Open renovate[bot] opened 2 months ago
This PR contains the following updates:
1.6.2
1.7.4
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
1.6.2
->1.7.4
GitHub Vulnerability Alerts
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Release Notes
axios/axios (axios)
### [`v1.7.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([#6543](https://redirect.github.com/axios/axios/issues/6543)) ([6b6b605](https://redirect.github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#6539](https://redirect.github.com/axios/axios/issues/6539)) ([07a661a](https://redirect.github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - [Lev Pachmanov](https://redirect.github.com/levpachmanov "+47/-11 (#6543 )") - [Đỗ Trọng Hải](https://redirect.github.com/hainenber "+49/-4 (#6539 )") ### [`v1.7.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.2...v1.7.3) ##### Bug Fixes - **adapter:** fix progress event emitting; ([#6518](https://redirect.github.com/axios/axios/issues/6518)) ([e3c76fc](https://redirect.github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f)) - **fetch:** fix withCredentials request config ([#6505](https://redirect.github.com/axios/axios/issues/6505)) ([85d4d0e](https://redirect.github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787)) - **xhr:** return original config on errors from XHR adapter ([#6515](https://redirect.github.com/axios/axios/issues/6515)) ([8966ee7](https://redirect.github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+211/-159 (#6518 #6519 )") - [Valerii Sidorenko](https://redirect.github.com/ValeraS "+3/-3 (#6515 )") - [prianYu](https://redirect.github.com/prianyu "+2/-2 (#6505 )") ### [`v1.7.2`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#172-2024-05-21) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.1...v1.7.2) ##### Bug Fixes - **fetch:** enhance fetch API detection; ([#6413](https://redirect.github.com/axios/axios/issues/6413)) ([4f79aef](https://redirect.github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-3 (#6413 )") ### [`v1.7.1`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#171-2024-05-20) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.7.0...v1.7.1) ##### Bug Fixes - **fetch:** fixed ReferenceError issue when TextEncoder is not available in the environment; ([#6410](https://redirect.github.com/axios/axios/issues/6410)) ([733f15f](https://redirect.github.com/axios/axios/commit/733f15fe5bd2d67e1fadaee82e7913b70d45dc5e)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+14/-9 (#6410 )") ### [`v1.7.0`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#170-2024-05-19) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.8...v1.7.0) ##### Features - **adapter:** add fetch adapter; ([#6371](https://redirect.github.com/axios/axios/issues/6371)) ([a3ff99b](https://redirect.github.com/axios/axios/commit/a3ff99b59d8ec2ab5dd049e68c043617a4072e42)) ##### Bug Fixes - **core/axios:** handle un-writable error stack ([#6362](https://redirect.github.com/axios/axios/issues/6362)) ([81e0455](https://redirect.github.com/axios/axios/commit/81e0455b7b57fbaf2be16a73ebe0e6591cc6d8f9)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+1015/-127 (#6371 )") - [Jay](https://redirect.github.com/jasonsaayman "+30/-14 ()") - [Alexandre ABRIOUX](https://redirect.github.com/alexandre-abrioux "+56/-6 (#6362 )") ### [`v1.6.8`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#168-2024-03-15) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.7...v1.6.8) ##### Bug Fixes - **AxiosHeaders:** fix AxiosHeaders conversion to an object during config merging ([#6243](https://redirect.github.com/axios/axios/issues/6243)) ([2656612](https://redirect.github.com/axios/axios/commit/2656612bc10fe2757e9832b708ed773ab340b5cb)) - **import:** use named export for EventEmitter; ([7320430](https://redirect.github.com/axios/axios/commit/7320430aef2e1ba2b89488a0eaf42681165498b1)) - **vulnerability:** update follow-redirects to 1.15.6 ([#6300](https://redirect.github.com/axios/axios/issues/6300)) ([8786e0f](https://redirect.github.com/axios/axios/commit/8786e0ff55a8c68d4ca989801ad26df924042e27)) ##### Contributors