b59d8ec2ab5dd049e68c043617a4072e42)) ##### Bug Fixes - **core/axios:** handle un-writable error stack ([#​6362](https://redirect.github.com/axios/axios/issues/6362)) ([81e0455](https://redirect.github.com/axios/axios/commit/81e0455b7b57fbaf2be16a73ebe0e6591cc6d8f9)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+1015/-127 (#​6371 )") - avatar [Jay](https://redirect.github.com/jasonsaayman "+30/-14 ()") - avatar [Alexandre ABRIOUX](https://redirect.github.com/alexandre-abrioux "+56/-6 (#​6362 )") ### [`v1.6.8`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#168-2024-03-15) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.7...v1.6.8) ##### Bug Fixes - **AxiosHeaders:** fix AxiosHeaders conversion to an object during config merging ([#​6243](https://redirect.github.com/axios/axios/issues/6243)) ([2656612](https://redirect.github.com/axios/axios/commit/2656612bc10fe2757e9832b708ed773ab340b5cb)) - **import:** use named export for EventEmitter; ([7320430](https://redirect.github.com/axios/axios/commit/7320430aef2e1ba2b89488a0eaf42681165498b1)) - **vulnerability:** update follow-redirects to 1.15.6 ([#​6300](https://redirect.github.com/axios/axios/issues/6300)) ([8786e0f](https://redirect.github.com/axios/axios/commit/8786e0ff55a8c68d4ca989801ad26df924042e27)) ##### Contributors to this release - avatar [Jay](https://redirect.github.com/jasonsaayman "+4572/-3446 (#​6238 )") - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-0 (#​6231 )") - avatar [Mitchell](https://redirect.github.com/Creaous "+9/-9 (#​6300 )") - avatar [Emmanuel](https://redirect.github.com/mannoeu "+2/-2 (#​6196 )") - avatar [Lucas Keller](https://redirect.github.com/ljkeller "+3/-0 (#​6194 )") - avatar [Aditya Mogili](https://redirect.github.com/ADITYA-176 "+1/-1 ()") - avatar [Miroslav Petrov](https://redirect.github.com/petrovmiroslav "+1/-1 (#​6243 )") ### [`v1.6.7`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#167-2024-01-25) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.6...v1.6.7) ##### Bug Fixes - capture async stack only for rejections with native error objects; ([#​6203](https://redirect.github.com/axios/axios/issues/6203)) ([1a08f90](https://redirect.github.com/axios/axios/commit/1a08f90f402336e4d00e9ee82f211c6adb1640b0)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-26 (#​6203 )") - avatar [zhoulixiang](https://redirect.github.com/zh-lx "+0/-3 (#​6186 )") ### [`v1.6.6`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#166-2024-01-24) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.5...v1.6.6) ##### Bug Fixes - fixed missed dispatchBeforeRedirect argument ([#​5778](https://redirect.github.com/axios/axios/issues/5778)) ([a1938ff](https://redirect.github.com/axios/axios/commit/a1938ff073fcb0f89011f001dfbc1fa1dc995e39)) - wrap errors to improve async stack trace ([#​5987](https://redirect.github.com/axios/axios/issues/5987)) ([123f354](https://redirect.github.com/axios/axios/commit/123f354b920f154a209ea99f76b7b2ef3d9ebbab)) ##### Contributors to this release - avatar [Ilya Priven](https://redirect.github.com/ikonst "+91/-8 (#​5987 )") - avatar [Zao Soula](https://redirect.github.com/zaosoula "+6/-6 (#​5778 )") ### [`v1.6.5`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#165-2024-01-05) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.4...v1.6.5) ##### Bug Fixes - **ci:** refactor notify action as a job of publish action; ([#​6176](https://redirect.github.com/axios/axios/issues/6176)) ([0736f95](https://redirect.github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c)) - **dns:** fixed lookup error handling; ([#​6175](https://redirect.github.com/axios/axios/issues/6175)) ([f4f2b03](https://redirect.github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+41/-6 (#​6176 #​6175 )") - avatar [Jay](https://redirect.github.com/jasonsaayman "+6/-1 ()") ### [`v1.6.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#164-2024-01-03) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.3...v1.6.4) ##### Bug Fixes - **security:** fixed formToJSON prototype pollution vulnerability; ([#​6167](https://redirect.github.com/axios/axios/issues/6167)) ([3c0c11c](https://redirect.github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e)) - **security:** fixed security vulnerability in follow-redirects ([#​6163](https://redirect.github.com/axios/axios/issues/6163)) ([75af1cd](https://redirect.github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8)) ##### Contributors to this release - avatar [Jay](https://redirect.github.com/jasonsaayman "+34/-6 ()") - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+34/-3 (#​6172 #​6167 )") - avatar [Guy Nesher](https://redirect.github.com/gnesher "+10/-10 (#​6163 )") ### [`v1.6.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#163-2023-12-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.2...v1.6.3) ##### Bug Fixes - Regular Expression Denial of Service (ReDoS) ([#​6132](https://redirect.github.com/axios/axios/issues/6132)) ([5e7ad38](https://redirect.github.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d)) ##### Contributors to this release - avatar [Jay](https://redirect.github.com/jasonsaayman "+15/-6 (#​6145 )") - avatar [Willian Agostini](https://redirect.github.com/WillianAgostini "+17/-2 (#​6132 )") - avatar [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-0 (#​6084 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.