to this release - [Jay](https://redirect.github.com/jasonsaayman "+4572/-3446 (#6238 )") - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-0 (#6231 )") - [Mitchell](https://redirect.github.com/Creaous "+9/-9 (#6300 )") - [Emmanuel](https://redirect.github.com/mannoeu "+2/-2 (#6196 )") - [Lucas Keller](https://redirect.github.com/ljkeller "+3/-0 (#6194 )") - [Aditya Mogili](https://redirect.github.com/ADITYA-176 "+1/-1 ()") - [Miroslav Petrov](https://redirect.github.com/petrovmiroslav "+1/-1 (#6243 )") ### [`v1.6.7`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#167-2024-01-25) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.6...v1.6.7) ##### Bug Fixes - capture async stack only for rejections with native error objects; ([#6203](https://redirect.github.com/axios/axios/issues/6203)) ([1a08f90](https://redirect.github.com/axios/axios/commit/1a08f90f402336e4d00e9ee82f211c6adb1640b0)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+30/-26 (#6203 )") - [zhoulixiang](https://redirect.github.com/zh-lx "+0/-3 (#6186 )") ### [`v1.6.6`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#166-2024-01-24) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.5...v1.6.6) ##### Bug Fixes - fixed missed dispatchBeforeRedirect argument ([#5778](https://redirect.github.com/axios/axios/issues/5778)) ([a1938ff](https://redirect.github.com/axios/axios/commit/a1938ff073fcb0f89011f001dfbc1fa1dc995e39)) - wrap errors to improve async stack trace ([#5987](https://redirect.github.com/axios/axios/issues/5987)) ([123f354](https://redirect.github.com/axios/axios/commit/123f354b920f154a209ea99f76b7b2ef3d9ebbab)) ##### Contributors to this release - [Ilya Priven](https://redirect.github.com/ikonst "+91/-8 (#5987 )") - [Zao Soula](https://redirect.github.com/zaosoula "+6/-6 (#5778 )") ### [`v1.6.5`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#165-2024-01-05) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.4...v1.6.5) ##### Bug Fixes - **ci:** refactor notify action as a job of publish action; ([#6176](https://redirect.github.com/axios/axios/issues/6176)) ([0736f95](https://redirect.github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c)) - **dns:** fixed lookup error handling; ([#6175](https://redirect.github.com/axios/axios/issues/6175)) ([f4f2b03](https://redirect.github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be)) ##### Contributors to this release - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+41/-6 (#6176 #6175 )") - [Jay](https://redirect.github.com/jasonsaayman "+6/-1 ()") ### [`v1.6.4`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#164-2024-01-03) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.3...v1.6.4) ##### Bug Fixes - **security:** fixed formToJSON prototype pollution vulnerability; ([#6167](https://redirect.github.com/axios/axios/issues/6167)) ([3c0c11c](https://redirect.github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e)) - **security:** fixed security vulnerability in follow-redirects ([#6163](https://redirect.github.com/axios/axios/issues/6163)) ([75af1cd](https://redirect.github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8)) ##### Contributors to this release - [Jay](https://redirect.github.com/jasonsaayman "+34/-6 ()") - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+34/-3 (#6172 #6167 )") - [Guy Nesher](https://redirect.github.com/gnesher "+10/-10 (#6163 )") ### [`v1.6.3`](https://redirect.github.com/axios/axios/blob/HEAD/CHANGELOG.md#163-2023-12-26) [Compare Source](https://redirect.github.com/axios/axios/compare/v1.6.2...v1.6.3) ##### Bug Fixes - Regular Expression Denial of Service (ReDoS) ([#6132](https://redirect.github.com/axios/axios/issues/6132)) ([5e7ad38](https://redirect.github.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d)) ##### Contributors to this release - [Jay](https://redirect.github.com/jasonsaayman "+15/-6 (#6145 )") - [Willian Agostini](https://redirect.github.com/WillianAgostini "+17/-2 (#6132 )") - [Dmitriy Mozgovoy](https://redirect.github.com/DigitalBrainJS "+3/-0 (#6084 )")Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.